Overview

overview

7

Static

static

3

137a1e64b5...89.exe

windows7-x64

7

137a1e64b5...89.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    142s
  • max time network
    125s
  • platform
    windows7_x64
  • resource
    win7-20231215-en
  • resource tags

    arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
  • submitted
    30/12/2023, 08:31

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    137a1e64b5279885d7975fcaffd00d89.exe

  • Size

    1.1MB

  • MD5

    137a1e64b5279885d7975fcaffd00d89

  • SHA1

    b856cd895d4cf9eaccc8d049d58de5f9f30e8666

  • SHA256

    e10b6cf51c1cdc0022ee28f400c756cf72fa0187105b8d42676cc68978c9ce9d

  • SHA512

    2b9de2d08abb38efa23d13169c9282d57d45124c6a8044cb8c7688279310e6acdfcd9b29d56e938d45e055034bac64aeb35ae22a50d509474b7fda8325166897

  • SSDEEP

    24576:ezpuZd3xNFYkrqrZpbUbsH7zg76jBwQrIA95eJ:ezkZfRKpbUAbzg+jz8H

Score
7/10
upx

Malware Config

Signatures

  • ACProtect 1.3x - 1.4x DLL software 1 IoCs

    Detects file using ACProtect software.

  • Loads dropped DLL 1 IoCs
  • UPX packed file 5 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Modifies Internet Explorer settings 1 TTPs 35 IoCs
    adwarespyware
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 11 IoCs
  • Suspicious use of WriteProcessMemory 8 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\137a1e64b5279885d7975fcaffd00d89.exe
    "C:\Users\Admin\AppData\Local\Temp\137a1e64b5279885d7975fcaffd00d89.exe"
    1⤵
    • Loads dropped DLL
    • Modifies Internet Explorer settings
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:1204
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" http://52wucha.taobao.com/
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:3032
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:3032 CREDAT:275457 /prefetch:2
        3⤵
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:3024

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    e70f042f13169037692236cc5ad26d5e

    SHA1

    6beec2dbe9804db9176efac398be74ba02b4d415

    SHA256

    d39b3bfa904150bc770cab43b773aa6c77023b0ad586f5b1fbcdd3570a403bca

    SHA512

    1f7bc512a7ad69f3e3568cfddbb724612b345051d24b98fc5f72f17169e0847c2fdccdfff952eb9dab09299c5395b28d0f5f84212dd998f0984bb6ec7401289f

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    baf46d5283a76c3a43cd0e83ac4d60cf

    SHA1

    b085503da9381eb7607d02590aa8c7b77cc6b534

    SHA256

    2cde4e33887095d646675dc9a0fa4a3d360ace939da4cba67111e0f306513dcf

    SHA512

    b2a566d0ea2f880cce4cdfcf0626f3a835e907730f8de1ad18543ec596ba683db084ecf154ce8259cbf87b1c493e63a1df2bc213451725bc237facca3cef403a

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    efe94c4b71c0eb6a9e05fa37fbc00e3d

    SHA1

    6038ba8b4301e79e6f2344e3dced60d0d00b1ffd

    SHA256

    4f98d1a91c2a5652a603483cd1c404d2e64bade8996ea6530ba5fe719e621268

    SHA512

    d7344d8ea8629bcccca02b497d622c3b9cb172e1bcc1d534fb468841a09540ea1977dc48f049d8a56fb5c72b8dd1569b75a2408e9ff05a32afa1c0f650d8feaf

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    337ea1dd874626bbf3c62c65b6159086

    SHA1

    b3f31f822549f112c45f65ba65439bd7df522bb5

    SHA256

    8d13aa3fae9ea5307fc03b9c4f5f1f5afc2abd4cff87af7d477910608e77b583

    SHA512

    16cb27389794d22020896c3040bb9600854e8007d558a8f447295a61b5b3d4bc762ecc0e14ba5cd2dbd7e64ed59d77aabc6008de71febf33b85467fd8a33af06

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    d2e9a07e113885258600dbfd709b014a

    SHA1

    6c19642a55aaa45aadd045fa495cf3df161b8431

    SHA256

    cb61c739a7c5e5b9628dd6e0bb8de85e80a47a0db45b56af3c6667db0ade2837

    SHA512

    86485be40cb1771b36bd73eb63cdbf2851ce80682229722fc90dba69c8a02a982b0a1095271d3e2cf89514cf84fe3f86e4b344922ff651b25f0c79c732035809

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    e534e62ab484261f9fa292ef82f89dc2

    SHA1

    372b60b6c4938e272cdd04c63708ff0bdf380be2

    SHA256

    002572a345743d90e1d779e7ab6f909d598fe739ef0b2bc2db65a75f80da6583

    SHA512

    6a7612d2d06659fb4a55e4dc1a473c62dc2c5e922e0df8b54467360eb23a4bee2bded30de42534cf8b2255c4c1a4eaf92b0041f3376d422f87a40ec0f239a94d

