Overview

overview

3

Static

static

3

3a7e055e24...35.exe

windows7-x64

3

3a7e055e24...35.exe

windows10-2004-x64

3

Analysis

  • max time kernel
    30s
  • max time network
    144s
  • platform
    windows7_x64
  • resource
    win7-20231215-en
  • resource tags

    arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
  • submitted
    31/12/2023, 15:54

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    3a7e055e24a873372882d7a8a0974235.exe

  • Size

    18KB

  • MD5

    3a7e055e24a873372882d7a8a0974235

  • SHA1

    b6e9e639de8d96daea23c030dbecc3bcb17a689d

  • SHA256

    d532e1cde95d214d674f811e1f3663a8600b92e7b01b58f7a6b8c4f150d173e4

  • SHA512

    1177c43a5fa701f896ec998b8837f91c4b25120c8c3d9a442a959c698c006dd5f65a905c760bdd77a74c2fb0d2b2bda204cda9585595972c57632ec49fb70725

  • SSDEEP

    384:3TV2YAfbJJmgD2SrKw+tD+TY9BOTEyaYV49JnK31:3TV2YAfbv35+5DA29JnK3

Score
3/10

Malware Config

Signatures

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Modifies Internet Explorer settings 1 TTPs 40 IoCs
    adwarespyware
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 8 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\3a7e055e24a873372882d7a8a0974235.exe
    "C:\Users\Admin\AppData\Local\Temp\3a7e055e24a873372882d7a8a0974235.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:1736
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" http://www.mensagensdeamizade.com.br/todas-as-mensagens/0/0/1/1/265/
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:2628
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2628 CREDAT:275457 /prefetch:2
        3⤵
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:2652

Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          344B

          MD5

          da7224d28d93ca61fafda3590a67e278

          SHA1

          e9087f68202c9a4c8e9f1ff9613b263f6bcacaa5

          SHA256

          c51e33cf34bbb8164eaef8cb2f926d533a3a57f848ce84f39b8f0ef1efe468b5

          SHA512

          d8cabbb9a69fb378dbd8046172664d77d83a5675926c823ed5e70b166bf900514e412f54e17e48e39d9483adb928ce93449301b2dd0e8ac9052f9ea837cffde5

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          344B

          MD5

          43ee1b068d311ec5ce3cab80ff7b9db5

          SHA1

          d21589ebd53e0ab30114a70d277c0d1d27020ab3

          SHA256

          5a1ee02584001c418cbf9b10ff11ca1a786ccac51334d96b0228db895f693207

          SHA512

          1afd54f35bc566ff0e5b737e3d088c3ee12002765ad29d99b3dd15fa4b60ef3f7d76c2bbe23a3cc4bc319daf354169308d47db194cf238ba567c69c8e392a23b

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          344B

          MD5

          51ba9e240c8e7a3627237d8f99331d2d

          SHA1

          bca08e170bf291094c90d9d0ba6152f00c3db362

          SHA256

          01ba10d1223749582d3afee317603807e2e3cad31420f96546f05dddd09a9f6c

          SHA512

          7f8e8514ee46ab31fe1139cc696a68b16a22da4ffb049750cb5ff53974556a98955e6f81f56482015ba80f5e8c95f5f36318d9c7afe43106bca8feaa57655122

          Download Submit

        • C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\3Q7S8GUR\mensagensdeamizade.com[1].xml
          Filesize

          103B

          MD5

          13fec07815c682a510e601d44204381f

          SHA1

          8b448e932b371c141a6d8354db4138b8a15d48a4

          SHA256

          3c464d6ed7cf4405bbec7e11e436454071ae2d47143209424bb3b79e369ae700

          SHA512

          bf6ea258a2b24aec770790f5b11782fd830ee86ce15b3d791fbb61bf33b911cfefb82cfba8fc9a2628633291cab0147c4b6fda07522216bdb0085e2a2d465750

          Download Submit

        • C:\Users\Admin\AppData\Local\Temp\Cab368D.tmp
          Filesize

          65KB

          MD5

          ac05d27423a85adc1622c714f2cb6184

          SHA1

          b0fe2b1abddb97837ea0195be70ab2ff14d43198

          SHA256

          c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

          SHA512

          6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

          Download Submit

        • C:\Users\Admin\AppData\Local\Temp\Tar37C8.tmp
          Filesize

          92KB

          MD5

          71e4ce8b3a1b89f335a6936bbdafce4c

          SHA1

          6e0d450eb5f316a9924b3e58445b26bfb727001e

          SHA256

          a5edfae1527d0c8d9fe5e7a2c5c21b671e61f9981f3bcf9e8cc9f9bb9f3b44c5

          SHA512

          b80af88699330e1ff01e409daabdedeef350fe7d192724dfa8622afa71e132076144175f6e097f8136f1bba44c7cb30cfdd0414dbe4e0a4712b3bad7b70aeff7

          Download Submit

        • memory/1736-243-0x0000000000400000-0x000000000040E000-memory.dmp

          Filesize

          56KB

          Download

        • memory/1736-710-0x0000000000400000-0x000000000040E000-memory.dmp

          Filesize

          56KB

          Download