Overview

overview

5

Static

static

3

1b5055e664...b1.exe

windows7-x64

5

1b5055e664...b1.exe

windows10-2004-x64

5

Analysis

  • max time kernel
    120s
  • max time network
    144s
  • platform
    windows7_x64
  • resource
    win7-20231215-en
  • resource tags

    arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
  • submitted
    30-12-2023 14:23

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    1b5055e6641b974fb32ea8b000a0b4b1.exe

  • Size

    31KB

  • MD5

    1b5055e6641b974fb32ea8b000a0b4b1

  • SHA1

    5d800197044008a4b4c0159520cc2092e05f3cdd

  • SHA256

    1f54110beadb7d01e6efa20e60d235a9ee05db999940286548cb1d8a4da4b2d1

  • SHA512

    16bf4043d5d731993cc3319f918021024024cdd12e0f1dd33c5c2ef2dcd79033fa8e3ff5e5278a7331d95e7d72096c6e6c3c774210470182ac81cffdc2eb6345

  • SSDEEP

    768:EDiEfgtXinWVWlWUZVfYXmiiznaH6ZO1z:8jfMX+BBaH6ZW

Score
5/10

Malware Config

Signatures

  • Drops file in System32 directory 3 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Modifies Internet Explorer settings 1 TTPs 34 IoCs
    adwarespyware
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 4 IoCs
  • Suspicious use of WriteProcessMemory 12 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\1b5055e6641b974fb32ea8b000a0b4b1.exe
    "C:\Users\Admin\AppData\Local\Temp\1b5055e6641b974fb32ea8b000a0b4b1.exe"
    1⤵
    • Drops file in System32 directory
    • Suspicious use of WriteProcessMemory
    PID:2648
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" http://www.declaracaodeamor.com/mensagens.php?de=amor
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:2336
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2336 CREDAT:275457 /prefetch:2
        3⤵
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:2776
    • C:\Windows\SysWOW64\explorer.exe
      C:\Windows\system32\explorer.exe
      2⤵
        PID:540

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      d86280fa6ea3dc65cff6cb138ec26a1b

      SHA1

      4e51b1dc17bc6804b1c1a206574b9d870afd9842

      SHA256

      3025fa9d744ed631367c190991ba232a5fa8d4509b99afa61c1b96d4da19eaa6

      SHA512

      7e07883b6d949ace732c0deb1a68810b70437649857a1bf2e4b4ff7d76cafe80266ebf349160aa04f33eaf1020c105f3ca34d28e634e1192358f2468963052d6

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      7f52b150b299cda5636e8f4fe6667c50

      SHA1

      d6a5d7722df2ece58208d46432a7c9cdba4aa036

      SHA256

      61cace975a8b664956668758d5bca29aba55144e5f356e739bdde1a6871452fa

      SHA512

      a77bfb92b434a8f611fee57324b8a6f80616b1de6384f1b99cc238cf9b2d44328dacb0de108c436468d41da15a3a00b4c3585082e4286194c067848e8c4051a6

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      67f6267b29d97ea59577ba7a93d9f949

      SHA1

      8469b3a7d028ce28afd34b802280bf5f238b7fa7

      SHA256

      703be938ad36c5ac1eb78d5e4a5644f356b36c0e8b30c65c51e0faff65749e1d

      SHA512

      3a9b10c32e19a4919a54aa2652b16eb046c7a3ce7e47f221028302bac9448f2272d54e650293c96ae8f4bc838bf9085134cea22cf18d06d3866ffb9cd62efa99

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      60910e2ef70b60a5ae2e14436f96c240

      SHA1

      b219a5428d068470be1a73bb3a9c875c51df1494

      SHA256

      91852bcddd98ea27234ea5fde361e23751da4cfba677b9c27de74a0a9e3aa01d

      SHA512

      b3112bc2fecb401be1237c89aaf03974ba2e12a431f91618faf6fe84adf5055db3ce86cbe9215c94037ed862d4cb260747a0b3e8c5b12d5b588df72f17e582c1

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      55304c537d16876250efca94e4eb914c

      SHA1

      9d80e1118be1b68e0207478001abeda9b6c3e8b3

      SHA256

      1bad28423a2e00af00f9b1436af99056412604848a916dec8fd6cd0693fbca1c

      SHA512

      858230be312f2ab39bd711d404f2b786e3f553ed4e4b87c9986b20b093b31b79aa77baf74eea5ec2c48d6730c1affec9018092a07f30dc96d32c5b87b4602f1e

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      9069b9022035cf43ccc9c4f8343ced9f

      SHA1

      bc2a2e66b1e75b5812b1aa1644f03b8bf9978084

      SHA256

      d5bce0f3b7b045984a74aa10d8442088342439f17bb301a4617524e662d69d16

      SHA512

      43b3aa87378015c9f80affa6f9adb75921cf1a4c599a2fce335fe98558fe5cf8d8d77b27fa1b71bd4f7778c2c422719768e0374b1d9c7bb05ae2d4a2b00f195b

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      08eadf1455d2b59937aa56ad65f57cd9

