Overview

overview

8

Static

static

7

4d14a384c5...b8.exe

windows7-x64

8

4d14a384c5...b8.exe

windows10-2004-x64

8

Analysis

  • max time kernel
    150s
  • max time network
    155s
  • platform
    windows7_x64
  • resource
    win7-20231215-en
  • resource tags

    arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
  • submitted
    09/01/2024, 02:16

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    4d14a384c5358c2d26f5db549947a4b8.exe

  • Size

    16KB

  • MD5

    4d14a384c5358c2d26f5db549947a4b8

  • SHA1

    71eb2effdd0ea2d86f9dd83a1030b5a9bccb4398

  • SHA256

    f2baf566a9d11685e1e7d5a5c4779239e8c37bd2e94ff1b433322c3532442ded

  • SHA512

    fc7b18a79b678528d5b1be180ec1f03ce9fd2e5116140e006b7840ed694db72359d652854c2c7009765260e0b1db04385f703ab51af5c562135441cfbaa3d852

  • SSDEEP

    384:/TXq//y5ivc3H3VlHANohw3R4no/qOnjVmzzdOwD/rMVdWw3tKGd3xWcA:/zk5cTHANohw3Ruo/qOZmzzswDoj9TjA

Score
8/10
evasionpersistenceupx

Malware Config

Signatures

  • Disables RegEdit via registry modification 1 IoCs
    evasion
  • UPX packed file 3 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Adds Run key to start application 2 TTPs 1 IoCs
    persistence
  • Drops file in Program Files directory 3 IoCs
  • Drops file in Windows directory 2 IoCs
  • Modifies Internet Explorer settings 1 TTPs 64 IoCs
    adwarespyware
  • Modifies registry key 1 TTPs 1 IoCs
  • Suspicious use of FindShellTrayWindow 7 IoCs
  • Suspicious use of SetWindowsHookEx 37 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\4d14a384c5358c2d26f5db549947a4b8.exe
    "C:\Users\Admin\AppData\Local\Temp\4d14a384c5358c2d26f5db549947a4b8.exe"
    1⤵
    • Adds Run key to start application
    • Drops file in Program Files directory
    • Drops file in Windows directory
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:2280
    • C:\Windows\SysWOW64\reg.exe
      reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\system /v disableregistrytools /t REG_DWORD /d 2 /f
      2⤵
      • Disables RegEdit via registry modification
      • Modifies registry key
      PID:3052
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" Http://
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:2816
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2816 CREDAT:275457 /prefetch:2
        3⤵
        • Suspicious use of SetWindowsHookEx
        PID:2876
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2816 CREDAT:3748869 /prefetch:2
        3⤵
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:276
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2816 CREDAT:3814408 /prefetch:2
        3⤵
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:844
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2816 CREDAT:930847 /prefetch:2
        3⤵
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:108
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" http://www.xiuzhe.com/vip_520035041.html
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:2744
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2744 CREDAT:275457 /prefetch:2
        3⤵
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:1200
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" http://www.okxiaoshuo.com
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:2556
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2556 CREDAT:275457 /prefetch:2
        3⤵
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:2800
    • C:\Windows\SysWOW64\cmd.exe
      cmd /c C:\windows\ftp.bat
      2⤵
      • Suspicious use of WriteProcessMemory
      PID:2560
      • C:\windows\SysWOW64\ftp.exe
        C:\windows\system32\ftp.exe -s:"c:\windows\ftp.txt"
        3⤵
          PID:2980
      • C:\Program Files\Internet Explorer\iexplore.exe
        "C:\Program Files\Internet Explorer\iexplore.exe"
        2⤵
          PID:1976
        • C:\Program Files\Internet Explorer\iexplore.exe
          "C:\Program Files\Internet Explorer\iexplore.exe" http://www.okxiaoshuo.com
          2⤵
            PID:1840
          • C:\Program Files\Internet Explorer\iexplore.exe
            "C:\Program Files\Internet Explorer\iexplore.exe"
            2⤵
              PID:1260
            • C:\Program Files\Internet Explorer\iexplore.exe
              "C:\Program Files\Internet Explorer\iexplore.exe" http://www.okxiaoshuo.com
              2⤵
                PID:2772

            Network

            MITRE ATT&CK Enterprise v15

            Replay Monitor

            Loading Replay Monitor...

