Overview

overview

7

Static

static

7

4c71bfe6c4...52.exe

windows7-x64

7

4c71bfe6c4...52.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    147s
  • max time network
    143s
  • platform
    windows7_x64
  • resource
    win7-20231215-en
  • resource tags

    arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
  • submitted
    08/01/2024, 21:01

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    4c71bfe6c436b4f6ea3e1f4e996dfa52.exe

  • Size

    26KB

  • MD5

    4c71bfe6c436b4f6ea3e1f4e996dfa52

  • SHA1

    e4d4da06ea09fc5ee7db8b64e3f821840c6699dc

  • SHA256

    570d2f9fc8d2d247216e97c1d0f6ad578639459df39c74fcc599115914fa13be

  • SHA512

    9197f256997cbb4f28f7c152ff40963451f3c62dc35761b87a1d3a2e2f98d31fd6a6364b2e7696c518bead6e41ef31861f4784e85124f17eab81ee44ba0e7c09

  • SSDEEP

    768:dGjbz+Cn/SkvAC0Nv4BdyY4UVKVDg2nPkPv:dqz+CnweAYJKV9ni

Score
7/10
upx

Malware Config

Signatures

  • UPX packed file 2 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Drops file in Windows directory 1 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Modifies Internet Explorer settings 1 TTPs 34 IoCs
    adwarespyware
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 11 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\4c71bfe6c436b4f6ea3e1f4e996dfa52.exe
    "C:\Users\Admin\AppData\Local\Temp\4c71bfe6c436b4f6ea3e1f4e996dfa52.exe"
    1⤵
    • Drops file in Windows directory
    • Suspicious use of WriteProcessMemory
    PID:1964
    • C:\Windows\SysWOW64\explorer.exe
      "C:\Windows\System32\explorer.exe" "http://flat.trafficadvance.net/AccessMySQL.IVRMobileEntra?D=11749&C=15&MP=41
      2⤵
        PID:1504
    • C:\Windows\explorer.exe
      C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding
      1⤵
      • Suspicious use of WriteProcessMemory
      PID:2832
      • C:\Program Files\Internet Explorer\iexplore.exe
        "C:\Program Files\Internet Explorer\iexplore.exe" http://flat.trafficadvance.net/AccessMySQL.IVRMobileEntra?D=11749&C=15&MP=41
        2⤵
        • Modifies Internet Explorer settings
        • Suspicious use of FindShellTrayWindow
        • Suspicious use of SetWindowsHookEx
        • Suspicious use of WriteProcessMemory
        PID:2748
        • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
          "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2748 CREDAT:275457 /prefetch:2
          3⤵
          • Modifies Internet Explorer settings
          • Suspicious use of SetWindowsHookEx
          PID:2488

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      a36a6c82bd84b4077b74d0b5b6d541da

      SHA1

      e6c339b3db02ab13c8ceaf9fd0ca7649237cd1c6

      SHA256

      bf7a486804633b95dc93a80821db8dd84b9d4afa07c8924b5339f3061daa0d6a

      SHA512

      dc0cbd42d414d4436e228306a4f4a2b9f8308c736f8c19ffdd86aef40843bd16482d481bb3aab47aa25c1ba32e2dc3d45c678966538c46c02ae9043c5682d8f6

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      f44808547d74b8d7d9a607576d5503dc

      SHA1

      b68a42ecd1dbb6db27352ec5c9f56700e6ea7a62

      SHA256

      45fb58f87cf20cec57346d8bba8666479aac770c3992bec74608e18b4d128208

      SHA512

      116322b9784299060e9908194da63db095fc5261f3b7115415b3b1a794211c768a48cea3c4e3f5e58342ede26248a304efcbff2b34bb1a864bad29a34a9c8204

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      5f8e1e9da1e8d06ff9aaad4fdd889d85

      SHA1

      a7c3184eb589260db1325f6e8df500788177256f

      SHA256

      efd9cd154971a0f121167f9f7739788bd8fbe72739185ffffde6fd340fdff331

      SHA512

      71318f2487ba69b0f173b735f318af6786784e48279f3c9c664501b52883be887eae14348ec1c802c81f2fc8edc46fe5711557f5d69fbad5a4ff478e6c07a945

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      84537d15779bdb17e3363670220f63f8

