Overview

overview

7

Static

static

3

09f9dffafa...38.exe

windows7-x64

7

09f9dffafa...38.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    118s
  • max time network
    133s
  • platform
    windows7_x64
  • resource
    win7-20231129-en
  • resource tags

    arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
  • submitted
    30/12/2023, 01:23

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    09f9dffafa1f54709ed02e0b0f839838.exe

  • Size

    223KB

  • MD5

    09f9dffafa1f54709ed02e0b0f839838

  • SHA1

    c45d987c577cee6b0fcd69798ddef6e46eb404bf

  • SHA256

    78fe950dfdf9c089aaf3d01347c4f10e730f54f80c3856a5973da96c503dc61d

  • SHA512

    980c99c723dc38070433df3e77e8f913d48b476f664b418d237f019d8a13e784a2ba1d3ec714720604448829b7121ba102870837ae116f29a17e6a635ac48e54

  • SSDEEP

    6144:DsO+lvcj4zBnOnfhQNa0PdbUlyY42vaRER:oO+lsSBnOnp8lbmi2ig

Score
7/10
upx

Malware Config

Signatures

  • UPX packed file 7 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Drops file in System32 directory 5 IoCs
  • Suspicious use of SetThreadContext 2 IoCs
  • Modifies Internet Explorer settings 1 TTPs 30 IoCs
    adwarespyware
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 7 IoCs
  • Suspicious use of WriteProcessMemory 17 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\09f9dffafa1f54709ed02e0b0f839838.exe
    "C:\Users\Admin\AppData\Local\Temp\09f9dffafa1f54709ed02e0b0f839838.exe"
    1⤵
    • Suspicious use of SetThreadContext
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:2372
    • C:\Users\Admin\AppData\Local\Temp\09f9dffafa1f54709ed02e0b0f839838.exe
      "C:\Users\Admin\AppData\Local\Temp\09f9dffafa1f54709ed02e0b0f839838.exe"
      2⤵
      • Drops file in System32 directory
      • Suspicious use of SetThreadContext
      • Suspicious use of WriteProcessMemory
      PID:2644
  • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
    "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2204 CREDAT:275457 /prefetch:2
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious use of SetWindowsHookEx
    PID:2668
  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe"
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:2204

Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          344B

          MD5

          eda9f494e29e829878dbc56dfa821d53

          SHA1

          86cc1893852f9111274b4046fc397f9bad6521bc

          SHA256

          193a95af377c44ff0f04cee610a55082928d277a3b41f81006ed0b4b9e65a6ef

          SHA512

          f03e73afbcdfecdbea00d8759865369a1af4d459741c70584c36e9a244c8f08c7bc89e7ac15f7ed8f6e5bf4bd9947b3dab79658365445489f92be410c2b62ab0

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          344B

          MD5

          35ee18612d5fd77974cf0824d3ee1fa4

          SHA1

          52e4524401fe5ccfdbafdea189b81d7d7226e3a9

          SHA256

          93d9b2394b72a6ac4234d1e5aefac2837e2f777151bb940252f896982db3ee0f

          SHA512

          603e00c508c0fa5eff7cac805b78f0811d85d797b64ffede6c8b1fd1cb2fd402fb0a9c589202f1e060bb14779ef8c42bc54b2a74c63a9de7416cb557d9e1554b

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          344B

          MD5

          3df39b019288fe10fd8a0ed13c51297d

          SHA1

          ed34b5a2145325f40f6a11af6de4074ea8630d22

          SHA256

          877c2c03daff17a0335ee36d91b0f1f035df710a7398dd669a8998710223a685

          SHA512

          673e61ef8221e24042c5ba878a4166893737160c2a7e5f66423d6deccd292ca123c59f49301911d02f8f9510a8c0c021ec2e3cf01ff911a10d608b46156a2a67

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          344B

          MD5

          e8c4fe674792d244a7a0d0eaf51c709b

          SHA1

          4b9128fff22b7d9ccaed25b1f002b6677d9bef9a

          SHA256

          241cae4494be02e0a13fe9547745bd8931a694173d22dd047f4ce4184c1549ba

          SHA512

          d5693b1a3aef6f567173647f21591d53e9cacb37a474e5a110624668b6c0a3431ebce37ba64cb8d7ac76a69a06a66104ef8a72afcaec49c05439761a60faae48

