Overview

overview

3

Static

static

3

380af933d1...a3.exe

windows7-x64

1

380af933d1...a3.exe

windows10-2004-x64

1

Analysis

  • max time kernel
    151s
  • max time network
    144s
  • platform
    windows7_x64
  • resource
    win7-20231215-en
  • resource tags

    arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
  • submitted
    31/12/2023, 13:29

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    380af933d1cff5ff8f2375255f963da3.exe

  • Size

    57KB

  • MD5

    380af933d1cff5ff8f2375255f963da3

  • SHA1

    45a67cc09c46131858dda5037cb5f92c74d0bc29

  • SHA256

    d8423c5d66ef5412288367ee160e028a5ef7966bf566f463e8a55234ba96d39f

  • SHA512

    b94aa464e02a4c8ddb2d009e02e9dbc73aa7763447159f44011715ebba77eae2185dd612f9785669f184a3f4ec0fb0550fb6159cbcb3b7e350b017d104bca58a

  • SSDEEP

    768:/tW6x9t3nNRZZHdSQhnqaD8nWQE5+XHP/mRFju0E0r2bc765DmODZZPZB52jn:/tpx99MQhnTDGWm/mR5e025DmQc

Score
1/10

Malware Config

Signatures

  • Modifies Internet Explorer settings 1 TTPs 58 IoCs
    adwarespyware
  • Suspicious use of FindShellTrayWindow 2 IoCs
  • Suspicious use of SetWindowsHookEx 11 IoCs
  • Suspicious use of WriteProcessMemory 16 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\380af933d1cff5ff8f2375255f963da3.exe
    "C:\Users\Admin\AppData\Local\Temp\380af933d1cff5ff8f2375255f963da3.exe"
    1⤵
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:2088
    • C:\Program Files\Internet Explorer\IEXPLORE.exe
      "C:\Program Files\Internet Explorer\IEXPLORE.exe" http://dl.kanlink.cn:1287/CPAdown/vplay.php
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:2360
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2360 CREDAT:275457 /prefetch:2
        3⤵
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:2692
    • C:\Program Files\Internet Explorer\IEXPLORE.exe
      "C:\Program Files\Internet Explorer\IEXPLORE.exe" http://dl.kanlink.cn:1287/CPAdown/PPTV(pplive)_forxuyan_0977.html
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:1756
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1756 CREDAT:275457 /prefetch:2
        3⤵
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:2644

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    a05183612901ec8b6cd1aff281811c62

    SHA1

    538d5f32b7ccf877c4ee99cb88a3b0bffa4fc13d

    SHA256

    9ad90982035ac33bf6cde117d6daa86b7b1efd01be8debb91f7031045dc5eab2

    SHA512

    1e8b58e1e0bd3472ac845f6220bf6f6f0f20c82962b104e19f5dcb19893ff384c31dd86d2cf53bb115b2349a413033f15ce637285e3596175487b5b4499a6f47

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    c400db08409b152dc8679f7739c88b6b

    SHA1

    496d7d33ea7d8165a530d8e833fbb2a3ca212c4c

    SHA256

    96d8a73d9fdac11ce9420303a7ca4d887682f68495ba228b0c513e7e020f142e

    SHA512

    1c203a79c69a7dd3402924b5e6c8f7f2da5d42ef4ce1cb67703003e498a74400148b0c8b9890346731c14fc8f46d839ed620d5eb328fed4d1e31704fa9291454

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    ebed6fae4af7f885fdf01f419fca06d5

    SHA1

    c8427e1a45593b139fe47837cb93731edaceace7

    SHA256

    6fd6337ee24ae31f9cd04d3053c4e428a44bbb87f2cee51b098b4181db1fe3be

    SHA512

    cf55df2666849419cbd8ec87a79c7c8d003ff4851bb180b84ad5d716f2e61f95b70a2dc704f076906581b52fda85fc5802420741c9609b8c2482bf6b912956a0

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    cdc07c120b3a950e2d47eeb206434f34

