175e69b820fac09e44f8d067115d899dcbc26b1f4c46d7cc71b8841386c255c7

Analysis

max time kernel
85s
max time network
103s
platform
windows10-2004_x64
resource
win10v2004-20231222-en
resource tags

arch:x64arch:x86image:win10v2004-20231222-enlocale:en-usos:windows10-2004-x64system
submitted
30/12/2023, 05:36

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

1024a9c15f5162e4ee96531b1e13bdd9.exe
Size

54KB
MD5

1024a9c15f5162e4ee96531b1e13bdd9
SHA1

51ce6484939e91b5c0c40f708fff52189d207708
SHA256

175e69b820fac09e44f8d067115d899dcbc26b1f4c46d7cc71b8841386c255c7
SHA512

2fb2fd7e151db3439468b8f52894759b84b64e6ba3760e4e7a0461ac541e55d86338ff883a7c320338ed5783175b2147f24fba323066f70f3d22d6f4cb669aa1
SSDEEP

768:YU5Qmsqn3fpJ8/f+EDufZJUNL9YTy1t2east7YRpcd2/nqOego9zHd19VmzezClF:1lnIufZAP1t2easWRpFUgizZVxClhH

Score

8^/10

evasion

Malware Config

Signatures

Sets file to hidden 1 TTPs 2 IoCs

Modifies file attributes to stop it showing in Explorer etc.

evasion

Hidden Files and Directories

T1564.001

pid	Process
1692	attrib.exe
4228	attrib.exe

Views/modifies file attributes 1 TTPs 2 IoCs

evasion

Hidden Files and Directories

T1564.001

pid	Process
4228	attrib.exe
1692	attrib.exe

C:\Users\Admin\AppData\Local\Temp\1024a9c15f5162e4ee96531b1e13bdd9.exe
"C:\Users\Admin\AppData\Local\Temp\1024a9c15f5162e4ee96531b1e13bdd9.exe"
1⤵
PID:988
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\s_g_l_229.bat" "
  2⤵
  PID:2128
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /K C:\Users\Admin\AppData\Roaming\redload\1.bat
    3⤵
    PID:2532
- C:\Users\Admin\AppData\Local\Temp\inl9354.tmp
  C:\Users\Admin\AppData\Local\Temp\inl9354.tmp
  2⤵
  PID:864
- - C:\Windows\SysWOW64\cmd.exe
    "C:\Windows\system32\cmd.exe" /c del C:\Users\Admin\AppData\Local\Temp\inl9354.tmp > nul
    3⤵
    PID:312
- C:\Windows\SysWOW64\cmd.exe
  "C:\Windows\system32\cmd.exe" /c del C:\Users\Admin\AppData\Local\Temp\1024A9~1.EXE > nul
  2⤵
  PID:3372

C:\PROGRA~1\INTERN~1\iexplore.exe
C:\PROGRA~1\INTERN~1\IEXPLORE.EXE http://www.cnkankan.com/?82133
1⤵
PID:4140
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:4140 CREDAT:17410 /prefetch:2
  2⤵
  PID:2060

C:\Windows\SysWOW64\rundll32.exe
rundll32 syssetup,SetupInfObjectInstallAction DefaultInstall 128 C:\Users\Admin\AppData\Roaming\redload\1.inf
1⤵
PID:3732

C:\Windows\SysWOW64\reg.exe
reg add "HKCR\CLSID\{971C5380-92A0-5A69-B3EE-C3002B33309E}" /v "IsShortCut" /d "" /f
1⤵
PID:4276

C:\Windows\SysWOW64\reg.exe
reg add "HKCR\CLSID\{971C5380-92A0-5A69-B3EE-C3002B33309E}\Shell\open(&H)\Command" /v "" /d "wscript -e:vbs ""C:\Users\Admin\AppData\Roaming\redload\3.bat""" /f
1⤵
PID:2784

C:\Windows\SysWOW64\attrib.exe
attrib +s +h C:\Users\Admin\AppData\Roaming\redload\tmp
1⤵
- Sets file to hidden
- Views/modifies file attributes
PID:1692

