Overview

overview

7

Static

static

1

3eb0276a9c...0e.exe

windows7-x64

7

3eb0276a9c...0e.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    135s
  • max time network
    137s
  • platform
    windows7_x64
  • resource
    win7-20231215-en
  • resource tags

    arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
  • submitted
    03/01/2024, 13:44

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    3eb0276a9cf9b5a8cfd6dc1eb40e9d0e.exe

  • Size

    112KB

  • MD5

    3eb0276a9cf9b5a8cfd6dc1eb40e9d0e

  • SHA1

    b48d3aff019d76ad42f9a1cca05cb6c4c04bb6ab

  • SHA256

    165f409d83fa740b9aee823cba0d5842e1362e256bd8d046fba139f0b4dc7290

  • SHA512

    8fbb99391bdf3210723c5a27378d5578cfee90714e363e1eef029341276e7bc59175743341bfa0bda6d475edb51db0003885b2f503fe9ffa8bd1c918008b1940

  • SSDEEP

    3072:kX7DItrfaocyTgfsqQOlJCeqgKJ+BCeyI1ztTI81j:ksaocyLCWgKiThth1j

Score
7/10

Malware Config

Signatures

  • Loads dropped DLL 2 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Modifies Internet Explorer Phishing Filter 1 TTPs 2 IoCs
  • Modifies Internet Explorer settings 1 TTPs 36 IoCs
    adwarespyware
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 4 IoCs
  • Suspicious use of WriteProcessMemory 11 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\3eb0276a9cf9b5a8cfd6dc1eb40e9d0e.exe
    "C:\Users\Admin\AppData\Local\Temp\3eb0276a9cf9b5a8cfd6dc1eb40e9d0e.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious use of WriteProcessMemory
    PID:2232
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" http://vgrom.com/engine/download.php?id=526
      2⤵
      • Modifies Internet Explorer Phishing Filter
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:2076
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2076 CREDAT:275457 /prefetch:2
        3⤵
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:2748

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    aa36148c21fdad5c2da0cac2c80cca97

    SHA1

    c0c17ac05ab879f39f45948ae679c30e25c69108

    SHA256

    04c2ec3741a40ed94b2a2032deb2cb19b94e02f70d304e46fba958ac0c8e2121

    SHA512

    3178fe40210d8d9e23b7c530af895e3a3690a9bbabcafd66dd99c8f4e2b45375bd1f49c3f9d550563602c629e4bbe01f0c5f7162a318765d20ec32584aff62cf

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    e7ba46c84f0a8b0ad0f0a505332dfcf2

    SHA1

    0e563532764ff23a4b776a374af610cb2729f1d5

    SHA256

    6f90565da4ec5fbd9749b2585906545667acf5ddf838a9da5267bbcd8f5d21f7

    SHA512

    2daee2eeed39103b68070079138fae3173eaa0c04cd3aaf20dc00a03562bc60f0a52fec18271f9efc76318e5237d6957924a86089048fdd666d4f586b1ee7d11

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    f6873575d53f85ae0f901cfa5c5eb1c2

    SHA1

    409de519c511f2291009501aa3c739fe624ac6d0

    SHA256

    92dcae671280237f82f6261d7b31c63f1e5aa1a1f92dd0a11e817f341f7ae22c

    SHA512

    7e11c2af67e7590d6ecb9cb4713775b62a625686ee9c52d297fef642402e2f80c26adad6b51af1646c853ca5c6352e0e5d27c10ece8c784e1d31f7f32cfa558a

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    733da29e3992e6df3cf50f75cd4f853a

    SHA1

    ee00cbaac9024db73f9386d49269ab1cc5b787f8

    SHA256

    0aabb34edf6b9406198e783ff6479420261918d818c103c63216efe83c810671

    SHA512

    7f1464ca9d49a52eb0e435165ca4438b78a3d56e6c2ff190c4daeab47ab3ec22763610d177f90275c506201ed8203d3e3a9a4eaceb4719e5ca131c636c531d65

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    d3885541949a5d1abcb403b4ba60badf

