Overview

overview

7

Static

static

7

19ce6877bf...06.exe

windows7-x64

7

19ce6877bf...06.exe

windows10-2004-x64

5

Analysis

  • max time kernel
    117s
  • max time network
    117s
  • platform
    windows7_x64
  • resource
    win7-20231215-en
  • resource tags

    arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
  • submitted
    30/12/2023, 13:21

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    19ce6877bff14c4b14b31fa51e549306.exe

  • Size

    75KB

  • MD5

    19ce6877bff14c4b14b31fa51e549306

  • SHA1

    a9ef9684cc2f083cd26203f1a22941aa7d2060d3

  • SHA256

    bb1978ffd6f8ae12bf3616147e317560734371fc1323245d2a1ddd07bfc6a3d7

  • SHA512

    bfc0b4fa4e3bad635504bd777bca2a4b60c5247acef2a3fb30af6c1af7f572fdbf9d2fbbbe7d8c8d072ad2e027f67a419ca73062f99f26de19b47cb61aa1fb74

  • SSDEEP

    1536:D6fA/kpnDfhqdGLUdTEf+wP/c7T6ee3PsVKNfRYbBiDo2Yk:WDf42UdIf+wP07be0VKN3L

Score
7/10

Malware Config

Signatures

  • Deletes itself 1 IoCs
  • Drops file in System32 directory 1 IoCs
  • Modifies Internet Explorer settings 1 TTPs 28 IoCs
    adwarespyware
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 13 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\19ce6877bff14c4b14b31fa51e549306.exe
    "C:\Users\Admin\AppData\Local\Temp\19ce6877bff14c4b14b31fa51e549306.exe"
    1⤵
    • Drops file in System32 directory
    • Suspicious use of WriteProcessMemory
    PID:2896
    • C:\Program Files\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files\Internet Explorer\IEXPLORE.EXE"
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:2744
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2744 CREDAT:275457 /prefetch:2
        3⤵
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:2752
    • C:\Windows\SysWOW64\cmd.exe
      cmd /c C:\Users\Admin\AppData\Local\Temp\$$30689.bat
      2⤵
      • Deletes itself
      PID:2184

Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          344B

          MD5

          0af4f28bc0f3a179c69436f388ae4668

          SHA1

          a292d53dbb315570814a469cb219319b51af9bc6

          SHA256

          4db9028b7e1b577cc5c1bc0a2a0c1e6b4061afb5f93d0572dfebc38a1590ba16

          SHA512

          a8b6fa7e46aa8a1136174df4c93e75aa623e3c1e905db8291463e02ee669290315fd0d44f7183f5f5278062795ee79f47a32652d9c8a87397c123f634c4c11d3

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          344B

          MD5

          d71afdeb0d1ea4ecb1e5542dcb0e1ef3

          SHA1

          daa0c39f3ebead0462745a9521f802bae6c22f19

          SHA256

          5017a4de0d7cd5000b15bc9e15e2c58e849b809d2467ac79cdd4402ec7179f3f

          SHA512

          4d385901552ef1718380d84310f702e87b480a40081c432821aa52386766112b186b6a5e0f52c7e0023ab954babe70b6f62a637698e9f358d97159d0e7472469

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          344B

          MD5

          1bb1942ce9bc5ac9e047fe7f3ff723f2

          SHA1

          9cf9061cf2d898a17e1db82f629837a5ab18a995

          SHA256

          e5fcd5cf4f17644f88db9db51b899c5ccc22c144eef130f66f4607dbeecf5f03

          SHA512

          b1dd98a3adbcd992a03bfd76599ba02bf008f3206bbd2327c2544ef0594d2fd90e2b03a727f6c2b14bd497b37d3e0621fd9eec2104ab18883438cd9b72fc55b9

