Overview

overview

3

Static

static

3

2646c80dcf...ea.exe

windows7-x64

1

2646c80dcf...ea.exe

windows10-2004-x64

1

Analysis

  • max time kernel
    150s
  • max time network
    154s
  • platform
    windows7_x64
  • resource
    win7-20231215-en
  • resource tags

    arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
  • submitted
    31-12-2023 03:24

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    2646c80dcf456a55861e4ccfb40d5bea.exe

  • Size

    1.6MB

  • MD5

    2646c80dcf456a55861e4ccfb40d5bea

  • SHA1

    562adc204490df6abfce8681edd21b631364790d

  • SHA256

    e19030305b11b87b75998abdf2a83ec5e3d07286818b676022918a8e346645ad

  • SHA512

    ba46e70040a4721b04bfcf852fcc48464aadc48e7705ae6cb36b6348b54b828ad29e99ffe156da8bc93986d1c14b14e48ef7a26ac34383e44b3aa5e5ff69ac11

  • SSDEEP

    24576:siPUAh56sjHJ4vEz+8kqFFabE4rMwJMUwvEq6hPrNpkrdrNS:nhhp6qV6E4TQ8nxoZ8

Score
1/10

Malware Config

Signatures

  • Modifies Internet Explorer settings 1 TTPs 35 IoCs
    adwarespyware
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 10 IoCs
  • Suspicious use of WriteProcessMemory 11 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\2646c80dcf456a55861e4ccfb40d5bea.exe
    "C:\Users\Admin\AppData\Local\Temp\2646c80dcf456a55861e4ccfb40d5bea.exe"
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:3024
    • C:\Windows\SysWOW64\explorer.exe
      explorer.exe http://www.dnfnulei.com/
      2⤵
        PID:2672
    • C:\Windows\explorer.exe
      C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding
      1⤵
      • Suspicious use of WriteProcessMemory
      PID:2844
      • C:\Program Files\Internet Explorer\iexplore.exe
        "C:\Program Files\Internet Explorer\iexplore.exe" http://www.dnfnulei.com/
        2⤵
        • Modifies Internet Explorer settings
        • Suspicious use of FindShellTrayWindow
        • Suspicious use of SetWindowsHookEx
        • Suspicious use of WriteProcessMemory
        PID:2372
        • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
          "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2372 CREDAT:275457 /prefetch:2
          3⤵
          • Modifies Internet Explorer settings
          • Suspicious use of SetWindowsHookEx
          PID:2784

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      9512265c809c9cf10fcb24f58a4f40a5

      SHA1

      95910395df8a94df1b6aac64c558b585a142922f

      SHA256

      b4c16858c58e2ecc221a3540429836ea926320325cfea5b0d0190aa48af18a65

      SHA512

      062eb386aa3bae5d5ad7c389613919b969d3136d7cf90cb6ce819004986e6b7175272998d2cb2ab19ccc5456ad48088ea41106dd7121b275deb7a917f8d0cceb

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      3520f0b6d935b86cc919a33c107479b9

      SHA1

      1aec33318b0a82fa6c9f9b4f22390459a6ad610c

      SHA256

      f5bf69176b208fdecbf13724f6c9ebcaefa4f2833e7c3a982ab8bcffeeee87c9

      SHA512

      6375d9413b890ec9b353e20d3f9eaed4b53a975d26168eebaf61b5bee56b440ff5e556217f67967e964afd4dbbfef95d0be6a4238cc580b4e2ee8480c58ae2ef

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      44f08e51fdfb5878e46fe82fb3643a2f

      SHA1

      e6cc6a6b52da6b648977b2b563e22fda705bd1d4

      SHA256

      5cc72e8a294a41f696c141a6de35a3b98bee8ce8b3e1df2be056c432cfb72dad

      SHA512

      6812ce23fc965b4ecb053df903b8673a4999860f5ad31c9e74b37ed67ed5a182d1d3f03d8f22de514834ecd22da0a368cbde731d36409f3cdf195f1d0e637c5c

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      b9f27ebebf255a6adb10ba59b734cb07

      SHA1

      748fef236093dc280f2978b0a4b39174ee4dd663

      SHA256

      8eb218701f91c2c89f1ef5d6c88364dda8ff1aa51934716b3eb50c4935df2a4a

      SHA512

      98e04233be53bc06de100879d1b68a7cfa486ddeb4b165b1bc57b7819b6069501279b2c1562b6991e54c04053c086dcb51d1c8d3a853651ef4cfd50a42534e2d

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      d66c361e153733795eda3a389359917e

      SHA1

      731938232c21ac1178fddd9292d5935e514fcb3c

      SHA256

      7307a08eb31985efe3f90f3aa356884f417dd7d7e1865f869f8b32ada47c779e

      SHA512

      1ebaa064aafd565628163a82f5d4030345e2d8d39e389fa0d15a3f7e3619f6f8c6127e4778d3ca20c684d38251be4edbe311111fe4eb2ee259688ff9cedd3b88

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      91ca0f69e3a0368343ab94dcc1c54f81

      SHA1

      95cbde3ef34c8db762556cc58700f2617a4d374b

      SHA256

      5fafd7fe0ac9f9013a8417c8a18646c444716a5533e1546cb2fca0b1465379d5

      SHA512

      9024481a604fd772139d04a36c19f664e062b6f7c67dd374d89126c08f62e5a3e87a419cc88730c4eb49b360d45be427738e9f1f4b0aad0cc85afce91b301e60

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      309789d38d2508a612f89426ddc72865

      SHA1

      812217afac14871e6e748be1d6eb6bd3a7b5a9b1

      SHA256

      909421c6af86927f603d6444137ee7288f9204f270c5fdf8523a846ee3166e36

      SHA512

      8f1f9b05ac290c379ac61b38cb7070c79f6d9b155d698c5239e66fafdbd22e88550c6df07775d9c79d1e974d92006f1376e333e41ca88fde3c9263b7c31ef5ab

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      1c587fb75fe8dcd892c0d4cf1761bab4

      SHA1

      98c1974f4d3b2618162a9d11a69be611ff47ca10

      SHA256

      23635aff2aadb1df79611f88e639706c80eb4ac971ab1f15e01f71de03f2d694

      SHA512

      0bb4dc34ec7597fd2a27ba78cba2390ae4330e2bfd8e993368d8811ba76af5001b5be936af37f279de15147a9ec4274caf37b8bcc197df2a1161b3d47f9c553c

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      863d9eec7c99c4f1506a9618cea78002

      SHA1

      17c09b530c8aaabbd37f3521cd42873a53e6add0

      SHA256

      39710e8691e05757fd5e126b2f81b12f1c2bf3bb0cbf3c6b804bd238c781c56d

      SHA512

      3a2b32a5c060b772611f9af88b0fbc64ffe3598a1ccbe7d29780ab6e6ecc21c1f9f3d8ffde36860904f2f8cff173fa0079ff89915b6d102c15a018a0d768d44a

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      fbdaa225110f264e602567fbd4466f9b

      SHA1

      1f51857ebf6db3def3c7e9fc25467195db28f46f

      SHA256

      c6f203726a6c18b48ec7038dcbd41ed5550555471bba2647249a685b6cd20ec3

      SHA512

      325faa78ee0c3a6c179f5711c341eaa21072659459703c897ee46810f10708d47c11f8bc8a7a513003043c3a2eeb52f1c16b0c63406877754493b06df61dcd64

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      cb694cfb8e65c286334eec7879d0c837

      SHA1

      91f806ad2b67a4056fc3b0213326d066138c26bd

      SHA256

      8e7538cada46f640b26a32a51bd3cd512cfe05ffbd0af6dcb72c3b9cab099aff

      SHA512

      36540e381dd2198842144217ca1140802e3f78ed393bc62c8e9e7c2e94d250a780f0e5379102bdce460c15720330bb84f2488dae4a5d1eddb2347e489fd659bd

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      79ec4cc24407f53e0faab521eeee87c4

      SHA1

      6403c41723352300a0162de95aa3e6fcacab1749

      SHA256

      30ed743c7037ad4cc307ecec21f898820c07299fc5801b2ba7f23a9567626bda

      SHA512

      959f21eab0afbcffbc90c479302f5c53e29ceed416f315db80434b473d84e37c1057b8626cf8a5ff1698ab846629bf243a9477705604288c32db061e6ce32d8c

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      cbd643888021bd31033ef2475edd2a03

      SHA1

      2d5a24e22f0b9ac9afc8f3b706ce70dd3e1eef8d

      SHA256

      d5ccd50b0f14026c73500352e5e99cd533bdd5799ad8bf0c998a56c5112681cf

      SHA512

      1bd300ed804e436aa2b71e0fce5a15a8553d2463f6704fd074fe8c0ac92bdcfd0ccc2f9c8f5f7c2c23e9f2289f26b773891533ce674f436ed875cebf4dbabd34

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      2a2716ce30e0f1b4c5ed9e42263a0e63

      SHA1

      a98480c0d1bac64a1deea0faa8b2cca45f25a88b

      SHA256

      9817b6546e73f3c52fb272109a81666a5b24488831235d64a5d86efe2d45a6d4

      SHA512

      75689a6b95109a2e9c597b13487cbe3480c0bea633659748c6dd02c298513b54ea0074d8cc8ae8d476893bc8379bc4250d5f488f99a8c0b29ac07392c334eb6f

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      a966226d25dd91490ded0a3cd0126cd9

      SHA1

      cb431c270cbb135c99d47f74eee43c4de8089a74

      SHA256

      86b8387b23315debde1a817e56894176b51526ab60285d5a77fdd22dd135b63f

      SHA512

      7552e2733136c7a6e608bf3109504cd13c6f08c9fec3d7f3d9e7dc28fb7bebc69c8e16305ae6218be56bd13d7715a2545f2998178a1fcd3f49d146def5591194

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      5fd9ba41abd038e123d5751dad85a7c2

      SHA1

      50a274adb45c893a5f83daca9e7db906c9baecb4

      SHA256

      2ac3566ce1085d2ae00ad945a032e94fafe4f399dc54e8ef54c6015d3debbc97

      SHA512

      d9df72129e02f78082fd388c6b7eb412b4d68db41c0a23d36d2939b348f4eef03e495444c4cf9565cb279284f2d98961122e36d113eecdd6e967039f7a8578f6

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\Cab7C54.tmp
      Filesize

      65KB

      MD5

      ac05d27423a85adc1622c714f2cb6184

      SHA1

      b0fe2b1abddb97837ea0195be70ab2ff14d43198

      SHA256

      c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

      SHA512

      6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\Tar7D03.tmp
      Filesize

      143KB

      MD5

      f6891e160e873447e5e7fcd88551edd9

      SHA1

      d54aaf59ffc96d9f56c6a76635c1b8f7f0710d5a

      SHA256

      e647395f03cde95c832edb709d958697c460763d28fe2efc70caf7a57ec95797

      SHA512

      15160481e8c093807728ab075dc196d0cee848de5410676a47d86078a8e5e85d9c972693aecb904f6c0dec6701ae9f55ef66eb037a85303882e0d236ef41a07f

      Download Submit