Overview

overview

8

Static

static

3

1e32389d13...ea.exe

windows7-x64

8

1e32389d13...ea.exe

windows10-2004-x64

8

Analysis

  • max time kernel
    142s
  • max time network
    137s
  • platform
    windows7_x64
  • resource
    win7-20231215-en
  • resource tags

    arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
  • submitted
    01-01-2024 01:08

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    1e32389d13304577c74225316c1bedea.exe

  • Size

    62KB

  • MD5

    1e32389d13304577c74225316c1bedea

  • SHA1

    eaa34529731d8122166e7d2f911a14a77ef19909

  • SHA256

    e5304430dd4628ef6d7c63b28105cce78533d9c576dcff04e7410790ac406177

  • SHA512

    fe28917c733751344f0190170c9d32801c097f5d3e395dcc5c76b63afbc2b08f36a36c72cd262e4c3576fb53c0ed2e4ef28b17889f1666928cc74de7262f4e24

  • SSDEEP

    1536:cB+fQckdFp11WrE9oCi3vuLUbyStfdpYB3AUWVtCx:c5rb1AE9oCiyC9dpk3oi

Score
8/10
persistence

Malware Config

Signatures

  • Adds policy Run key to start application 2 TTPs 2 IoCs
    persistence
  • Deletes itself 1 IoCs
  • Drops file in Windows directory 4 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Modifies Internet Explorer settings 1 TTPs 29 IoCs
    adwarespyware
  • Runs ping.exe 1 TTPs 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 5 IoCs
  • Suspicious use of AdjustPrivilegeToken 4 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 17 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\1e32389d13304577c74225316c1bedea.exe
    "C:\Users\Admin\AppData\Local\Temp\1e32389d13304577c74225316c1bedea.exe"
    1⤵
    • Adds policy Run key to start application
    • Drops file in Windows directory
    • Modifies Internet Explorer settings
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:2148
    • C:\program files\internet explorer\iexplore.exe
      "C:\program files\internet explorer\iexplore.exe"
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:2672
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2672 CREDAT:275457 /prefetch:2
        3⤵
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:2656
    • C:\Windows\SysWOW64\cmd.exe
      cmd /c ""C:\dfDelmlljy.bat" "
      2⤵
      • Deletes itself
      • Suspicious use of WriteProcessMemory
      PID:2588
      • C:\Windows\SysWOW64\PING.EXE
        ping 127.0.0.1
        3⤵
        • Runs ping.exe
        PID:3024

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\ProgramData\lljyndf16.ini
    Filesize

    86B

    MD5

    5562c77347a49235d3b5b5a85d4e260a

    SHA1

    c06c2b8d2096f4b3e454793164a54a59619ad5af

    SHA256

    d110e2097acff13ce46609155a7698e9c8756ad941d1ff7a1661cab91cdaaed3

    SHA512

    55e867f191f25d1045b6cf3ce4ebc710a20dfeff671ea6365f87b09322692e7523d8521d2112416efb5c33b9e937f2702bcf56037e2c9a28e4a7b4acc59f73d6

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    02e359f76b64054a8da0487aa0146c50

    SHA1

    1f6f264eb5d88a8b9aa21ba1e7d82c8baa8ed9b4

    SHA256

    084b5354b218c6c694c592a83b5a6135ec372585dc4cfc965954083af7b63370

    SHA512

    d44239a045fee201a4c2d6e4e800cd55ebebdd59ff94194b205c3ccf809ab2cb34737ccfc64c16e60db5e8dbc0cfd74c5f809d8c4deaf5b26ba31263f5b3b896

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    0e9c92807a4ac403a81326ad559bd48a

    SHA1

    05fcf6685c69eb5f8fceafcc17d8a163115eafc9

    SHA256

    a324bb2a2d0a5dff4c071c85fc5e5e24ad4237a1fb21e0a3acdbae2270956348

    SHA512

    0bb0e9e2dd4ba730f180b927b01de651a0bddf2403a152fac163d0a7e4bb6c48bf2f8d54d3c5d90dffae907ee429b390a4dcdbc6190267a7cb85285823ec4bda

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    a1843e85c03479b1e41e83bb5ccf1ac9

    SHA1

    20373907a15ac2ba1f1ca3a90ca808060e30dbee

    SHA256

    bf8e83461a0bda9db2405baaceab1244f8395b812d696ccf6eaa1d4f0f5a3294

    SHA512

    888578e00559dec4b6fc8a9627beef0c2383abb1563e42f00ed568ba75e74ee92b9640eacf2fb690ef5b840769240451d3c8693e26e3745f5ef7fbf4d2f4b8b2

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    15cc67a37ffe5b2b9aa3be78a7b2b30c

    SHA1

    6786a74e14771c439cf9b9165caf2434e0834878

    SHA256

    f15809d360096cd84abea2a32ab2c0e8c9208995a6606d2623269c482b0b50f8

    SHA512

    ca7faf9e86fb1c01cb47d5dcc2edcf0033505ee6686ef5285006c860bb4f4d2dcf66299056c8da8439e0bb7bb968fc656ffb89c219e7f8bf35291ef57b5aecb0

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    42144061152323e6fd56fbe1b9e12d67