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          344B

          MD5

          91f5539da7a83b98cea01eb94fab83e5

          SHA1

          79600f4aa220dc437b99a0893d05797614bcbcc9

          SHA256

          f88bd4ef430062c3fbacf2386a9a42c9530fd16ea159e434549391ac070247e6

          SHA512

          6388ab0ee38ea7f4c0c69a97c4a788eb19b82d4f1c73d16891a9098879571f6dc458cad7f7b8434bf39cd27c24324200ebb028a456be9cde12b03b922dfb59fc

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          344B

          MD5

          1811dc7977a419046d0a7d3b222cd673

          SHA1

          fb993373b1cf655768d23c99f95ee7efee6f6815

          SHA256

          9a56cfef9fa9118c460331696decb471e6361e17329753a9746d9658e2309176

          SHA512

          7ed82fb1e68b71de70975dd056e89b91bebf570f0a6ce89c4613b50cf5e0864d6872a6dead75007754f11912e2b8c3a3e118b86729eced77b6b334d658b3b422

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          344B

          MD5

          0aaa1a3d02c0962aed281cfa6248ce7f

          SHA1

          ab4fd0b0399d9159f05215e450d13452054d0aee

          SHA256

          2786f7b303d551d1e43801b4a2caa9cd4d45b77c3d36be106ee1024fb4c962cc

          SHA512

          46392ba3d2cc85e3b571701fdd467c6a7b6aafa1b28ce589f09c65bed952be981f5b89fb74d71c6e1b1110478e15c328bc97a2151081664f51f2bc96ac6a05d5

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          344B

          MD5

          b49dbbf36b06dd73869faae61ae5ecd0

          SHA1

          cc69ac333eaa59b6b472524bbc977a544375af80

          SHA256

          6715df74a5344dc307e94c58e937ce9b9152aec3ca88b13b7ab7eeb2861d1184

          SHA512

          9bf03fa190aae84eea6b09a0ce3d94ec4ebd146dd9e2e7ec7d7f4a6fd0a8fbb777853a3d3615c523daf6bd6db1597bb5835404f06ee5dbc71bdba025c7578676

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          344B

          MD5

          5c0e9960858ec6da7046c9370a1afc6f

          SHA1

          1b19f922f097d3d83d34ef99f280c37c2e0af25b

          SHA256

          e74047f2bddb8f2524b519a34fe0bf336f50ba71374cc172e760fb28f17c3db6

          SHA512

          e7bddadc705f1ccbaa55ec7a681c54e961205313db15342dc1485cda2c7e7410015331fbab6c630c23c4ca4da54d3d62eb1c0718f86ba88b91ee0353b401919e

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          344B

          MD5

          e69f3c2d050518fcf9aeb5c18302a52a

          SHA1

          2fb56cf317d8755d1426d59d31d9ab7912f4f4de

          SHA256

          62c64b14df976f315bf5b51d1a0e66a03fc3a79911108a146daf78caa9b1de7e

          SHA512

          b05e62300166d1dcb047e5a6c52c7b4224a08d9c8f7c1f351a3cfec99f82bff8f059ad97f0b1bec4ed9899deebf4adaeb98f79916511e156becd026e340b555b

          Download Submit

        • memory/2204-19-0x0000000000400000-0x0000000000409000-memory.dmp

          Filesize

          36KB

          Download

        • memory/2644-6-0x000000007EFDE000-0x000000007EFDF000-memory.dmp

          Filesize

          4KB

          Download

        • memory/2644-11-0x0000000010000000-0x000000001005D000-memory.dmp

          Filesize

          372KB

          Download

        • memory/2644-18-0x0000000010000000-0x000000001005D000-memory.dmp

          Filesize

          372KB

          Download

        • memory/2644-20-0x0000000010000000-0x000000001005D000-memory.dmp

          Filesize

          372KB

          Download

        • memory/2644-10-0x0000000010000000-0x000000001005D000-memory.dmp

          Filesize

          372KB

          Download

        • memory/2644-8-0x0000000010000000-0x000000001005D000-memory.dmp

          Filesize

          372KB

          Download

        • memory/2644-5-0x0000000010000000-0x000000001005D000-memory.dmp

          Filesize

          372KB

          Download

        • memory/2644-3-0x0000000010000000-0x000000001005D000-memory.dmp

          Filesize

          372KB

          Download

        • memory/2644-4-0x0000000010000000-0x000000001005D000-memory.dmp

          Filesize

          372KB

          Download