            Downloads

            • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
              Filesize

              344B

              MD5

              bb3593f912bb584a02940a24305faaed

              SHA1

              ebd3cd9de9693f1903e5e4abf03dc11f03b1d05f

              SHA256

              a6539dea292b844eddf141705ac60a25a7f9673758d31586e08bd842cba09ed6

              SHA512

              26908f874ccf5cdcfc6ceacb42e74e9c38d8153f9335fe26b3da66b1a535e5f633687ba14988514d08c69bd088234d4e8fbff0edf9b725e633191f4377299d58

              Download Submit

            • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
              Filesize

              344B

              MD5

              9799ecfa68d6b794b48ce97521d3690f

              SHA1

              9aefa07a3263aba706dd0980c5c7f4254b21df55

              SHA256

              8854c27cb559e89fcdd0186b7f85e00a71f02304128d907f56921a16321005e2

              SHA512

              d2fbc79a01024dcf8863d163497b6d361f0338423e60b96e1cec40191f6a1bc1c5b01aa7c47ec292ea35c8798868188c9fa9bdddb14dcd789ce129c4fd47b3b4

              Download Submit

            • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
              Filesize

              344B

              MD5

              4c914857a479142dfe59f440f1608dc6

              SHA1

              16755fd497ce967837e16bc662bcafdeeec0ba17

              SHA256

              09ce80b3491d7ead62ecebf79e2d7578d324799cf132dcff296b848a5326e3d3

              SHA512

              1c93b06ef9330f397365d6833bcfa1da6050570e64c1d837cb29be53fd06eecf91daafca3faaeadcc6a558caa743dd881b1fd3e98f043bffb7580bc78dce71f9

              Download Submit

            • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
              Filesize

              344B

              MD5

              b55a7296584461885ba7db86b18d528b

              SHA1

              334528fb360097197e5bfbb97002e63966d402b5

              SHA256

              02a931288e3c4f1513bde8157f1ac62cf1c3f4b034e93267d93d70dfe9e615f7

              SHA512

              1a62faa84d5352d5ece2863ef42893a8ae8335bdee2878554156f649a14764ffdae29f0c7c9e43cd790847633ef8001e6de8d98fd50a5e977388c51be9d4ea93

              Download Submit

            • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
              Filesize

              344B

              MD5

              296529e218c099bf667f595163c5c9b8

              SHA1

              0f5dc400070a204212725340cf2a3e68ab51c833

              SHA256

              6e46600161a5b871b3db28031b691bc3fd2ad9effcc2e8de5be941cbfcad1d86

              SHA512

              d0de48d5c3537fc6d69f13d445997a35bfbaf9fa23e20d75b4107933d879964249c5169386c091349d7bf28ff84c8695141442c7236e022b481045f273bf9309

              Download Submit

            • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
              Filesize

              344B

              MD5

              2e9898d6b64dfcdd308cd22769cdd5b5

              SHA1

              5ede318f3de7d041359d77623d0d5124722581e2

              SHA256

              248f6801acaa0cbb7a89ec86accd26ca7e014630ac739a90b2efa16207dd9515

              SHA512

              fb7541e48dcfc9ce4e74acd48cc7d94bc403c0f2ed14f979546dc87fe39bfe46abc44b1391f853804a3740b549803d94c95daf7a7d47d7d6ff88499c964b34dc

              Download Submit

            • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
              Filesize

              344B

              MD5

              970954702b664641f76b45206d512119

              SHA1

              ac9c08bfc4f0b4beed4b44dabd87c34e2da9ec5d

              SHA256

              260afbd6be499f8af5f18e9a10c4ad6ee72a0c8fabd0b03b93ea3b9d1216fb9d

              SHA512

              cf1551fd2d36d49dbcc64096c69df7f65e11e2b11e3fdb910e6d9a12c3705dd21f0154ea16692094ec6b19b3afd2db9cac1d1f6aa35b63743e887246e4ff78d2

              Download Submit

            • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
              Filesize

              344B

              MD5

              57623c46a08375cc516f605f3389388d

              SHA1

              d6f88f27d834edff8fa4fa1e4f84c0626edd6d71

              SHA256

              a8f4d39b5d94978239249f36f1a473e2c628eeffa9adc3a4f93821925ba95fbc

              SHA512

              60f97c4ffd0518510010c01d7e834ca1712ccffbc4a6b33636d8aef9b2ee14c7b43db0665a188c1c2b7dea61eb9ef90dc117c5fc54c995b7011dba1b25223446

