24b74a95082c1e7b13379049b6d0762a8a70aa5368d05b917f793708d53d939c

Analysis

max time kernel
49s
max time network
233s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
31/12/2023, 13:03

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

3725cf3f74f6b21781696233273b668a.exe
Size

1013KB
MD5

3725cf3f74f6b21781696233273b668a
SHA1

9cc591a6c28dad8dba46a676a82449368a838ecb
SHA256

24b74a95082c1e7b13379049b6d0762a8a70aa5368d05b917f793708d53d939c
SHA512

68f8d042a1e844853f4d9e681011325324491b1057f337de3666ef7b21c60b5c9424a2a2de7eac682a401d5950ef7487f902089181bb5bafeaed0f6a63a4cbb2
SSDEEP

24576:kUdHNU0BDDiAtmIKLoQRGGm9bDq5d9F6DZBA:kwHNU0BpK0QRkZ+5jMk

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
2152	GoogleOrganic.exe

Loads dropped DLL 1 IoCs

pid	Process
2716	3725cf3f74f6b21781696233273b668a.exe

Drops file in Program Files directory 1 IoCs

description	ioc	Process
File opened for modification	C:\Program Files (x86)\GooglesTool\GoogleOrganic.exe	3725cf3f74f6b21781696233273b668a.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious use of SetWindowsHookEx 2 IoCs

pid	Process
2152	GoogleOrganic.exe
2152	GoogleOrganic.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2716 wrote to memory of 2152	2716	3725cf3f74f6b21781696233273b668a.exe	26
PID 2716 wrote to memory of 2152	2716	3725cf3f74f6b21781696233273b668a.exe	26
PID 2716 wrote to memory of 2152	2716	3725cf3f74f6b21781696233273b668a.exe	26
PID 2716 wrote to memory of 2152	2716	3725cf3f74f6b21781696233273b668a.exe	26

C:\Users\Admin\AppData\Local\Temp\3725cf3f74f6b21781696233273b668a.exe
"C:\Users\Admin\AppData\Local\Temp\3725cf3f74f6b21781696233273b668a.exe"
1⤵
- Loads dropped DLL
- Drops file in Program Files directory
- Suspicious use of WriteProcessMemory
PID:2716
- C:\Windows\SysWOW64\cmd.exe
  "C:\Windows\System32\cmd.exe" /c start http://www.fulltekparcaizle.com/?setdown=ok
  2⤵
  PID:2428
- C:\Users\Admin\AppData\Local\Temp\Alexa.exe
  "C:\Users\Admin\AppData\Local\Temp\Alexa.exe"
  2⤵
  PID:1968
- C:\Program Files (x86)\GooglesTool\GoogleOrganic.exe
  "C:\Program Files (x86)\GooglesTool\GoogleOrganic.exe"
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:2152

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Public\AlexaNSISPlugin.1968.dll,RunDLLPingServerStep1 Welcome alxi-10.0
1⤵
PID:2332
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Public\AlexaNSISPlugin.1968.dll,RunDLLPingServerStep1 Welcome alxi-10.0
  2⤵
  PID:1472

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:828 CREDAT:275457 /prefetch:2
1⤵
PID:2336

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" http://www.fulltekparcaizle.com/?setdown=ok
1⤵
PID:828

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files (x86)\GooglesTool\GoogleOrganic.exe

Filesize
132KB

MD5
2b379059b1a29948a470b6e7d76d2cc4

SHA1
7f90baf04646ca31d9025765b8f34eb2fdd4683c

SHA256
1d158fb047ba284420c29a352a7d6e59aa559ca941a4773c7f49185f1d87aaab

SHA512
e71080587729e39901b81c05d5bf18aac841357a958d5be16194cb9c77311bb2afe04d64884339df0f450061b3dff401bf7f445aaae3630d5832727b1b5c9a6a

Download Submit
C:\Program Files (x86)\GooglesTool\GoogleOrganic.exe

Filesize
68KB

MD5
d3234937a07d93da20527292d3100cbf

SHA1
7357c983c965c5940906b341fa6eb8cff4573484

SHA256
a69a22f12914104a5f5dc5d584407e8cc65825dece759320f4f5554912c2e999

SHA512
795c2de6a2a2bc0fb9c1105f278562a1ac9faffb0d814bf10ff26eabc7898a5e5c20e2f7a295b3988aee0e6449c03c941943f7acf1a2c30b618bda62051f1f13

Download Submit
C:\Program Files (x86)\GooglesTool\GoogleOrganic.exe

Filesize
266KB

MD5
9054686c9f2619f83ed15ef8336a3400

SHA1
f26dd5e21335b7b343e5d63ea89a8f13d714c815

SHA256
45dee3558a5d7d887ef7ca29b115486da45b6d7004953572fd4624a4a3a679c4

SHA512
d642b6de43b93eb119e796ac64d01cd33e40bb85c0ec007886e5a3da1c4da669ebf3fb807a808869a9531672467f43993592ed99b1815cc58a385a064813c13d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
30c1bf0e669180918c69cb5ec2004d17

SHA1
0bb593c8bfb64d114012fbaf6dc8c8afe2d3538a

SHA256
026c963687683be55f15eca47963bb1ed04dbcfafdc759bf5103d8ab7c2add98

SHA512
1d042f148370e5c5b18e10692e5e6409e05bfff3835cfb148d9e16f354da6bf69a4a5d75fd264d237badf43444b9cfc47f3fb865811f0e4223936fa5a27e189c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
d71e67c6ca406f7771d69fb27769dfd5

SHA1
3f06ab2552fcf9f73847f096f2c6178981a19ec6

SHA256
5b6f0bbb6f86598f1c9b58b8c5e1ffd7d9075775e0032c933cbac7366a784365

SHA512
649b611244d22b54b3a42cfde17133ee91d9da8825ca7ef6bdcf22ef74767c8263486e3cc720be36eec54eb88eeeca80ae09984cb4aa495a267a2dd9ebe4374c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
bf82c4acd94f0ffa1a88d2925ca23065

SHA1
2e30127785f4c3ea1c8afd74c02f38376972aab6

SHA256
7268e1b3416ab3e92f34bbd597a0ba5a3b3883742d86b1a81716d3696cf77519

SHA512
df4721486a8cc09361e801233668d7c0cfd99088fdd28d1e7b2379dbfe50471dc346d7c5a0929aafe111ad3c4af1a95d089814f5a1157e8afffff4d3ca3f9149

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
2956f6dfeff8bc7b7bbe428640e318e9

SHA1
6f790edb60f988184a3c7a3a1d3e6c5612cae59c

SHA256
398e399bca4f94789147c52785bcb6df756a9bbe5ecd66812c9fc48c00720495

SHA512
4d481015f942660fa01b90d89d0a1673cd7286759519ee7fb8e196d88d5fbbbe88c56cc9407a0e1873002f181dd8b0098268375205da12f5327de4f4e926ef81

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
d9d2f67fcb912344f804c9361f3d0d07

SHA1
5195206e7074a48763048a140e6eddc3fede9b19

SHA256
f60868501df2156bf4c4c2209d07291b1f9ced336dd18ce765a5b3776cb42e14

SHA512
aee549c256f213f6022f3b5ef9a30e9989f9a7562f8f9c60219e7887bbd0128e8677f7f8e06004fcd9779fafcc86005e6f6dca1be752ba85a63bc9f2b0c1fcab

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
3c176d27e0484e8634fd540cdd4d36ed

SHA1
8dd7ced6db7257a0f07d1ee2c0dbfd3cd314684d

SHA256
c527b6bd9ca45027303fe6baaf8221acc0b94da28d4e4387564151866a7c586d

SHA512
88044476d01b6ed251bb1112ad0a788b2f510e8883c026d78b127b01127595e76274cbab742e0b3803e53b6b45996d7fdfc5e9e25cb0d9c621fe6a078010bcb4

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
677da88d803d5188dd0717889a37fbc3

SHA1
55eec45bbb102844fea5a135f0f18ee4bde63f6e

SHA256
73c1b083b9a7cce1220ba33be0c5887910da5e47bc7ba52f6fcb0375376b5151

SHA512
80b048c51c3a7e5df8e52a233580764902614c932afbe65a23a8e284d9cb505b5ea9cdab261deeda0d27e06f95345a80237aaae85f82cef30b309625193d7e79

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
89fc94cd81dd3da7a1e6246e19633caa

SHA1
927cd4143e4e1a5d897bc4073ae26ca797f44299

SHA256
b2931ec0a5b14d8a7380b9112580e9210e1de4611541e44614bc4fb028434901

SHA512
9ff20aedb23d4f2c1bfcfe6f2d278d5f87281251fd593d349696fa17cdc89c242c8b0b565836fb21ba0ae023d4d8cb2ca01f6e085e8807da0d5545d75dfa6230

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
10fbfd684f151f354ce1c2294021dca9

SHA1
40f238586fd63b67482531c6eef40f825f581ceb

SHA256
319b4111524f4ddd59b2048490e335fb76eeb66826d8ad2c24b28811c181dd82

SHA512
7e501eb85a89da79bb5db3aa1114596cdb182dfdf2987430027ff76cee172c68a54b67e143c945a78dc8f88d8d0dbb5276fdd1ec41bc55c3e98f3a23dc024c0a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
6ce512a89293672a0a4cd29271bb4bdf

SHA1
939f4a37f01786116ebfa2c90c975ebcf03310d8

SHA256
320dc7f81bd1c1a92a18c3b4b9a547166e60e8a5a58377dc166a08521099c435

SHA512
8af53dfe2302d280f700ccb47fc70c60d194578beb85c42f218dcda6f7d3ed13e2dd851b3f572e1f9b7c19f5273a862481b1d40abd06390d20635740c9712b68

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
b086038b91e343c55738c671ec9ba3eb

SHA1
11574ce26da78d44d513a7c2ebf7c419785bbfbb

SHA256
a464ed1bedef204b425fb89f1a6dc54bbce938a3c96cb8bfb1d645a2fa0e6d08

SHA512
b17e7b86a0518e484dafed46b1527a2fd33a5fdb5dbac6fdce8fc1fbaedec2819f45d7afae73fcbb6ef818a3ef51b34af577b769ab2d03534c6530daa15fb80c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
07cd6f17a85489364376461a4934602a

SHA1
93c4cc65233dd353453db9ee50c1fb221c7ca778

SHA256
06cc67712b9cf68f03d90e72cb85dcb4dbdef17ca3da012ecafece1ca3583512

SHA512
7d2e2bdd5a4742343b20ebc3df5d3260ef2dbb7fa866712a014bd3bd88a6a12b16bb50142f76373c97a89ae127988facb5c48e4738a342dc3eb065c70e1c2d81

Download Submit
C:\Users\Admin\AppData\Local\Temp\Alexa.exe

Filesize
84KB

MD5
6959f87d10d447d0da14fe3255d8c092

SHA1
7e464d8aaebd8db747e1c489f42b3a633b2d1456

SHA256
748131cff32c17b8c04a47ccfd34b0978ce35af48f258bf84eb8b01710b33573

SHA512
68fe1e43146da7dead093e644e0aa2ed75ae12819fde23c2642cc0bed17ab5b640b722166b3688ae9594271be81699b241d72a5a88b0ef5471fb227909a92ac6

Download Submit
C:\Users\Admin\AppData\Local\Temp\Alexa.exe

Filesize
1KB

MD5
eb9d2d10bd5505e288b6861fabe223a2

SHA1
b3843cd8edeaa79a05dd98bece5540722b1bdccc

SHA256
f88263b8a9025f528c1b65e67acfdc4a9854115c5e14855123941c499047fc3f

SHA512
dec7bfcf213f593427f89fee753668bb7235a2e11e21be57658e9df58eb975fe73a821f1aab581539d72c09702cdf0a175e35755c0a01ec399dce448de36e430

Download Submit
C:\Users\Admin\AppData\Local\Temp\Alexa.exe

Filesize
38KB

MD5
3bbf5f0d0c01ed936ff5a96a50ebcde2

SHA1
ccf1c8accc81c51bcac519bc9d1d5c5fe6e81084

SHA256
d43ea39234de590af0fb7b0a71cd56b640134fd1c91905d105d817e2336c7e4d

SHA512
08fedf382d39ee879ca5ba4c158d81d4c1b0a6acdf3f32159447878ff17fbb482b311bc6d93204dd6678b6f5aaa4d29b1b30ddad42da6b73bd91394a406911db

Download Submit
C:\Users\Admin\AppData\Local\Temp\CabA797.tmp

Filesize
65KB

MD5
ac05d27423a85adc1622c714f2cb6184

SHA1
b0fe2b1abddb97837ea0195be70ab2ff14d43198

SHA256
c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

SHA512
6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

Download Submit
C:\Users\Admin\AppData\Local\Temp\TarA837.tmp

Filesize
92KB

MD5
71e4ce8b3a1b89f335a6936bbdafce4c

SHA1
6e0d450eb5f316a9924b3e58445b26bfb727001e

SHA256
a5edfae1527d0c8d9fe5e7a2c5c21b671e61f9981f3bcf9e8cc9f9bb9f3b44c5

SHA512
b80af88699330e1ff01e409daabdedeef350fe7d192724dfa8622afa71e132076144175f6e097f8136f1bba44c7cb30cfdd0414dbe4e0a4712b3bad7b70aeff7

Download Submit
C:\Users\Admin\AppData\Local\Temp\nso8D34.tmp\AlexaToolbar.dll

Filesize
46KB

MD5
be96c7d83b5d0fa46c5473ce60d96ad5

SHA1
836f9d8f5b53148b42adccb57a3172287c4a6bd9

SHA256
eb70180cd89b359cf6137782fa069f9b9f1db59d0a59e1cea882e5c7ef4d87f2

SHA512
8ef212ed1946b9f66e1542a75607706f7637346496a90f9c6489ec0495f1f1b2e7367f4601ab1df0d00e047ae4f6913fe9990dc1866f7517542b1e50a7bbbc7f

Download Submit
C:\Users\Admin\AppData\Local\Temp\nso8D34.tmp\ioSpecial.ini

Filesize
1KB

MD5
a7f6659ad1fb176299c2721cf60d7eb3

SHA1
73562dbe45c602cebbb1bf5ca3141142e0f461dd

SHA256
914a1d1935671a1a8845b185992b22ed26d0170f66ce9022b569b11effcd6f2e

SHA512
2eeff881c662b534016f9787d1186712dd9bdd9ca5318b8ae923953937d5ec2bb3305e6c8c41e0cbf20b31ed50a4ca2a010e8ba28e7f06680687a3df9d101b05

Download Submit
\Program Files (x86)\GooglesTool\GoogleOrganic.exe

Filesize
186KB

MD5
12d96be7787bd3a8d6426603190280e6

SHA1
3d472f86ea8c8247a16d06bc20dc5b0b19409ccb

SHA256
8a205234453b82f6a138cebdab2b22197dfe6e5527877b07c662a70888109ca5

SHA512
4ab6e38c4446bb3ec4d76746eb9e7d76a4a4b0f4f672b9f3ee44912f4b5bd5625c4569e6f49cc20c024d5b4f158308d67409b9a6f3c79a69e4684e8932ea5e5c

Download Submit
\Users\Admin\AppData\Local\Temp\Alexa.exe

Filesize
22KB

MD5
17269da772a16850827ab252a8231201

SHA1
35fce7d447f9d7393105c58e934b44a1a41680bb

SHA256
1570515ecb52d0d091a4ba2c2803a141ab0ad0b9f1cef28bffb3f299930d40f2

SHA512
e4368c4f813c90a5abc15d4c4dde8056cf9f329b3fc638dc7f9ded5d640bccc14cbb03c93d43caad98e0c85ac385fe507ef916a11a06f2662340e06ad0ecdd2e

Download Submit
\Users\Admin\AppData\Local\Temp\nso8D34.tmp\AlexaToolbar.dll

Filesize
1KB

MD5
b1b6be33a8623958e18edcf5b66da209

SHA1
e128f75b902597aec54463053e8f8e43b54f424b

SHA256
1133f573760415ee03468a56798ad6581f25fef5e6dd9686eb98ff363e1a30b2

SHA512
a5f24a496690fbd7000331868e64521c254823e6964c7df8d8f169f0fae2c97ddb51c2274350c4aa3a8abaec2d9538daaa722d2a6f8d6c3806d4e9662edd22bb

