Overview

overview

8

Static

static

7

0b09fe834a...aa.exe

windows7-x64

8

0b09fe834a...aa.exe

windows10-2004-x64

8

Analysis

  • max time kernel
    145s
  • max time network
    150s
  • platform
    windows7_x64
  • resource
    win7-20231215-en
  • resource tags

    arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
  • submitted
    30-12-2023 02:04

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    0b09fe834aaca71b8714679ae3b175aa.exe

  • Size

    250KB

  • MD5

    0b09fe834aaca71b8714679ae3b175aa

  • SHA1

    e0e2550395e253ff0b89280085c1e0e4a99950bd

  • SHA256

    e5b9953b3cd52e3a6eab51be1feaaf885f1b16b8327de1f3dcaecc677dd06abb

  • SHA512

    9226d80e008758364acb40c54b8cc106fa1f46f8120e806714b9600b6ea66df0c7b4969b60c801cb796ce4db811fc9e52e37f48cfcfcd35e12afbbd062238892

  • SSDEEP

    6144:ihieuJDr5T8b2ufqBLjSB/MS7irtIa6cwoD8ZroSfjGFA:feKrJJuf86AYcwoaoSbr

Score
8/10
persistenceupx

Malware Config

Signatures

  • Modifies Installed Components in the registry 2 TTPs 1 IoCs
    persistence
  • Deletes itself 1 IoCs
  • UPX packed file 2 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • AutoIT Executable 1 IoCs

    AutoIT scripts compiled to PE executables.

  • Drops file in Program Files directory 2 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Modifies Internet Explorer settings 1 TTPs 34 IoCs
    adwarespyware
  • Modifies registry class 26 IoCs
  • Runs ping.exe 1 TTPs 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 13 IoCs
  • Suspicious use of FindShellTrayWindow 47 IoCs
  • Suspicious use of SendNotifyMessage 22 IoCs
  • Suspicious use of SetWindowsHookEx 4 IoCs
  • Suspicious use of WriteProcessMemory 20 IoCs
  • Uses Task Scheduler COM API 1 TTPs

    The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.

    persistence

Processes

  • C:\Users\Admin\AppData\Local\Temp\0b09fe834aaca71b8714679ae3b175aa.exe
    "C:\Users\Admin\AppData\Local\Temp\0b09fe834aaca71b8714679ae3b175aa.exe"
    1⤵
    • Drops file in Program Files directory
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    • Suspicious use of WriteProcessMemory
    PID:1444
    • C:\Windows\SysWOW64\WScript.exe
      "C:\Windows\System32\WScript.exe" "C:\Program Files\WinRAR\winrar.jse"
      2⤵
      • Modifies registry class
      • Suspicious use of WriteProcessMemory
      PID:2792
      • C:\Program Files\Internet Explorer\iexplore.exe
        "C:\Program Files\Internet Explorer\iexplore.exe" http://www.go2000.com/?g8
        3⤵
        • Modifies Internet Explorer settings
        • Suspicious use of FindShellTrayWindow
        • Suspicious use of SetWindowsHookEx
        • Suspicious use of WriteProcessMemory
        PID:2540
        • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
          "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2540 CREDAT:275457 /prefetch:2
          4⤵
          • Modifies Internet Explorer settings
          • Suspicious use of SetWindowsHookEx
          PID:1348
    • C:\Windows\SysWOW64\cmd.exe
      C:\Windows\system32\cmd.exe /c ping -n 4 127.1>nul &del /q "C:\Users\Admin\AppData\Local\Temp\0b09fe834aaca71b8714679ae3b175aa.exe"
      2⤵
      • Deletes itself
      • Suspicious use of WriteProcessMemory
      PID:2492
      • C:\Windows\SysWOW64\PING.EXE
        ping -n 4 127.1
        3⤵
        • Runs ping.exe
        PID:1180
  • C:\Windows\explorer.exe
    explorer.exe
    1⤵
    • Modifies Installed Components in the registry
    • Modifies registry class
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    PID:2932

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Program Files\WinRAR\winrar.jse
    Filesize

    11KB

    MD5

    9208c38b58c7c7114f3149591580b980

    SHA1

    8154bdee622a386894636b7db046744724c3fc2b

    SHA256

    cb1b908e509020904b05dc6e4ec17d877d394eb60f6ec0d993ceba5839913a0c

    SHA512

    a421c6afa6d25185ec52a8218bddf84537407fd2f6cabe38c1be814d97920cfff693a48b4f48eb30c98437cbbb8ad30ccd28c3b4b7c24379ef36ac361ddfdbf1

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    e729239d7bf40f387c95b8b6529982fe

    SHA1

    b252c26a629d0d31ad51446a58e219c3a6a013e5

    SHA256

    3a0d4a2544b3f689a297eee0829a5fec3d9c2a62fddb309b76fe8db63bd1d7bd

    SHA512

    112e0363a7be08a88197d52fabd1622dcaafeb93d11e817a822bbdcb9ba6c312c2b4b74a3f5778b39518c1de5b4335561364f6afca3d1a581f18a542a96e2d37

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    bbb478c8616cfb00debb2097afef1305

    SHA1

    0cb7f4da18e0bc6cee2a89ea01df244ecdfb3ece

    SHA256

    e861e21b322fdeddedd70bc1be051d0043b92ce31a31ef785baa1b241d409734

    SHA512

    e015f00caf1d5e2541231c36a54382e1686c423cf4347bc309e6c993f2752a5d1a559e23f9939cd3f6df5bc9d9dce5a42bdce2cb7e4b829be22bc4b81c736de9

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    12ed14b15c763ad1e72d595a45ceea47

    SHA1

    1173377be09624fa90ca4756a1b72a7131575394

    SHA256

    7d522edec0e70c9081d30352454439fda95a0ce60753046f278c4c6deaff6884

    SHA512

    b4d62ad85405ef98e049e6834aa7ced6a9c57ad28340ede64db36d02e1bd4d15228c7fd6572b2d07b586a17dfd3a50d85a5ede2a10853aa2bf6cbe599bd151e9

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    8c9eb83e204ff9adf004e75927b4623f

    SHA1

    f345ba2e5a22cb9f8bfe8380f7c5a4faa1c9d205

    SHA256

    7d9907fa2cd3c7cd198166dc79f04ee860a2d42187b5ffb0e2a6f50588864a22

    SHA512

    f812368dff496b2dbe54965b0fa5808d22154c2154625a000c4f520d8921bf2429eb9de93eece7355a4764e709fafa5b9b45a9b600db201d2000688ef02ea3dd

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    316af839a0c5dd2d8b8683fdc8ba0614

    SHA1

    ee880db9c6642019362f0207ce461af0b4e0b52b

    SHA256

    7dd15cb0d2e791c2a7555bdc03d238ed77cd43ca60928780cf67805439b206c6

    SHA512

    3ed1102f4d890c826edae4cc9c7a386e46a9cd6e53084d4d7df2878806c76aec9d378ec63a948e9cb9563d09f5e030d85d80d7de6cb2219a31dd9e27705ec343

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    079dca70bb3084182171df45cd6edc81

    SHA1

    fb8b0730840401f72365a6bcf54c6b91db8990bb

    SHA256

    5692d2b66cdf20941eb18e1d8c58c29b93b82d8140310e52681d349512171f74

    SHA512

    3d525216a860fd2066123900b586cbbbf26c7c324325d35d094d9aaf283415940cddde1aac259115cc86a5c8994d9c25b8608e6e70128053f9b6576b9ce431a4

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    60c9148468d5716d782062c4dc350f28

    SHA1

    023359efc9b1b3899ac33bc0c07b1faed3a9aa3e

    SHA256

    396998ccfaa8160b6ccfa2caf42e95de647cd1a1cb317e18b234d7e3dc368b5f

    SHA512

    0e35dc0b887dabb190a513554cde72fe7b818094f02706df03b83d1ef4cfe11faf7faf8d7ed55dbef4acf31167c7f3896e1ecd1ff965d677c760a059ef5973f6

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    35f88b6626d770d6308b8e379ae4b680

    SHA1

    888057ec7402f471ac7f612054cc46c5ab8e91f7

    SHA256

    4e4c8b5907c196f0e8ee53ea4cc9ee9faab3b982c5ae34eedf717ad3b1709ab3

    SHA512

    99df5061c46b289bfacf4a5773436a84f3415f27c381d6027576e3aeab0f2541000cfe220743dc21d8921b6fad7bfcfcf74cea86c56db46ad04854891545c812

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    f6dfd3b354b8c41f26b5bb1cbcfdf53d

    SHA1

    24d4474d97c49b89f8d003da2c565afe4c3c52bc

    SHA256

    a1c814dd944eb4c7df84ea69444eede13d5a1024e9182b7c910f0fbdee01046c

    SHA512

    5b4fbdc58c94ed1805cdb17f3e7684437ec974d4223afe232f55d0da6f4825ffa5eb95d5b1e8dee54dbe5101130a00ed096f2f68ef9ad6cbb93e38053a763fb2

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    9d3f0f42643a234e92705d1cfaf13d81

    SHA1

    1a547a9ddd9421ca8b5f1edfaab47cff7ed78d96

    SHA256

    83fc9c26f7a52e2e0804b4a035140ed832647adc6424daa86c548f81bb2d1750

    SHA512

    cdd9d7c5365cbd495534ad2ff2dc6ace3b9f3f63561cf4bf4be14de6799a75e80db62c350682ce3017227400cdcfd0fb320b46b3eba5e90063861ced691483ec

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    c560f5a64636f5cae1ef29f4b572373f

    SHA1

    7ca168c02819449d480e1dbf6f64a3efad23b0b8

    SHA256

    20679720a241da782ecc95de71084528927cc414b7cf48ffab69059c1a69b1db

    SHA512

    388a07977098d291f312f8ec6330227905ed334462acd4ce02f7b366c3cd8228f86f6054f56d6968cfeed306671df278fb9e4f542143317b8385d8b8992a79fa

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    e360b402468b1e617a38853b06d68962

    SHA1

    b78d79145f8496df1f39a75fdee0bccd36ff7de2

    SHA256

    6b915dc3224531d83cdb1bade6f61259e39bcc2d27116fcd05ef6dc7b534573e

    SHA512

    580c2155c7c72cbb56813b386e596d5a09293e4a6024c3d8091e00021d712de5ef85372218242bd3b3997bd0cb41e73eb9549086209367602d56d6e356f5dad6

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    364d72df48cfffbd82e98696175049d6

    SHA1

    de2c78f07d4d75cbdd6771da4140aa6e28affc60

    SHA256

    67d046f3829f370fcbecd3f451e5ffba333358c32f911e6140c544c57038bc1b

    SHA512

    e55fe3096ce20ab4b5e29b3d826168e6f5b2d557e45cfa74db180df9a88b2a3caddf4de451c6c69c8255f4bdd1cd1ebc2f8199befeace7c8811c7d6b2b7ec2e5

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    d07c234b32087a9f2534c4be6fc5a215

    SHA1

    fc829739ffafb2784d3de482e5bb7b276e1b8390

    SHA256

    b10c83e270a3fc985412a1d505b33c66c7062ea9b218da989b3bd50b50dceef0

    SHA512

    75b207d7cc37b9c2cb9e23c26c11f238f2ffe7ba3dd17b53074fdf33daf6b44b7b0cbf2fe33aa5d2c4f22fcf26e89874248764ca8202f9fba8ab55235ea0a082

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    1a6ea362efc7329be97d58fd4012af3d