              Download Submit

            • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
              Filesize

              344B

              MD5

              16bf14068f546797705623dc6d927a16

              SHA1

              d3c272dde2c2ddd5c808b03d567eeace0204febc

              SHA256

              b59245e849c7f746f84111fca1cf70155af8f31158da7047d8b3f8e118ef8656

              SHA512

              42caea54fbd53a89db229ae774e41365aa20de1c36421cf9d674b627f93714a7e546795a5c8534d6e2f6a6bb41755a169ff3bfb4da02b34e11abc9a4068bab00

              Download Submit

            • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
              Filesize

              344B

              MD5

              69222204996d049cb60a7f9b17e385a1

              SHA1

              e57c952c51cc6e270df96e66e1eea386d4304163

              SHA256

              763d8a5ac35582572e2751e914119b05ccb9f268783f70c846f64529f685a8c8

              SHA512

              40556b65fbccb798c81395ccf7b999eeb1806b304c346bf2df034eec31076361e7f27f54416cf8d41014330b503d8b15aa7aa348692d4aa143f014dcbb81a11c

              Download Submit

            • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
              Filesize

              344B

              MD5

              90f1f78cc7b3146189c408e80f91b11b

              SHA1

              17034604cd7cd0f7c597cfcb26e67c3ea3f0eb08

              SHA256

              e35ba7d42a8d6a7de9ebfd94ea4481e87839b864a7b543b0b888e7bc4976b5ed

              SHA512

              3e15d30220943fea346630e1f7ea87e275a2b81ba8e45a4c380d1370de9f9e1a25d462ac861489ed411fb56f46f17de4286d14d5141e69241d3fafa6a9fbfcbb

              Download Submit

            • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
              Filesize

              344B

              MD5

              54da7e082550fa26a3ae353bb5c239f7

              SHA1

              a2e88f0059ad9a743bb17c6267a6cce5b515eb5b

              SHA256

              5e41bde336c141204cf72285b89633d53fc679008cc4a32ef6d5caaf2931353b

              SHA512

              2ff8e10f3ffad0103039254bec0c89cf5f7bf84b720a99250ba06965eda29bf56718f87ee78a4e08adeb38bb42a9335dc2313365e27c343d238eeca23340f4a0

              Download Submit

            • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
              Filesize

              344B

              MD5

              739e3f00c73805f30c2919954de7fb2a

              SHA1

              0995c9cd0e71244181479b74ca84b5e8919e7559

              SHA256

              3491a4fe69a9e012aeaed59e1010ebe30d8e8c58f61e3ff184f118138319e4bb

              SHA512

              e4231a100ebc5690eb6e70420bbc430d2f0ff10afd82ba9af7b50035c9f1f0357a4c7d089c6938709338b93fc57a11bcb907d8fcc1558675bcf2a075a3444992

              Download Submit

            • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
              Filesize

              344B

              MD5

              428749196b779e6b0cd4a27b9f199b81

              SHA1

              250c291161fa02891e486625916fa8e61abccbbe

              SHA256

              ba031244358d4fda53dfde8cfd09452f15b8b03295e30de88c3f8b6887990fa3

              SHA512

              1efd3830055a5326934ce67630af3c2fe285d7197756c5a3f07d584da62dc7fc76657450d72a4bb7e879c94472801a2416550c9b09f5ae30476012435d9a91a6

              Download Submit

            • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
              Filesize

              344B

              MD5

              bc6d027e1ddd2c197db96b16f23a239b

              SHA1

              f422151c52584b5d8a15b5975d1c1497b5513dc7

              SHA256

              656f790e73d9a816860b3efab7603a5ea9e8ff3d38dc7d7e378ed4fde8fd079d

              SHA512

              d578f91f040c1b3926867029f38884c0a271649ecf206d60a1085b263285459cbb3131287fb86448073d1a62ea7b03865cd6795796c02ac4616c71fb31020f09

              Download Submit

            • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
              Filesize

              344B

              MD5

              adf58b5f68762fc49a2ca0955ae2739f

              SHA1

              4941cda1254712194f74b8b7dc11e91b265bf1f9

              SHA256

              72c10a74cf52df6e27752e7cf080c015f66183f5daba468cca5db749d97b791c

              SHA512

              ad8c554c474ec54a217395638068211a9c79133c41acc07ec7c83f0dff05a5d27798b233c1c8762f2f7d84fced92ae42e6c793a9ca7328d3cce2fbe26b4ae76a

