Overview

overview

7

Static

static

3

49383a314b...a6.exe

windows7-x64

7

49383a314b...a6.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    122s
  • max time network
    138s
  • platform
    windows7_x64
  • resource
    win7-20231215-en
  • resource tags

    arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
  • submitted
    07-01-2024 14:26

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    49383a314b93ec21c9fc0d5f4d592fa6.exe

  • Size

    36KB

  • MD5

    49383a314b93ec21c9fc0d5f4d592fa6

  • SHA1

    b056c2f65c85ce70ead1be288eb122896e53999c

  • SHA256

    882459fb825fd97543f2cff0110e7fa1c716efc2b47d0ef84c3bdc5ac31c6982

  • SHA512

    1c804af2c551250a286b0294965cbeb0ff46ccc0a4f59bbc3f8cb6c5ee75fdafeb42d09188208d61ff6d96919f26154ec2d62bb76dca59407b4e0ca0f3b3a63c

  • SSDEEP

    768:MX7tjZBRJdd0cuDUBbMn0Jbjj46Peu/W:MXtNd0cu+Mn0Jbjj469W

Score
7/10

Malware Config

Signatures

  • Deletes itself 1 IoCs
  • Loads dropped DLL 1 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Modifies Internet Explorer settings 1 TTPs 25 IoCs
    adwarespyware
  • Suspicious use of AdjustPrivilegeToken 2 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 4 IoCs
  • Suspicious use of WriteProcessMemory 26 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\49383a314b93ec21c9fc0d5f4d592fa6.exe
    "C:\Users\Admin\AppData\Local\Temp\49383a314b93ec21c9fc0d5f4d592fa6.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:2632
    • C:\Windows\SysWOW64\cmd.exe
      cmd /c start iexplore -embedding
      2⤵
      • Suspicious use of WriteProcessMemory
      PID:2464
      • C:\Program Files\Internet Explorer\iexplore.exe
        "C:\Program Files\Internet Explorer\iexplore.exe" -embedding
        3⤵
        • Modifies Internet Explorer settings
        • Suspicious use of FindShellTrayWindow
        • Suspicious use of SetWindowsHookEx
        • Suspicious use of WriteProcessMemory
        PID:2780
        • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
          "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2780 CREDAT:275457 /prefetch:2
          4⤵
          • Modifies Internet Explorer settings
          • Suspicious use of SetWindowsHookEx
          PID:2348
    • C:\Windows\SysWOW64\cmd.exe
      cmd /c "C:\Users\Admin\AppData\Local\Temp\gos4BEE.bat"
      2⤵
        PID:1916
      • C:\Windows\SysWOW64\cmd.exe
        cmd /c "C:\Users\Admin\AppData\Local\Temp\49383a314b93ec21c9fc0d5f4d592fa6.bat"
        2⤵
        • Deletes itself
        PID:1040

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      a3d1f9396a1abe3db08e17a1f01994c3

      SHA1

      926c8d74dfcaf8dff89380418584da12d78525bd

      SHA256

      f3b0452f2c5f12cf92bf28ab5b7c06ea365a6c985616d6ff8545da96b73e38a3

      SHA512

      cc03367b55f992c57a76006e41a7e643f3c1a6f030f90ac85d1610091f11bfdf2e0a4ca0deb7000bd262279707e745ce86f94aa944c6baa79ddcbf07748d99d1

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      5120f4c9f600bf25c031bb9a1b1dc293

      SHA1

      f9d70728d7f4f4c06e0039056e7816fde816520d

      SHA256

      9505c68c0dc1b491d70604f2259cd9eebca2cf9d939a7877de52debd7c36affe

      SHA512

      7194570d653568ab3be60feeb5c8e0474c7429dd697139da419b74a9d8645a120504b2b58ca2cc8b525f46fd0842ea1296b6691479d2c781d53c474f2bd58c61

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      8a84e29f4d7427e5a3373f483c7aee45

      SHA1

      7ecd8f0f2c4e86f99e5ef08024c5fccc192ab987

      SHA256

      042e898183cb6b38fdccd2cacac057fa105d11a6bef5a154552b37d3ebd72fa5

      SHA512

      b7e558e3af1b8702f5cb9a8bc85f8bed0d894d9beb326343250924dc6f38db84e2a371e8b15153e27f6863e4d4e487d4c1e7bed37cd169b3575913ee47cff265

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      6ada1b4d624c8dd1401b8db669b5ea0e

      SHA1

      5930f7db82158870fec2017fbbfe706145a5be1a

      SHA256

      c603cf13d890bc09c73fea05b7850e7df9a900f02de8234b81955c04b2168dd3

      SHA512

      4b516703bab754a07f6984c7636993ff92baa3e8e1dbd070622a1dfcfeba4b67371f73240af445224a22595553e127b2daa04968e8182a99223002107e9c0e33

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      db6bd186ae777ca8705078941bb96f77

      SHA1

      772587c23e5b0dba268b11e1bbfab171b74bba12

      SHA256

      f0fcdca96b32ac429fe81c82ec45a02997e8fd5c31cce3ef4066b314a6ba6d7d

      SHA512

      506f42c01d840db310ca17a343649321c083fde518eaa621087e7f075949d98b264504c0207c414c23be81d31e67c0cfd5b94561933d040ba9aca076566b7cc1

