Overview

overview

7

Static

static

3

3f0ac30243...76.exe

windows7-x64

7

3f0ac30243...76.exe

windows10-2004-x64

4

Analysis

  • max time kernel
    122s
  • max time network
    152s
  • platform
    windows7_x64
  • resource
    win7-20231215-en
  • resource tags

    arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
  • submitted
    03-01-2024 20:48

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    3f0ac30243cda7a1e685422fa8562876.exe

  • Size

    50KB

  • MD5

    3f0ac30243cda7a1e685422fa8562876

  • SHA1

    820b4794d5a896b17ff6cee43b372378ab9ca33e

  • SHA256

    79e9b5dceccec273446db7930a29243dba1e3b2a2da8bfa965f444daee444bdd

  • SHA512

    45d5d3e9337691e4cae9c24ec396aec890959c77b00b7c8ccd252ee81d4ca62ff23bbadf0bb56da8ebdcaed77acdcf58223d04eb6c9c9373e474ad4a92125423

  • SSDEEP

    768:5cVJYDePPUXb5CKvBmAbDCLOhRjMss59QLfN2ssvVEyewqHBCohL3quOlsCT:KqDQPUXb5zBmAKLImmZ1s+yewq0tlLT

Score
7/10

Malware Config

Signatures

  • Deletes itself 1 IoCs
  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 2 IoCs
  • Drops file in Program Files directory 1 IoCs
  • Drops file in Windows directory 4 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Modifies Internet Explorer settings 1 TTPs 64 IoCs
    adwarespyware
  • Suspicious use of AdjustPrivilegeToken 2 IoCs
  • Suspicious use of FindShellTrayWindow 3 IoCs
  • Suspicious use of SetWindowsHookEx 14 IoCs
  • Suspicious use of WriteProcessMemory 56 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\3f0ac30243cda7a1e685422fa8562876.exe
    "C:\Users\Admin\AppData\Local\Temp\3f0ac30243cda7a1e685422fa8562876.exe"
    1⤵
    • Drops file in Program Files directory
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:2216
    • C:\Windows\SysWOW64\cmd.exe
      cmd /c ""C:\Users\Admin\AppData\Local\Temp\run_dws_file.bat" "
      2⤵
      • Loads dropped DLL
      • Suspicious use of WriteProcessMemory
      PID:2688
      • C:\Users\Admin\AppData\Local\Temp\ins88A0.tmp
        C:\Users\Admin\AppData\Local\Temp\ins88A0.tmp inlink-verycm.tmp
        3⤵
        • Executes dropped EXE
        • Suspicious use of AdjustPrivilegeToken
        • Suspicious use of WriteProcessMemory
        PID:2860
        • C:\Windows\SysWOW64\cmd.exe
          "C:\Windows\system32\cmd.exe" /c del C:\Users\Admin\AppData\Local\Temp\ins88A0.tmp > nul
          4⤵
            PID:2704
      • C:\Windows\SysWOW64\cmd.exe
        cmd /c ""C:\Users\Admin\AppData\Local\Temp\tmp_ext_favurl_cab.bat" "
        2⤵
        • Suspicious use of WriteProcessMemory
        PID:2936
        • C:\Windows\SysWOW64\expand.exe
          expand.exe "C:\Users\Admin\AppData\Local\Temp\favorites_url.cab" -F:*.* "C:\Users\Admin\Favorites"
          3⤵
          • Drops file in Windows directory
          PID:2820
      • C:\Windows\SysWOW64\cmd.exe
        cmd /c ""C:\Users\Admin\AppData\Local\Temp\tmp_ext_deskurl_cab.bat" "
        2⤵
        • Suspicious use of WriteProcessMemory
        PID:2588
        • C:\Windows\SysWOW64\expand.exe
          expand.exe "C:\Users\Admin\AppData\Local\Temp\desktop_url.cab" -F:*.* "C:\Users\Admin\Desktop"
          3⤵
          • Drops file in Windows directory
          PID:2608
      • C:\Program Files\Internet Explorer\iexplore.exe
        "C:\Program Files\Internet Explorer\iexplore.exe" http://jump3.35638.com:27889/report3.ashx?m=E6-62-9D-F8-54-3F&mid=21663&tid=1&d=90555df91d6e4a86557838c2849d7a55&uid=13729&t=
        2⤵
        • Modifies Internet Explorer settings
        • Suspicious use of FindShellTrayWindow
        • Suspicious use of SetWindowsHookEx
        • Suspicious use of WriteProcessMemory
        PID:2780
        • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
          "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2780 CREDAT:275457 /prefetch:2
          3⤵
          • Modifies Internet Explorer settings
          • Suspicious use of SetWindowsHookEx
          PID:1492
      • C:\Program Files\Internet Explorer\iexplore.exe
        "C:\Program Files\Internet Explorer\iexplore.exe" http://tc.58816.com/
        2⤵
        • Modifies Internet Explorer settings
        • Suspicious use of FindShellTrayWindow
        • Suspicious use of SetWindowsHookEx
        • Suspicious use of WriteProcessMemory
        PID:2792
        • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
          "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2792 CREDAT:275457 /prefetch:2
          3⤵
          • Modifies Internet Explorer settings
          • Suspicious use of SetWindowsHookEx
          PID:388
      • C:\Program Files\Internet Explorer\iexplore.exe
        "C:\Program Files\Internet Explorer\iexplore.exe" http://www.38522.com/bhy.html?popup
        2⤵
        • Modifies Internet Explorer settings
        • Suspicious use of FindShellTrayWindow
        • Suspicious use of SetWindowsHookEx
        • Suspicious use of WriteProcessMemory
        PID:2564
        • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
          "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2564 CREDAT:275457 /prefetch:2
          3⤵
          • Suspicious use of SetWindowsHookEx
          PID:436
      • C:\Windows\SysWOW64\cmd.exe
        "C:\Windows\system32\cmd.exe" /c del C:\Users\Admin\AppData\Local\Temp\3F0AC3~1.EXE > nul
        2⤵
        • Deletes itself
        PID:2604