              Download Submit

            • C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{27FE56E1-AE95-11EE-AD90-6A1079A24C90}.dat
              Filesize

              5KB

              MD5

              7b103d6af32dcbb51e738ad68fe5cf23

              SHA1

              9add5f32e5f952e63bee81be6d09dc77794b0386

              SHA256

              a6db2d2f8a9d1307b601b51e462fdd6cc93a2564182889bdce91a6f6fd85a332

              SHA512

              18c9157ad70efab36a42b648dff799920e68b0cfb8498bf31a1de6d34d480b5aa651254e0ca36b52d994b943234ca289ab6177dfe4989c3a9bbcc0b0104fc063

              Download Submit

            • C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{2807DC61-AE95-11EE-AD90-6A1079A24C90}.dat
              Filesize

              4KB

              MD5

              89313e07f1a3f3e77895c34ee3a6850a

              SHA1

              2dd04917812f922be8a28fab9186e30930aa573e

              SHA256

              f6e90e56faae715650fd07b59d508482b66059be8225bcfcae4880b8879693eb

              SHA512

              722a59112dd324fb230f1a34c171c8aa1e5a251cf4b7b5c17cc06b114f3dc953bd782c1b039b524955a44dc8d971f42d3f620b5944168c57ed8ab30527d4785b

              Download Submit

            • C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\HJ0GGVIM\clipboard.min[1].js
              Filesize

              10KB

              MD5

              f06c52bfddb458ad87349acf9fac06c5

              SHA1

              ee60ca5ba9401456105ef703a98092369b579c80

              SHA256

              1626706afc88d95ebe1173b553ec732c6dc82a576989315fdf5e7779af738a44

              SHA512

              e80151e5171dc24ce0c1a1ae4fe54826c4fdd2a8908efb2bcbcd0a6d731e13c54b29bc16e111b91b8e536615a968956c69a11e238b0ea68c253ae56017b8e1eb

              Download Submit

            • C:\Users\Admin\AppData\Local\Temp\CabC86E.tmp
              Filesize

              65KB

              MD5

              ac05d27423a85adc1622c714f2cb6184

              SHA1

              b0fe2b1abddb97837ea0195be70ab2ff14d43198

              SHA256

              c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

              SHA512

              6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

              Download Submit

            • C:\Users\Admin\AppData\Local\Temp\TarC95D.tmp
              Filesize

              171KB

              MD5

              9c0c641c06238516f27941aa1166d427

              SHA1

              64cd549fb8cf014fcd9312aa7a5b023847b6c977

              SHA256

              4276af3669a141a59388bc56a87f6614d9a9bdddf560636c264219a7eb11256f

              SHA512

              936ed0c0b0a7ff8e606b1cc4175a1f9b3699748ccbba1c3aff96203033d2e9edabf090e5148370df42fbfc4e31d7229493706ff24f19ff42ff7bef74a6baad06

              Download Submit

            • C:\Windows\ftp.bat
              Filesize

              53B

              MD5

              8f2c89200ee65d9d082b9d77853f1859

              SHA1

              87539509609fa22e0085a135cf2f0feda33c3c2e

              SHA256

              9717e9026eae402fae08713f0da7ed86fecf804c7d4c9c2a2020c8e5bcd3ea64

              SHA512

              7d4fcf33bf7061cbbfa9b09432cc113f0f9aa57e43434b1b7c6c32f00bf22ba285a4fb310fbbac0a40179742e810276ae39ac99ad073ed587a8026586308e4b0

              Download Submit

            • \??\c:\windows\ftp.txt
              Filesize

              76B

              MD5

              1c98763b64e29828316643dcbae341d5

              SHA1

              8719a329fd5945e412d99e89c5f99b41ab566f45

              SHA256

              b24a9be1f5d3f017ffc55ad2f6427a33abaeccb4ce0fcfca025793f92a46318a

              SHA512

              de82674faa37db26e5ba0af13a2ec45a1f34074f7dc4ed955b5722e6231c1abbc6424ced9c77695f736ac15d4e31240801a767784a1d4c7baa8aebb12a5b1254

              Download Submit

            • memory/2280-0-0x0000000000400000-0x0000000000411240-memory.dmp

              Filesize

              68KB

              Download

            • memory/2280-454-0x0000000000400000-0x0000000000411240-memory.dmp

              Filesize

              68KB

              Download

            • memory/2280-19-0x0000000000400000-0x0000000000411240-memory.dmp

              Filesize

              68KB

              Download