Overview

overview

7

Static

static

3

16ab53ad56...c4.exe

windows7-x64

7

16ab53ad56...c4.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    138s
  • max time network
    135s
  • platform
    windows7_x64
  • resource
    win7-20231129-en
  • resource tags

    arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
  • submitted
    30-12-2023 11:02

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    16ab53ad56e72a944d4c256b5496eac4.exe

  • Size

    346KB

  • MD5

    16ab53ad56e72a944d4c256b5496eac4

  • SHA1

    51d1ebdeb893d9fd9f61679628071a0a16e7b372

  • SHA256

    6bdd6f7691ad064c15d5db443b2b1e67b2437380b3159d4a250ed66912dd14c6

  • SHA512

    97074e04efe87fdc563875cb5234b72f07f68cb21476c1bdf551b4d39223d342ab70051ee5c93524e85dee15153692e03cb40adcd8351aab38db1975472d910f

  • SSDEEP

    6144:ye34EvlhNC7JuyKAs8LG9R3HNe76JvML/9c7Cr7Ob+Fdg:5+YyXSvi2v2ICvOb+Fdg

Score
7/10

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 4 IoCs
  • Drops file in Program Files directory 1 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Modifies Internet Explorer settings 1 TTPs 35 IoCs
    adwarespyware
  • Modifies registry class 10 IoCs
  • Suspicious use of AdjustPrivilegeToken 2 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 4 IoCs
  • Suspicious use of WriteProcessMemory 28 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\16ab53ad56e72a944d4c256b5496eac4.exe
    "C:\Users\Admin\AppData\Local\Temp\16ab53ad56e72a944d4c256b5496eac4.exe"
    1⤵
    • Loads dropped DLL
    • Drops file in Program Files directory
    • Modifies registry class
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:3032
    • C:\Windows\SysWOW64\cscript.exe
      "C:\Windows\system32\cscript.exe" "C:\Program Files (x86)\EditPlus\kk14.icw"
      2⤵
      • Suspicious use of WriteProcessMemory
      PID:2196
      • C:\Windows\SysWow64\WScript.exe
        "C:\Windows\SysWow64\WScript.exe" "C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Templates\kk14.icw"
        3⤵
          PID:1876
      • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Templates\installstat.exe
        C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Templates\installstat.exe
        2⤵
        • Executes dropped EXE
        • Loads dropped DLL
        PID:2648
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" -Embedding
      1⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:2624
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2624 CREDAT:275457 /prefetch:2
        2⤵
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:2092

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Program Files (x86)\EditPlus\kk14.icw
      Filesize

      132B

      MD5

      09c1c8d122a078047374e40672f7c912

      SHA1

      d07354a21ccbf6b088f02fb46dcd65640751b48a

      SHA256

      aef3c432e15d7d0fca224254765e050e6060711ee9a529dae6ea0ef651147186

      SHA512

      71d506bf41272ffece1ae23dd28bba3d31cf7343574bd25aab905b9691185535c4a47fad3a036eef2985228e1342eb2d83e1f6911c9b75567bbafc03213e5833

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC
      Filesize

      914B

      MD5

      e4a68ac854ac5242460afd72481b2a44

      SHA1

      df3c24f9bfd666761b268073fe06d1cc8d4f82a4

      SHA256

      cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f

      SHA512

      5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
      Filesize

      65KB

      MD5

      ac05d27423a85adc1622c714f2cb6184

      SHA1

      b0fe2b1abddb97837ea0195be70ab2ff14d43198

      SHA256

      c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

      SHA512

      6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357
      Filesize

      1KB

      MD5

      a266bb7dcc38a562631361bbf61dd11b

      SHA1

      3b1efd3a66ea28b16697394703a72ca340a05bd5

      SHA256

      df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e

      SHA512

      0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC
      Filesize

      252B

      MD5

      f66cb0b75c23e4ed071c9e3ad7902427

      SHA1

      a4254770ac161c8c07d407e3a7d1ae79ec3240ed

      SHA256

      734a7bc7de4fe83c03627003b8723b78746c4fd71540aa0a9bbd44782387ed0a

      SHA512

      2a3c76bf0529a2e16c0787e175acbaeb72e194a4a49427fd9d402fa304ec33496bc9bd93a647a19be60a755bcfd799f7a12b7e6069446b69955e864c0726673b

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      4d7fca8ba201bbabce425f3764d2bf9a

      SHA1

      15f391912d7c03008a2a92e6f3e5d562e0d45a7f

      SHA256

      41e1cf9caa696a120c1e4f81c1bd09a6a43e9c07d7069cd5d740bc172125c3f6

      SHA512

      380f214e0b068d33bc4cf113acb5d711c5a1251683085cbfff7d5bb003dfa74b60496fca3b6162188bdd3e8ff60224fb54d076891185e8c38d13b44d99b017e5

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      735d46d7af73477c654f2670c1793a09

      SHA1

      c76d0400ab6eaf5304678e6e04fc4591711c17b0

      SHA256

      56daf7e3063eedc2ec8513ba3becdb6c5711afc1f5c754f6266971de22699087

      SHA512

      3797937f13d2c523ba7d526a164da3ca01ea5ea3a48aecc7f7787da7129c852d1751e055f9d7d9eeb62da5bc8163dcecd773173d2ae0a199d96d4f587778c00f

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      7a58ef302de15eb9ee2f55512b21cc1a

      SHA1

      3cf12c14b972d51675d918e915b3da6f617c515e

      SHA256

      1a5c772e5927dbd85788597a9c9b7a847e09608e6a8ad8f6003800b79f2e3e70

      SHA512

      47d2b53afbb34425b6258843c617a0cc51a9b51a204d1cbd93cb982e30a8733f97cdcf72ec40b0fe78a52b07a3de4ec9d1103c4eb4b585681af9e51866d8d49c

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      9ae213b62936995220dc9f77c8060192

      SHA1

      12b6383044248f80a1a2f233b2ad196c7d63a992

      SHA256

      c24ae5c946b7cd812d3082026f62fadfae181de0e33ae20e8b391f193305b31f

      SHA512

      48a7e79ed56b8e0929e89ce2796924b7bac4be1434a7dd858756ab55ae28b141e6a2bd3581d673c7c59a0e11ad1894df0bb62c8ce756038edbec95f2da799f72

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      993f7891c9e2480bb950940df3992906

      SHA1

      840a5ba2772fd0ad96f814043dc6f5d4b5d8e18e

      SHA256

      5e4577640e1eac99651784572042b681d5fdf797dbbd524fd4e89d67a75e311a

      SHA512

      10e31f41f914bf62ee7afe3c092bc0492db55d230a2edab48feb8f3e34585867fea19e16ea222c41e21d6aa3c4fd094443f6fdc11450a9f86b7f9b81c846805f

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      71777d49c4bac252dc2a847a51608b31

      SHA1

      62ceec9862b4d186c12fb6e4f5b3740ce2f27739

      SHA256

      338aeca2a0c298b993862c8a41d099880ddeb1e04ec0cef63595b6735df71418

      SHA512

      da6862124adbb9b52704ca005afcbc28455c94a3188f9bb5d1f12b61e6cde06cab52c4822c2be2287329efce5f44cc9e4db503508c281eaf84f771da2d34fefe

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      21a7699e2a530d1e63146b065b38cdfb

      SHA1

      82281360fa970206392f683ca8aad9a9c883f5c1

      SHA256

      45452c62ffbd44ee0eac6b681b4811aede852873d8783541587f02bd3e18fdab

      SHA512

      9e495b7d0e50bfcb84a014f647408a85f1ffafb389c87bbd2d2d7bd71312a0969656a377f2766524bfa0b2c48962a24201b3015c172e5e5c257e1398e3205338

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      ef2f60f2605dedabd93c5cd0e93d1ff5

      SHA1

      d2035ccce1929287975ac441410d2eef35e6e764

      SHA256

      c15a05e9602072a8f78951a572826091ee895f1acfa83d332e9bc7f93a6eda9a

      SHA512

      baa54eb9d63fca8964dc83abf5b592869f92be1a5f0fffbb57de7ebe4e3aeaa6935abb43ceca7e77cb9b1b6ac6593f140c5a356ab57b38c2c6b8bff729921c14

