Overview

overview

6

Static

static

3

14b6190060...f9.exe

windows7-x64

6

14b6190060...f9.exe

windows10-2004-x64

6

Analysis

  • max time kernel
    121s
  • max time network
    127s
  • platform
    windows7_x64
  • resource
    win7-20231215-en
  • resource tags

    arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
  • submitted
    30/12/2023, 09:38

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    14b61900603e45577de0509fa06344f9.exe

  • Size

    1.3MB

  • MD5

    14b61900603e45577de0509fa06344f9

  • SHA1

    aaf25a159077456bf5aae61dcd164cb1d00419bf

  • SHA256

    aefaf92e65d551431c91671f8052aeec9c65be0e6f71fc69e6729c50119e87ad

  • SHA512

    730564bdc7cde0de884fae3c22c21747e64b887a52dc39e635f6735c3c731723f073df2bb249329c4666c58901ee85c8ace14227d2b5af5068243334c722c30d

  • SSDEEP

    12288:Ch/pCHxW4pbAOeeeZeeeeEhMEr6CX4zistD:U/eDNAuaE6tim

Score
6/10
evasiontrojan

Malware Config

Signatures

  • Checks whether UAC is enabled 1 TTPs 1 IoCs
    evasiontrojan
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Modifies Internet Explorer settings 1 TTPs 35 IoCs
    adwarespyware
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 9 IoCs
  • Suspicious use of WriteProcessMemory 8 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\14b61900603e45577de0509fa06344f9.exe
    "C:\Users\Admin\AppData\Local\Temp\14b61900603e45577de0509fa06344f9.exe"
    1⤵
    • Checks whether UAC is enabled
    • Modifies Internet Explorer settings
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:1040
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" http://www.gamecentersolution.com/downloadgame.aspx?CID=21157&AID=775
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:2664
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2664 CREDAT:275457 /prefetch:2
        3⤵
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:2524

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    4b5f8af835d8b7cc32e5f17ea5b1e9dd

    SHA1

    ea50b9a5c5c0bb7e7feb6ff2411ab8984bfd3c00

    SHA256

    bd04c280b9d23ff5cb77fdb3df672ff096e2018fd63a28eb90ca5105f2d37c20

    SHA512

    700484001f87bb1dd07a5530b56abd01624192632e5af58b781b2598d2298bc8e6fc0640b1dceca7ae4f083be5787aba6b8112ed4950e56d3729e09d53c685c9

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    be70767722993dadbd427688285e11fa

    SHA1

    412136aa470dea5782e97619ea8bb1f326e40ee1

    SHA256

    c7c4baba19d2f03a3c52093a4d0278aff9b3a622f2ce3511a22c902e150004e0

    SHA512

    5efacb42f87e962056ed587c351807d20dd3a26e31e19ba35b8bcc616da8ea3ec6b98c055eddfaeedcc215df545ee09caa473ac932be743f250dcebbca45f81a

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    e699ffd00e44da146a22dc8cdb24a733

    SHA1

    d9f955601ca027649391a1f02e5ba27558e6099a

    SHA256

    f126f38fc90840a6ae9dac35156ea4c59e49f212be9ffb01020db41ae5a53d5d

    SHA512

    b3c9b9ce7cc9d222c166252746c08bfc509dac68ca4bcd3e2895ba9976e6bc707010f332870de8275262360d5d9cc6332e417aa3430b14300f0e4f37bb2669cc

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    1bce7c6c949ca01c991bcdcd4cff59dd

    SHA1

    d87c245038769105e86d969dce06b1f5297e9745

    SHA256

    74c1165f1db484a9e7fdd532ee675f3fea4fa92d39cba9d5899ce95c0107ce85

    SHA512

    928afb5ea9519b353013c38dae54ff42b9e21fa30e3c724e9a37efe81f85d66a536adf2d2aa5fa05481b4a317c3525027871e18740f782fd4dae1fdd06a36cf0

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    7ac9fa722568bb43b45864354db18209

    SHA1

    81438cd4fa0bfdf4eb3a951baef2b141e053dced

    SHA256

    53dda3918dad94182374b13c5b33d8acacc17997578afa3d8b76cb3b2d6756ba

    SHA512

    2fa8ba94a58595f4dbf85bdcef3b84fabb028d06c749717309b6e04abba9483bbed40a2d174d8b8148c8beb869ae08f9314184ecf4fd90efb24aefbce614f36f

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    f37374b872b34198655b731f1a96868e

    SHA1

    252460e85012b6f54edf63cf30832a1d7734ad68

    SHA256

    9b13c1f6fe918073514196e66e0e7726badd8216aacf2a84ed3e006ac7e2d4d5

    SHA512

    0d6b84f334d44b463d0c2a08e501de0de8733797b60d4aaa2ecd71a47f1c615d488e3fd06f1b25c672c6ad0f3685dd7248b7fbc93b471249fdd403f371afffe7