C:\Windows\SysWOW64\runonce.exe
"C:\Windows\system32\runonce.exe" -r
1⤵
PID:4808
- C:\Windows\SysWOW64\grpconv.exe
  "C:\Windows\System32\grpconv.exe" -o
  2⤵
  PID:1568

C:\Windows\SysWOW64\rundll32.exe
rundll32 D:\VolumeDH\inj.dat,MainLoad
1⤵
PID:3028

C:\Windows\SysWOW64\rundll32.exe
rundll32 syssetup,SetupInfObjectInstallAction DefaultInstall 128 C:\Users\Admin\AppData\Roaming\redload\2.inf
1⤵
PID:2464

C:\Windows\SysWOW64\attrib.exe
attrib +s +h C:\Users\Admin\AppData\Roaming\redload\tmp\a.{971C5380-92A0-5A69-B3EE-C3002B33309E}
1⤵
- Sets file to hidden
- Views/modifies file attributes
PID:4228

C:\Windows\SysWOW64\reg.exe
reg add "HKCU\Software\tmp" /v "key" /d ""http://www.82133.com/?S"" /f
1⤵
PID:2272

C:\Windows\SysWOW64\reg.exe
reg add "HKCU\Software\Microsoft\Internet Explorer\Main" /v "Start Page" /d ""http://www.82133.com/?S"" /f
1⤵
PID:1096

C:\Windows\SysWOW64\reg.exe
reg add "HKLM\Software\Microsoft\Internet Explorer\Main" /v "Start Page" /d ""http://www.82133.com/?S"" /f
1⤵
PID:3208

C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /K C:\Users\Admin\AppData\Roaming\redload\2.bat
1⤵
PID:2284

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Hide Artifacts

T1564

Hidden Files and Directories

T1564.001

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\cdf1912.tmp

Filesize
791B

MD5
1706b41fd446b5718a8419c0fcb35d55

SHA1
d9bb8df22acdc60c754ac14982cf795df3b1b815

SHA256
5c6d11ac3f220f8286455764ab2581dcb6554692d3b9974b097364d77edb3943

SHA512
68c9f6170ecdfcc79fc63cb646901d2ac52a915620b159047b2c93761c261897eb5ecc15065635105637a61a840d393104c15ea8268897fb8bb2fbc1a56c626e

