Overview

overview

7

Static

static

7

396b93695a...b2.exe

windows7-x64

7

396b93695a...b2.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    146s
  • max time network
    128s
  • platform
    windows7_x64
  • resource
    win7-20231129-en
  • resource tags

    arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
  • submitted
    31/12/2023, 14:14

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    396b93695a362b51e3f069a65fc351b2.exe

  • Size

    284KB

  • MD5

    396b93695a362b51e3f069a65fc351b2

  • SHA1

    800ce16aaa0bb232de55d9ece842f547c34b69da

  • SHA256

    ee588a9db219895e89248d78417ad33ea7c9ff7f81b25f1520bd3c29322c64cf

  • SHA512

    1d248684ae2faabba69989b26d64789249fbbee8ba9cee583e3115737c91abee9435e366bffcbe727bc493c088af9c49e890afa602a881bf67f7a482d0fe148b

  • SSDEEP

    6144:VNDEsVZaPTpz7pGNa1z4LwsZ+QxPdGk1N4WxxUUFZMGOduhD78LF:VND7CPTl4sFywsZ+APdF4WzLF2GOdu5G

Score
7/10
upx

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 2 IoCs
  • UPX packed file 5 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Modifies Internet Explorer settings 1 TTPs 36 IoCs
    adwarespyware
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 8 IoCs
  • Suspicious use of WriteProcessMemory 12 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\396b93695a362b51e3f069a65fc351b2.exe
    "C:\Users\Admin\AppData\Local\Temp\396b93695a362b51e3f069a65fc351b2.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:2436
    • C:\Users\Admin\AppData\Roaming\Media Center Programs\www.sexy-roots.com.exe
      "C:\Users\Admin\AppData\Roaming\Media Center Programs\www.sexy-roots.com.exe"
      2⤵
      • Executes dropped EXE
      • Suspicious use of SetWindowsHookEx
      PID:1172
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" http://www.sexy-roots.com/member/exe_contact.php
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:1728
  • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
    "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1728 CREDAT:275457 /prefetch:2
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious use of SetWindowsHookEx
    PID:2696

Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC
          Filesize

          914B

          MD5

          e4a68ac854ac5242460afd72481b2a44

          SHA1

          df3c24f9bfd666761b268073fe06d1cc8d4f82a4

          SHA256

          cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f

          SHA512

          5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
          Filesize

          65KB

          MD5

          ac05d27423a85adc1622c714f2cb6184

          SHA1

          b0fe2b1abddb97837ea0195be70ab2ff14d43198

          SHA256

          c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

          SHA512

          6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357
          Filesize

          1KB

          MD5

          a266bb7dcc38a562631361bbf61dd11b

          SHA1

          3b1efd3a66ea28b16697394703a72ca340a05bd5

          SHA256

          df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e

          SHA512

          0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC
          Filesize

          252B

          MD5

          314fc5adbb41ee9e0c1e7faf0fd9c0a1

          SHA1

          1e503d0e2cd370713d76d15532e22535d449e870

          SHA256

          b38d0c97e94aacca1816f70c046c8572f7bfc7480ade1667ef09457701963fd9

          SHA512

          ac1bb04a1ecb090b2272931867abd20e6e654d37783314fb2b7fcaae111a2065e4235e264bc074bb3e673abcd5954b2cf217d846c13d184dffcac268e9018a6e

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          344B

          MD5

          01a920936e787bbe70292b3d3fea2317

          SHA1

          f13fdc2345e476bb55bcbda0f7e78eeb0babb851

          SHA256

          6143fc87e576d1075a6f29dd24b44d6f7832245ad788f23654071d9b88a41d1b

          SHA512

          8de1b08b1ece9dacb7976a1e0506bbf27012510ea3a5985399404574a630ed2ad2dbe8e447526853ae2eb6ff3cec67cf765a3c0af990113494cfca7c3dc358ef

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          344B

          MD5

          a0cea99c124a2f9f5db865d6110001a5

          SHA1

          6fe2193594d088bff0c8c5807aa2599d04fc0f02

          SHA256

          e5cc7a7e9bbacad653f16169acd7058305cde0811b31f9694c45588524ede550

          SHA512

          6343b160aebb8c37bbaedd5c9b8378340990d0bcf1b67fa805b107e20edb4344cff1128853eedf48d8692c31e9a180980fc64ddf05edcf82b420552efdc80fc4

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          344B

          MD5

          2ec991cd0862dd7a277df00be8e4c908

          SHA1

          62ff337a38dc3d6a240603601240c2a6400acacd

          SHA256

          aed1181368d2d0dda53d4dfe50750d675a089448543319f9422c36f41f5d2e9e

          SHA512

          aa5d68258c49fa4d1ac656db331a4b267e775c3b44f498a9e8104e37a211b4cdc1a00ea70bf47b6dd6758bb79db27a17cf628a90b7ad041d8128775ca4f28cdd