Download Submit
\Users\Admin\AppData\Local\Temp\nso8D34.tmp\InstallOptions.dll

Filesize
15KB

MD5
6e663f1a0de94bc05d64d020da5d6f36

SHA1
c5abb0033776d6ab1f07e5b3568f7d64f90e5b04

SHA256
458b70e1745dc6e768d2338ccf3e6e86436488954ca3763472d8ffec4e7177e4

SHA512
2a037c39f3a08d4a80494227990f36c4fef2f73c4a6ad74dcc334317a1372234c25d08d8b80d79e126881a49fa4b3f2fffe3604c959d9ceceb47acc7192cc6a5

Download Submit
\Users\Public\AlexaNSISPlugin.1968.dll

Filesize
66KB

MD5
f9784284f96fff529fa330ce2c91b042

SHA1
e985e8c74edc5b7d2d878066d4e2aafa60b963cf

SHA256
e6d960896e8690a1f212a9fd944a0b4960d5ba17565c1197f94d221520d79f84

SHA512
1aa92d803a41fdf6bedf280f37dba5677dfb59a06c461f84b8e27fa26096984f45d6ac17794edd8acab334ebc4ffd0385dd95b902a7ff9de116216dc436d18da

Download Submit
\Users\Public\AlexaNSISPlugin.1968.dll

Filesize
88KB

MD5
d86cb3256d031f68ce38f909a824d161

SHA1
3d46312210b8a739f59948c1af96e3118dd2a2b9

SHA256
074773f7b492a6e966677d5552a88002c2dba41df6f3314fe96771a0b13361ec

SHA512
29a6495d97f69a31ac82f17fb5971c4b50a4edf6fad892322935a070269bffa8dc6d64b5cdb5ed6501766b062256d0e24142cb1e27ce86d507fa19974e9a1d7e

Download Submit
memory/1968-115-0x00000000003E0000-0x00000000003FB000-memory.dmp

Filesize
108KB

Download
memory/2152-583-0x0000000000400000-0x000000000051C000-memory.dmp

Filesize
1.1MB

Download
memory/2152-18-0x0000000000230000-0x0000000000231000-memory.dmp

Filesize
4KB

Download
memory/2152-579-0x0000000000400000-0x000000000051C000-memory.dmp

Filesize
1.1MB

Download
memory/2152-584-0x0000000000400000-0x000000000051C000-memory.dmp

Filesize
1.1MB

Download
memory/2152-551-0x0000000000400000-0x000000000051C000-memory.dmp

Filesize
1.1MB

Download
memory/2152-581-0x0000000000400000-0x000000000051C000-memory.dmp

Filesize
1.1MB

Download
memory/2152-580-0x0000000000230000-0x0000000000231000-memory.dmp

Filesize
4KB

Download
memory/2152-1024-0x0000000000400000-0x000000000051C000-memory.dmp

Filesize
1.1MB

Download
memory/2152-723-0x0000000000400000-0x000000000051C000-memory.dmp

Filesize
1.1MB

Download
memory/2152-582-0x0000000000400000-0x000000000051C000-memory.dmp

Filesize
1.1MB

Download
memory/2152-1018-0x0000000000400000-0x000000000051C000-memory.dmp

Filesize
1.1MB

Download
memory/2152-1019-0x0000000000400000-0x000000000051C000-memory.dmp

Filesize
1.1MB

Download
memory/2152-1020-0x0000000000400000-0x000000000051C000-memory.dmp

Filesize
1.1MB

Download
memory/2152-1021-0x0000000000400000-0x000000000051C000-memory.dmp

Filesize
1.1MB

Download
memory/2152-1022-0x0000000000400000-0x000000000051C000-memory.dmp

Filesize
1.1MB

Download
memory/2152-1023-0x0000000000400000-0x000000000051C000-memory.dmp

Filesize
1.1MB

Download
memory/2716-119-0x0000000000400000-0x0000000000422000-memory.dmp

Filesize
136KB

Download