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      43925fa2023fc9afeca7c9d4bccef6e3

      SHA1

      742174b527ecce7abe00575484e5c24171353d7c

      SHA256

      769b178038c53649244e84c457b8583e86ed495905e0123d4c8b5ff97565a2fc

      SHA512

      c15baac7d10e65d67c16879f77aba795dae2324b537ae8e378a47e82f40568c33f0532df5f877889cd50aa1f4a875ea6b1e9a07219655b7c6124772a68d01473

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      6d233578d0f3d12e33b1d312b11cb087

      SHA1

      119feaffc53933fbf2132036e96e5b9d24a0d661

      SHA256

      05f0f9a8dc099d1b3171db71f609eb5bc71af978eedb5044d7fbacf534ed1e64

      SHA512

      964bad6f48e42269c3bb4403a87c1b06c6b19280d7b761937f52ddb49507285bd77888d347779c6e1fb02f4a346d305d1d9bc76db1ea5719d5961fa46b28b057

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      a7c7ae53ef32c393689f777f3de9fb46

      SHA1

      e2377117e73b76f949f9989c0cd1c12c9aabc9df

      SHA256

      883b53b68cb5d29f7ddffbd7ed519c0995a4bde4e434a41591e00c4a57ba5694

      SHA512

      d39d563ceaadf4b5b42e8c92fb035bff7bd989cbfdc86b6f809e520bcee12f8a42e71dde0c8fa76e22c996fcefe831319712966b30087bf49a99025bda43debd

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      9980e5345ad3e4c8569f7d5e3963d4e0

      SHA1

      51b4c1d1d2ccec1d485b2ab9953b68bc05c766cf

      SHA256

      bbaf5883ec3db3a7f670c2c9538ae7d4b2a173035bb171c671893a1680b2ca32

      SHA512

      866455387474eec580ca59654986f55fedd95fb204969eaee29ce32b0bda5edf4c18b06b87a85fb9bfcf928b5d9258b3a5d7fb4742bfe0d72d10e6216367115a

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      f2580b6626ed23a64e1a540b541037e1

      SHA1

      64c304cd8a55db4ba7ec773e05966309af13e9ac

      SHA256

      13cc12d51af00be1c41cc301e72e514658388c8eed162cb274d9ed07f928f84b

      SHA512

      128ecfd2133a32f748207c581157bb89aab2337a0a2d1bafa092181ff31f5b9fa52130c73bd1f2dd1e7a9c4e2bafc4da0248db44cbed1fa19f3f5534daa67b05

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      b608ad782c7bb09adcb53b3fea1ba8de

      SHA1

      04c6351ae126c44abaefb94bd9bcd256de67e3d0

      SHA256

      fe02b64974aeba218bd4fd6cc6e5a63e60885cc84a72af7d1bf93e5084729f98

      SHA512

      6e69c7738c8fcda919da88740e977873358cd94e9b432edb7cbbfe0f06373bcaba4a0719bf1dcb7981595417bc72c6d3431ec64551984aa7396c6128f36c3fce

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357
      Filesize

      242B

      MD5

      0d4aff510c31f6371f1ab1580d5bda27

      SHA1

      05ae455714681ab78205442a06d97276692a30fb

      SHA256

      c3cdc0d50117d16bd3575ec6f148d5b1daf729def10210a275a6c5c00fa526fe

      SHA512

      4612d682da338020ca4f3d76dad068c4a313d88090a898bbf9a352b3d30451c180df27137cbcc77abfa5c0914e8b2d37412cc59b71747b829966dbbc11f45c2e

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\Internet Explorer\Services\search_{0633EE93-D776-472f-A0FF-E1416B8B2E3A}.ico
      Filesize

      4KB

      MD5

      da597791be3b6e732f0bc8b20e38ee62

      SHA1

      1125c45d285c360542027d7554a5c442288974de

      SHA256

      5b2c34b3c4e8dd898b664dba6c3786e2ff9869eff55d673aa48361f11325ed07

      SHA512

      d8dc8358727590a1ed74dc70356aedc0499552c2dc0cd4f7a01853dd85ceb3aead5fbdc7c75d7da36db6af2448ce5abdff64cebdca3533ecad953c061a9b338e

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\Tar487B.tmp
      Filesize

      171KB

      MD5

      9c0c641c06238516f27941aa1166d427

      SHA1

      64cd549fb8cf014fcd9312aa7a5b023847b6c977

      SHA256

      4276af3669a141a59388bc56a87f6614d9a9bdddf560636c264219a7eb11256f

      SHA512

      936ed0c0b0a7ff8e606b1cc4175a1f9b3699748ccbba1c3aff96203033d2e9edabf090e5148370df42fbfc4e31d7229493706ff24f19ff42ff7bef74a6baad06

      Download Submit

    • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Templates\kk14.icw
      Filesize

      798B

      MD5

      37839d771ea14a052db2104f8a5a2199

      SHA1

      3ceb37c682ce05241a8ec65f7d0bf5f1ed8562a1

      SHA256

      06541a6431f7026bb1827de5d4810c54e96f7409fff6156fa47589e480d5e1d8

      SHA512

      b6fc1ade8ab582e55c36cecfefb138fdd06fef43ca4719af2cea1f8963e68c4646e9970c935f8960ff83073fecb7fac580559fadb9f324dfeb224542197b7b35

      Download Submit

    • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Templates\statistics.dll
      Filesize

      80KB

      MD5

      d4260df3a533c9915bd3ccedc5c6ec51

      SHA1

      7993e157b2155771989a5b07f7c2db82ea47276f

      SHA256

      5f06d4f8e5a9b2bd838ead1ea7f53ae1245a448321bb788e9b3950907275231a

      SHA512

      1f766350fd31e73378593f7b0a938336569eb36ba69618ee74f3da5999f9de1949899dd7ba67034b01c65ac4946911d0d5f187678356d47f3441066cf7b8832b

      Download Submit

    • \Users\Admin\AppData\Local\Temp\nsy8A9.tmp\System.dll
      Filesize

      11KB

      MD5

      c17103ae9072a06da581dec998343fc1

      SHA1

      b72148c6bdfaada8b8c3f950e610ee7cf1da1f8d

      SHA256

      dc58d8ad81cacb0c1ed72e33bff8f23ea40b5252b5bb55d393a0903e6819ae2f

      SHA512

      d32a71aaef18e993f28096d536e41c4d016850721b31171513ce28bbd805a54fd290b7c3e9d935f72e676a1acfb4f0dcc89d95040a0dd29f2b6975855c18986f

      Download Submit

    • \Users\Admin\AppData\Local\Temp\nsy8A9.tmp\nsExec.dll
      Filesize

      6KB

      MD5

      acc2b699edfea5bf5aae45aba3a41e96

      SHA1

      d2accf4d494e43ceb2cff69abe4dd17147d29cc2

      SHA256

      168a974eaa3f588d759db3f47c1a9fdc3494ba1fa1a73a84e5e3b2a4d58abd7e

      SHA512

      e29ea10ada98c71a18273b04f44f385b120d4e8473e441ce5748cfa44a23648814f2656f429b85440157988c88de776c6ac008dc38bf09cbb746c230a46c69fe

      Download Submit

    • \Users\Admin\AppData\Roaming\Microsoft\Windows\Templates\installstat.exe
      Filesize

      44KB

      MD5

      7c30927884213f4fe91bbe90b591b762

      SHA1

      65693828963f6b6a5cbea4c9e595e06f85490f6f

      SHA256

      9032757cabb19a10e97e158810f885a015f3dcd5ba3da44c795d999ea90f8994

      SHA512

      8aadb5fd3750ab0c036c7b8d2c775e42688265b00fe75b43a6addaefc7ee20d9fa3f074dd7943570c8519943011eda08216e90551b6d6a782b9ed5ce20aa6bab

      Download Submit