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    80164f52ea09d3497685513b2362b663

    SHA1

    1df66b16af375c8baf3c5e0a0642e452b85728b7

    SHA256

    51ed8e9ede0affb24ae186fb2ec58cda1abed1fc959c7bfcdab2b6e3b8acd5e7

    SHA512

    9dbe1ae66ccee4200b1477b42f50f2f8bb458332f8dc7a5713c23835603ca364d162ce33fa622eb23db2e4af24d2fb1678cba1a34a91055b275978a6504dec24

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    5b769cd4b51da9bcf3969d58d2f69b81

    SHA1

    d47bb377123ddf191ba7d12a689c70c78e167fee

    SHA256

    fac4cb70c928037497b8bad130e003917a05fe4f2e87d513bd67a7625f0bbc6e

    SHA512

    772d1759444e84bb2202fd6f118f0a445c00fc43088d000e3456b2b19b501148dab423668317ef475340bd143051ececfd904464b70ca4bb6c7518db01a41e0e

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    217b4c902079401523d21268f6d64c44

    SHA1

    516311151a0ab845088c5de53931c5d0230eb4b3

    SHA256

    a77f41862f035a6be75ecb4563616498fb4677ba86fb9cf3caf2f59857783b8a

    SHA512

    86f7c5d9ccac50caddeda6dc6da1c5c959f89dbc80417923116cb7466bae8cf5a0d936494e5d886dda9e552d702a2d7a5cf6132ec5cfa46ff5725f283abf768f

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    be8a019d337b819186c9806b44033cc7

    SHA1

    04dfe375c0f50d60781ca355cb3fcaf7839e3ac6

    SHA256

    766747e100b2f3f768719dbb89e90bee3f05b3a1a850934d5fe833e458825dcf

    SHA512

    0f05b653a079a2b98f6546fa68d0b0b83c3b24dd30f63e8d990ca75464405559a11f354d48706499096c792ff339fbce95915ef51963a851b3cb56501ff7f1aa

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    f7f6f627a3eb462e8483ec27fee18211

    SHA1

    7859ca786b1251048da16cf8deb6dc4ac0663063

    SHA256

    3d342afd519ed4ef5bf5c58cfb807fd1c6cf0c880f45194f3c48c2fb6618fa01

    SHA512

    b7017a704958365d1583482ebf10662b8d789f89e41e8c87a100b45c62e3803fda9a7524ce0a6f27c86b9cfd8dbe248d8e770af056fe4982a26b95741909423a

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    4dc0bfa28c43fde21965772b1d5557d4

    SHA1

    e0137e0bd097b4ed516174d845342ed0979670b2

    SHA256

    319c92456a67c38de33a69888b528800a55c7a2f77ae1728c5b6d1e0563bc55c

    SHA512

    68fbb1d0f2e9ae0d5276c73d3c85c2826f47325d411ec7d4fd2c53b178ff485ef8dc27b6b48e4b2b65a2661a60aad846c2b705940a25e0c1683140f28f6d3622

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Cab69BE.tmp
    Filesize

    65KB

    MD5

    ac05d27423a85adc1622c714f2cb6184

    SHA1

    b0fe2b1abddb97837ea0195be70ab2ff14d43198

    SHA256

    c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

    SHA512

    6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Tar6BE3.tmp
    Filesize

    171KB

    MD5

    9c0c641c06238516f27941aa1166d427

    SHA1

    64cd549fb8cf014fcd9312aa7a5b023847b6c977

    SHA256

    4276af3669a141a59388bc56a87f6614d9a9bdddf560636c264219a7eb11256f

    SHA512

    936ed0c0b0a7ff8e606b1cc4175a1f9b3699748ccbba1c3aff96203033d2e9edabf090e5148370df42fbfc4e31d7229493706ff24f19ff42ff7bef74a6baad06

    Download Submit

  • \Users\Admin\AppData\Local\Temp\SkinH_EL.dll
    Filesize

    87KB

    MD5

    91f544fe7f9703cad0e8eb2e1863e056

    SHA1

    c1de2693b678f7ca390f081fd633c86f3786ea79

    SHA256

    dbc2dc69d3edf8954f107511280bd0261772d1f16b4fa6320d95edeb57021ef0

    SHA512

    499c02c2d38b0b9ea76e65aa151baa3d805f024ce89116c630da730b3aca5bc18400c26b7b5b6934f072248a400078b9ca8493ba0b6826ef4469182d939b70c6

    Download Submit

  • memory/1204-4-0x0000000010000000-0x000000001003C000-memory.dmp

    Filesize

    240KB

    Download

  • memory/1204-7-0x0000000010000000-0x000000001003C000-memory.dmp

    Filesize

    240KB

    Download

  • memory/1204-6-0x0000000010000000-0x000000001003C000-memory.dmp

    Filesize

    240KB

    Download

  • memory/1204-21-0x0000000010000000-0x000000001003C000-memory.dmp

    Filesize

    240KB

    Download