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          344B

          MD5

          761ee21da9cde077100171ef0e1c940f

          SHA1

          b107a5cbf63ec3c9d759f6ad56cd305c782dbe26

          SHA256

          fa32e07dc5345bbf901bb614c9abc117c450b9f4d8170e61666169fb00bd671d

          SHA512

          a1aec22372bebcf04dfa4fcf038c38eacdc60bc22308a5da0e2c8869a92f1765eb96058bdc6b237b6d5847204b6c0c2ef1044d19ee1ecf526ecea16f13b08de1

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          344B

          MD5

          4fe784ca871c11d3e6b52824d6da9e05

          SHA1

          099cca81670680d7e3c348c456399243b0c51ffe

          SHA256

          2c646c5d39265d9939f67793cad3ba3164f95a1b80546f2d31fbb389dcb415f2

          SHA512

          59915eb3b8f289ae0961ac4eeda610dc47082ae39a267f74a536f6b217142a7ca406675edf81b002678b71ed774d4d359a0c2d1719612c41bc358e5c28293673

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          344B

          MD5

          c6ae4ead38f67081154dc04a63650863

          SHA1

          66f38f19404d3945a6e5071c4d8b39e6029306a8

          SHA256

          2cad13bab645016c83de2dcb42370e015ceb198690b3330f5dae269f37636772

          SHA512

          830095f0084c3d0ecebebeea988576bdce50925e2bf4e21fad0e511c21f5556c22f05aff37c4f85ac4361f97955d52123ae25ddacc42dc54955289ab348562b1

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          344B

          MD5

          c019ec7a0ea5f36c063c9e3e6751462c

          SHA1

          a0e226f0156cb518ab10de40af343cb0a380004f

          SHA256

          6a17fd98178cb2a95b53fc02d96bf8a408493dfee4ba6d00bf257cc9400a7abf

          SHA512

          e73504b97cff73211ea59f847a2ed22cbf2ec4953b95cabe040a54a402e30efade6bea86f34210b62ce37cf913848f8a221299c843e8b611cd6aedac09969dd5

          Download Submit

        • C:\Users\Admin\AppData\Local\Temp\$$30689.bat
          Filesize

          181B

          MD5

          40436786d2a352ded26983a24b70d240

          SHA1

          c9c05c6ee18a15d0f6eb62ba4bdc4e37c563a8e5

          SHA256

          c31b6db79f746100394b9e4497663c20323043909b8d40eb2e71ae813065efc5

          SHA512

          02392bcdec8ec893a8cae3ec2f28b1c4d5a7b7c0874ac91c477675026fc4c8d06152d1ee8bc067ff7b996fc0c14ffa45db0e256bec87e5271543a6c6f3a38868

          Download Submit

        • C:\Users\Admin\AppData\Local\Temp\Cab95EC.tmp
          Filesize

          65KB

          MD5

          ac05d27423a85adc1622c714f2cb6184

          SHA1

          b0fe2b1abddb97837ea0195be70ab2ff14d43198

          SHA256

          c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

          SHA512

          6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

          Download Submit

        • C:\Users\Admin\AppData\Local\Temp\Tar968B.tmp
          Filesize

          171KB

          MD5

          9c0c641c06238516f27941aa1166d427

          SHA1

          64cd549fb8cf014fcd9312aa7a5b023847b6c977

          SHA256

          4276af3669a141a59388bc56a87f6614d9a9bdddf560636c264219a7eb11256f

          SHA512

          936ed0c0b0a7ff8e606b1cc4175a1f9b3699748ccbba1c3aff96203033d2e9edabf090e5148370df42fbfc4e31d7229493706ff24f19ff42ff7bef74a6baad06

          Download Submit

        • memory/2896-9-0x0000000013140000-0x000000001316C000-memory.dmp

          Filesize

          176KB

          Download

        • memory/2896-0-0x0000000013140000-0x000000001316C000-memory.dmp

          Filesize

          176KB

          Download

        • memory/2896-1-0x0000000013140000-0x000000001316C000-memory.dmp

          Filesize

          176KB

          Download