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      7f7e41490b0e9e6e1c6472f66c7e4d29

      SHA1

      7f34f3cab386abdecad8b16c60c5f14bc75caa42

      SHA256

      58d3da2faca8b899811d7bbc237829006fd123659e2537d44d942332e236726c

      SHA512

      b6eb527d581cf46b8bd0324ec85d4f23ed7d4f6effa27e04b1935d7a0b8b69f04542a1e7c387f5dcc072a88a6e41737b2dded73edcaae1d646bd43f679d59cd4

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      b59841299408ab33cefaf222549fc0dc

      SHA1

      d5beefe8070cc0a5d5d0e1d8c3c570e818c4a195

      SHA256

      68d5927890afb8a879738327557da0979d39a072c73f5a2e7af2688859ea2fca

      SHA512

      269f6c1fc45259646e37a0aa0cdb251c6c86704971420b74b1cb3a9d3b44c14a5ea331e930e7410690836447f401dc66b27ea6276c2614e3c9506cc1578add07

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      fe92a9616989a1341c3c6ec5e803ae6c

      SHA1

      785cd9813ded7cadb793821e6051319cd8efa343

      SHA256

      7477c4242c2d1155c44e38d1b69f4e406ba9c7cf7aafa031605396cbe1288628

      SHA512

      cf361a0c6ff603e0e3cbacd0e8005420974c712108382100420c2e5c61633049cc032c5f882dc1bfeca9c865d5ef5a616f31a20b995600b8015e3dfb41addddd

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      ecf0ba35c36e7745ae1b9d689852cd06

      SHA1

      ea7460c950ac8cec45fa36d302d63bbd9aabb998

      SHA256

      ec2db2cdbe7f86afb85db8edf4cc7fd9d3a39f22f9e66f0a62481350e65e56ca

      SHA512

      311ec2cdc0131f9c5eb91a23cad7b1c35b3553147675f32a22ad615fcd0bd2f44edcd57738fb83e6373d78016eacf1cd6e89de6b8185483bc100c834cee4b08b

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\49383a314b93ec21c9fc0d5f4d592fa6.bat
      Filesize

      265B

      MD5

      6b1b8fd976d99f59996e12fe6d39e285

      SHA1

      f0a70b828aabc4dc2ac63938633356a4e6894686

      SHA256

      381dd89a6bc8496b46aa71d5ff9a61e702d0c371738e501724bd77c0c732c482

      SHA512

      8f955deabd47fc145db7e3ef1129154cdb00e8c9c8a006d3e8ec7b16bf6fe6d240bae008fd0a7adb13932f60046190eaef44b067afd77d6307a571e8fa2f3c85

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\Cab5E39.tmp
      Filesize

      65KB

      MD5

      ac05d27423a85adc1622c714f2cb6184

      SHA1

      b0fe2b1abddb97837ea0195be70ab2ff14d43198

      SHA256

      c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

      SHA512

      6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\Tar5EC8.tmp
      Filesize

      171KB

      MD5

      9c0c641c06238516f27941aa1166d427

      SHA1

      64cd549fb8cf014fcd9312aa7a5b023847b6c977

      SHA256

      4276af3669a141a59388bc56a87f6614d9a9bdddf560636c264219a7eb11256f

      SHA512

      936ed0c0b0a7ff8e606b1cc4175a1f9b3699748ccbba1c3aff96203033d2e9edabf090e5148370df42fbfc4e31d7229493706ff24f19ff42ff7bef74a6baad06

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\gos4BEE.bat
      Filesize

      190B

      MD5

      a8c1d730f702c4bf5e0e76fc5eaf17a7

      SHA1

      5f0a0ea13b5e4656a4482eca14ee7e828f43bf8a

      SHA256

      72a11e902bf421658c67fc538e9a3e816b841eeebe27af9629e086e075aa1370

      SHA512

      6167c38f5050db3addd7234fa0fd4af1714615c532b4d8e3650a3cfc5cdc11dbb9c2e3820bbc606b524b664a623b5b4a4c54b18bb5defe061e22593d712bbbf5

      Download Submit

    • \Users\Admin\AppData\Local\Temp\gos4BEE.tmp
      Filesize

      25KB

      MD5

      34ba5f8edff785677c09f14d42fe37a3

      SHA1

      736d14aa51db22c916829e2b83d2bb208417cbe9

      SHA256

      be31a372fce318cee44d7a681bb943bc4fcf8d959a7a2ce00774cf14aa42646b

      SHA512

      bdde21d6cbd2bd5a51ee09ba94f4d6878c84b2150dc64c7b7fd8a42dfec8c2f686741ad5bdf44d1d85cc7637e6fd78e7cd370c453d723a5f9296a52f86eff419

      Download Submit

    • memory/2632-36-0x0000000010000000-0x0000000010012000-memory.dmp

      Filesize

      72KB

      Download

    • memory/2632-5-0x0000000000230000-0x0000000000234000-memory.dmp

      Filesize

      16KB

      Download

    • memory/2632-4-0x0000000010000000-0x0000000010012000-memory.dmp

      Filesize

      72KB

      Download