    SHA1

    b25752c0216d357d919dddd0374ab2696d63d8de

    SHA256

    2f27d5f099eb4bfeac2a3bdab7e4fcf50add1a5f390317e66ec84a2b56ac500b

    SHA512

    30c238d08c55952d057af7de6e09877ee26c701cf66b75a12c7f6d1491e5bfc0b7c652d999dfed35658b3521ae46f4b3103c56b96003b513419c7aa98c03af73

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    e78e02d132ff06173fbdbf8c51c915f7

    SHA1

    9d64fb296814402e53612bb33f4eb41f4a2e5d6d

    SHA256

    f9a2bbea53c167003607376c1d845cda27c923a19028c496f6b1af752a852013

    SHA512

    6b1da757494884fdebc37e0d4cd552d35cf240399e32a94454aac8fa681a81a64122ea4ef32744bd22210161e12acdd8eaab3364c57e31c799751d12d415af8b

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    3014e7791211c75097b3ddf928f6af5e

    SHA1

    5872c7c35b3b04e89f8d79b7391eda10ae1ac078

    SHA256

    bafc4c0be7624d4c06b30e971f73af2ef5bcfa5d432b97e752bdc050e9f8a067

    SHA512

    e6000904d2abc0b88ad2ce3af3a4ea730f1ddeab8ecf9ef0ff3f63770f257d0c68ab3da5d1e6870b82468c0b72d0929dfc062772718e343e6aac2d1dff05f8f8

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    0aec131242535745f7c8d69f65ee3976

    SHA1

    b2df257e3c2e046762712ea5c16caaeb989b62f0

    SHA256

    1c8707a65acb291e95ca35d232f09810c0ead6a8f2812ed891a5c789a04b21ee

    SHA512

    bd02a2dbbc23de9fa17338f200f765d2f804b99a54deb2a2e914d9577a5a358ebb989aea134d0f4c04d9ed82b729a7f857e552274cb8f6ea187a64e742a7cb82

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    e79f24597e47dbd7926c33310ce5cf68

    SHA1

    7c4185e1408ff842fec723b47f5362bec576f7a4

    SHA256

    b6ddba4a92f61e1b839b250380846df6118f25f1326243d488707eeb276903d1

    SHA512

    d165c7bfd3cc454dafe055e31fd04f9e2dee5a0346b7db6b1d43e1e04653f1ef6792271251305ab43ba0a00632bc65a34c42ac6f24475e0c20157e989243b70b

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    f75a8f46bef0e7c40f150298fb3eb335

    SHA1

    8535416e167099a723c93efc294c0d31f8fb2753

    SHA256

    eb0a12f7a3b449cf8e209db928f9322869c14b7d6428d5d48e7cd07949027acd

    SHA512

    fe5bdd985498861000b63d6982717e86cc339c09b1b37caeac1d075f5673b0b914940a16083f2d6b44cf3e7f6933020c249364e1a46e9837651f20069785e8a6

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    35c0c26cd3656d72042174277e8b68d2

    SHA1

    3367345ab072dac4bed93e47393c2b4fad97317f

    SHA256

    3d5a1fd03afdfa89ffb3a4e6956beb8cdaf3bc769a14f5874bc921130a9c67c5

    SHA512

    53876cd351a86b12f2e61001dc3b91fa3d15662677f1a389927642b15e76a6f73ae73e9d4aedfcc9ae74e43c41407ad0049ace21ae027c8a60dc72b0e429cb5c

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    6916965726cc224a79a2e5f682cc1552

    SHA1

    111f7e3190f59c4af25b22fb9935cd12b8bb6b30

    SHA256

    ea633f14400279ba8cbdf997316ff35f58074dec235fd98d4cc586c6b4df244d

    SHA512

    977f8c04994d4b4e7182f5ea412c603f7022ebbbacf66239c62fbf6fd28ef8c33923be6f034adbf1b28a1bc618929738cd1550f7c5a4980f8c223fda5f167893