    SHA1

    b7125ba0457fe986cab33ed6f96ffb9a1dcc0e84

    SHA256

    0389ca34fe5c88b1202f832d68d50da0c4b37df9a472b2fa1c5155841ad1c4dc

    SHA512

    834cfc3f1d9b5e557eb0044772a4f1c75844abe774a0f9e2170f55ac732ba149aa41300c8161203cb0838481f873b8952502cf89d1e021d7173cf436511896f1

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    2084165037041c7ea9e00a69e550e375

    SHA1

    c8d99b956731b897271c195d262227fbe5c0340f

    SHA256

    e3ec29e2f6bb19bf8abef30ef9613ea65fb2d6b719921dfb27771f0af6881728

    SHA512

    093021fdeb432e9f69f74c69fe656572484640ceec8f9c3d67c44ba5e2c0eca84abf9bc031eaaec9c53b8b3100da6fd3e16c7c911aa9fcb7dcb1436be6f9c301

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    1fdb698f300b9bfe95f6e2081f473f82

    SHA1

    1b7b8e8fe979814591b94cb599ace3eeb529ba1d

    SHA256

    3746c6959bbe49f712b67a57497ab3d3adbfef2cb64f89c9f83088a2eb8a8762

    SHA512

    d89a9f04655949ea7e8865c25537f939e45727ddab53a0946581e4db9a6fdb37035ed0ad7caee0f67bf92b289c4edd79a957d7c423a27a742a752661e113879a

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    84252ac9f641c5d116ef4afd8a7e3f14

    SHA1

    056b3916c3de8cc3d448068f66071281f2dffde5

    SHA256

    fbc135b5da4c2357a6020dc351b240af99e225b592165d3cec9b57904742dd82

    SHA512

    1bced007eb87ab0eaf6205c2320cad500780d54126f9fedefc5a449ba3dc06eb98c2f0da9023225ed9e95411addba14856d7f2b0fa63fbd5e138880de9b90dd7

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    42d328001979c6276a6e012329fc7335

    SHA1

    ea0ff0a5ce28e81b473564efac2b0cf814a1b274

    SHA256

    11249285bce0e6fcdd90b547499788142fd802fadd72e8d5c26b008d62a67d70

    SHA512

    6352f3c82bbdabf60b0f311cb8faa45269eafe063dd785c651d258af9cb3f740228e75b17ccfc9f87d400a9e8bea97a6e167c9e99ce9bbe75729cc4d98329d8f

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    2b2088cd42b407eabbb193d31b5dbcdd

    SHA1

    53f4ae0831fd530a34672912a1d8f61de9883aeb

    SHA256

    b5eda5bd4ef5860925772f8b9a927eff11102aff95ca8f77e51a33809c353741

    SHA512

    f692339d7fd8928240b6af3f06817ddbc6494c319ca6fe4d98fac2debaf1f93b17acc3f40a9a2b90bdc0213c9c00b4bdb445a3a59a03e247837079adc32ab8e1

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    f1a62d7721fac0aa6b465cdce6f663cf

    SHA1

    9610c014e2c5b3e3719c472e5b5059b04978e02c

    SHA256

    f06cda97edef15713f6cb1cf29b3b02738cda9536c91bf024d3468140b84dccc

    SHA512

    b29db1e5d5d39fa4fc5a642ed2ab1ecd60eecc2fecd296f5940486ea195c73c4b108c3b61909d9451f1aecbcfce7c7f57d86c5344b586db327ec4250e425ec73

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    95e8745cae76a67d1173aa3d589d8ced

    SHA1

    bded60fe5ff3ec33a7ea46b04636453537be0672

    SHA256

    e0ea0194352259ff72adcc8f6540a3962a6a1ea7aa71b838ab689763cdf1d026

    SHA512

    f8531cea725359748783911f785e4d331287ea1244231092035d6434cc4830a68407201513bcccca42a588ea384a3c4ae1c8c023266b0ec5e05c1f6a4acccc09

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Cab407D.tmp
    Filesize

    65KB

    MD5

    ac05d27423a85adc1622c714f2cb6184

    SHA1

    b0fe2b1abddb97837ea0195be70ab2ff14d43198

    SHA256

    c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

    SHA512

    6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Tar408F.tmp
    Filesize

    171KB

    MD5

    9c0c641c06238516f27941aa1166d427

    SHA1

    64cd549fb8cf014fcd9312aa7a5b023847b6c977

    SHA256

    4276af3669a141a59388bc56a87f6614d9a9bdddf560636c264219a7eb11256f

    SHA512

    936ed0c0b0a7ff8e606b1cc4175a1f9b3699748ccbba1c3aff96203033d2e9edabf090e5148370df42fbfc4e31d7229493706ff24f19ff42ff7bef74a6baad06

    Download Submit

  • C:\dfDelmlljy.bat
    Filesize

    205B

    MD5

    d30effdd8c064ec209426dccc32c789b

    SHA1

    a38b9bcc9653dd9a1d64ef8c54b9608c6c869872

    SHA256

    273dcf4d4759210ed46b51371032eb4e9e92392d5e5c18b2e2bc29768aa3e65c

    SHA512

    4345e79bc4a4a177e678b4438804fa0099d9886bc1638e6da9d37267947b2c21124ccf4ead75960b200b806b816c38b75d04011ad27463834d5f5d5d50fe8321

    Download Submit