    SHA1

    61b589e943b16e1875078dade1adfcf6c8128aec

    SHA256

    0e95b2713a5494ed6fa3c51a0655390e2538b59b4479587125f01e4d7499e24f

    SHA512

    185776ef86076454c1e5f24f66b9ebdcd634b0b2fdec1a819cd8f3dba2d4254130171358a3b9ca08b14ea025aaa1cb3445ea6d73f89c17faa3d4fa6752f90743

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    1ddf47bbf3fb3e070e3063ba152d284d

    SHA1

    f8c69839409ba9f903946002226f4348277fef01

    SHA256

    02ce91a71aca479f76fc1ad0a440698c899911468e57e264d62a523df6d97f26

    SHA512

    ad0114f92bff0c731fcad2be0b5762490eab80f43e35e96bbd75d1867d1be7779a9d27edf687426bb4ea263f631d159db158eeaccba2b372faad68b7c93739f1

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    9cc2fb70fb00a76069569b33b5d2ca5e

    SHA1

    4d7b00b5367317d57b8c29eb27785eaa2f946f5e

    SHA256

    022f4ffca31f899db2afc560a3579f5bd8251bc87256add63cde9ed815c6cbd4

    SHA512

    257ff46567eb89a123ecf22994e3aad8a70883802764eb192f4f3cb07d44d7161f458bfc9cd931b8d98a188ac8d94551993e9d484f31a19490bc1094979d37a0

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Cab8E2E.tmp
    Filesize

    65KB

    MD5

    ac05d27423a85adc1622c714f2cb6184

    SHA1

    b0fe2b1abddb97837ea0195be70ab2ff14d43198

    SHA256

    c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

    SHA512

    6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Tar8EBD.tmp
    Filesize

    171KB

    MD5

    9c0c641c06238516f27941aa1166d427

    SHA1

    64cd549fb8cf014fcd9312aa7a5b023847b6c977

    SHA256

    4276af3669a141a59388bc56a87f6614d9a9bdddf560636c264219a7eb11256f

    SHA512

    936ed0c0b0a7ff8e606b1cc4175a1f9b3699748ccbba1c3aff96203033d2e9edabf090e5148370df42fbfc4e31d7229493706ff24f19ff42ff7bef74a6baad06

    Download Submit

  • C:\Users\Admin\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Internet Explorer.mmc
    Filesize

    255B

    MD5

    a0c4d2f989198272c1e2593e65c9c6cb

    SHA1

    0fa5cf2c05483bb89b611e0de9db674e9d53389c

    SHA256

    f3170aeec265cc49ff0f5dcb7ed7897371b0f7d1321f823f53b9b0e3a30e1d23

    SHA512

    209798b5b153283bea29974c1433fe8b6c14f2a54e57237d021ecc1013b8dc6931dedcc2fe173d121c719901045fdf2215177ba164c05d703f2e88a196252ec4

    Download Submit

  • C:\Users\Admin\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.mmc
    Filesize

    149B

    MD5

    b0ad7e59754e8d953129437b08846b5f

    SHA1

    9ed0ae9bc497b3aa65aed2130d068c4c1c70d87a

    SHA256

    cf80455e97e3fede569ea275fa701c0f185eeba64f695286647afe56d29e2c37

    SHA512

    53e6ce64ad4e9f5696de92a32f65d06dbd459fd12256481706d7e6d677a14c15238e5351f97d2eb7bfb129a0d39f2603c4d14305a86821ed56e9face0bc252b6

    Download Submit

  • memory/1444-35-0x0000000000400000-0x00000000004B1000-memory.dmp

    Filesize

    708KB

    Download

  • memory/1444-0-0x0000000000400000-0x00000000004B1000-memory.dmp

    Filesize

    708KB

    Download

  • memory/2932-744-0x0000000003FF0000-0x0000000003FF1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2932-79-0x0000000003FF0000-0x0000000003FF1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2932-1180-0x00000000025D0000-0x00000000025E0000-memory.dmp

    Filesize

    64KB

    Download