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          344B

          MD5

          6f145d537379f94ee26cb8394b12e0d8

          SHA1

          4e49aaeeadb0655d5f652342ce70d7c66f646832

          SHA256

          03d0f7a40c8dd0ec3bd47b71dd0f1b870488d23f7bc1626edd42000c48718a2e

          SHA512

          cb068600c66789742bb64d2f9b2afb8f2dbc09371e0175d57307b511727e16b6a820cf520abb4639cef451394d8d34a3c1064389753e01152bb176edb9a2fc3e

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          344B

          MD5

          0a71caf3256e4b1131231d42ea5ea9f9

          SHA1

          eabefc189fa556bd3e154957b11537c0f0d90506

          SHA256

          d6305eb40c897eb99ffbf95f5fc029fa9ed3434e05b8a2ab67cb8b55931f14ed

          SHA512

          75bd07a45824db84937fe2c5a724edc79fbda76ea244e4dcca175d6205728f4fe453c8d3dde724a9071aaacb11ea718a6883e6d52f74adf8e1cec4a05fb71e29

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          344B

          MD5

          5814574d4358ffa47bda0fb1acce17c8

          SHA1

          1bd766f4d72f35d09170d1b271b68107525de0e6

          SHA256

          429069b78c11b0a5ab03ed5359add992623ebc0574cf684cc3ea6cd0ebce2afe

          SHA512

          1b6c99b24b6bc12c4f37173f8d5c02545ea321f2fc8a2d6959f5101140b98c9e916329b1c7fcb168c49c6e696356dcdc884a0dea4a1e5aacf0b4283065a483bc

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357
          Filesize

          242B

          MD5

          4f09c8c8e0bc9359e8973455cb83b704

          SHA1

          5f449cfe4ac2e00ec0300523774dc09f71bf932d

          SHA256

          9b4cb3903094ed60f6b84903f16aa597ae418b95f8e5ee6e80382296736c62eb

          SHA512

          f4572c36996f543e32ed7ebb7b4ec620c8b2b12238d4df8f8e1f8e34d1c25ee611ea836eb734e684f39936a66379c10cfd1634d347f9e8f6743da9d52dd9ad70

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\Internet Explorer\Services\search_{0633EE93-D776-472f-A0FF-E1416B8B2E3A}.ico
          Filesize

          4KB

          MD5

          da597791be3b6e732f0bc8b20e38ee62

          SHA1

          1125c45d285c360542027d7554a5c442288974de

          SHA256

          5b2c34b3c4e8dd898b664dba6c3786e2ff9869eff55d673aa48361f11325ed07

          SHA512

          d8dc8358727590a1ed74dc70356aedc0499552c2dc0cd4f7a01853dd85ceb3aead5fbdc7c75d7da36db6af2448ce5abdff64cebdca3533ecad953c061a9b338e

          Download Submit

        • C:\Users\Admin\AppData\Local\Temp\Tar43DA.tmp
          Filesize

          171KB

          MD5

          9c0c641c06238516f27941aa1166d427

          SHA1

          64cd549fb8cf014fcd9312aa7a5b023847b6c977

          SHA256

          4276af3669a141a59388bc56a87f6614d9a9bdddf560636c264219a7eb11256f

          SHA512

          936ed0c0b0a7ff8e606b1cc4175a1f9b3699748ccbba1c3aff96203033d2e9edabf090e5148370df42fbfc4e31d7229493706ff24f19ff42ff7bef74a6baad06

          Download Submit

        • \Users\Admin\AppData\Roaming\Media Center Programs\www.sexy-roots.com.exe
          Filesize

          284KB

          MD5

          396b93695a362b51e3f069a65fc351b2

          SHA1

          800ce16aaa0bb232de55d9ece842f547c34b69da

          SHA256

          ee588a9db219895e89248d78417ad33ea7c9ff7f81b25f1520bd3c29322c64cf

          SHA512

          1d248684ae2faabba69989b26d64789249fbbee8ba9cee583e3115737c91abee9435e366bffcbe727bc493c088af9c49e890afa602a881bf67f7a482d0fe148b

          Download Submit

        • memory/1172-46-0x0000000000400000-0x0000000000786000-memory.dmp

          Filesize

          3.5MB

          Download

        • memory/1172-14-0x0000000000400000-0x0000000000786000-memory.dmp

          Filesize

          3.5MB

          Download

        • memory/2436-17-0x0000000000400000-0x0000000000786000-memory.dmp

          Filesize

          3.5MB

          Download

        • memory/2436-613-0x0000000002B30000-0x0000000002B40000-memory.dmp

          Filesize

          64KB

          Download

        • memory/2436-16-0x0000000003B40000-0x00000000045FA000-memory.dmp

          Filesize

          10.7MB

          Download

        • memory/2436-1-0x0000000000400000-0x0000000000786000-memory.dmp

          Filesize

          3.5MB

          Download

        • memory/2436-18-0x0000000002B30000-0x0000000002B40000-memory.dmp

          Filesize

          64KB

          Download

        • memory/2436-12-0x0000000003300000-0x0000000003686000-memory.dmp

          Filesize

          3.5MB

          Download