Overview

overview

10

Static

static

3

0e08fd42b7...33.exe

windows7-x64

10

0e08fd42b7...33.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    118s
  • max time network
    165s
  • platform
    windows7_x64
  • resource
    win7-20231215-en
  • resource tags

    arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
  • submitted
    30-12-2023 04:12

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    0e08fd42b72428353738a47765a4fe33.exe

  • Size

    323KB

  • MD5

    0e08fd42b72428353738a47765a4fe33

  • SHA1

    408d118f5527f4f47f2084098dd4391248d889c2

  • SHA256

    e80980441a46b804f0724d7384ad5472b933adc6dbee72c2a8bb678269c446cb

  • SHA512

    d3346157a54f715fe4831cbd8f57e3455de2f3a339218a13349731f0aa21cab548fe1483169d75329c1d0c105d4815a96f41121879b62d6d0b0d7efed485c806

  • SSDEEP

    3072:g9C7aCj5nBYKAOQwSl1G5aXUMEZlygA9WVW2qpjQHgXUFShsBEmC6KMCGgBQ:g9C7r5nBYKAOQwTUXYz9H1CG

Score
10/10
toxiceyerattrojan

Malware Config

Extracted

Family

toxiceye

C2

https://api.telegram.org/bot1776678662:AAH279kNCdZFK5o7TkT7yGeGh8L9WgRtTUA/sendMessage?chat_id=981052588

Signatures

  • ToxicEye

    ToxicEye is a trojan written in C#.

    rattrojantoxiceye
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Program crash 1 IoCs
  • Modifies Internet Explorer settings 1 TTPs 34 IoCs
    adwarespyware
  • Suspicious behavior: EnumeratesProcesses 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 16 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\0e08fd42b72428353738a47765a4fe33.exe
    "C:\Users\Admin\AppData\Local\Temp\0e08fd42b72428353738a47765a4fe33.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:1200
    • C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
      "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" start www.google.com
      2⤵
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of WriteProcessMemory
      PID:2764
      • C:\Program Files\Internet Explorer\iexplore.exe
        "C:\Program Files\Internet Explorer\iexplore.exe" http://www.google.com/
        3⤵
        • Modifies Internet Explorer settings
        • Suspicious use of FindShellTrayWindow
        • Suspicious use of SetWindowsHookEx
        • Suspicious use of WriteProcessMemory
        PID:1352
        • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
          "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1352 CREDAT:275457 /prefetch:2
          4⤵
          • Modifies Internet Explorer settings
          • Suspicious use of SetWindowsHookEx
          PID:1400
    • C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 1200 -s 628
      2⤵
      • Program crash
      PID:2880

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    753ed76891b97b99ed1ba9d5e2db4512

    SHA1

    2ab4fad6e15cd0ded82ccb96b0291d63af9b9c2c

    SHA256

    c9bf6a6002a6cabbb3651e645ff55ba014949601513ed63d86475d169c455626

    SHA512

    21d7bb0e61a75e3be312dc676398b4232107459be5255167aa5a48d49892a317835fa739141fa7373aa0d6f27911a1807daac2aaaa2ca7984d12f5ad96e42064

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    213a789110e442236d1c73df76aa6bfc

    SHA1

    c1b5a4354bf4bcd847a645455b5b7559069e3799

    SHA256

    a70af5f82bb580183a6532efd80c31ad2a95d96150675b326754eed457d5ace0

    SHA512

    deff36f9fae5e39eb5d3cfa37194f6eaefbec9c61ffebc68922f2a8e5ea036c00f4d7730505ee7cfb95dc258c918b886b5f0c726de966a9bdf66c29239e880e1

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    ced023fdf2919ad71115fe494ee5d339

    SHA1

    ebe0780c1867961d56145134970386516412c4e9

    SHA256

    770b3e85e955c93d72212e19c4f6a9370dcfa59d33fd129367160e886c995001

    SHA512

    6b16b421cd18092f6b8098bc84006da33d5597a1e6dfbb21f4667380bc04c5cab0b1a489779fe29cabdb75246853b62df2f3f24e8b9f3efa6af6e34ab5311b4f

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    696f1a9b06437f6a2a784d8f51ab111d

    SHA1

    73aef76cd72f6f580b264978d03b1c62cc5ba7c5

    SHA256

    8f2b14c3959981b7011f4a3ec612e595bae06e466f7dd825dffd037e949cb311

    SHA512

    35e89bdc72a80f98a3b9243a1ec0a723b3964d35535a678608a81309169e1530d5ae32a03e55bf98469dc90bf42bb44fd6170271396dc0f35b310e1d39f7c69d

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    e18c75845870ae71898a3c18580382ed

    SHA1

    61d16d8133875064d751627be3970a337df61683

    SHA256

    7caed9cb57299b6168f3befdeb668a5b7f4a7de4956ec1bc74874018f0e97920

    SHA512

    7e5b89e307b085f579aa7f07e0387f73711c698d71b76d11843cdbfc8e90b81df815da78367f911ec378b80da25460664cc9aa41fe62fa036a28c720f021b057

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Cab44FD.tmp
    Filesize

    65KB

    MD5

    ac05d27423a85adc1622c714f2cb6184

    SHA1

    b0fe2b1abddb97837ea0195be70ab2ff14d43198

    SHA256

    c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

    SHA512

    6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Tar453E.tmp
    Filesize

    171KB

    MD5

    9c0c641c06238516f27941aa1166d427

    SHA1

    64cd549fb8cf014fcd9312aa7a5b023847b6c977

    SHA256

    4276af3669a141a59388bc56a87f6614d9a9bdddf560636c264219a7eb11256f

    SHA512

    936ed0c0b0a7ff8e606b1cc4175a1f9b3699748ccbba1c3aff96203033d2e9edabf090e5148370df42fbfc4e31d7229493706ff24f19ff42ff7bef74a6baad06

    Download Submit

  • memory/1200-9-0x0000000073FB0000-0x000000007469E000-memory.dmp

    Filesize

    6.9MB

    Download

  • memory/1200-0-0x0000000000F90000-0x0000000000FE8000-memory.dmp

    Filesize

    352KB

    Download

  • memory/1200-2-0x0000000000720000-0x0000000000744000-memory.dmp

    Filesize

    144KB

    Download

  • memory/1200-1-0x0000000073FB0000-0x000000007469E000-memory.dmp

    Filesize

    6.9MB

    Download

  • memory/2764-11-0x0000000070C10000-0x00000000711BB000-memory.dmp

    Filesize

    5.7MB

    Download

  • memory/2764-10-0x0000000002660000-0x00000000026A0000-memory.dmp

    Filesize

    256KB

    Download

  • memory/2764-6-0x0000000070C10000-0x00000000711BB000-memory.dmp

    Filesize

    5.7MB

    Download

  • memory/2764-7-0x0000000002660000-0x00000000026A0000-memory.dmp

    Filesize

    256KB

    Download

  • memory/2764-8-0x0000000002660000-0x00000000026A0000-memory.dmp

    Filesize

    256KB

    Download

  • memory/2764-5-0x0000000070C10000-0x00000000711BB000-memory.dmp

    Filesize

    5.7MB

    Download