Overview

overview

7

Static

static

3

0a0c91cee9...98.exe

windows7-x64

7

0a0c91cee9...98.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    71s
  • max time network
    142s
  • platform
    windows7_x64
  • resource
    win7-20231129-en
  • resource tags

    arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
  • submitted
    30-12-2023 01:28

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    0a0c91cee9cc9c7d2f17aef3f6abe798.exe

  • Size

    44KB

  • MD5

    0a0c91cee9cc9c7d2f17aef3f6abe798

  • SHA1

    3bd9be2b5d11ba43fd5637c04eb882bcf146fcfd

  • SHA256

    301c9b16a7310bb7c9c8d310a3c8c73e78f057162fd4924df9f7b9d8b897faa4

  • SHA512

    bd6dc78d5fd0092bf81a44640ec6915c207c9e33eb231b6ea7c2850c09435d9f08ae8aa46156b9de0fe46b866da5386ca8fdb22ca7149269d88d0fb70cc7ff04

  • SSDEEP

    768:OsJqbK2BlJ9Lz9EOQcnlXt0lZ8uDVbrf3OfV+c8Eb2MqyYQbeR:OsJqbxZz9EOQcnQZf//CV+clSM0Mk

Score
7/10
persistence

Malware Config

Signatures

  • Deletes itself 1 IoCs
  • Loads dropped DLL 1 IoCs
  • Adds Run key to start application 2 TTPs 1 IoCs
    persistence
  • Drops file in System32 directory 2 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Modifies Internet Explorer settings 1 TTPs 23 IoCs
    adwarespyware
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 4 IoCs
  • Suspicious use of WriteProcessMemory 24 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\0a0c91cee9cc9c7d2f17aef3f6abe798.exe
    "C:\Users\Admin\AppData\Local\Temp\0a0c91cee9cc9c7d2f17aef3f6abe798.exe"
    1⤵
    • Loads dropped DLL
    • Adds Run key to start application
    • Drops file in System32 directory
    • Suspicious use of WriteProcessMemory
    PID:2412
    • C:\Windows\SysWOW64\cmd.exe
      cmd /c start iexplore -embedding
      2⤵
      • Suspicious use of WriteProcessMemory
      PID:1184
      • C:\Program Files\Internet Explorer\iexplore.exe
        "C:\Program Files\Internet Explorer\iexplore.exe" -embedding
        3⤵
        • Modifies Internet Explorer settings
        • Suspicious use of FindShellTrayWindow
        • Suspicious use of SetWindowsHookEx
        • Suspicious use of WriteProcessMemory
        PID:2540
        • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
          "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2540 CREDAT:275457 /prefetch:2
          4⤵
          • Modifies Internet Explorer settings
          • Suspicious use of SetWindowsHookEx
          PID:2656
    • C:\Windows\SysWOW64\cmd.exe
      cmd /c "C:\Users\Admin\AppData\Local\Temp\gos20.bat"
      2⤵
        PID:804
      • C:\Windows\SysWOW64\cmd.exe
        cmd /c "C:\Users\Admin\AppData\Local\Temp\0a0c91cee9cc9c7d2f17aef3f6abe798.bat"
        2⤵
        • Deletes itself
        PID:2616

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC
      Filesize

      914B

      MD5

      e4a68ac854ac5242460afd72481b2a44

      SHA1

      df3c24f9bfd666761b268073fe06d1cc8d4f82a4

      SHA256

      cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f

      SHA512

      5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
      Filesize

      65KB

      MD5

      ac05d27423a85adc1622c714f2cb6184

      SHA1

      b0fe2b1abddb97837ea0195be70ab2ff14d43198

      SHA256

      c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

      SHA512

      6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357
      Filesize

      1KB

      MD5

      a266bb7dcc38a562631361bbf61dd11b

      SHA1

      3b1efd3a66ea28b16697394703a72ca340a05bd5

      SHA256

      df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e

      SHA512

      0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC
      Filesize

      252B

      MD5

      9d487a1b11c2702bc86d153473b7967d

      SHA1

      4f2212fd76f885ccb4ce456c4eb61bb0e495abdb

      SHA256

      80f24e752881449db83b5de1f45a41cf290772710aba82c0c394883139b8b728

      SHA512

      5a4ef0e4c17d91004c392e8f7a04102b714cae4330ecfa4408f97e116d374c90a4fc64a6b936378dd1b25fd5d8cb0552f945df25566064f948f5f2c9e70e92dd

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      c85a258061375ae41daffe25bc6f7625