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      c6e1124853ddab1018798e647ae11d85

      SHA1

      3fade9151845bc956f58f1dd035cc3bbe4f4d780

      SHA256

      7898cb27c2a98be9ffe8af810214b3b8b7fd3c9af569b272b3a014ef01574c2c

      SHA512

      19fca3fdf16adf40a1e2d759ed8b91727d4442da49b1ed0adf3ff9719648c3a2b5990de01929705cfb89491ffc6a5418264d5b0601b718ec052aebb95a9451ac

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      7df6e7a3d5cce06cf76b2e477ed33088

      SHA1

      15f96c08a137b78d2114bed713fc1b8783c470cc

      SHA256

      6f22b69dd1e8f3db82313c037de4e268b8c34df92c68a757a0fcb65f76f094f3

      SHA512

      35bcea918e440611f8c1232bd6532f6a954e3146ebc38148dd671ea2d9a748eb67c36d010c30ce867212abf15b1a001372b820170000ca80850417cc1bfb6e4f

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      5d2b6547f56206542ac0853f17c90ca2

      SHA1

      e1f8f603d3d811b7933d4f0cb265b92e8cd98f6f

      SHA256

      04f36cdd83cccddfd24a58c92dcd3db02e2e1614b2e8ec5e3bcf42c86bb280ac

      SHA512

      15fd261c1be5b493bd90beb4f9994a06c9f98006b2554fa7a0b9af480df59a8a06df737ef6882f97c0426308f08a13d60d001015eeb76be9b1c198b45073a541

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      c106ae8cacd2839a0660f0bff9f2def1

      SHA1

      e92c7a8672134dc6fed7d364fbdbd64161001f3a

      SHA256

      a282625509daf90b6349f39c9bc49ca404fde8a0a360e3c9465b32626a9181e0

      SHA512

      5728342a722af4cca30bff309c7c6010d20838a80e4816a0cf588b6909ff3869a77a42c20d30efcc4ef75d6c30ad16bf8566bdf0053173f8db38916a8c3e2424

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      688640402cfc07cf86e5fec197d829ce

      SHA1

      969b2a0640516f34991978088dafaaf572996110

      SHA256

      fb450e45ad1ba81d84be9b9d613e7e072455536cbb8f766802878dc34853e611

      SHA512

      171237abbda6bf134e88b73544b8c0000abc796fa19e8a8e627b536a8aa68e8f4562bffd28ad7b53240b13c48490bc3fab40f63c816a1b02de1a385907740bba

