Overview

overview

7

Static

static

7

3de3630f7b...22.exe

windows7-x64

7

3de3630f7b...22.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    140s
  • max time network
    145s
  • platform
    windows7_x64
  • resource
    win7-20231215-en
  • resource tags

    arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
  • submitted
    01/01/2024, 21:07

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    3de3630f7b88ade13cc99644dd2f2f22.exe

  • Size

    213KB

  • MD5

    3de3630f7b88ade13cc99644dd2f2f22

  • SHA1

    6333a3cc4daf7e92e58834c62a9a36c9ca9baec0

  • SHA256

    d00dbc60cedf79cc659de41ddb47441fef5fe3180369c812f19bb4cb05542fee

  • SHA512

    073758742de63b379bb9f1c4cadd7afbb2e7a641df8a8ba91198f1aca15789ba3a40c02d1e85c77abf6120bf79c32dd318eb681bbde7fcf05083a2ebee0cd1a9

  • SSDEEP

    3072:y62MonpU9tw04VQJM6216XzD8areAEP/lQgWu6OWVcoGgsmOKh/v6nv6DNE:T2MAU9yfoFn7qJ3lm8ct1RDS

Score
7/10
evasiontrojanupx

Malware Config

Signatures

  • UPX packed file 2 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Checks whether UAC is enabled 1 TTPs 1 IoCs
    evasiontrojan
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Modifies Internet Explorer settings 1 TTPs 35 IoCs
    adwarespyware
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 9 IoCs
  • Suspicious use of WriteProcessMemory 8 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\3de3630f7b88ade13cc99644dd2f2f22.exe
    "C:\Users\Admin\AppData\Local\Temp\3de3630f7b88ade13cc99644dd2f2f22.exe"
    1⤵
    • Checks whether UAC is enabled
    • Modifies Internet Explorer settings
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:2212
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" http://www.regnow.com/softsell/visitor.cgi?affiliate=36566&action=site&vendor=5838&ref=http://www.fenomen-games.com/files/kenny_adventure_demo_aff36566.exe
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:2864
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2864 CREDAT:275457 /prefetch:2
        3⤵
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:2704

Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          344B

          MD5

          7486e1f3eb53252983346686d165b5af

          SHA1

          38e0f1409e9d83d5f541db774dd1124b551d3e31

          SHA256

          1c67cda7af29d1648e46fc1c7c552425d5147bc6d8c468ae675aa0e3b22286ea

          SHA512

          b80895763d6628137f38a706b9bdcaa9f650c95100088758422186d0fa2b6e6d98f2d75fb639b7c3a6cdc10392c3804f78dfb9b58c110699479a2f433d87078a

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          344B

          MD5

          cb73f40b1624197280855c027b59563b

          SHA1

          a5299e4b18e56edef312f38e6ad7e7b091e4b8ad

          SHA256

          5858300e0b756db4f0d87a7818da62ea5342664f9cef067ea60903b5033b4d0b

          SHA512

          8d36485103ed246c2b6159395d52f63f79d734be73f24b266bcc88ac7c39a1104726f02a7b3f3a07dbf83b7fb95351c2a4c4ec84e833e4f3b208c70c6e5459c8

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          344B

          MD5

          8586545f1b39478f4ce20bb4f99809aa

          SHA1

          81f964e4735cba10d845ab3eca8277a8be0ee2a6

          SHA256

          7edbbe02469a82a2bd8acd634e76d8d45ffdb804902aa48b7d61717d2b41c0a6

          SHA512

          bd5d217ad52da4307eef0d652fd8555f133e891ae8a3e8727bbbc9a7f98ccc64f93190eb24884b0a3df721e4bda335122558418b69a5efd7241c289766f7f0cc

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          344B

          MD5

          58659ea028406e619d6e873ab96e93db

          SHA1

          253e80b26946c02a228882512bdfd0f59bfdc748

          SHA256

          30d8893084db063c34f4c5ffe03a807e93aba67d7c7b404bd72cbd17bad7df58

          SHA512

          c24d420b8abc6116875049d74260bd5686cfc623ad364f9fcdd722c8d9a55ff02f4795ac5e576023d5d511b33d60d5d599f7770b61cbaf227a36daee2ba5ba32

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          344B

          MD5

          eec517b45e021df56aefdb0c639a58f0

          SHA1

          d5abf74cee6bb694842362fcb22b824a19e0ef48

          SHA256

          30eb3c420eeede322f69e8beb2fa5527b1d925fbd273eab0b60428845b546250

          SHA512

          8247fa70218d785f59319b71afbce76412c2467a569a7fd4bc54162dd203e0851dc8249ea73cb0296e3c261ec79bd3a1fec750763de16c1ab605441cda8c7827

          Download Submit

        • C:\Users\Admin\AppData\Local\Temp\Cab7C92.tmp
          Filesize

          65KB

          MD5

          ac05d27423a85adc1622c714f2cb6184

          SHA1

          b0fe2b1abddb97837ea0195be70ab2ff14d43198

          SHA256

          c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

          SHA512

          6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

          Download Submit

        • C:\Users\Admin\AppData\Local\Temp\Tar7CC4.tmp
          Filesize

          171KB

          MD5

          9c0c641c06238516f27941aa1166d427

          SHA1

          64cd549fb8cf014fcd9312aa7a5b023847b6c977

          SHA256

          4276af3669a141a59388bc56a87f6614d9a9bdddf560636c264219a7eb11256f

          SHA512

          936ed0c0b0a7ff8e606b1cc4175a1f9b3699748ccbba1c3aff96203033d2e9edabf090e5148370df42fbfc4e31d7229493706ff24f19ff42ff7bef74a6baad06

          Download Submit

        • memory/2212-1-0x0000000000400000-0x000000000057A000-memory.dmp

          Filesize

          1.5MB

          Download

        • memory/2212-24-0x0000000000400000-0x000000000057A000-memory.dmp

          Filesize

          1.5MB

          Download