Overview

overview

7

Static

static

7

092699c07b...6b.exe

windows7-x64

7

092699c07b...6b.exe

windows10-2004-x64

1

Analysis

  • max time kernel
    134s
  • max time network
    154s
  • platform
    windows7_x64
  • resource
    win7-20231215-en
  • resource tags

    arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
  • submitted
    02/01/2024, 12:56

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    092699c07b0eeea9fa49e0e695047042a8a17a1f201d7debfcae7a9e44d7096b.exe

  • Size

    3.4MB

  • MD5

    355f242654d5c65aead2835848ab67ee

  • SHA1

    3ac41ebe444a4ee89e18d1ce0451aac004eced19

  • SHA256

    092699c07b0eeea9fa49e0e695047042a8a17a1f201d7debfcae7a9e44d7096b

  • SHA512

    2b93e077c1cc07d7052629c92b4dd6e08c031d0fe9c96ea6f7ad595d761bb5dae83f7432c3d9fabbd41ce5b62b2052512dfcda2414603fed6ceb554f4a68620f

  • SSDEEP

    49152:g7FCAuB66vsQf1h5J12FxUr7akavJj8k/xM+GSXe5k:yFCAuB66vswBJ12FlkaBwk/5Xyk

Score
7/10
upx

Malware Config

Signatures

  • UPX packed file 2 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Modifies Internet Explorer settings 1 TTPs 64 IoCs
    adwarespyware
  • Modifies Internet Explorer start page 1 TTPs 2 IoCs
    stealer
  • Suspicious behavior: EnumeratesProcesses 4 IoCs
  • Suspicious behavior: LoadsDriver 2 IoCs
  • Suspicious use of FindShellTrayWindow 2 IoCs
  • Suspicious use of SendNotifyMessage 1 IoCs
  • Suspicious use of SetWindowsHookEx 9 IoCs
  • Suspicious use of WriteProcessMemory 8 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\092699c07b0eeea9fa49e0e695047042a8a17a1f201d7debfcae7a9e44d7096b.exe
    "C:\Users\Admin\AppData\Local\Temp\092699c07b0eeea9fa49e0e695047042a8a17a1f201d7debfcae7a9e44d7096b.exe"
    1⤵
    • Modifies Internet Explorer settings
    • Modifies Internet Explorer start page
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:2220
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" https://www.baidu.com/s?wd=www.mtmdfz.org
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:2312
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2312 CREDAT:275457 /prefetch:2
        3⤵
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:2816

Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          344B

          MD5

          6c37414e0601bf577d778ded94b33db9

          SHA1

          052dde0c1aded68cfc75c08f97d18fbe3dabde65

          SHA256

          3e665538d0fd93c8f163a646e1d3ab3483665e70a17cef824d41a067da95784a

          SHA512

          a75989cc4e89a48648fe0389edb60ed49d0fde3efeadb247e86476022897fc7ad87a49b568720379febe25d4dd1b1dedae3d7f2b81a7f857a7c8d4e40ed09c6f

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          344B

          MD5

          583f4b8ed80a3ed7832bdfca547d1819

          SHA1

          d6bc48c0355e597ce4ee04ba970b331bec6fe58e

          SHA256

          bf46d262a1a854e95e070d5cdd09b704bf8d11862c58fbabc556894dc68d41af

          SHA512

          ef0bbb154db7577378bc86a67efde97b1d061770b56fef80bdba38dcb5890aac3568f69133b59f99bfaaa20c03e28d0c899771a488f436d0aeab3129665c64f6

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          344B

          MD5

          ce16173b67762742d5dafd8103ca3773

          SHA1

          ad2520646f7cde78467ced65165e0fb0d570bff1

          SHA256

          0ac4022c7c7ea2c42b02c3330a41511ab007627fab7ba0f5245fbfea68c0922d

          SHA512

          8f35747ad88899e351f18cc17a5e592cdc626328d3d4ee24d1ae1f9934d8734bbce174d9638cf1680b0b876664c761c0c4ccc28b1471140557c6700bf442e6c2