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      8e94592c6952ed3920701203e0292df8

      SHA1

      ed4bebb6cb6fecc0ff07f54201d6ae3d71fcad9c

      SHA256

      68463c8732c91d4744d4631f90e35890bcbbfb74a4f51f640ec78b55cf1a3d88

      SHA512

      79b56b3a8818ca63d11f06a1b2661a18fa70f11162b426bf61c04fc435f4b922f0e625a4e57388e759fab307f696eb81acb669eb48a2a48d5c2c998a96d97e5f

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      e7e45298acbfee88818f043bb0dd2875

      SHA1

      1e0d6e49bdec07b090ef931842e48671286dced5

      SHA256

      967cb5e2e3af1968c59486b6e30441c6ca7637020056c78e6ef8ea916cfc4eeb

      SHA512

      91103620b9016bd9e587e61ae2665a3482af8f10c62b2fe03d1be89e54623955fc65d4cc8525a32748f9f077dda2155811a30c4c2a03c99e241887e62e094890

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      db964a6dc11888417d3239a4475876f3

      SHA1

      7021a57e4706485c11ccd2b5d738220c6965694b

      SHA256

      0960e425d60ff9e325f643013106f089ef2f068c639181280419b9851960b31d

      SHA512

      d29a277c5d2670f5ffb00a55af5e4595ca82afc0d85b2c6c076b37ae1d4355c6a397715117812540aee695d21df3404aeed6164efcb0c435f103533ec94b91af

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      550e6810d04041febf072cc22f33f78c

      SHA1

      148f542dd890bcec9d309c89ab4c9a5d749a37fb

      SHA256

      36c4539fe57dc5cc0cc164e9900ba04c0e889f975c70155c78b56a3028329b8a

      SHA512

      c4f5a40555e609e86be761a18d5dfdee73e7deb866f397efee7c4d0cee4d2afb01a4a39515000b7adbbdbd69fbfe9c8cf086af36f50ea7ef38dba06d6a85629e

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      6b12da16d53815222b3cf3b1ef0bca93

      SHA1

      13e07bfaf7f52007fdb3ad7f7d1ab7d6e92411e4

      SHA256

      59231195475f018965d497560397f45407e66d06b0d0bb9be4811b02b11404d5

      SHA512

      383bb5cbec8ed0d9bdc6a06b731661d0449db124ab2d9e678175bbcce53f6961a4c1ac16195d93278a1080fde463f77343800d3c73946d7eedc3e9e9650e20a9

      Download Submit

    • C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{9B3AC9B1-AA79-11EE-BF28-E6629DF8543F}.dat
      Filesize

      4KB

      MD5

      985b1eb17097bad62ad607cd241deaea

      SHA1

      1b7a4e57283a6f1ea0d4573fcf3267be024bb192

      SHA256

      da90e5aebc7dec4e7343cdfec4fbd557c7ce51cea2c753676e114b3a66c05b4b

      SHA512

      e61ee409c21554dad86387d7cb7f20738997bc805c9ea6be3df19a3a8e6adf80085f34083929298aba3d975d9d5dad940fc27643d85a3280ca015ccfcaefdb2f

      Download Submit

    • C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{9B3AC9B1-AA79-11EE-BF28-E6629DF8543F}.dat
      Filesize

      5KB

      MD5

      6fa8ade8836e451d94aa401c12994e14

      SHA1

      7e1641af5e1087fe3d7747889c2ce44ee153936a

      SHA256

      198a52e85cf108ff48cc47181f183783626b9df2db34a9060a63d3a7a9ecb42e

      SHA512

      f336c06fad5bd7c8ece970ee2672f44214d57354bcf471a12da47aa54f85aafbdff1b1cd38022ea46b8e494fbb78d2a494c2d216022300bbbc0cb73754588abd

      Download Submit

    • C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{9B3D2B11-AA79-11EE-BF28-E6629DF8543F}.dat
      Filesize

      5KB

      MD5

      e743903631d70948d1865991d3e14cec

      SHA1

      81db89cb3cda516e6da197a5a74970737086af5d

      SHA256

      e7248536eea34d11263bae4ef4551341b7570a2de478dc4f418f8a10cf8cbaf5

      SHA512

      369a55d61e2b50714d85a4c2c02a76f9dfd9b5589ee0a0eac003e98ecf7df15f0d6ce65db914569333ccbf8df5eb287cf37e297276202108e232d58bba357eab

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\CabBD2A.tmp
      Filesize

      22KB

      MD5

      9c4695721e47add985d56e2fa510f42c

      SHA1

      7ed6dbb18cea447bf18050f9db55e8dd86435297

      SHA256

      d72b0fff33f73cd8ec9ec04dcb76868fe12eb3778d69c55668f6b5c766aea0c2

      SHA512

      e41e415815eb7c58d60eb94865ea202337ed6d04ca4032f0b5bd220f8443c1a3e6298054f0ecd055efc95239ced5cd86955be0391549416687fe702c077d01f6

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\TarC1B0.tmp
      Filesize

      171KB

      MD5

      9c0c641c06238516f27941aa1166d427

      SHA1

      64cd549fb8cf014fcd9312aa7a5b023847b6c977

      SHA256

      4276af3669a141a59388bc56a87f6614d9a9bdddf560636c264219a7eb11256f

      SHA512

      936ed0c0b0a7ff8e606b1cc4175a1f9b3699748ccbba1c3aff96203033d2e9edabf090e5148370df42fbfc4e31d7229493706ff24f19ff42ff7bef74a6baad06

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\inlink-verycm.tmp
      Filesize

      787B

      MD5

      b3f64ef34df4e66d7555ca857f86ca82

      SHA1

      243ea301795726eb1940757b0a948ef417b0c01c

      SHA256

      2c5861dd96d30519a5b3bb22b1ac2b4d7ffaae196de1b47501b86a7c17a8977c

      SHA512

      5fe666498ee7e1385e5d3a65ab9840790359972e8bd0515a25e6d8f194ef8cc550e1e0e02eeeec1b83188cae7f628247fd21fd99e233a17dc2c18399a124cce2

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\ins88A0.tmp
      Filesize

      2.2MB

      MD5

      3aafcf440595335f63375e5052f471f7

      SHA1

      9f60ca175911c9f70819fcb64beec3017a3481fe

      SHA256

      b04e27be57cb863ce202391622e6a3b259877553fd368247080240055a354898

      SHA512

      26b113413db71c87a3f74c3ab809b5f88882d36f3e52c93b7f39729fc3cab9691c3cac7c21afa28760e260cc1e5de578779c9816791c8cdb37e3658dcbeee564

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\ins88A0.tmp
      Filesize

      3.7MB

      MD5

      ff048e5a44b2f15dd33112b961bfa279

      SHA1

      f292473b556b12bbe2ae6af5f7c2924739eec813

      SHA256

      4a0322ed9dabf720fd6d9ba8e5fbd4f0b4f57ff5f8b7f2349722441b16bf9544

      SHA512

      0d5a34715fd34a2cbbb12b2996566f8f2cc63167b2e08056dd40098a079539581e8c5f93ed1f128bb3ccc7a65c9d311f55a113d72bd37b174c77227b2e96e0bf

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\run_dws_file.bat
      Filesize

      63B

      MD5

      955aef532ed405fa55f6d4977347f11f

      SHA1

      b997f0ba06605bd8c28e1cae5e34b624778b2f3f

      SHA256

      5e70fef5ad98792c3992c607e680a9a9bfdffacb5ba17f32b521cc79fb8fab40

      SHA512

      0251137e0e975d875a589c74a182e064896a1c8557c226e403915c1baf199647240f5b275dd7c6592d478352184a20bc8377564873714b7da6fd639e3c9a4fd2

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\tmp_ext_deskurl_cab.bat
      Filesize

      94B

      MD5

      d5fc3a9ec15a6302543438928c29e284

      SHA1

      fd4199e543f683a8830a88f8ac0d0f001952b506

      SHA256

      b2160315eb2f3bcb2e7601e0ce7fbb4ed72094b891d3db3b5119b07eeccc568d

      SHA512

      4d0378480f1e7d5bee5cf8f8cd3495745c05408785ab687b92be739cd64c077f0e3ee26d6d96e27eb6e2c3dec5f39a2766c45854dc2d6a5b6defc672aeafa0f9

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\tmp_ext_favurl_cab.bat
      Filesize

