Overview

overview

6

Static

static

3

1b79dcfe6b...74.exe

windows7-x64

6

1b79dcfe6b...74.exe

windows10-2004-x64

6

Analysis

  • max time kernel
    119s
  • max time network
    135s
  • platform
    windows7_x64
  • resource
    win7-20231215-en
  • resource tags

    arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
  • submitted
    30/12/2023, 14:30

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    1b79dcfe6bb57806118b4bbc64ee5b74.exe

  • Size

    54KB

  • MD5

    1b79dcfe6bb57806118b4bbc64ee5b74

  • SHA1

    cfd38e17c12a4688f4dcb261e6b1ec8a056e51b5

  • SHA256

    3a11364d677271335d3b019f332241491c943f8cc195a913b0b5ac1c70e0fffb

  • SHA512

    d5fb6d5de7cb956ee68e0d14fc632c2fc03a2c1649949f5cc6151779dc7b5b71aa0c013d81852b192a33f77eefa857d68e1bb083e510c94160aa12c0e9c83cf6

  • SSDEEP

    1536:w5qZQF7Rp6LTE9WiAbOpBlJfG8uPbWYZ:PojqTCPfG8UaYZ

Score
6/10
bootkitpersistence

Malware Config

Signatures

  • Writes to the Master Boot Record (MBR) 1 TTPs 1 IoCs

    Bootkits write to the MBR to gain persistence at a level below the operating system.

    bootkitpersistence
  • Modifies Internet Explorer settings 1 TTPs 34 IoCs
    adwarespyware
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 8 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\1b79dcfe6bb57806118b4bbc64ee5b74.exe
    "C:\Users\Admin\AppData\Local\Temp\1b79dcfe6bb57806118b4bbc64ee5b74.exe"
    1⤵
    • Writes to the Master Boot Record (MBR)
    • Suspicious use of WriteProcessMemory
    PID:2676
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" http://bbs.liba.com/active_hd.php?op=active&id=f5ea51da667ecd6b5f2b9d06e4a3fc5219c6fa3cf51a33f0fe152d6acace7ee1d553d49ba87fa8138665e646771fbe4c&check=3fa63ad79a7ed87b39fee0b5877825dd&r=04002657
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:2356
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2356 CREDAT:275457 /prefetch:2
        3⤵
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:2728

Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          344B

          MD5

          3a1f02734430fe8206571a97ae5e95ba

          SHA1

          289e4a884760e7162e518e4d43bc4c857cc91e0d

          SHA256

          2e3819865e75cec0be68eebbd762f191031da4fc7b98dfa500b0c6e250af13df

          SHA512

          168d6554aa390da607fa5f00f5cc7b12eb5601f9985f03888b34fb064c83fad2e6d65c4dff4539801aed50c6e30ad28e7aae02809054f3c93950aa3bd67b45dd

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          344B

          MD5

          5e597f28a14ce82d376b98c4ebddd304

          SHA1

          da5097ad884e9fdde2859fb460c148c67ecb8476

          SHA256

          094ba8a5cd059ee8f3301fc04ca294a0b70fd9d87f3fb952b156ef999c2960bb

          SHA512

          95ca5d77a7eb66d4829119d68b847a3381e3ddd23ca50c958ad6ed61a4d8761186bdf20d6b5717df5a538998f37b6b44b24f553398306e0b1b95f49d7c7a72ff

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          344B

          MD5

          2bccad875c1ce3ea48ec69a74691b059

          SHA1

          913db55eed5504a0d6d2dbd1616d79855fdd837f

          SHA256

          5090328b0f2ab588050dc1f86a2a8e5eaacef58412bf9c360bb352134630684b

          SHA512

          e2c60d54dde812442b8b28553702b68b6f7e5a718eebeaa99d211bb1e51722145f61ea1c1edad730012d2859c8ef5cbc8e0565b9cecd19e13fdfd03cf5a13f11

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          344B

          MD5

          635bcc0d4480c2202ee3e5ed2e9be03a

          SHA1

          6c8fff402edafc52b4d620e0d34d0cb6bb8371f6

          SHA256

          5a67d8886163709d470c63f8b12a1e61756f4e72355b49c52e9f3f6392d31f41

          SHA512

          af74a7ac167c9b94abf1453d9c032fb064818ad3461eaa42384785c9ea3330f7976ae0abe804ac6450d90c477f23fd17c78ba3b2c2442a6db71d108866db650a