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          344B

          MD5

          2993cccddf4fd7d820fa8877a5579e0a

          SHA1

          98199da0cab89e48e34061c7601f12ab11dd0103

          SHA256

          12fd393382817cee527acb0265c1afbbd05fec89eef5633584d4b4f3ada616d3

          SHA512

          4c690ccdf3e690b128c159e457f63c0768a961ba17fd7c6ce5fe544347f4e408f7b779c00f1ab7614adc80d3fa7ca4c976de4f24fde4fd37233986bbdac55eb2

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          344B

          MD5

          d12e2d9322d5232fda2a3c868927d8b1

          SHA1

          a8507f4b4014d2d2e0675ee8efbc32a9e8db8040

          SHA256

          3a30f6e726cfda98764732f937c7e4e367aa1c7f43414ed61faea8f4abab485a

          SHA512

          75533646050bfa560038efd98f398a9158c21def623fd22f0dcb82d05b6f4cea956a0355c0ba73d5434674074571ae06377651a19b69fba5b05cfef620fe446d

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          344B

          MD5

          81ad41914a168db71efd32fb90ddc65f

          SHA1

          26113d259610819089b335ddaf34b3b47423171b

          SHA256

          d4056a516231dad2dc1cfce84fd149edc36aebb9c17ae5944804452649fc9127

          SHA512

          655f7df538c5aaa582832fa724fe9deff68b6f0c5555eaeee25e6244c647d48fed21fe67239e5582007d71a08971bcd2e1a7fa2972bc29fb49538b439f258652

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          344B

          MD5

          3a5f3673f4597c33ff405262fb5f5a0c

          SHA1

          4601bcaacf5bd6676d36994842fa691b264ad19a

          SHA256

          dd22c6adb138acfc9b4784a96b28f42a024c8625892d66a74ab7b3a896f8f9f8

          SHA512

          ecb08be8f274a4aecdfb10782e3e5ff95991868cec81893db31c4e84951733a07243bfaf843642c821a32cbb541d30e5680b1da297f292511c45e71f220dc154

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          344B

          MD5

          fe621d6659bfdf390b53f11cf922ec89

          SHA1

          268a868fdfa092f8c1e3b8980d7c732de22c807c

          SHA256

          0778e8d8e252860dbe701980d3ff48b51e2be757acbd7e37288b3c22a2090efc

          SHA512

          db0eac3bd9e0a5876aeeb7ac665186b16b72141f79793d3e5c1f830d55599d93c42574250f46b699606e8b7c498e0be78bd3aaf96f122700c693b605653f0ceb

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          344B

          MD5

          3bffa1187e5907a2f731176312c20c82

          SHA1

          050b38a86bb043ff78a2a71aba47b00398d0ddb7

          SHA256

          6bbf760c77fbd32785e17f70f8ec1f84286351e8b578cab0e2469977d0163ada

          SHA512

          392257feecf9b68c572cd2b97b7ad0f2fec0e2127ab8dbcb07a619b4ce427abcbe1080f6f8dd07082ae617f6381fb47356ea10688aca13c00c24942768e0ec08

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          344B

          MD5

          0d08136f70eb43f5558577eb87f3fc3a

          SHA1

          f514727995784695f0f73157816a16e25b044cc4

          SHA256

          0201873f50f5a98dbebc2d7306bdcc447a0f54e07fb71378eace4aeec242c70c

          SHA512

          240d21e967c3cbb831cb3bb877d86aeea61a11b15f3e4956107ee6bece2b9ef57a849d759e92692faa2988f9a0ca2172b9e9c6558de85344044d0655efe47401

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          344B

          MD5

          b254d3a09972e34ed4179d7189d57b3e

          SHA1

          ab7dadc91f9e7cc241cba6b2d65188a8dca324e2

          SHA256

          92bcd4213e1f6668911402e245e1018f54720db72285141bc7af0068d66a3c9c

          SHA512

          c2e305bdcbe2f2a454b37a07e4ff107382106802df1dd3e536f1439b57733bc92db1ea55ac2a58e05a27a693587203f11e762754dbd83cac163bce32cc525100

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          344B

          MD5

          271e579e4ec7187011e51d54a6c6bf1a

          SHA1

          50868998235ff94677460f0b9f41494d8629e5fe

          SHA256

          493d23ef8df860efc873cdf58dd5b75de80fb347df10c2347db581a8108fe6bc

          SHA512

          10afb73a6bf7d031bdcaa104b2ed57bb29087b224d24a365171dd59a09c5113140284bca407f39071ae98aa1e4a66bbfa26cf80847bacda630bfb421cea31135

