3046fafed0a87fea9f52c5e82390590d4dfc995410a558f3f2a55732210147d9

Analysis

max time kernel
150s
max time network
136s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
31/12/2023, 12:41

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

367e67ff2e319c45db8b9fcae7bab8a5.exe
Size

854KB
MD5

367e67ff2e319c45db8b9fcae7bab8a5
SHA1

065d3ec1dcd008e9d6490af3d6f1cb23185b5518
SHA256

3046fafed0a87fea9f52c5e82390590d4dfc995410a558f3f2a55732210147d9
SHA512

2ed7a11c34d3d98cda28bb3b964b2bc5e2eb638e62d723593a7589785829b9cdbd1b4bcc33d25d6cbab9752b7a1808a58c1adb9eac6c5ebda9637947f366a61c
SSDEEP

24576:t3ERiCusoH2/JCpljs1yCG2LOOhDJhqIUYJ6aG:28Ch/JC3yy9JORFxJG

Score

6^/10

persistence

Malware Config

Signatures

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Windows\CurrentVersion\Run\Internet Explorer = "C:\\Users\\Admin\\AppData\\Local\\Temp\\367e67ff2e319c45db8b9fcae7bab8a5.exe"	367e67ff2e319c45db8b9fcae7bab8a5.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Modifies Internet Explorer settings 1 TTPs 2 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\TypedURLs	367e67ff2e319c45db8b9fcae7bab8a5.exe
Key created	\REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Internet Explorer\Main	367e67ff2e319c45db8b9fcae7bab8a5.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
1264	367e67ff2e319c45db8b9fcae7bab8a5.exe

Suspicious use of SetWindowsHookEx 2 IoCs

pid	Process
1264	367e67ff2e319c45db8b9fcae7bab8a5.exe
1264	367e67ff2e319c45db8b9fcae7bab8a5.exe

C:\Users\Admin\AppData\Local\Temp\367e67ff2e319c45db8b9fcae7bab8a5.exe
"C:\Users\Admin\AppData\Local\Temp\367e67ff2e319c45db8b9fcae7bab8a5.exe"
1⤵
- Adds Run key to start application
- Modifies Internet Explorer settings
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
PID:1264

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\6B2043001D270792DFFD725518EAFE2C

Filesize
579B

MD5
f55da450a5fb287e1e0f0dcc965756ca

SHA1
7e04de896a3e666d00e687d33ffad93be83d349e

SHA256
31ad6648f8104138c738f39ea4320133393e3a18cc02296ef97c2ac9ef6731d0

SHA512
19bd9a319dfdaad7c13a6b085e51c67c0f9cb1eb4babc4c2b5cdf921c13002ca324e62dfa05f344e340d0d100aa4d6fac0683552162ccc7c0321a8d146da0630

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\6B2043001D270792DFFD725518EAFE2C

Filesize
252B

MD5
9bcf41f7cf7fd42dca9dc3efd4ac45b9

SHA1
d58c7948fc117975de89da6d8469ab915838cdd1

SHA256
5ca67183df7e978971355dfcb597bd5795d569a5e71fb08da0b3f7449e6b35f4

SHA512
b4ccf5ffe813cf7560aeec49a27bdd1f5966cc98747309fe25ec1302c9a0222f0f4bad25801894fc2f4f539d1dbd1cdc1cb3ce8a70d648d9c59a086ace47dbf7

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
e1c35686a317f1a25ff46a37b8ddbb50

SHA1
c886743a4cc014e81597f5a069a2dd5232cda97e

SHA256
65b8814cf3a0ae523b37e5b2131ca218bc950c1f92f2614cbc76f113aa099684

SHA512
d2caecdc8792010d06eaa81e02ec401af7dc5b46e36d66a085f85ee4fd56a7bf279d06e4cf31a0fe0bbb286317f6a33e7559a83e03f89798d9757922aec2cffc

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
89a0b9411551a4a112d03a2fd7f45605

SHA1
a1d276b2b909da834a33ef2b5daa9e49fcd5ebd8

SHA256
1eebaf2656a819d18b122d0f5b796d1fc8e28a2bc538745c29e7545824fea458

SHA512
43c88807b9f6b333e73e24fe49b76b7effa83bc76b3b6549cfcc5f1c18d394dabc3fb1a6eb1b9ff47321c631df9a22a6600ec839fff022c33ffee751e6281145

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
b963fe7ea2e7cca1894b7334555c3b2d

SHA1
6d3458efe1ff270847e9e51a8ccbc44a1029e5ba

SHA256
ddd31c80a44cc3760457f96d341d61d821a602aa1eff54b3d32c5a7f6e76d102

SHA512
814913f0ace1bb438a936d94b144556132e9337ddc2562cc6502f92f7acaf2debf7ee79014c8966749beff78c5c52e04e0ce614a6ce1188b8b67e600c5e2494d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
be0beb76d192f9fe4847cef1d35ffe59

SHA1
a2996646a3e9164b0c94106ee1e40a75f6b73e6b

SHA256
04b979da5bc22fb384f7fad190166cfb3d21d2a59783ac992c3437e0b80d3d21

SHA512
0df29acf66ec4040712fd4c4ca21f48cac47d209637b6acc118305308d53cbfb4325370ea495c875c93f8a73cb5e77549b9342a431cf35f5086cf10231789cb2

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
b16a809ef869cbe536627072c420d6ee

SHA1
d953983e7fde55929d16b0b2c1d9688c87b7c126

SHA256
5af120787764465fc0917f0f679fb57e878dce493a5bf3088a274647deaea41a

SHA512
70195f9c3d3542101a802ba41c24781d4a4319c63cb5ec591ef705fc9f68585ec982efa127559fcec98fc35652061258acaaa47c0714beac7846c7809c792b84

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
8ad01c38595a6406361c1b66579f848b

SHA1
92e279ae1dc1a28a0692269853011a98a2938d9b

SHA256
2e19cdb5b722a2cc5acd317c038806cd03e9d2850d02749678a29f4fa6b0004e

SHA512
107f7fa29b689fea6a6dbfc872068e03a90a7318607337404b29bae123298b77a270c67d17c5bc1a58d96b56053ba7f2e6ea6ac101b5125f15af01bee1715c29

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
7d9441e335ff3861d40d91c3cb81f1e9

SHA1
144f5018cdb9e5ac6672a41f73c9fcc10cc5fc12

SHA256
5a91e19e5ceb15008b48f69fc1cc22fc80448b12f5cd3084299bd69fa9e9411f

SHA512
d40d98b25f42b6345a76806389ba384c8292185b044c795143e166b84726ed19002abe93248256537e59b42d7c2365cff8416e21473e4e03392b436391154815

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
a62a8559f72c67229fecb81eb03a6da9

SHA1
a8bc6e0a73eb60bb23128a3ab9796c6eb111c5f3

SHA256
683f94adde7033f24c1b2ee0da403bbc609e90b528fc86f164234ff1ba782279

SHA512
524f7845623929ef0786650fbfc7e04f5ad258b18ee066a8331c0c2e233f83945082abe7d2eeb56b1261f19abb7eaffd0f4a81c498a5a05a28b1ddb398cb834f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
bdb85d57cf28b53146d7d178c4236275

SHA1
e40a4e2533a23ec17bc0d6c3be51699352af1dc0

SHA256
298afb4d5b097f9315e390d4aa3cff36b1ffdb7580c7d7c39d1c9ab0bed63751

SHA512
88b20ec914f25f950db509d86f615a5f77102e667fc52c6bff8030f91c0b8190594c65e9d1619766298bee617b964c66ec51ad3181d00c1925d126b1c35dab02

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
e57bf555670c1c9add8cbbdd06ea3f78

SHA1
98f39f9663555e0c1eea8785266c51e8b65ba11b

SHA256
e40063b406583ccf0b491ef2e544c36c249a00d62805735b8551f72ae77f3c62

SHA512
5e2d39697c3b78af140cbd196aadda4a3c57d4cbc66c3615ae600df89b45109c79a6f5c9401a5190cef8b1a063259afd48c3ae83a3cf6663bb14dfc2f335013b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
729174b1eac0cb187bbfa8dc5dc7670c

SHA1
7f6c4498675c2049eb185c483cc6f3c45ef375bb

SHA256
2f82e6bfa569b317e961c42ac2d1a85760258e0ba81e3191cc8b78fe3e723879

SHA512
89a7a030a7a23d01b59740baf20f417ea677e4804ff5c69194695fa63f1e50abec014fbeaff7117b62d78a260aff073c84570c6f865214f71fe15dc7157c6dff

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
024d7a1e3431ce1f20383f86e67aea25

SHA1
20155add6d6ca1346cbb793b98cbfa35f5fc90c4

SHA256
1e4e95d1b7c3ad64b25acb4c1182a264334800a71df0d6cd686285d39f2d9702

SHA512
39f6d916da1386639ad3287029b6ed6511e5e9a68f0f3d6f8a48e2ff23417d3bc814814853f497b633efb95e1de5302a643d0db1d85ea73bd837890a03427cf1

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
f17b1f0819292ff973d066abd5de4c63

SHA1
a965c0620d25ab837ca3c2ad53542f65d6235fe3

SHA256
079d80ca63d711ddcdf5047d5c5f3f5012552c1c764e7f1900c9aa050b5f02fe

SHA512
d963e00c26c248dfde474157c484c473d811987dac4cc7275fcbeb838a53c8d75ee445bbf612b2344dd59f907e5d87b4f09c4df3f95be74f02b8fc86a8752a7a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
8e6e9cd6d8654fa831e1dff3b1fefc3c

SHA1
3f8f2526cdc9242174d2f6cf563697fcc9a47d4b

SHA256
670d3dc83ef65f7391aa4c58d7d847346969cc2dbec4d5d8674da6060a262394

SHA512
c9b44b1fd0e6aba99d54cd4c90e1093fcadfabaa6141de0662679c04768e366de0a43f36577383ab2c22da057d7abc3d958eecdfc35f399e850c079b410c4946

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab606A.tmp

Filesize
65KB

MD5
ac05d27423a85adc1622c714f2cb6184

SHA1
b0fe2b1abddb97837ea0195be70ab2ff14d43198

SHA256
c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

SHA512
6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar609C.tmp

Filesize
171KB

MD5
9c0c641c06238516f27941aa1166d427

SHA1
64cd549fb8cf014fcd9312aa7a5b023847b6c977

SHA256
4276af3669a141a59388bc56a87f6614d9a9bdddf560636c264219a7eb11256f

SHA512
936ed0c0b0a7ff8e606b1cc4175a1f9b3699748ccbba1c3aff96203033d2e9edabf090e5148370df42fbfc4e31d7229493706ff24f19ff42ff7bef74a6baad06

Download Submit
memory/1264-1001-0x0000000000400000-0x00000000007F3000-memory.dmp

Filesize
3.9MB

Download
memory/1264-0-0x0000000000400000-0x00000000007F3000-memory.dmp

Filesize
3.9MB

Download
memory/1264-501-0x0000000000250000-0x0000000000251000-memory.dmp

Filesize
4KB

Download
memory/1264-381-0x0000000000230000-0x0000000000232000-memory.dmp

Filesize
8KB

Download
memory/1264-163-0x0000000000400000-0x00000000007F3000-memory.dmp

Filesize
3.9MB

Download
memory/1264-2-0x0000000000250000-0x0000000000251000-memory.dmp

Filesize
4KB

Download
memory/1264-1-0x0000000000230000-0x0000000000232000-memory.dmp

Filesize
8KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads