Overview

overview

3

Static

static

3

4581e3602e...a1.exe

windows7-x64

3

4581e3602e...a1.exe

windows10-2004-x64

1

Analysis

  • max time kernel
    120s
  • max time network
    153s
  • platform
    windows7_x64
  • resource
    win7-20231215-en
  • resource tags

    arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
  • submitted
    06-01-2024 06:19

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    4581e3602e92053f685c9c9e4feb2da1.exe

  • Size

    2.8MB

  • MD5

    4581e3602e92053f685c9c9e4feb2da1

  • SHA1

    3f02318ce3a52dcb797b4f495e81521dcc21b72c

  • SHA256

    73b1b78727cb770d3b7e70a89db1b2b2939881ad88ebc672d0d81e306a05e962

  • SHA512

    983eae541908a55e09749be088140640ddea3ec3c2e70c631a9c528e0813094411d7eca682e30ba0297959c8cb8b0c11e60e543762a0e0e97f19859a66972f3c

  • SSDEEP

    49152:SgQX0ryUR0aXZkXaur+B/b6uEdp2sRRly39pYaC5parHAEohY3Tf76cL:SgK0sIZy+Juu6IskNCyVyY3Tfuc

Score
3/10

Malware Config

Signatures

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Modifies Internet Explorer settings 1 TTPs 39 IoCs
    adwarespyware
  • Suspicious behavior: EnumeratesProcesses 1 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 11 IoCs
  • Suspicious use of WriteProcessMemory 8 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\4581e3602e92053f685c9c9e4feb2da1.exe
    "C:\Users\Admin\AppData\Local\Temp\4581e3602e92053f685c9c9e4feb2da1.exe"
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:1048
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" http://www.x5aa.com/download.html
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:2604
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2604 CREDAT:275457 /prefetch:2
        3⤵
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:860

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    9a46ecbaa806593d2e5a4abfbceb50d1

    SHA1

    6784ec253b0e07728978d49464dfdd8ad72f835f

    SHA256

    54e239311e3318c1f9ffc50f24a5b181627b16ecc5b7ad16c2a3e1ef21e313c6

    SHA512

    2a68574fe6c9dd46703424c45eada44b38d0f5e37137c1745f4d54878054735da6edc9a86fbccdabbcb407722d646b74665dcba720355c3c1f295bfb2f08abfb

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    4f4885dbe0269bf8d3c9a7608d97f89b

    SHA1

    2265c9a97b492721dd40b8d432f0395e8bc03caa

    SHA256

    429856b38bddf03dba71ce7835d296ccf472f03143aac2eea534eac3b110d778

    SHA512

    881551196a451efd9490c495e3215e8359bb5781945c0a37ff2a6ea30722a15f15d8d7a5714dcc9506ccc893000944b35cf9f4e56d50367a6901d769922f3f0c

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    7b6a9a27a3161bc507b20b6f07d1e5a2

    SHA1

    ad54e2fcbba14eea343babd4f4175261b3408105

    SHA256

    782a5617d99964817ad3f7f2745fcd385fd12bbd8baf471d70870820a83bd75d

    SHA512

    734a95013a841436fdf9e7262e72eee1c2a846a9a5def8119500ccd04eecab5cc2ffa74c81c669dc45427b9b0c81c29c599352d29e2291cf0d404b4c9975c636

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    3cc9d6d3dc892fa0d773ceee35edcf3a

    SHA1

    695d5e7377607bb90a65b6cb487457ce4a6515fe

    SHA256

    4171275427ee4367fbf6e2f6d54a648498795b08a130ba4fd28a1e362aeb66e2

    SHA512

    5e3e69bcabab6e423e4a636825f6b2304465cee30a3d9febf715b291877b7e36d41f7c489dd2113084b20387c7986efc6a88edcadb6c55dcc7b5562e72b17085

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    3d72bed51b04d0ffdba6380a43420a43

    SHA1

    d2c5ff5c73bd62b2f27a4f0bfca946cfd8972f2e

    SHA256

    50864bc4ee3dab067599f5659ccc1c6d18da1a851ab7a16cb08b0a729d9c1d61

    SHA512

    1a29cfdf12cb04286abebc69f7680741dc15970afeb24e2c3e3567e6241f4772606ae66ff8f2fb3a6cc25c6f104fe4ceed768b5970b1e34baa587605c44f7e0c

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    451fdb89e5f53792560930d7bb28c1fd

    SHA1

    7ed44164e29db1cd7efc63f0e91dfe68251bd746

    SHA256

    2788616986d3550ac6478c0a4c5cd2457ded27480d1044bc7f6acf702299009c

    SHA512

    da0e2f8dbe9aeb1052f58356a268f89a08ba7f2f3c959a228ed2c23c52b20c373b1c20fed3237c97ca15951dc3f4d98208fb3d6b37f80df4ff3cf76060b0f59d

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    533f23557fb0a05f9991699d8136df09

    SHA1

    8a92b415a5ac6d653c75d1338ee625353cdbe20e

    SHA256

    ca47ccf1af09517989f49ca4e1715afb1cb677257c582acf243b066d381d0665

    SHA512

    315cad02b02e96c2f72550683a0fac99e711dfde5dd8f0bcc6f18aaa94e448b2bf4941fe5fedc690b715ff391a684d28d9bc0ef3f9d2fc69f0b0361e84537030

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    2677ca58a60c0b7a3e8ab83c6f95121b

    SHA1

    6c500659a3cee53031bd2369e0fd260a33746848

    SHA256

    bb7bd272124b63703a7c79a69312180b050953faf11f8e220e21f58fbbf16f4c

    SHA512

    f86e23ddc6c4c81603e4b843953521b85a0af9033a428e2b132c4ddbaa7b3fa7f8acef8a8a6ff2ce397175cd2f05441c4dd31abc593b33c18d58cd4fbeba7003

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    310800269a4e7f4a55c684e483a0e71c

    SHA1

    39e4c28afa8ea837736487b7348c6953ec84d467

    SHA256

    118398925314e63b88b46ff24457246827baf21d5a148aab21c2997e625e67cb

    SHA512

    f28d19fd81108278dbec844a937a150914b3d89aaf8fef688102caa3c1f5e93aa08f3076b7c96fd722721a57dc7b38d5a0bdb9dc90385c3d9d7c355ed471c152

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    fe80b36efc7c8d836cd470378e3b1c6d

    SHA1

    b4a3db8a604876a64a2368ce5c5de6ac6f2fe823

    SHA256

    4b5cd18398bbda374a03a44c7209d0c348e6070cc41548349eb03717a7bbaabe

    SHA512

    766a64c4e7c90c078360395d0deebee46ee3eff1269e781b2cf00b24c36d5a76c8530d986774d64ad1e039d39cc9cf5cce0ad464ea71dade48aa1ef1608471b9

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    e59a31982c2a147ef311af23d910ad0e

    SHA1

    ceb87767a87cacdfca49339b1cc46e0457248b60

    SHA256

    0e58229339345465903abd787bb56ad890c7e3e2d0f1fdd745ba9820a0d49f68

    SHA512

    324031712ebafdaa2f1d58f4c20cb192ddbbc149111af90fe99dc13f91c2dc7e417ab50fc9879127251d875524287f8c9c103f2bab9362414f31183ac89ba4e7

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    b70790eff74b842bf0901ee865c730b4

    SHA1

    2b22cbb52a24851295367f2c1cab5013a44bfe45

    SHA256

    06e22e42d3fea7c1c32517eb1528e0b5be5f949b383d6a55e61d644b19c8d667

    SHA512

    77eb22ccdc050a7f67b060d5a5f2c143fa8989b9c7617aeef9c54291587721977a86e92a50fa06a509f7c69d13f3d842f94b2973d2d351f2c587d89978355f6d

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    9744adcbb3e7a1ff8006efd035c766a1

    SHA1

    e5a06eb676fa28cbabe5df8766c3255a01a7b155

    SHA256

    49cbfa919cdb73154f2b4dc566f1bb9dcd9af3bf325bf2f2e4b4c24dc43b2399

    SHA512

    e7302fedca7cbc264a2ec4abb449e920d4354dc757d58764849853645382d4f07f6b77ad7fa8def0909d293e377567a6aa30547ac80d30c6c2426b7d4929537e

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\CabDE5E.tmp
    Filesize

    65KB

    MD5

    ac05d27423a85adc1622c714f2cb6184

    SHA1

    b0fe2b1abddb97837ea0195be70ab2ff14d43198

    SHA256

    c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

    SHA512

    6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\TarDE80.tmp
    Filesize

    171KB

    MD5

    9c0c641c06238516f27941aa1166d427

    SHA1

    64cd549fb8cf014fcd9312aa7a5b023847b6c977

    SHA256

    4276af3669a141a59388bc56a87f6614d9a9bdddf560636c264219a7eb11256f

    SHA512

    936ed0c0b0a7ff8e606b1cc4175a1f9b3699748ccbba1c3aff96203033d2e9edabf090e5148370df42fbfc4e31d7229493706ff24f19ff42ff7bef74a6baad06

    Download Submit

  • memory/1048-1-0x0000000000400000-0x0000000000904000-memory.dmp

    Filesize

    5.0MB

    Download

  • memory/1048-2-0x00000000002C0000-0x00000000002C8000-memory.dmp

    Filesize

    32KB

    Download

  • memory/1048-3-0x0000000000400000-0x0000000000904000-memory.dmp

    Filesize

    5.0MB

    Download

  • memory/1048-29-0x0000000000400000-0x0000000000904000-memory.dmp

    Filesize

    5.0MB

    Download

  • memory/1048-0-0x0000000000400000-0x0000000000904000-memory.dmp

    Filesize

    5.0MB

    Download