Overview

overview

4

Static

static

3

3f7b4c0123...7c.exe

windows7-x64

4

3f7b4c0123...7c.exe

windows10-2004-x64

4

Analysis

  • max time kernel
    140s
  • max time network
    142s
  • platform
    windows7_x64
  • resource
    win7-20231215-en
  • resource tags

    arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
  • submitted
    04-01-2024 00:53

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    3f7b4c01239047c92683eeb9ebcdec7c.exe

  • Size

    12KB

  • MD5

    3f7b4c01239047c92683eeb9ebcdec7c

  • SHA1

    6bd9c986a84a19c41d2803eb4a7f00c2cf3aa5af

  • SHA256

    86cc2e04de9e817ba03bc2355240b6893720903725ce10bd4b863b71d774cace

  • SHA512

    6378b7fc2d8237265a8da3392092f8283f0fe97abe07f76d826cb84ef288c20d9f93edd5a021ff9fa2c72e7dca156a522e08f86c3f4b606e574186e323f81a4b

  • SSDEEP

    96:nPtOteWbaZWpWud9SKM4+xbOdNW5UANp/tYgZEFhKH3ppde2:n8IWbSb/xxbO7qEqpde

Score
4/10

Malware Config

Signatures

  • Drops file in Windows directory 2 IoCs
  • Modifies Internet Explorer settings 1 TTPs 35 IoCs
    adwarespyware
  • Modifies Internet Explorer start page 1 TTPs 1 IoCs
    stealer
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 11 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\3f7b4c01239047c92683eeb9ebcdec7c.exe
    "C:\Users\Admin\AppData\Local\Temp\3f7b4c01239047c92683eeb9ebcdec7c.exe"
    1⤵
    • Drops file in Windows directory
    • Modifies Internet Explorer settings
    • Modifies Internet Explorer start page
    • Suspicious use of WriteProcessMemory
    PID:2928
    • C:\Windows\SysWOW64\explorer.exe
      explorer.exe http://www.searchmeup.net
      2⤵
        PID:1812
    • C:\Windows\explorer.exe
      C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding
      1⤵
      • Suspicious use of WriteProcessMemory
      PID:2480
      • C:\Program Files\Internet Explorer\iexplore.exe
        "C:\Program Files\Internet Explorer\iexplore.exe" http://www.searchmeup.net/
        2⤵
        • Modifies Internet Explorer settings
        • Suspicious use of FindShellTrayWindow
        • Suspicious use of SetWindowsHookEx
        • Suspicious use of WriteProcessMemory
        PID:2744
        • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
          "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2744 CREDAT:275457 /prefetch:2
          3⤵
          • Modifies Internet Explorer settings
          • Suspicious use of SetWindowsHookEx
          PID:2904

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      4724d9544cb51655d62b83743e29f4ee

      SHA1

      c1efbab6d3294d2615164d8e97141736f3f0addc

      SHA256

      9660a78917cd7c0f22efc8fb0f26af0e3aa2f4791af74a8209f985bb41b92e98

      SHA512

      87f759af40228514f72c17dda6adf8addb6eddce3a9b2fb52437026fdc8fef3f897d9223a8719c520d21093d662ac3805407ff63bea6767c80a125633be68484

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      c3a10a3590f57a3a5dd293a98370dc62

      SHA1

      d2e35457b618c4c4c2d11f5cb7d373c0816a5b89

      SHA256

      bce31295d28e95a87425ffd55054fedaf45cb58026f579e38e55e91d67630e17

      SHA512

      0c3a2dabcc9d8fa0bbd4e984847c9880cc2a73489323de53aaccaac331d281fcd4fc16e0f195cdecbc9a925aec65b600282ece34cb5dd563143bacffafca741b

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\Cab2AFA.tmp
      Filesize

      65KB

      MD5

      ac05d27423a85adc1622c714f2cb6184

      SHA1

      b0fe2b1abddb97837ea0195be70ab2ff14d43198

      SHA256

      c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

      SHA512

      6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\Tar2B0C.tmp
      Filesize

      171KB

      MD5

      9c0c641c06238516f27941aa1166d427

      SHA1

      64cd549fb8cf014fcd9312aa7a5b023847b6c977

      SHA256

      4276af3669a141a59388bc56a87f6614d9a9bdddf560636c264219a7eb11256f

      SHA512

      936ed0c0b0a7ff8e606b1cc4175a1f9b3699748ccbba1c3aff96203033d2e9edabf090e5148370df42fbfc4e31d7229493706ff24f19ff42ff7bef74a6baad06

      Download Submit

    • C:\Users\Admin\Favorites\.url
      Filesize

      24B

      MD5

      36a5fde038596401fe55597cdd9b1f0d

      SHA1

      f40494bf8d7e3b3a66e58d7759056e02d74567f8

      SHA256

      81ba18b814958303ba4721ce7b2985a9bc9fdded6d55d9d56ecd773be99faff8

      SHA512

      bc00ecdd891c69c200c33f4e5891ee78b9b8588305399284f6f9bcfa558ccfec81649eb1a011a79a98498d997a1a77ab09a8c5eb98c95eb86825d1d5d43eea55

      Download Submit

    • memory/2928-94-0x0000000000400000-0x0000000000406000-memory.dmp

      Filesize

      24KB

      Download