    SHA1

    ef4f44a815c268809fdf756f8d072869c0414e6d

    SHA256

    50a3cd19ba0736079a4a0e6ae82084049d04728d1dd1641aa247a853f08c3b47

    SHA512

    04f6d9f5d8ca66b4b46d7d1f4e931a154155496822493c0f623963889f46a77c36f859727c303788c1130dfe59d91a746e91768bc8076b164f407cf8dd88ad58

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    f6400fe93b2e303e4a65b0a09e1dce8e

    SHA1

    0f0d4949752a9ad741b5dd4f0a5cd99e53c8ea1f

    SHA256

    56980efaeff44761fb247c650c4cb5f42b5f99af0a73344200ead27598e5f621

    SHA512

    80af54f75e2ab21b84c0f2d49905d52388f863c9fe844571e2bc39169c0cf7c067ed597da79db904e947888c9d0b3cd716b1bf4991c1d3a80972fc4d01adfa28

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    9a151dd19f14a4baef46cb891da4241b

    SHA1

    98b6e1a651336b9d590e1a8626f6175d4bdb7a95

    SHA256

    13ac1c02a5ce7cd7dd5f7312b5afde6d64ea5f9f204570b83046a724c43b6a92

    SHA512

    7961b54ee14d4b9b9b5a753a69f2f1270eac88c759c37a36328e9d6a5266c8c577e2d3cb54d1f9a8caea95567ab0b854ac291d5c409b9f618cf5e76833202289

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Cab30C4.tmp
    Filesize

    65KB

    MD5

    ac05d27423a85adc1622c714f2cb6184

    SHA1

    b0fe2b1abddb97837ea0195be70ab2ff14d43198

    SHA256

    c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

    SHA512

    6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Tar3C3C.tmp
    Filesize

    171KB

    MD5

    9c0c641c06238516f27941aa1166d427

    SHA1

    64cd549fb8cf014fcd9312aa7a5b023847b6c977

    SHA256

    4276af3669a141a59388bc56a87f6614d9a9bdddf560636c264219a7eb11256f

    SHA512

    936ed0c0b0a7ff8e606b1cc4175a1f9b3699748ccbba1c3aff96203033d2e9edabf090e5148370df42fbfc4e31d7229493706ff24f19ff42ff7bef74a6baad06

    Download Submit

  • \Users\Admin\AppData\Local\Temp\nsyBB6.tmp\System.dll
    Filesize

    23KB

    MD5

    a64b9c1f10a5434738f6efec8a1399c9

    SHA1

    a66e15e4125cb358c1e1998ce393f9660e4f65bb

    SHA256

    2d863a8cebd864ce51052984bd2031d37c9b022bb80c80ec0b1ca382160ae57b

    SHA512

    53510079aff46a1b98ff7e0055288af2dce8ec3224fa5869fca4c29b33b26bad7bddecde0ded08a07e162d1bfbcca1120c0717a6156967f944567eeb99f942ee

    Download Submit

  • \Users\Admin\AppData\Local\Temp\nsyBB6.tmp\nsDialogs.dll
    Filesize

    11KB

    MD5

    51b31092bc19fff637a4b0433b2bd36e

    SHA1

    ed35222ff897af309ce25bd7a215c08e1188c6f2

    SHA256

    04e9d5b91cf9782066ccd043cb1cc2e5eda08b8340cc98ea5786597669f8237c

    SHA512

    c10535cd7a1dcb07eaa4975b329effe6e6563e9946f5ed4dfa42ad50c06f1ef038aeaf62868ebe7c13745328bf3bfd0a7430105683c7fa154a4cee4116df0e7a

    Download Submit

  • memory/2232-12-0x000000006E940000-0x000000006E94A000-memory.dmp

    Filesize

    40KB

    Download

  • memory/2232-11-0x000000006E3C0000-0x000000006E3CD000-memory.dmp

    Filesize

    52KB

    Download

  • memory/2232-10-0x0000000000400000-0x0000000000463000-memory.dmp

    Filesize

    396KB

    Download