      SHA1

      c01eb749d20e7696ebb77702d9076964b88dda5b

      SHA256

      f0f490ff4a7733a9a5ac5f7726b5df579471ef98feaea8a8adb7083f57a374b5

      SHA512

      33ffd4e09f3d6e7b18d2451037f2c761dd3f1f4739c1985c531cfa39d4f860dfcb47d8f9783da96808f24cd626791054549c9995e847096c658e883bce574723

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      870154577947b38546311adfc274292f

      SHA1

      9e2c45be3656c7160f7b154e19bfa1637cabff67

      SHA256

      3d65fe1121abae8974c3ce1891b937de39767cf3462fc5451af004401ad3ad5e

      SHA512

      703c64684be0210f545dae57505add53e2ea48bc1b900ba266ebdfa5ffbe469017c8b98c478fd04d932f18c3f3779ab21272403f0245f4d4a2263956f3f5f6e6

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      c0bfe37cdaf74125ae3b509916c2f9ea

      SHA1

      e947c0b19d80e1ed932b3199ffe209897a927dd7

      SHA256

      cbd2ea58f3edf2ddd4cfdaf81b6456f1a29585675bb794b074fdf2b7fddbfa26

      SHA512

      fa6b545861fc49479a487d57797cfbadf1bd892ac2aba98d21e40e264162d3fa783a1bc3ce59c2ca1656431138fd169d60fd91163b101d5d5ff861f97e0acb97

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      022c2e1d5145f871e1e9200e7ad17f3c

      SHA1

      062908cb4c3b6663eb2a07552a5c1d97b6c217fd

      SHA256

      dc81e60147167c5229b687cad412ad4a06db6738e293d857a1c68124c404bd4a

      SHA512

      64f7f24da77838db3f987a703ff827e79a9e1c40745e2dcc4e5cc6bdb6cf6672472421806cde758ee5e6c151f58471688c39d1d417bd21dc191623829f9454c3

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      7dc87765d05109f4c15cffdc985b87f2

      SHA1

      e61085557c04668ed8f15345843adbf50a02f35d

      SHA256

      74516524356fe6d878a8c2bfc90a2906bc2f4c2cda64d94aca5a62970c9a57ad

      SHA512

      e784adbf2c056d004a2ed10c9950ae8d75b250002256a8d5570c5df62a36747cc04eb6c4badfd020e0708f2d1361d30df6d6bca54c75f041204c006e09a92a71

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      988335efa93b02814ab1b2040e3831ec

      SHA1

      457d74d5eb461d6d1992d0ef46449adec66b0fcb

      SHA256

      cd3b4332096ab6b81cdaed9dbaf46444da07da048f3b90561fdd049d3201bc90

      SHA512

      40effcefe3917795f8cbd0b65891f3a37d8c2228c920a1ca9ca44237dc10dc17ddaf42b6501be868a7086991cfc9cb22bbf4884ca04ee1c50e9656c9c778e9e2

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      2889ccf86f132dde40cc3be41627fa69

      SHA1

      6bc5b40333c8b92b0dc6033f9bbd1883737b7cda

      SHA256

      3b0d9e4c59235b695501493dbfda843a120bc7ab49361344e7bd1ed75afe0a74

      SHA512

      fe4f8c708bd8a84547f2c5b8905ef4e706e1efd0657b8672185ea59c43f19cc72e0e5e5ec5f87f5c0472b4e867af7612a931321c4e1a8c8bc89a3e0f9cb07df3

      Download Submit

    • C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\SP6DRJYJ\image21[1].htm
      Filesize

      12KB

      MD5

      cdedfa2739174ecbe1d917cccd39a997

      SHA1

      5692f9c2e13c4218661eb90ddfaec0ced6c15a79

      SHA256

      f1021db34e41f7a1749672945dd2b77235bd04184376f8ccfff07e613a53685d

      SHA512

      9ac63c2f46ae781c33ef188a6c2837e452a2d008028eaedd17199748e3c079df45efe4a6ac1e631769b60582d50bf34b993cdcf3607157ec64ab35afedf1570a

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\Cab7F4F.tmp
      Filesize

      65KB

      MD5

      ac05d27423a85adc1622c714f2cb6184

      SHA1

      b0fe2b1abddb97837ea0195be70ab2ff14d43198

      SHA256

      c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

      SHA512

      6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\Tar81E3.tmp
      Filesize

      171KB

      MD5

      9c0c641c06238516f27941aa1166d427

      SHA1

      64cd549fb8cf014fcd9312aa7a5b023847b6c977

      SHA256

      4276af3669a141a59388bc56a87f6614d9a9bdddf560636c264219a7eb11256f

      SHA512

      936ed0c0b0a7ff8e606b1cc4175a1f9b3699748ccbba1c3aff96203033d2e9edabf090e5148370df42fbfc4e31d7229493706ff24f19ff42ff7bef74a6baad06

      Download Submit

    • memory/2648-18-0x0000000000400000-0x0000000000412000-memory.dmp

      Filesize

      72KB

      Download

    • memory/2648-0-0x0000000000400000-0x0000000000412000-memory.dmp

      Filesize

      72KB

      Download