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          344B

          MD5

          72723be3bc5281b184635d59784c5293

          SHA1

          30f8bec3398e1a81388dc5274670ed3ffe282973

          SHA256

          e8bfdf853ff9c62509bb85d9f098c8eeb6f96db1dd19b66beceb5befd7b0ad21

          SHA512

          c2da09d46808cbec837afb43b4b9bc0c28e1ec80fca49ad6093103df73526049be3e09f8b2c8f0883d5d9521c377cd69c47277770ec84622b489c6805805d9ba

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          344B

          MD5

          e954d57743d45db73fd96597c0e8ed48

          SHA1

          9485014f6687df113700f5bcb2029fd606887caf

          SHA256

          b8cc59edb6766c1cf47c789a353c04f58d70a75c4f37f8da5e6911e69e1c6230

          SHA512

          cd7bedd7e68c4c990032733c48985e65fa3b66c5c236bbfd044fe87124f7b0a8e4092d1adcd49d54284dc39729e1344be061a3dd4a7f67d4a64f64b4710027d1

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          344B

          MD5

          052e862720d44327698b58911b964209

          SHA1

          890e09cbb90b906dbbe707475a9981b1a3fed99d

          SHA256

          e082b31c3b4e8a602dc37529cfb7b26071a0b6cb85aea453ccb179d55c153756

          SHA512

          52b7471e9377757ea6bc79ec34c318ff6b7612602ea0cf3a745f2c29c8d16606165948df65473ac093515c6036be73e4c2203350b1812ce1ee72b81806fabcf4

          Download Submit

        • C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\19IM28D3\www.baidu[1].xml
          Filesize

          1KB

          MD5

          b5bdbe263c13c6b1dfc760eaba89f3d5

          SHA1

          d80f5b918612a25322e554ebe7bbda3e9c8e9250

          SHA256

          874458c1284bcdcab112d6e50fd1012466b89ddff6b8e0e9408f74f71b622bfa

          SHA512

          7374424c38a4d5b99034fb6e109ad99cbe58b4580837379294b4a5e00382f6aff90f22fff009af649e797fc1d2048fb429056e657a107fe1e625e2fa23760208

          Download Submit

        • C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\19IM28D3\www.baidu[1].xml
          Filesize

          1KB

          MD5

          fc91c0045791bae3532ca4de25fc1c70

          SHA1

          9108fb26a5352224fe7ba9bf4575fd762a0cbce2

          SHA256

          92476b827e041e24338ccbf67090a91d82a15d0c820cba61be82a9f638e2757f

          SHA512

          b9acb7decdf3fa076a63ca642b510391ecbbb3f7695bfe9ec87f787636f52d2b69b0c21aba6789047f7e4a9754428cb63daf94f88f87e7b3f0a6730aaccddd40

          Download Submit

        • C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\19IM28D3\www.baidu[1].xml
          Filesize

          13B

          MD5

          c1ddea3ef6bbef3e7060a1a9ad89e4c5

          SHA1

          35e3224fcbd3e1af306f2b6a2c6bbea9b0867966

          SHA256

          b71e4d17274636b97179ba2d97c742735b6510eb54f22893d3a2daff2ceb28db

          SHA512

          6be8cec7c862afae5b37aa32dc5bb45912881a3276606da41bf808a4ef92c318b355e616bf45a257b995520d72b7c08752c0be445dceade5cf79f73480910fed

          Download Submit

        • C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\19IM28D3\www.baidu[1].xml
          Filesize

          360B

          MD5

          042215f1b873473cece8d393bb3e8ea9

          SHA1

          f11956f4462c14ee422e817338647e2d5f9e4f77

          SHA256

          5e8d2e70ade2be63a54e49661b9975d542b23358fe423999836fd7f8fb56678a

          SHA512

          5d6604a42b73fde1478b33cc3119a0509a4e4ecc4774c5aac8226206f6fe9cce7a11eec9906468f349e970aa89926ed37f92d1570767cfc05bac60bb2db0be7d

          Download Submit

        • C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\imagestore\0ptx2pp\imagestore.dat
          Filesize