      SHA1

      4a537bc14a04f381b5fe724613d881f227e6c206

      SHA256

      34c6538dc0c86dc83df13cae2a26d6bad80268bfee1f7b71f41a611c3e512fb1

      SHA512

      f4f60dea9f156452471543d7c53a27c04fa869ab3a72499be7de02125298a4f1b48bb1d95fb05b28ff9ad0c91c001ed2c29e00b929d6b6ac2dcd4a9d7a987cd3

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      5e3521e09382f32fc5a44ad3d190eaa4

      SHA1

      adb3fef6ece1f6d5edb2b757f93c01c1dd6dc596

      SHA256

      a6fa0140a033c46661cfc85ac168f3a5fbedae65c0ebce3e3a5c0fc0d697431c

      SHA512

      fb5da33b56775c3451f94889187d6e3057a96626f546cc9a063411fd8214a968162ec357728a13f359f6ef75df96380e90efa17077c840b7671b50a796104e1d

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      7c6e9f4aa7d8410e23ad3bd65bb55878

      SHA1

      3fddb10a069741c5c296143f4d805f9eb8577b23

      SHA256

      0efdccd85e5718b1d98717178eda720d02094cff493a86c9f82422ee4b4e48d5

      SHA512

      722940192380d635cc79145d16123085672cca64be9a5516c6de2eeba4e97a94ce62f865a5c0b9586ea29c61cf55c87febe3edb7fe3b8406fe03e8de68e3aa68

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      9ed67d211050bff2cd584ed7bcf704fd

      SHA1

      ddfecdae43092fc9be70644d9ff43ae69d4c471f

      SHA256

      74c25895b8036300362f944748532ee5156e4cd8348cadc1068da936c2641314

      SHA512

      4a72b0ed29d25f3d791b82d358042359630862e2e2130a79cf98e9cfd76827291be541641964a1214f469f07906e43db6c766cad523a1a19853c9824b8550dbc

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      6a95db431966f8d3a3be5a2d21562143

      SHA1

      b81cb7ed912635865310a903c1d18e8cb205018d

      SHA256

      35f9d5fbda6a441783b3496d4e177f96ad381cc21eba4413ee23d3aed755161e

      SHA512

      2e8415cdcdfbefff7fb5bfd534d500b99d961829cda8016598526d7050f526edb4047b3f6f1e1dcacdebf40934d84d13b261d4c14d2d1bd918e8d37f66e67cd3

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      b579214ff965a01ea5b7aedf37a0f313

      SHA1

      39ca5c51fe36d39c806493444169c198c8994e22

      SHA256

      e2d28edff68752740205b11c9bd8b63aae59d8a633a02373022f0c2b466bf851

      SHA512

      6191208e5d59b9dbcd2bcb1e987783bee186e34785a07e1bc73f6d4119ae09284a3d02d85fcfa301175d7cb3a2f1a2137229d81b3e2022f30188d1f36f0f6385

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      936110ae9563eeb5ee7c9a6c1a943de6

      SHA1

      ce162db2b3eeab0f958f13e14ca22e0abab1a7cb

      SHA256

      d1572086ae19082772bcc589fb674cda53732e088a654ead7632927c26158ba8

      SHA512

      37ea5b3f4e33c22e3815bd3e1b622e0f1fb639eda7d7f090b6a02d3b7832af6e6ff491e7141317bddd6eba87707626f55221d6e8102919c2d852e96b029cc2d8

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\Cab7581.tmp
      Filesize

      65KB

      MD5

      ac05d27423a85adc1622c714f2cb6184

      SHA1

      b0fe2b1abddb97837ea0195be70ab2ff14d43198

      SHA256

      c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

      SHA512

      6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\Tar75A3.tmp
      Filesize

      171KB

      MD5

      9c0c641c06238516f27941aa1166d427

      SHA1

      64cd549fb8cf014fcd9312aa7a5b023847b6c977

      SHA256

      4276af3669a141a59388bc56a87f6614d9a9bdddf560636c264219a7eb11256f

      SHA512

      936ed0c0b0a7ff8e606b1cc4175a1f9b3699748ccbba1c3aff96203033d2e9edabf090e5148370df42fbfc4e31d7229493706ff24f19ff42ff7bef74a6baad06

      Download Submit

    • memory/1964-6-0x0000000000010000-0x0000000000024000-memory.dmp

      Filesize

      80KB

      Download

    • memory/1964-4-0x0000000001F60000-0x0000000001F67000-memory.dmp

      Filesize

      28KB

      Download

    • memory/1964-0-0x0000000000010000-0x0000000000024000-memory.dmp

      Filesize

      80KB

      Download