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    431c28f20a5726119bcfbe15b7731a09

    SHA1

    fe97991de30875b2e78984e6a4b4dc20a51ee008

    SHA256

    85df02f233a1cb05e3bf145f1a878671e5640dfef83b108723c3bc5f8dbf9494

    SHA512

    4022ff64c8f25deb13fdde693e57b2b54baf314a968c31ad1b6ca32e8a9c3890f44ba4d3c2be89f66ceb1642c98bb908b5a3381e4d1c554bd35df569db797c3c

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    f4e3e3b59ef2abf1affdaa1e9f7ea671

    SHA1

    985a1bc21d190d912388971bd06396bc31cdf7f7

    SHA256

    02db6e4e943772e8e53a2d2b4f6d44e518f09b1fbae8604afe0013ba1fd323c6

    SHA512

    d0010a8a42007ce4879c1b8cf276acdf0094d4d90ed17d6a8ba2c28d7e70c4bd2f962fd9814bbbb6c048c60bf129649db081d9e7ad2d609f21f2867e458334ff

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    19c0a6e78710eee3589b87d7877ea791

    SHA1

    269503756b95a3393507d5b54fe4163ea4783a94

    SHA256

    dbf646dc594d81a3beb70ffaea304db274291ea831066eda96db7f168348e4a0

    SHA512

    9a604c8da06c313ea34edfb8debbccb2bdb43c16a53b590b5ef710600b733cb6379fcfc814585e480578aa48bf277328ab6962e775d9883e66d4a1454c196c27

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    8f9fba24d98306b83b59e1290761a1a4

    SHA1

    75582e71a983400346445f30eb8903196cb43ac6

    SHA256

    de0b51f7c2bdee0c220b17a508777666f5bb8f86d3385a3055a14e64e980e193

    SHA512

    9410be217ad80a1a20c3ac83e22a585de0f5d01c6e9d0fc46cf905a1e739e20bda2ce0126b335284a2e45b2eff2272d89aa3c787e3af4a84a4286593e165d712

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    e8007eee8fd21c3314219fda4af9b893

    SHA1

    fb5d8119009f52ced9d332f0eae7fd531eefff2b

    SHA256

    dcea0815538ceda97c029c350061186017c4260b82204ee60222451efb3d6d20

    SHA512

    8f35e4799b1f39ad2cd14c0d94e5b748960c78d6068f91362dc84af5e0144f8118ec651691bda1a04367a5943fc3c504ddb367f8005d76fb88230049fa412417

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    81731bd70f613641ad47786f169ecabc

    SHA1

    91323a5998f8ca1bc2dfecd0552483878ac48c61

    SHA256

    3ff41726b730577abe7640ae87d1d5bf5a122ac30b4b828f66b8e93571a69abb

    SHA512

    b272922394fa97f103f2f889cce1ff8efb770ec575fda5167f7b639f735d262fc246fb2cd3f04056728b4b21b0272dd477b91877fc47dbfe29e51486962dbf68

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    627e4845c64686f9d966f43c412a5e9b

    SHA1

    7531310f280e08cb7e8fe5ae1654c15b807a88d6

    SHA256

    eabafd4b7772a94f71afa9a630b3ffba327752528d8f170f6e72754217ccb36a

    SHA512

    3e66dcf6be201ed8f532c28d724da16ef65b8030771a339302802c26673c0bac9e2bfff9bab7df02deb77f674c8dbb94d408bd50bc3e0c578f9856775b08559b

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    26e9395cdd21a52cb5f6eb6c794f274d

    SHA1

    b68c91d62fca4910f342c6972b7002256b38561e

    SHA256

    0dc3b6bb16a30b84e76e58d6c335dc6236d01d9da68c4b8e5fb7b8dae6124c97

    SHA512

    8890977fa02f2896ec6f85001c811add16698b7d311d3903b761affb0e8a853b6f268291f5dbf6993ed3b6ea6b635d73edfdd6d1c54d53955ce2b73ee6d9fe7b

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Cab6165.tmp
    Filesize

    65KB

    MD5

    ac05d27423a85adc1622c714f2cb6184

    SHA1

    b0fe2b1abddb97837ea0195be70ab2ff14d43198

    SHA256

    c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

    SHA512

    6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Tar71BD.tmp
    Filesize

    171KB

    MD5

    9c0c641c06238516f27941aa1166d427

    SHA1

    64cd549fb8cf014fcd9312aa7a5b023847b6c977

    SHA256

    4276af3669a141a59388bc56a87f6614d9a9bdddf560636c264219a7eb11256f

    SHA512

    936ed0c0b0a7ff8e606b1cc4175a1f9b3699748ccbba1c3aff96203033d2e9edabf090e5148370df42fbfc4e31d7229493706ff24f19ff42ff7bef74a6baad06

    Download Submit

  • memory/1040-0-0x0000000000400000-0x000000000055F000-memory.dmp

    Filesize

    1.4MB

    Download