Download Submit
memory/988-129-0x00000000005E0000-0x0000000000605000-memory.dmp

Filesize
148KB

Download
memory/988-1-0x00000000001F0000-0x00000000001F3000-memory.dmp

Filesize
12KB

Download
memory/988-5-0x00000000005E0000-0x0000000000605000-memory.dmp

Filesize
148KB

Download
memory/988-7-0x00000000001F0000-0x00000000001F3000-memory.dmp

Filesize
12KB

Download
memory/988-0-0x00000000005E0000-0x0000000000605000-memory.dmp

Filesize
148KB

Download
memory/4140-138-0x00007FFBDA580000-0x00007FFBDA5EE000-memory.dmp

Filesize
440KB

Download
memory/4140-103-0x00007FFBDA580000-0x00007FFBDA5EE000-memory.dmp

Filesize
440KB

Download
memory/4140-81-0x00007FFBDA580000-0x00007FFBDA5EE000-memory.dmp

Filesize
440KB

Download
memory/4140-85-0x00007FFBDA580000-0x00007FFBDA5EE000-memory.dmp

Filesize
440KB

Download
memory/4140-94-0x00007FFBDA580000-0x00007FFBDA5EE000-memory.dmp

Filesize
440KB

Download
memory/4140-97-0x00007FFBDA580000-0x00007FFBDA5EE000-memory.dmp

Filesize
440KB

Download
memory/4140-108-0x00007FFBDA580000-0x00007FFBDA5EE000-memory.dmp

Filesize
440KB

Download
memory/4140-109-0x00007FFBDA580000-0x00007FFBDA5EE000-memory.dmp

Filesize
440KB

Download
memory/4140-110-0x00007FFBDA580000-0x00007FFBDA5EE000-memory.dmp

Filesize
440KB

Download
memory/4140-111-0x00007FFBDA580000-0x00007FFBDA5EE000-memory.dmp

Filesize
440KB

Download
memory/4140-68-0x00007FFBDA580000-0x00007FFBDA5EE000-memory.dmp

Filesize
440KB

Download
memory/4140-137-0x00007FFBDA580000-0x00007FFBDA5EE000-memory.dmp

Filesize
440KB

Download
memory/4140-141-0x00007FFBDA580000-0x00007FFBDA5EE000-memory.dmp

Filesize
440KB

Download
memory/4140-143-0x00007FFBDA580000-0x00007FFBDA5EE000-memory.dmp

Filesize
440KB

Download
memory/4140-140-0x00007FFBDA580000-0x00007FFBDA5EE000-memory.dmp

Filesize
440KB

Download
memory/4140-139-0x00007FFBDA580000-0x00007FFBDA5EE000-memory.dmp

Filesize
440KB

Download
memory/4140-64-0x00007FFBDA580000-0x00007FFBDA5EE000-memory.dmp

Filesize
440KB

Download
memory/4140-116-0x00007FFBDA580000-0x00007FFBDA5EE000-memory.dmp

Filesize
440KB

Download
memory/4140-107-0x00007FFBDA580000-0x00007FFBDA5EE000-memory.dmp

Filesize
440KB

Download
memory/4140-72-0x00007FFBDA580000-0x00007FFBDA5EE000-memory.dmp

Filesize
440KB

Download
memory/4140-101-0x00007FFBDA580000-0x00007FFBDA5EE000-memory.dmp

Filesize
440KB

Download
memory/4140-100-0x00007FFBDA580000-0x00007FFBDA5EE000-memory.dmp

Filesize
440KB

Download
memory/4140-95-0x00007FFBDA580000-0x00007FFBDA5EE000-memory.dmp

Filesize
440KB

Download
memory/4140-93-0x00007FFBDA580000-0x00007FFBDA5EE000-memory.dmp

Filesize
440KB

Download
memory/4140-92-0x00007FFBDA580000-0x00007FFBDA5EE000-memory.dmp

Filesize
440KB

Download
memory/4140-89-0x00007FFBDA580000-0x00007FFBDA5EE000-memory.dmp

Filesize
440KB

Download
memory/4140-87-0x00007FFBDA580000-0x00007FFBDA5EE000-memory.dmp

Filesize
440KB

Download
memory/4140-84-0x00007FFBDA580000-0x00007FFBDA5EE000-memory.dmp

Filesize
440KB

Download
memory/4140-83-0x00007FFBDA580000-0x00007FFBDA5EE000-memory.dmp

Filesize
440KB

Download
memory/4140-82-0x00007FFBDA580000-0x00007FFBDA5EE000-memory.dmp

Filesize
440KB

Download
memory/4140-79-0x00007FFBDA580000-0x00007FFBDA5EE000-memory.dmp

Filesize
440KB

Download
memory/4140-78-0x00007FFBDA580000-0x00007FFBDA5EE000-memory.dmp

Filesize
440KB

Download
memory/4140-75-0x00007FFBDA580000-0x00007FFBDA5EE000-memory.dmp

Filesize
440KB

Download
memory/4140-74-0x00007FFBDA580000-0x00007FFBDA5EE000-memory.dmp

Filesize
440KB

Download
memory/4140-73-0x00007FFBDA580000-0x00007FFBDA5EE000-memory.dmp

Filesize
440KB

Download
memory/4140-71-0x00007FFBDA580000-0x00007FFBDA5EE000-memory.dmp

Filesize
440KB

Download
memory/4140-70-0x00007FFBDA580000-0x00007FFBDA5EE000-memory.dmp

Filesize
440KB

Download
memory/4140-67-0x00007FFBDA580000-0x00007FFBDA5EE000-memory.dmp

Filesize
440KB

Download
memory/4140-66-0x00007FFBDA580000-0x00007FFBDA5EE000-memory.dmp

Filesize
440KB

Download
memory/4140-63-0x00007FFBDA580000-0x00007FFBDA5EE000-memory.dmp

Filesize
440KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads