Overview

overview

6

Static

static

3

217f4aa690...46.exe

windows7-x64

6

217f4aa690...46.exe

windows10-2004-x64

6

Analysis

  • max time kernel
    41s
  • max time network
    142s
  • platform
    windows7_x64
  • resource
    win7-20231215-en
  • resource tags

    arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
  • submitted
    31/12/2023, 00:20

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    217f4aa690f7dbec5b2573d11542f046.exe

  • Size

    20KB

  • MD5

    217f4aa690f7dbec5b2573d11542f046

  • SHA1

    364fef95f3173f91d14f105b73be598432babc77

  • SHA256

    fdfb6b386b331b9f3af3d5712f465254d70074358e081a06218efc0fff6e7901

  • SHA512

    cdf749cd2c3dae81c1fac10b23e4a9328cc1b233325e8c05a086bae9fb094c6dd88fbea4b0fbdc86c01431c7cc407f44bc0c53fb21840edf7df21e1b68b94508

  • SSDEEP

    96:/lxg3sPaxvI1rhsrvBbC2nDYwzUdrtVQnCTh+hWVThKjI2:/THaS1ruZ7UVyCTh0WbeI

Score
6/10
persistence

Malware Config

Signatures

  • Adds Run key to start application 2 TTPs 1 IoCs
    persistence
  • Modifies Internet Explorer settings 1 TTPs 29 IoCs
    adwarespyware
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 7 IoCs
  • Suspicious use of WriteProcessMemory 8 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\217f4aa690f7dbec5b2573d11542f046.exe
    "C:\Users\Admin\AppData\Local\Temp\217f4aa690f7dbec5b2573d11542f046.exe"
    1⤵
    • Adds Run key to start application
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:2436
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" http://www.outwar.com/page.php?x=797998
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:1012
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1012 CREDAT:275457 /prefetch:2
        3⤵
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:1312

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    080fcca0b5e703b99acb8e5cfb9bc21a

    SHA1

    3731de3230c16b8cb5373df228fc8018582c3c2c

    SHA256

    38dab09c235d09ec7fde6b306e381840985139092b561b1357fd60950c28a237

    SHA512

    b3631f3ae44ce8ad3a9046f770107b628d56c3593351fd2c075370ccdefe36a87617fcc9b6c82c386f0363fb020a774cecb02cc0a45ff19c5d908fbe0f912922

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    0b458540d3f4c3f7366be95d1dcda0f9

    SHA1

    a5dc5716ba947b6623d8c9f51f9647077676d9d2

    SHA256

    4f701f06c3a2d9efc045b68b5c29d0f8cc6260a2e28eb798f0b359d5b92e84f5

    SHA512

    4771f75a16d85cf3a14fe7f80b5f743827c1f783e2c35fa79de7cf83f86cca90465684cae73612c30cb494929dc11e411be4010eb63122bb4da03713ab36dfa2

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    f5e5b9f53e4bf254d4db61ac67203bf6

    SHA1

    d0c9489a21de564dc6eb2697172be8ebfee1ed58

    SHA256

    5e0877b14edaa143777fb8a058384cf760affa4f9f6d905114b8b0a1a5b908e0

    SHA512

    f8c7f02c0ea324707bc47a17751de878ba974fb1590d18ea610dc9550fc77112f37e8595c9575dcc2a491c4684f0acf3aa1472af3335abd4a02c092800dcded4

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    7b35359d86c447b9695a4dcfdecc41a9

    SHA1

    f3509e2c16b43fd4d4822e6b494e7f85e5630520

    SHA256

    97c8c0c5009243530ab278e6b5ea4edd743c8cafec8adf161b6bd176ab9f3726

    SHA512

    9577f4844558b254e2c15ba4d20a81b805bac12d473feac0b52ff06ef57c6b7d8b3f1cc29819cebb49c886e544769cbc2fb25e4de9f85bf2792021da44e8044d

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    9ec0c81cccd64b84f4dca20bb3eabfbc

    SHA1

    54c8e9649e570184b9c5b5eec85438abb556b214

    SHA256

    27a1f5660ce8f6917325f5f95af88ac08d1e20025e7f27ecf0aa769a3d21b654

    SHA512

    fa597e7f17a18cb6c2b8935e9b94df348b7e5635484c0c4b2e4c18aa5780f873bd7f88d8cb0da20bb07b9cebc83e22552e2c4fcdab010f26fa4c6056cef72876

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    332dd47121dfd4572ade0def3f036f37

    SHA1

    efeeffff69e0d9f0da6bd361678b7a91cbd2cba7

    SHA256

    2ef6b3d0ff2b8b789a1ca1dcad1646b294bc1e0004a81c7731a3e27c0b85cf91

    SHA512

    1a4440111d3db07842b6e44662fcb0dd9cbcb0fe0a2fa3dd27f496dee87591d386a0a4d6a5cdce93a42e21cb0c16f59d779c1f9a36f92baa969afeb49bbf3266

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    30461fddb2a54e6e9466e9acd6c7e353

    SHA1

    aa49143c44df2e60d76185136523bfacbfbdf677

    SHA256

    f18284f0e773a7942128ed9b16c5cb77d6b6a2e24019edc87c1c800d9511526c

    SHA512

    30ef3774848581a1e70f2994ffdbb1b6061d8260e6061d318899a3e2ca8d5685f360b4fd8c2565cce85662fb79e0a0a2f753fa4b474cd2b0fee7f858ca8f4e19

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    fb77ff6c2572b883cf05e6a8a65064ad

    SHA1

    6f347597223cf37aa77358af071019e9cbfbee00

    SHA256

    373f58c1761b29079de2b4a256c1dac12d03fb961497f4456b61d5f308d60fb9

    SHA512

    c9e12514ee6caf712e3616f3fae380d0d63777119986e273bd641c8b6448bf0c610627b0761ce7c41e14ae7e77c48e7997eb8186ef5ee4e03162587b701208c0

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    9b1308e2cb096794eb2a281e694aad35

    SHA1

    9044ea752b0157544f05900f08ecaaf8fa1108b7

    SHA256

    b63227147589a10e76e0f4c03b2f6dd25e5f22325a8fbb874c63633cbad5ecec

    SHA512

    e766b5de34e62f41237c1f5145434200703cbf1f41411dff068563ecd55c7940f77847001285cda244e8b87086ccd91936c86e466151afa43c2a87b30e359622

    Download Submit