Overview

overview

6

Static

static

3

3ba801ca86...35.exe

windows7-x64

6

3ba801ca86...35.exe

windows10-2004-x64

6

Analysis

  • max time kernel
    248s
  • max time network
    299s
  • platform
    windows7_x64
  • resource
    win7-20231215-en
  • resource tags

    arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
  • submitted
    01-01-2024 02:29

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    3ba801ca866cbfc1773f7f97d8ad2c35.exe

  • Size

    94KB

  • MD5

    3ba801ca866cbfc1773f7f97d8ad2c35

  • SHA1

    08ae7746bf93b5d29cbc1885414708bb009b8c04

  • SHA256

    224ffb92e8412adf79fa8563359bf33a3143d20ed1562d669a1002297fcced28

  • SHA512

    911b2f785af9a2d5e3cadeadc3989108b869ba413f4c737f3b6304137145ae7c60b42b2f8c273139bd234bae414a18bd88bc7b9331b26c78d95d32ba09d4693f

  • SSDEEP

    1536:KrqhEnUlXPwKWOgVG9ahmN9kV33RTW6/EMxCRNpzCMhCRVpYcX:X9vW3GSmN9q5WdMxCFuxFYcX

Score
6/10
persistence

Malware Config

Signatures

  • Adds Run key to start application 2 TTPs 1 IoCs
    persistence
  • Drops file in Windows directory 3 IoCs
  • Modifies Internet Explorer settings 1 TTPs 33 IoCs
    adwarespyware
  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 4 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\3ba801ca866cbfc1773f7f97d8ad2c35.exe
    "C:\Users\Admin\AppData\Local\Temp\3ba801ca866cbfc1773f7f97d8ad2c35.exe"
    1⤵
    • Adds Run key to start application
    • Drops file in Windows directory
    • Suspicious use of AdjustPrivilegeToken
    PID:2892
  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" -Embedding
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:1100
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1100 CREDAT:275457 /prefetch:2
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      PID:1664

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    0d3dc3b9cdc0c8d49f7527987d07d4a9

    SHA1

    456110a41df0bd89a56d624cefdc0b80ee981a42

    SHA256

    8ded7a1fedf36b2e4f6b474e42a14fa4ff18ab5355b7a6c4cd76dfd54154764e

    SHA512

    7c5e865e84303a13b82de883ba7699456817a6d1e1f35a666e3e2af45f7771a0ac4ece923ceb82f52c982cac73a50ad8822b9d86600c6951f0e81796759616a3

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    5f5fafd0cd0558da1348f26f8e4c35b4

    SHA1

    a710fc76e411b8aea839ca41d3e90ef41cc69142

    SHA256

    400a562146735340357c19d7361e0d453b0f3cc680317976112b78d8276a16a5

    SHA512

    80da6db2d68616c1959a3c5a817a9f84b6ac92983edf105c64e398176a8ae6dcb738d873db51ad8ec8ceba1af74f4489988471c9aebbf74880e713a7ba863e8b

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    774a7962b22298d5b0e25df25d4a2628

    SHA1

    4ce377b7931536cee3e8d5e99ad66bb8e7d9ea3a

    SHA256

    13726172e714d31084a0bc7ec3a72822ab044f81bee06da25d2c42f2093eb20e

    SHA512

    626b1d7f3edc56bd5e6dbfc91f92afadba7f39fbec4a596068bc71db0d6a5ab621545f85a5acfd70c562f025405cb38bc0f95456fba7e31000e411a4a01daebf

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    5cd155bf21f2c762efd06eba1ae0ebf3

    SHA1

    bcad00d159d9c7e68c3fb3522b9b83bbbb18d7e6

    SHA256

    6fe4c6ed6fc198b1189e8ac83e8b48f9699e765a3c1a547694f626dd2022f9e7

    SHA512

    6659db7a1ce32b4feecc01b4e38a2bc43977ebc1675bf487561701f4b4cb2aa0dd74db093ec610dcaec7b046a151649873f696837e42ceb5731aebd6e68b3e6c

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    55d708e57699da01a8f922d30e1397b4