          16KB

          MD5

          7f22add08df26495512d596f542149f1

          SHA1

          2b62d1da65892e643a43c6e84e188a2b9caaf37b

          SHA256

          8feb94b3868ded096958104fbd4f7343849083f213a6ff4c1becd88647c13740

          SHA512

          dfa47b42cc5c84e948b7ff4300ee8504563edb17b931bd8073a43df7589ca7c18168470402a835b5e15a2331aa42d0ab9a9e5a0b27c644452e30f81dde018410

          Download Submit

        • C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\53STNJLW\enhance_f636eb0[1].js
          Filesize

          573KB

          MD5

          f636eb0096f860ded8b8e34bb4c966fa

          SHA1

          a1f81e3440e4e6c41d3ffcd61d5634306d90d32c

          SHA256

          32a2f0b5bab9280a575975e3bb056c4ee46671b28b916471d08c1664ca06ffec

          SHA512

          3b5d11784a614de963d453d27bcdede34c0f19563530fd1b8a6d0b0d4d5a8c33e7162624b88ec42b2a61f1a3d7f03558f438a180f677ce3c5d72ddf11d45fe68

          Download Submit

        • C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\HJ0GGVIM\core_635482b[1].js
          Filesize

          159KB

          MD5

          635482b5a4a8451df603ef8f10334988

          SHA1

          481eb87549a622de29aaf697bc4bfb7bcc54ccc3

          SHA256

          6cedce817de2e74044afdf63c36d94c5e216712a6c38725179c3e18e618db90f

          SHA512

          cc6be0ca15266994118ac2f8c50abaf64e73af6a99516ff215d26af5cdf4ead1baae82c6f3b1858319c0b2cae3cc7426f3e6b55fa71a86dc9dfb8ec648b9d57a

          Download Submit

        • C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\W79VKSP8\enhance_4887efc[1].js
          Filesize

          602KB

          MD5

          4887efc5de16dfaf1de3af073664434a

          SHA1

          2d7fb23f98f67c6388af6180d5007a40f0f3b916

          SHA256

          d616b6bbe65dbecacfc962f9e91d7202783fd2316b6c9583925f29909a86a982

          SHA512

          41636ffe0832016caa9a68a592726f25fdf71d0ee9c24a0e6db1800a73da8aa9548827ebe3b78bda634b6a04a3b3f9c7eb5c1f91e07f5c1f81610d3f2f1bb5ea

          Download Submit

        • C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\W79VKSP8\favicon[1].ico
          Filesize

          16KB

          MD5

          717b138033a41361b32b60fc5062ab2a

          SHA1

          af9841b6f0923f890f41feec52c94a0cd68f01d8

          SHA256

          c70088079fe9441a726c66ce0e73ae38315ec80051d3dd542c41b82fa0a1993a

          SHA512

          1985bf59c3ee8289bbe55fbe572371d1f401949e6a0179b35ca89e292173780956161feb257303fe9ff5fd2898ca7fd6105eb1796841ade0e1124eeb89aa70ac

          Download Submit

        • C:\Users\Admin\AppData\Local\Temp\CabAAD2.tmp
          Filesize

          65KB

          MD5

          ac05d27423a85adc1622c714f2cb6184

          SHA1

          b0fe2b1abddb97837ea0195be70ab2ff14d43198

          SHA256

          c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

          SHA512

          6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

          Download Submit

        • C:\Users\Admin\AppData\Local\Temp\TarAAD3.tmp
          Filesize

          171KB

          MD5

          9c0c641c06238516f27941aa1166d427

          SHA1

          64cd549fb8cf014fcd9312aa7a5b023847b6c977

          SHA256

          4276af3669a141a59388bc56a87f6614d9a9bdddf560636c264219a7eb11256f

          SHA512

          936ed0c0b0a7ff8e606b1cc4175a1f9b3699748ccbba1c3aff96203033d2e9edabf090e5148370df42fbfc4e31d7229493706ff24f19ff42ff7bef74a6baad06

          Download Submit

        • memory/2220-0-0x0000000000400000-0x000000000076C000-memory.dmp

          Filesize

          3.4MB

          Download

        • memory/2220-37-0x0000000000400000-0x000000000076C000-memory.dmp

          Filesize

          3.4MB

          Download