      98B

      MD5

      8663de6fce9208b795dc913d1a6a3f5b

      SHA1

      882193f208cf012eaf22eeaa4fef3b67e7c67c15

      SHA256

      2909ea8555f2fc19097c1070a1da8fcfd6dc6886aa1d99d7e0c05e53feeb5b61

      SHA512

      9381063e0f85e874be54ae22675393b82c6ab54b223090148e4acbeff6f22393c96c90b83d6538461b695528af01d1f1231cf5dc719f07d6168386974b490688

      Download Submit

    • C:\Windows\Logs\DPX\setupact.log
      Filesize

      6KB

      MD5

      32ae1470ebbd3e7317d9a2ebfe0789f6

      SHA1

      07fcc35d51a5cd8dc2b14168c1873d4ffbfdd191

      SHA256

      2b0d32a92614c7ec75e542f652d9fee5fff9479d252adc4b40bd9b8d6f8dbb58

      SHA512

      2a8509115fc089a945d2e0aac6430dc3a3814bf1a30859df0dae3878f516c9a4b1de67af44436098743233384c90145dce3157ca901a2651916638b623393d03

      Download Submit

    • \??\c:\users\admin\appdata\local\temp\desktop_url.cab
      Filesize

      524B

      MD5

      62a2126d86b4aa489e696d593a3579d7

      SHA1

      1925bad55c4ab7d6b7e7f3118f31c2ebac9ded5a

      SHA256

      d62cef36cbd98e7a37d716ffda5ca0da77144625a5c43b1322e980020884fbf5

      SHA512

      a53e4e8b74dae3e6ab367cba50ed4cac925727a40c8962277ecea5604d9ae76cd1e42c78c04235bd80e82755de3f374f89c6885eec60620881c246379ff067f6

      Download Submit

    • \??\c:\users\admin\appdata\local\temp\favorites_url.cab
      Filesize

      425B

      MD5

      da68bc3b7c3525670a04366bc55629f5

      SHA1

      15fda47ecfead7db8f7aee6ca7570138ba7f1b71

      SHA256

      73f3605192b676c92649034768378909a19d13883a7ea6f8ba1b096c78ffadb5

      SHA512

      6fee416affcb6a74621479697bca6f14f5429b00de3aa595abe3c60c6b2e094877b59f8783bbe7bdd567fa565d0630bb02def5603f8f0ea92fe8f2c3ac5383c0

      Download Submit

    • \Users\Admin\AppData\Local\Temp\ins88A0.tmp
      Filesize

      73KB

      MD5

      aaf271b20ac6f0d61c351abeeefce1d5

      SHA1

      28a2cc8daecdd8711e5dd3702fc0f3ec50824855

      SHA256

      5913517a100af30018fd246d992d28f59f0b3635c9b84ce6e80e68f2b5cc8297

      SHA512

      89383365809fb659cf9932f81adecb7e0bd5a775513b5de903e895156d748fe861c84c9d4e99be9a56a0f58830ef5ed42d4a89e69c756bad37f92b4510763dec

      Download Submit

    • \Users\Admin\AppData\Local\Temp\ins88A0.tmp
      Filesize

      2.9MB

      MD5

      8e8c558b3b96147e8ca442eaaa057a65

      SHA1

      5ceb3982ac3be0658301e975a22ec6baee6cc5a8

      SHA256

      46b8a8224b7cd4e00d8ee90e8cfeaa8d069a4b06b2da0a434ebc22bf16086d23

      SHA512

      6182e6aca8704c4b4ef45eb61677dc76ab31e3a52742f232b7f7cb666f01eb48df11b875ae670b67a66749a6fcedf4d7f315f727699afcc632c194015961106e

      Download Submit

    • memory/2216-65-0x0000000000400000-0x0000000000411000-memory.dmp

      Filesize

      68KB

      Download

    • memory/2688-79-0x0000000000400000-0x0000000000407000-memory.dmp

      Filesize

      28KB

      Download

    • memory/2688-92-0x0000000000400000-0x0000000000407000-memory.dmp

      Filesize

      28KB

      Download

    • memory/2860-94-0x0000000000020000-0x0000000000022000-memory.dmp

      Filesize

      8KB

      Download

    • memory/2860-122-0x0000000000400000-0x0000000000407000-memory.dmp

      Filesize

      28KB

      Download