Overview

overview

8

Static

static

3

21cfedb544...fa.exe

windows7-x64

6

21cfedb544...fa.exe

windows10-2004-x64

8

Analysis

  • max time kernel
    152s
  • max time network
    163s
  • platform
    windows7_x64
  • resource
    win7-20231215-en
  • resource tags

    arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
  • submitted
    31/12/2023, 00:32

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    21cfedb544d49fad5d9e7cc2300ab2fa.exe

  • Size

    1.3MB

  • MD5

    21cfedb544d49fad5d9e7cc2300ab2fa

  • SHA1

    e351461217b84091205e26239e40802472e9f099

  • SHA256

    79bbf1f947c3c4c1e8804ececec5dfaa2229c3d65033c0dcf37fd3157a9622cb

  • SHA512

    7710f23e42f10adbbc3a1c9fc6f86a02581efc7b2cec879ce38c8957cedfd4912e1b9828103bb78c1dafe674d3b96db7f1aa328376e4e67e3183d223ebc718be

  • SSDEEP

    12288:Ch/pCHxW4pbAOeeeZeeeeEhMEr6CX4zistC:U/eDNAuaE6tiJ

Score
6/10
evasiontrojan

Malware Config

Signatures

  • Checks whether UAC is enabled 1 TTPs 1 IoCs
    evasiontrojan
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Modifies Internet Explorer settings 1 TTPs 35 IoCs
    adwarespyware
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 9 IoCs
  • Suspicious use of WriteProcessMemory 8 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\21cfedb544d49fad5d9e7cc2300ab2fa.exe
    "C:\Users\Admin\AppData\Local\Temp\21cfedb544d49fad5d9e7cc2300ab2fa.exe"
    1⤵
    • Checks whether UAC is enabled
    • Modifies Internet Explorer settings
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:3000
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" http://www.bigfishgames.com/download-games/876/masterofdefense/download.html?afcode=af628d3a27a2
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:2220
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2220 CREDAT:275457 /prefetch:2
        3⤵
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:3012

Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          344B

          MD5

          0ab69e196b9d5176b55535de560ad69d

          SHA1

          82d2e86449798c8bf02e4051bed9f4db098a3bc4

          SHA256

          5a2c6fa4dea8e3e39dd3557b40cba1d87780a6960a7bd39e52f4a2de571a07b8

          SHA512

          39164ec0c85682b82d10b3d4100321204df7ead13f3fe3b6dd183603d41dd38c76b3c8b74e1c9d09ecaa9a6dfcedb5985ce30b78f46a70d3e9d4835998703c49

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          344B

          MD5

          e00ef3cd3a42f58439c6c2116495ec09

          SHA1

          cb448ab4847ebd16c894f68b812cc21d5c2a0b69

          SHA256

          450aa131593fbbc2e57050d73e9c00d57bc2e5f1cb22b347a2496528a001afdf

          SHA512

          edabebaea2c8020607cc227490b4af14c56e1d579c7ee1229bea2d095db9e4b239f0346dede0ec91cc5ff02b111460506d204a8da7812bcbec5df53d53137958

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          344B

          MD5

          a559cb8af137de137fdfe7758e1b50df

          SHA1

          cda14e435bbb8c0971327526be6a9213ccc9bbc5

          SHA256

          e6e046426dfffca7be39eab7e0a1a2d32ddaf3762dfd547e52ea553b2723d910

          SHA512

          853fad190aaaa56eae6b475658121897997f6f07ca88ad562e28d57c757cfa69aaa2b84d21c13d1c1d10118b9141cac93d385f2da63bdae08f47ded778541286

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          344B

          MD5

          b61e85210d8e8077db2d26af7cae43a1

          SHA1

          63247cb294597d27f5c84654ea126cdc838ebb80

          SHA256

          1e19f5c52e959b10c2a9bca335b2fc9510197546aad28bbc8878e01f4eb7b3b4

          SHA512

          8270db92626440a5e70f54a71d862cff094d3588cb61ff824754c1c73423e34bb1a3d1303245796fda0893b971ddc16642d33a106e95d01949a18eb983a7adca

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          344B

          MD5

          b1561a7336387ea5c0dc575e7f78b6ee

          SHA1

          d813e2bc39c9d1839fc34bd897245a9212503a0c

          SHA256

          a5fbb926ca2e450ced0ce081b16eb8fb43361030f541b2be8c878a49ed2a120e

          SHA512

          61573d0039a75f84720752c212b266bc0a3151d70aaabf34375cd59cd191ccfca6d77a269dd2981ae4327a719f866ece651bcf74b9f3c4298cd0d9a8aaf874b5

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          344B

          MD5

          38c5f83c1e112f0d7aa06163246251fa

          SHA1

          cdae89ca51ade06dcbcc9d9cae93433f8034b762

          SHA256

          fff1df137e40ac864337a6d637446a91aa10ebfd8288504a11e0affd6445c1e5

          SHA512

          56f3b3fcaa8de103ba7e0d738ec65eff24172e45e62e0f3b94871e4cbecb30b7fa5985707c6a6c17d124045621054d3e2df93e750dccd0cadc02a3c994e85da3

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          344B

          MD5

          82ba74cce0031d0edff3afe892797156

          SHA1

          a100bb89d561b227f939862cfcb57de37bb5660a

          SHA256

          76e1e34e6267f3a0da5cbf5f956c28334ec9026c44952b8cb916c1d9650c8a62

          SHA512

          b43d7d5da6693a3418961fb97832acdc7c914e8b9d244aabd2c603996adf931392d3e0522e925be10c8b39e7b4617bd5841358d934a8042c97201f10e8832be8

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          344B

          MD5

          b05916771b247d2bcff3f4b8118c9a02

          SHA1

          7f8014cd8da55ccef0d9abe04d958248560588a5

          SHA256

          b778449d601db833f92fc6a64cf468232ac4eb898f79c3ca5caa40e08d644cdb

          SHA512

          510bd7898557a122c465e28abdd6825b744feec6f03e65b0c7c771f5328c3d81dee0fc2d0e98efaae2a3328042bdd69ed49bf6ee85549969f997ebd6c9406e70

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          344B

          MD5

          8f2d5e756a4f8cfbeb3b48d5d6fc3f50

          SHA1

          cef306a62b205a3c3efc2e734d9a8b63ae890b15

          SHA256

          812dd8fd56b7bdc91461935d44f822bb36cd3c29b85691c6b8ebdc8487d21c00

          SHA512

          078c38b381fcb7df6087b851a0517e355ec58e70119a569d2d793313b38a5fc6f3ae2e92b1adc825ddcd0a157e5d8c31e75a0e280aa7334b2fa3c5ef7d65be24

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          344B

          MD5

          8ec20ca42012805a49e493b22db1d507

          SHA1

          f233a2c29446fc55015f78e74e0992553f48a088

          SHA256

          20c96c04625dfa82ff3ee20a7def5e7b97b6ab38e22615f165a0cb39423de41b

          SHA512

          bbceb376b9a69b746debaf4e5a47649d70715cb9a0ffc72cb75673c7cb8bb65b0267adb1b2c5bf3bd3984b72ab7dfc97d12b23ebff4d5c55487c529f8fdd5404

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          344B

          MD5

          557e95c16ee5937ddd28f01c0bb9bbe0

          SHA1

          76c6670e2debc35784d182cb35ecb26e0f123967

          SHA256

          a36086854039ca5977f7d8bc89fbfca4fa1b4cd3aca54bcdf2470d4739d3e96d

          SHA512

          2a1c31aa62fd1165a62befdb498cda9ab4f303b5f64606b0d383230a5bfedf09d58ca0d9107323314f96a75407bb1020ad1b543dc57eb87fb01e59d4b2da018b

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          344B

          MD5

          1404973caf25ef394613df2ea82dc04b

          SHA1

          5041045f946d4c837cbab6f1f533c09b0c17ffee

          SHA256

          28d1b4b7d85fe6dce114bf9ff220d883f502f5da28275721282cd58b78f2cf16

          SHA512

          3f72c71ac261697e5c760fcce19e43d76bcf29cdf9d40ab38fa9b655eb67413a3fd2246aec6e9b8eba53ac7df623a6e5659519cecefb1cea6f4a9d007ce30507

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          344B

          MD5

          6fba3ebd33fc002740163849324a7026

          SHA1

          a20e57cfc3a41f041df0d3d8a8cd695a5daa350e

          SHA256

          dfb9d99c2e338b9cf2d8a95ffa85adb5e41f56ba25ee8cadc67523e0ba008de3

          SHA512

          e0e213809c6f353f5e41d85c8281f9d1a047a9bb0368a99503c30139cb4fda8d7757737d83a03b35c317162ff4b4f1815b81275e587fc0b18eba9dc37e7ab7b4

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          344B

          MD5

          10058a5c0d4aba0d8db6f3cb387cff60

          SHA1

          339ba522d849ca1e9fbaac6b70359786c8175717

          SHA256

          508c872638fe6be35cec2ddf9f7f2872a4aae464fff150df4ec2448efb426e76

          SHA512

          7018a50487849dbc6492f795ca116d87ec4b5d6ba8e69bfe0ee24ed9edb30d5580023ff6c832206d24da8ef5b9dc87daf0f0f590578a6f0844bc86dcbbc549c1

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          344B

          MD5

          4de07a01768425973c6141f1b91d29c5

          SHA1

          cf5db5ab0968be76f0df9003f20aa8f38a00e530

          SHA256

          a09664b6e9a4cfe0ad13bcc5698b198baabce58de948f5734d3083b71ed8cb90

          SHA512

          db07917c8cd2e47a3ebf9f10434483764a6429fd96a8cfd3d72980d1c0b80c99394483f57249ee29c97e61a1fdbaf5762782433eaf1b2df328e2986463a8e75e

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          344B

          MD5

          6b106f68d13c81e688dbd5d8d391c028

          SHA1

          2f20133dbe9634da26ae371f4b69f8597e3225d2

          SHA256

          f6e825d0c1a09a9d000d43a9086d1bb7ff73a4a2f96147488c2000d46a6656b6

          SHA512

          9298c948f70b594202b14c3f615efa69b82681d3d1aca489193e4c1f1fd25a41da8dc4176eb30d630b1315acaa8bb1c80755906b704a6d8bc588a1bd123999c5

          Download Submit

        • C:\Users\Admin\AppData\Local\Temp\Cab69FB.tmp
          Filesize

          65KB

          MD5

          ac05d27423a85adc1622c714f2cb6184

          SHA1

          b0fe2b1abddb97837ea0195be70ab2ff14d43198

          SHA256

          c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

          SHA512

          6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

          Download Submit

        • C:\Users\Admin\AppData\Local\Temp\FG.url
          Filesize

          192B

          MD5

          0fcf82b5a915470e8a79d3516f582a36

          SHA1

          75f81b41607905b231521243129aff3554a58db0

          SHA256

          076264d4f165cef82f0cb07f6795f1d5ffa74741a943fca42cdeac65823bcae4

          SHA512

          adf69ec56756fe672677b039cb44bb13fc3adfac569f5ea4eda4e7b35de5ebe0229c5825ca8337aa2c623a773bdf775ddd3689e9fae03a7af1f694576d954293

          Download Submit

        • C:\Users\Admin\AppData\Local\Temp\Tar6A2D.tmp
          Filesize

          171KB

          MD5

          9c0c641c06238516f27941aa1166d427

          SHA1

          64cd549fb8cf014fcd9312aa7a5b023847b6c977

          SHA256

          4276af3669a141a59388bc56a87f6614d9a9bdddf560636c264219a7eb11256f

          SHA512

          936ed0c0b0a7ff8e606b1cc4175a1f9b3699748ccbba1c3aff96203033d2e9edabf090e5148370df42fbfc4e31d7229493706ff24f19ff42ff7bef74a6baad06

          Download Submit

        • memory/3000-0-0x0000000000400000-0x000000000055F000-memory.dmp

          Filesize

          1.4MB

          Download