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    9712f340fe0498a3e29136b2e65d3fb8

    SHA1

    ce8c9a313b3a57328036513bd06405d7603e483a

    SHA256

    befbfc9ae6e5780cc1f474bfddc62d8520b0997f82391befa41cf75da17cba35

    SHA512

    97271fdcbe498499c714fe371f904aeef675c1d3ce3da66ed461cb40edcc2b4300c7cdd1ef0af8a0c5547ff3b1532b35d11b7b8efa0ade430da7886d48ce355b

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    ce3ea86eef6b3477b1b74f366c6e3ae0

    SHA1

    d63a78f71a592112ef0c06cc875ed086739a20ca

    SHA256

    4f43d5dc0397c0d61888127b8905df496979ca098ab55af0b3538a938fc4933e

    SHA512

    ce35b77ee92fbb3d0e6f2da9fce1280a86ba01f247ecced7adbffea6c98bee5cd78774a9d052a0660dfe1d2c892eed66d972549a8d892e41dc6d360d306f6097

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    e9c1935a6c663d36236d71cc7342e304

    SHA1

    a7895d450ab5423c982f6c36c9e55424b5961931

    SHA256

    20b183af16d83a762b36dd077e68dda29f8caf394feecb658c10eabd6bb42a7f

    SHA512

    33e5efca6621cac83d763393e31ae0002eb36b8d21e1bb1768c82b2ffca6b4a3d4a06260c986f625d8ddf8968a72eb212e8f79d04dd2d83e8c5b797daac171d6

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    1a97ed282fd118cd4c44f8dd99644cfe

    SHA1

    fec926e35dd35b72e5993d30dd2533775b3bf306

    SHA256

    7261ad1e85dedf866f9f74a0b74619cc7493f0ae794f50e964fa0d851de5c4ac

    SHA512

    b210f4592faf19e65884e783a65cb5033cb3450b77b7c12cf440a7f311dd41de99826564117452130a3a28048624cc891a29f75efd3bb7f616b7dc00e0acfb6f

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    0ea7fc7d16984f07bca6447c407d4e45

    SHA1

    53715781ea1c79c83717633093effa7f6a9325aa

    SHA256

    dc1c70a233d8532063774ab1ab026a3d153c8e3e9c0d76583e8e4d0b91451537

    SHA512

    c3428dee09fae9c28833a9a93b3bcbcc8c2ce407af1521fde5aef2fa2eebceeabb8a3b94504d3d329f1d63c969440cbad682d5ae16a90063fbc5609285b12c0d

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{8B52F131-AB78-11EE-9201-42DF7B237CB2}.dat
    Filesize

    5KB

    MD5

    6ea5328682436cb9308d25ada0ec4c94

    SHA1

    ba16ff37e4c4cbb9f36247c1be50fba85b9f47e5

    SHA256

    a0607cfeb6416c16c4c9b354b490442486cb188f91c897b7e8ec8eef0baff9ce

    SHA512

    06b30539bff5dd71d880f25d5e334705c4f72f71ffa2f5a07497ad2e05b97a14e60049c34388f5fef9439de4d81744f50ad1b5b9983275bd343372f5e32295b4

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Cab9E64.tmp
    Filesize

    65KB

    MD5

    ac05d27423a85adc1622c714f2cb6184

    SHA1

    b0fe2b1abddb97837ea0195be70ab2ff14d43198

    SHA256

    c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

    SHA512

    6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Tar9E77.tmp
    Filesize

    171KB

    MD5

    9c0c641c06238516f27941aa1166d427

    SHA1

    64cd549fb8cf014fcd9312aa7a5b023847b6c977

    SHA256

    4276af3669a141a59388bc56a87f6614d9a9bdddf560636c264219a7eb11256f

    SHA512

    936ed0c0b0a7ff8e606b1cc4175a1f9b3699748ccbba1c3aff96203033d2e9edabf090e5148370df42fbfc4e31d7229493706ff24f19ff42ff7bef74a6baad06

    Download Submit