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          344B

          MD5

          11db2bfeb4bb6793d770020d2ba28069

          SHA1

          c3e013776b0f06fc205661ad07b88842a7cb64f2

          SHA256

          c6fa62d8664287a411daf577e1790d267ae31b668af76e6f3f15897a301150cf

          SHA512

          bfa109c19328dcb91b52397d6bbeede6f512e5c7769efaa8078ba4928a3a5d7d01a36d6cef8ee8df5d1f368b8fb44ee062d81b91096126dd3b248bc564380919

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          344B

          MD5

          ac78b0712921e83ba54a2ec4db488e89

          SHA1

          7787eef7326b340fe748a3a5142ef8fa2ebbe5b8

          SHA256

          332643bfdca2a718c3c3209a1475911ce62765507cc19ee46c59a38b24f36ea0

          SHA512

          ece0def92c2e109f39067b889334a776d7c5a766779f2f894d2e01ac6e257b0fee7d2eb7b2575ccba7e4e50d5ff1225ff52c2471386dc04c53e1ed7c403ef9a6

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          344B

          MD5

          b9293d8af892ac2fbaa51cb58ec39c69

          SHA1

          1f76dc1dbfe5ae3ee8a615e6a783f69bcc12a715

          SHA256

          f286e7baada34738b2046e09ca9aad3126ac72309865f57c5435d33fc6ce844b

          SHA512

          d4180fb610d1e346e0c7aac64ee29c233ce706dd5f8bc218bd3f391cf3844416012af9d64dc6699828f9c63455a9a24732f0eb410877a58a4e7f53d3aa4625ff

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          344B

          MD5

          38234b945f7dc51b16ef694b10423ecd

          SHA1

          a2bf77f21b3f6a101eb5e4ec15187f7b0146e24e

          SHA256

          61133ee2bca68c76ce26a7085db5c93aa520fbb83e5cd96161d55fe1d583dba5

          SHA512

          2079bbff336ec54ed4cbcc33f6bd2e18c55f93ea76bf1c5f4ab0f6a0b625c8c5f730f3804d862b5b1b34c940cea555723cfc061a11df661ed23a8468b6f894e2

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          344B

          MD5

          8539bccd8f0e6f0ce40aa03c15b6e203

          SHA1

          0e127103fbe4175c0855b295c7a66ca5c8ffc56e

          SHA256

          e614a51d04490c29cd581a3786baa9d73f84509fdb8ba1a6c8338929ec2c458b

          SHA512

          f9c02feddb78a9c0e12f553bb58ead98301d0b0835dcaee28398e70ccf2df68e417056a38d43e8cbae94a6eeb33d29a948a5723c1568b49b1b686b1813176eaf

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          344B

          MD5

          6596991b25393acad046077546551961

          SHA1

          069829f3999f64ab0247bd9f2ad278090c2205a0

          SHA256

          b24e4ea6218613ceff673df86dbf37770ea9473909218084a2d944882d9c1e35

          SHA512

          8841a1680d79cc3242ff10c279fa295a3e952e5d09a900e0e3133cd297ede889dc2428a5e122737cb59ebc2e0858fe410e01fa205b14d5eb055e5b4534013725

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          344B

          MD5

          27aab91503acaa8000db8a050515781c

          SHA1

          9b0a2410c78b48509467ec910738cddabdf6abde

          SHA256

          e5c402b5a4df4727ca2120077db0743102ff3f53b5d2e07a13cce0053a5f8240

          SHA512

          38fc1c3d52cb136313da990c643b29f0f3211a7848cde797f5f384d1291874c9ab37570b7f7a2ef1af5236947c95086819283c44db245001190c31501b467e4f

          Download Submit

        • C:\Users\Admin\AppData\Local\Temp\Cab89DB.tmp
          Filesize

          65KB

          MD5

          ac05d27423a85adc1622c714f2cb6184

          SHA1

          b0fe2b1abddb97837ea0195be70ab2ff14d43198

          SHA256

          c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

          SHA512

          6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

          Download Submit

        • C:\Users\Admin\AppData\Local\Temp\Tar8BA3.tmp
          Filesize

          171KB

          MD5

          9c0c641c06238516f27941aa1166d427

          SHA1

          64cd549fb8cf014fcd9312aa7a5b023847b6c977

          SHA256

          4276af3669a141a59388bc56a87f6614d9a9bdddf560636c264219a7eb11256f

          SHA512

          936ed0c0b0a7ff8e606b1cc4175a1f9b3699748ccbba1c3aff96203033d2e9edabf090e5148370df42fbfc4e31d7229493706ff24f19ff42ff7bef74a6baad06

          Download Submit

        • memory/2676-1-0x0000000000400000-0x0000000000414000-memory.dmp

          Filesize

          80KB

          Download

        • memory/2676-0-0x0000000000400000-0x0000000000414000-memory.dmp

          Filesize

          80KB

          Download