Overview

overview

8

Static

static

7

44fc719dbe...e7.dll

windows7-x64

8

44fc719dbe...e7.dll

windows10-2004-x64

7

Analysis

  • max time kernel
    153s
  • max time network
    149s
  • platform
    windows7_x64
  • resource
    win7-20231215-en
  • resource tags

    arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
  • submitted
    06-01-2024 01:55

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    44fc719dbe62db69455127114d3d44e7.dll

  • Size

    231KB

  • MD5

    44fc719dbe62db69455127114d3d44e7

  • SHA1

    ce690b80ed511322a864610ef11c772cf1a117fe

  • SHA256

    f2cd979e0e8f8e23a02c596bb3fe1b7cb81010233aeb539bf625a145ce6b0e7a

  • SHA512

    a30b5a656792781defddc3243453ac74a3f01f2d40bb9cbd99e62c01f91b585534d8611234a33bf19611e52b7f2b69286bdb205ddc56fcf16803faea48afbf60

  • SSDEEP

    6144:OWot1h9lESsrblOPBaKjy/lhGJMVVidEGBCSp/ah:OP9lEvrblesKe/HGIVidEEvch

Score
8/10
evasionupx

Malware Config

Signatures

  • Disables Task Manager via registry modification
    evasion
  • UPX packed file 3 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Modifies Internet Explorer Protected Mode 1 TTPs 15 IoCs
  • Modifies Internet Explorer Protected Mode Banner 1 TTPs 3 IoCs
  • Modifies Internet Explorer settings 1 TTPs 40 IoCs
    adwarespyware
  • Modifies registry class 5 IoCs
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of FindShellTrayWindow 14 IoCs
  • Suspicious use of SetWindowsHookEx 4 IoCs
  • Suspicious use of WriteProcessMemory 29 IoCs

Processes

  • C:\Windows\system32\rundll32.exe
    rundll32.exe C:\Users\Admin\AppData\Local\Temp\44fc719dbe62db69455127114d3d44e7.dll,#1
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:1632
    • C:\Windows\SysWOW64\rundll32.exe
      rundll32.exe C:\Users\Admin\AppData\Local\Temp\44fc719dbe62db69455127114d3d44e7.dll,#1
      2⤵
      • Modifies Internet Explorer Protected Mode
      • Modifies Internet Explorer Protected Mode Banner
      • Modifies Internet Explorer settings
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of WriteProcessMemory
      PID:2544
      • C:\Windows\SysWOW64\explorer.exe
        explorer.exe
        3⤵
          PID:2756
        • C:\Windows\SysWOW64\notepad.exe
          notepad.exe
          3⤵
          • Modifies Internet Explorer Protected Mode
          • Modifies Internet Explorer Protected Mode Banner
          • Modifies Internet Explorer settings
          • Suspicious behavior: EnumeratesProcesses
          PID:2904
        • C:\Windows\SysWOW64\notepad.exe
          notepad.exe
          3⤵
          • Modifies Internet Explorer Protected Mode
          • Modifies Internet Explorer Protected Mode Banner
          • Modifies Internet Explorer settings
          • Suspicious behavior: EnumeratesProcesses
          PID:2616
    • C:\Windows\explorer.exe
      C:\Windows\explorer.exe /factory,{682159d9-c321-47ca-b3f1-30e36b2ec8b9} -Embedding
      1⤵
      • Modifies Internet Explorer settings
      • Modifies registry class
      • Suspicious use of WriteProcessMemory
      PID:2676
      • C:\Windows\system32\ctfmon.exe
        ctfmon.exe
        2⤵
        • Suspicious use of FindShellTrayWindow
        PID:2788
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" -Embedding
      1⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:2624
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2624 CREDAT:275457 /prefetch:2
        2⤵
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:1640

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      28d58ac8b0ced8c4d591040b6507b396

      SHA1

      cb6017d3d56f5f2472ecabb01132ab16b2b70ea2

      SHA256

      76b931bc912d34898f97030ec2df006b9e7b4ffa48a4b392071abfcddebabcd9

      SHA512

      9318ec8057c310ecc21f47d42aa596410377eb80995ccd02b595ec5b8228d8b8ad65926b5a766a627e42d91ecccf54a5a9c8a8fb69befe8d72ec4786de814e57

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      de406908e7d2684a75e3516fd3ce7dad

      SHA1

      a4d50547d13b619dde3fcefb06411b8d15ec9894

      SHA256

      72ad835d08d2819bd7641cbd4c7a3e630c01d7e7663366f00c5b9eb698336099

      SHA512

      cb3d5bb1b5b39f2b95b8c4c477a22eb5a32e89139f3827ca2c7434e7a4b8c0792f99c597b2f0fabdf6a306f58fc82c4767e5123f67a2f2bbc6cd3aade6fac951

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      f76486817bb23142a1c4ea03bcb97613

      SHA1

      c348d934987b1fd9d9ecb3d5cc437480a2ad1a25

      SHA256

      7b984f9e92c4888f8c5fdd8004d898341af6523aaa8e829dd8d079d514adf372

      SHA512

      92b30b03e16e5a501619aaf1963e7ce3045eac91c02fe18204a2af99d373063761d3b218c62284ba6fe2047206f1607f19dac8aa76f99641faa245d95f93f27f

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      295bbeea74c3c60ce255cf50d044dafe

      SHA1

      286e86cf8382b41985af5c40c07316e839f2d7b5

      SHA256

      22030a61ad3ab6434a74f6f05a30f396f1f747056bb38860aa621af1c7b96e22

      SHA512

      898285a88f8f6346ac4718dcca76175a6e5e1908741dfaffebff84a07e9f866f34772fbf82ab0160ea4b53f2ae8ec00759442394ca309739c54cb900724f43ce

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      e957596a745f71cea8204e166f354c20

      SHA1

      f87ab545ac22acdad0b79c12a57e31f700f865bf

      SHA256

      ec82edf504503c65bbac3a9628445bae70f25f54cfa1f5dbc74a6320d90178f8

      SHA512

      14cbbac4e5dc80cf3c7dbfcbffacb10a9757df01c38bbcc288119beb8bc05a12bb823a8b361d7da3913ea10906ff8b88ff49583c7212e81a43be80ad10698e2e

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      46927c29fedb3dad3cc484a36b021a14

      SHA1

      4d47021ce5bd49a4b4a51e40c95d26639440d75a

      SHA256

      b380c32cf6024eee2f9f6f7723397afefd9dcc01af962c645ce5588847e58966

      SHA512

      9375f3d41b6ea10d2a28fae8b708f6436ea98562ac5696faba1f0af6db80fc6950b70d00204ee02119e5e866af10297e1e4cb308398149602d58294a42d96ae4

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      c1208abdcba2043b488e956ed793e018

      SHA1

      fc6224ac607b4f8dd0e17687947f0640014954d9

      SHA256

      bc7f98c0fe2c8497b1c0911f2264de354c45583f3b1090cfc14195a634da0ebf

      SHA512

      bf083c2e18bc2613f4b9d313b1e2f74f961d232f1164bd8f4fe07322c1b4b166028d968f82617670b122a6d4a1496266e7073052b62b7d7baa061c458627efc4

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      23faf97d5fc6264f8b539ff7fa48277f

      SHA1

      2de7a73b315325e9fceb131d129aec6f32979bec

      SHA256

      fd7705bbe6a34c86fb5cb6d8907c4be8da61d1c2cbd51fe6fb0611a7a22f2cb6

      SHA512

      d35b6662e0a39367bb099f385a8bbd95619b1c9ac1d243ad9ed877f314d628d86865994a32f1e341e94486550457c1f82b4016c8e53b84eb2fd15432e8f00c29

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      81cdd0e46529aa4ed0503b6015b88470

      SHA1

      612066e4388337448fc5ff4205707d535a245882

      SHA256

      682742b1b8fe30ab1d7d10afd8e94feaa90b894eb8f26c05cc962e8627de100c

      SHA512

      f50a81aa10bf486b1f7a6db65ae442c186be9fe4f8c4833fc9248073127fd89133ab37c12e702ba1cca0ea4b4e2edf59aafba92372c7caf15593d6dd13599aa5

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      4cb910aaaff905802dae0a766440ea15

      SHA1

      09c0f6a83b9442dedf1e7454fe63f21b7734e67b

      SHA256

      477aea3047a23dec1bc5dfc15b9e30f1983aefeb927b8f5b4b43037202622013

      SHA512

      fe52117cabb8e5451eb6ba92d1a0513e4a1a265ced900c16a805163d84f0e95ae92da365f6bb69c942cab349d841007592f37fa35a83ca541f858a51c6d6f846

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      629bdc536fb383e13cff78278938c414

      SHA1

      4e37ecf8d5706ab4611f5ba325c1ec9aff6d6d52

      SHA256

      a1b554a35ca8037b3b2ee145b81344570d22b1d6202a80bcbedd8119d98c4a61

      SHA512

      1bd4e5d9c66125451067ec21234d468bb1db2e91c335ab74bf6f479dd1cbe5594bf5fceeb9b2d66ceaf9cfde8f9e8f487436ffd61dd8c02110c299c51ae0af14

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      3c267ad9320db608489ade1cf5cfda18

      SHA1

      60fbb6f5db08a653bd75f038d8d45f406a626f10

      SHA256

      1ddbddd76707a945dfc637971a774a67830d5cc617ebf6483f5769b7e198aa4b

      SHA512

      3fdaf5426d461224fe1fe6bb1e6cc8ae37ef00a516d5260f91197a56c4f83418c357275aa582892e5f48710941c680ff41e68ab2be08599c5488a20122d07bc8

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      04bfd4bcae35ab0b3aea843b97b3b383

      SHA1

      624ca927cd6b7949e37ee0eb02b2ae9d8ee2b503

      SHA256

      e4c4019c81e6695023d0051a9bc52df49f0ddf0c51720f50b05bd12b9339d381

      SHA512

      85ba9f0cda92cf00fb228523b0f4ce8dc122b0b0d5cace2ed68f71208864f8421c92a5a0eca76839429f1dd0672d4a717d7e4b0a8f0ecc5b937acfed2ea23697

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      b002f1f2bf330e0b049031ececc815cd

      SHA1

      cc2427caa41acd4cc29055923d8088bff95b744f

      SHA256

      cd26b87ed722fd136abb73a9871697f11822586e85d255b43b0e3e6f885821e3

      SHA512

      9781385c412c9338074eaf8fbf8e62e15128f6b9f8434c4fe9c702e3185f5dc3866cbf0f83b9af51abfeea115965f78485a8e3101382b0b86f59fc8f59ed2768

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      56325a6d3cb49756a5f365df5d2ca74e

      SHA1

      0ae7049c5dbee68d7d900dc37b51689d7ccf9691

      SHA256

      a26a07b22d2dbdd80c6e9fe6222caf4ff7d04cabb46c5c62ac5ad63200241828

      SHA512

      d5fea4e772b13ae6fd2ee633c1e6635ad9dd46d2c9b9c71874212c7ffe127329921ad9a89187df094a658effd312e6d93add16f9b06d6751c667e7dbeda74339

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      edf6d83c9baa7bcae9b0f44082a7e3c6

      SHA1

      913c6ebbc1207e4cc985cb1f3472147bcf75be28

      SHA256

      d3efcc579f19c9f3e30714f261881523d64659fdabe3566a6bb56fa371e93230

      SHA512

      af5a1c2d2483dfa9c8c458a9cdfe67e589b3bccdd1a85dea73771d2b9c9b1f1efaf8ad3475f8aa03b42fae9dc4d11a29489f3a7cf8bff23dc2cefc00007fbb1c

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      2265e0ed1e05460dde966fd5b93e8d2f

      SHA1

      b6ed3238f6ecb9d1115b864b19c175e4fe52a58e

      SHA256

      c2034979db8de03b4dbe903dcab0c8910bdb4690acfb52a0122cf4e6191480a3

      SHA512

      1cf945a1998655a85700a6cac75ef2ffa5be019334942ceed995849c90d1f62f7ec9f9cc1eee414c4642e714f177977d3b0ac82c13d45d86dab56b10051ecdf9

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      16cefa6f97005734452cc684be7a3d2a

      SHA1

      87caba0edb28bfc1817f8106bf83ae8b1bbfa205

      SHA256

      0996b7abc6cbf1640915c74790be0fe9ba56f05869903585bb4fa3947b687a40

      SHA512

      c7a062bc923ca5b19ca6448ae6d54ae7ac7a0311cd91fce675cc49bb6b71d7468ffc89468014f9acc5705f45dca36378b9db0f93d54b6e0606ef5c878b743642

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\Cab542A.tmp
      Filesize

      65KB

      MD5

      ac05d27423a85adc1622c714f2cb6184

      SHA1

      b0fe2b1abddb97837ea0195be70ab2ff14d43198

      SHA256

      c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

      SHA512

      6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\Tar609F.tmp
      Filesize

      171KB

      MD5

      9c0c641c06238516f27941aa1166d427

      SHA1

      64cd549fb8cf014fcd9312aa7a5b023847b6c977

      SHA256

      4276af3669a141a59388bc56a87f6614d9a9bdddf560636c264219a7eb11256f

      SHA512

      936ed0c0b0a7ff8e606b1cc4175a1f9b3699748ccbba1c3aff96203033d2e9edabf090e5148370df42fbfc4e31d7229493706ff24f19ff42ff7bef74a6baad06

      Download Submit

    • memory/2544-3-0x00000000001F0000-0x0000000000204000-memory.dmp

      Filesize

      80KB

      Download

    • memory/2544-1-0x00000000001E0000-0x000000000023E000-memory.dmp

      Filesize

      376KB

      Download

    • memory/2544-0-0x00000000001E0000-0x000000000023E000-memory.dmp

      Filesize

      376KB

      Download

    • memory/2544-2-0x00000000006B0000-0x000000000070E000-memory.dmp

      Filesize

      376KB

      Download

    • memory/2544-4-0x00000000006B0000-0x000000000070E000-memory.dmp

      Filesize

      376KB

      Download

    • memory/2616-14-0x00000000007F0000-0x000000000084E000-memory.dmp

      Filesize

      376KB

      Download

    • memory/2616-15-0x00000000007F0000-0x000000000084E000-memory.dmp

      Filesize

      376KB

      Download

    • memory/2616-18-0x00000000007F0000-0x000000000084E000-memory.dmp

      Filesize

      376KB

      Download

    • memory/2676-7-0x0000000003A30000-0x0000000003A31000-memory.dmp

      Filesize

      4KB

      Download

    • memory/2676-6-0x0000000003A40000-0x0000000003A50000-memory.dmp

      Filesize

      64KB

      Download

    • memory/2676-20-0x0000000003A30000-0x0000000003A31000-memory.dmp

      Filesize

      4KB

      Download

    • memory/2904-8-0x0000000000560000-0x0000000000561000-memory.dmp

      Filesize

      4KB

      Download

    • memory/2904-17-0x00000000008D0000-0x000000000092E000-memory.dmp

      Filesize

      376KB

      Download

    • memory/2904-10-0x00000000008D0000-0x000000000092E000-memory.dmp

      Filesize

      376KB

      Download

    • memory/2904-16-0x00000000007B0000-0x00000000007B2000-memory.dmp

      Filesize

      8KB

      Download

    • memory/2904-11-0x00000000008D0000-0x000000000092E000-memory.dmp

      Filesize

      376KB

      Download