    SHA1

    b7d38071b49099f307acba17ff3112e132ab86e1

    SHA256

    0de0a1489d9a5457681b689289c6978b1595e6d9b9e91af7c76a4f18a963ec7a

    SHA512

    bc68eefb5a7a8df4de0d57794e05b2137badc30d109f537efdda550e3a3be1dbb8e000fa6c86b9d471b3e9e11b4b92be8bf0521346169b209a456fe87c9e51b2

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    fdebe0c148b98fe961936c4cd6da8077

    SHA1

    d59a8daa5d9158918c2620424322535b49d39389

    SHA256

    29cd27d4b6f6d187c69ed01a9229d3556028ef0ab34ef1e800fcc2429b95919b

    SHA512

    025bbfef95b3a2aeb8338d96ce06b49bd1d90be290171ddc2f814a864c7e1c12671aeccd70892dc0084b19627e62b07318de78d04c90a32aae6b7929f689cb91

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    84b54a147889bb102ac68d00ae5ea743

    SHA1

    931deebeb23db4f754d8d86f072c265f8dcbdab4

    SHA256

    cb11a065a1321f3867dbfc656f0dd9f2cda4dc70930ff05e34f7c01e3042a71d

    SHA512

    36a0c6f8c88ba351b5d9c3bfe196509a798635057f93fe8ec7255aaf1ec27586d0c52bbdeb58bd4870ee4d21f354b18b8b5058faf4a2538b257351b520a578a9

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    48338d0b64b133ccf910c9087ce146cd

    SHA1

    9d4cdd81a58847277ebbf2f00bce4b68b267ac81

    SHA256

    0023a52b9f828a8422cd07f8003166308bcf4c447ac8e2055c7555d12567732d

    SHA512

    0f14d1c56db7a74d4033eb7266303fc4fc1ffb214f856e5ec237774a9c994c67cc260a703d610e2801cd92c9854f62bda6f953def525a72bb7a7182f90cefb64

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    d9afb66080f82e0c57eea11d79435750

    SHA1

    a08a41d0abdc2ea0f3135295fc714f2a0151d057

    SHA256

    56262250d69d1282a453b4c04d4f0619486c2e0eae7d73f7a5265dc415326220

    SHA512

    d6826fb44cf31d0fdfb49882890e3c2f25b8e1fa18dd6783efacd2e31cb70fb13e1213672aec2f0be6bc0a63902e38fe4718b2488612e5f9df5df6d051e4701e

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    add2090a5fc061fc5597151ba56aa10d

    SHA1

    b4f17a55bef1c66239b7dfbcc1295ce1e6c5dfd2

    SHA256

    0b7015b2835c4b5fe884967f34fef8e021928b86fe60f2e47b85803c024d4f22

    SHA512

    46ec2e14f125a354de48f60b441c7927dad5a365975ac336f091d40ea4028b9fef8901699b48096246d78f22e26dafae0e70d3cee76abdd8465ced752768ef9e

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Cab5014.tmp
    Filesize

    65KB

    MD5

    ac05d27423a85adc1622c714f2cb6184

    SHA1

    b0fe2b1abddb97837ea0195be70ab2ff14d43198

    SHA256

    c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

    SHA512

    6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Tar52E5.tmp
    Filesize

    171KB

    MD5

    9c0c641c06238516f27941aa1166d427

    SHA1

    64cd549fb8cf014fcd9312aa7a5b023847b6c977

    SHA256

    4276af3669a141a59388bc56a87f6614d9a9bdddf560636c264219a7eb11256f

    SHA512

    936ed0c0b0a7ff8e606b1cc4175a1f9b3699748ccbba1c3aff96203033d2e9edabf090e5148370df42fbfc4e31d7229493706ff24f19ff42ff7bef74a6baad06

    Download Submit

  • memory/2892-2-0x00000000003E0000-0x00000000003E2000-memory.dmp

    Filesize

    8KB

    Download

  • memory/2892-52-0x0000000000400000-0x0000000000538000-memory.dmp

    Filesize

    1.2MB

    Download

  • memory/2892-7-0x0000000000400000-0x0000000000538000-memory.dmp

    Filesize

    1.2MB

    Download