      SHA1

      1a6db56af3e12e2ac19529e5da22e48748dd6ff0

      SHA256

      667549125ff6438882418c7034476fadae7ec91c9be39d0d3fac8500c7fef428

      SHA512

      308cff5ee8a1beb86d47ac8bd2e16e8212eeabffb4ba73cb99734f0619f522e4b64603bbb61724ca92ad3072904f19b628deff46d5ad1f4147c9c7f342d94bcf

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      cd1f1f2c2dcdb8593312dee552ed39f3

      SHA1

      29750f133fe83e798db00f60593e3ba4ec521873

      SHA256

      86fd59dce59a8ebf7bce671133eb0f23b03e58f2c43cc9b0cc3fa9b4029dd4d9

      SHA512

      c9ca46b8633b52406b4926f7dfc624c4275267ca5921923a2e83cb7c3b831e44d606b9badb880ee9d0a6feaac9de429fbf4f52e427cf867781c72e0066c3bd2e

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      6631da3b50c1d5b0fa7207c5fa640ce2

      SHA1

      4c68b0f4a286b279d1fa16fc207349db4c1a5153

      SHA256

      ca0464f500685ebba549a49024778ae201d9738fb7161230370de79a3c09b5cd

      SHA512

      aa83b5ebbf5f30f6e0281a4176bef4ea6033d4152542a39ebc0b13b70e8a4dd076664ed0b8c77e53b59dd1534a5fde12196b589e3d94afce2074a7b26a0af1f1

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      7b9ba0804ac52f2f61152fbfa5ece5b6

      SHA1

      fc6e48c47e3a3e0dd8182de6a6b243d896876f51

      SHA256

      96f4a6d108e41441fef4920388fa1d44c6ff0a768c9b1caebf019b6efc99c340

      SHA512

      b4e3c11191dc9939aff92140ff748d53c97f4b822da2b9dc2f68bc3de74ca4ca2320f7344164841ee01f2ceda9734a7e12567a210cd0a74f484aad25cf72db2b

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357
      Filesize

      242B

      MD5

      9997faacfa74176793eba43574d9d13d

      SHA1

      7940d28841b753735da2ab32bc97867771c80b2b

      SHA256

      23ffe48590129320f973fc20d125f320eff837a106818d998d97ed44da11b1ee

      SHA512

      9dfca1d60c98fc56da75ac1e5b27dd175b4e166233458e28e4ce5a26018d472e5e803392e2835a0565a446cadb36a49edba4f481e718bb3de5d56dfb42164ede

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\0a0c91cee9cc9c7d2f17aef3f6abe798.bat
      Filesize

      263B

      MD5

      ff04bcd2a70d7c9ce795a3f0cfaa402e

      SHA1

      3d18873178c0b400c2ad422320917c2d2913f6d4

      SHA256

      c68eb25266b5ad19d35d2319d6f512bad177e75c080d87c2d283da36a64b8a86

      SHA512

      0bf3e01e68521bbe1da47646bc57aec1605919c17c1e24d2988dbac0865d73c93cf82391ccc7af89737372066702031cb5f46dc4f5e09d3d3d420168d6378f2a

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\Tar25DD.tmp
      Filesize

      171KB

      MD5

      9c0c641c06238516f27941aa1166d427

      SHA1

      64cd549fb8cf014fcd9312aa7a5b023847b6c977

      SHA256

      4276af3669a141a59388bc56a87f6614d9a9bdddf560636c264219a7eb11256f

      SHA512

      936ed0c0b0a7ff8e606b1cc4175a1f9b3699748ccbba1c3aff96203033d2e9edabf090e5148370df42fbfc4e31d7229493706ff24f19ff42ff7bef74a6baad06

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\gos20.bat
      Filesize

      182B

      MD5

      f66ee7a58becbd4aa0e3b3b092fb8769

      SHA1

      20c66abd758e8f7004bf9b721ecd84dd206088bc

      SHA256

      f9697898b46823d07fcee6c4dd164db9d9a53147d7a36b4bf2871b30796dbfef

      SHA512

      2cdc09c13d394bfd53af611b0281f77b1f1de7175d0e057e399da20ed1e2589c2c10aaf5163fc97b143dafa03a8ddc2513a3c0e19f78716965a32ed70e251fe7

      Download Submit

    • \Users\Admin\AppData\Local\Temp\gos20.tmp
      Filesize

      32KB

      MD5

      aab86d70689c799ad35ee783bec146ae

      SHA1

      08e3221f0df46ea80056d49f85726aa36361a33a

      SHA256

      3db9a6e49c312bcb32ee9b201a656c951ea7f4730fc9169b457df9a348de4b30

      SHA512

      dfcc270bdc8ca4ea9133f6ef85ea0692b4f4241d61743ec368e314d6559deb8f91dcf882528cf6c9b082ee5e662621188168a431ed4789283b276937bd35d49a

      Download Submit