Overview

overview

6

Static

static

3

51c479b849...97.exe

windows7-x64

6

51c479b849...97.exe

windows10-2004-x64

6

Analysis

  • max time kernel
    122s
  • max time network
    126s
  • platform
    windows7_x64
  • resource
    win7-20231215-en
  • resource tags

    arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
  • submitted
    10-01-2024 22:20

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    51c479b8497f7a4e927525b08bff3597.exe

  • Size

    1.3MB

  • MD5

    51c479b8497f7a4e927525b08bff3597

  • SHA1

    431c99b9e88535d899ad4d7ec1d0caf70ac2ff11

  • SHA256

    50b8aabaa708185f96293ef04268a4fdef80ac67c96aa7a93563a316658abee0

  • SHA512

    d14e82ca5192d5f7fb67f4050bdcea5b4fd8c11d31337f847e976064d0b833bc0912c7fa7164ae3977b3dc100877468ad4eefb920c887a79683d6e7a5b0e093a

  • SSDEEP

    12288:Ch/pCHxW4pbAOeeeZeeeeEhMEr6CX4zistF:U/eDNAuaE6tiI

Score
6/10
evasiontrojan

Malware Config

Signatures

  • Checks whether UAC is enabled 1 TTPs 1 IoCs
    evasiontrojan
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Modifies Internet Explorer settings 1 TTPs 35 IoCs
    adwarespyware
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 9 IoCs
  • Suspicious use of WriteProcessMemory 8 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\51c479b8497f7a4e927525b08bff3597.exe
    "C:\Users\Admin\AppData\Local\Temp\51c479b8497f7a4e927525b08bff3597.exe"
    1⤵
    • Checks whether UAC is enabled
    • Modifies Internet Explorer settings
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:2080
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" http://www.gamecentersolution.com/downloadgame.aspx?CID=21157&AID=1045
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:3040
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:3040 CREDAT:275457 /prefetch:2
        3⤵
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:2560

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    0a9f11ed675c2299eace7be45ee0ea81

    SHA1

    ac997e52de6960077325c3a77603c4c3876e05df

    SHA256

    2146e67a8429da13a48b0ac9d18f325250ff6bd2405e4e02d32632e106514b6f

    SHA512

    eff513c5bc898d14f63a829629e06d3a857223ae69c7e6156bb7bc0eea4de0939dc9533979ffe719e158bb331852b931a8237ea30b92d8eba51433f6740afd19

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    ac8be06a7f32b67f653ab987f702bd4a

    SHA1

    0f67e8b146b377cac87b82be3a32b9247e502a2d

    SHA256

    6d08e622a8834fcd442a1710d9bdb9f5d1a2f80138dbc90a55e0206152f2fdf3

    SHA512

    91f7c06d7cb6c35c8cfe86e8636dcb7394ef92fa3e6cf0d8a00b7bc1537491b7412333ca961720f15557c54f06e19a0aa707dd1bacbee8c7adb3696f4922bcdc

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    a6b11e20fcabb317b38fe4492e4ccb40

    SHA1

    48310fce3cff1b7462e8690b6d5ffb6b814771a1

    SHA256

    461873572b0243da752a2d6fe4affcafe4d3991641d9b57a9ee0a736fc3387be

    SHA512

    7f38edc94409dbc4758ef569a6e621241cb6dfc96fb8cde332f8b2447e8ce903914a7a77c86c06564d9a197a2b1484cf1579f5f9bb44f4ae06cb4dfd909f2c0a

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    08034439e8de1c418c3cca9d44bf4cac

    SHA1

    53edacfa69b52475816b6cef980798dbd873fada

    SHA256

    c98e13e41d550464b443c394d3fc517ed7b64bdc475bc4ebcfd2e272d844e9ae

    SHA512

    6d7e88f428306a57477378ef91fc33b1c92c4c569c3e3a1f89ad4936a92c75df0abd27cb8caf83f6300625fd8611d49e9ca80086412bc81c393baf7c6373bfb4

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    3a990134f83feedceb55c5bb16a38776

    SHA1

    cf93d8e3cf5d3dd6d2022a3df7859d578e4d94c3

    SHA256

    dd144a5817595be65f9c5e8d2727e62e212fb40d941182484cffdea435f1eae1

    SHA512

    ff1744ce400be00327e7e9bd9c8d3d10db61ec23ca7d0cb6cb49337f8a8bdb2d0ba7aacea5e406edd49d77f2a867c1edff4b9e98508f39a60e20a9ccae851263

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    6d45e55fa4bbb1d8f7bb1ce1c43aba40

    SHA1

    8cfb0f8752dc8a0a50b2ccdc73205b2915c1e9b5

    SHA256

    d29485ed3231a30a56a8d7da2ce829b4387628206e0573b66744fa893c70b344

    SHA512

    17407fa1d0dacff11ba3cf9342ba69a30a635ae74e26f2eb611d04556332b8ba034f809b4ffeedaf085db86f75845d28dc6f9f5f5c6aafcb72c768da68372e22

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    40c0c18614bc9d9823017ef528005624

    SHA1

    ab4c3b3e32c5e92728744d35d003d9935abd3ba8

    SHA256

    050d058427dcb147d92b244568e6560d48b8d3022b48c11935141ffae9a4ec95

    SHA512

    d5b1dde9d36078786aba302386ab6189c835406e639ed872e38e399b326224cec0fe5a3ccb627ac206e14a48bddda52758f4279c6a2d8854e3b8e89d52ed28e2

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    89a25ca9da7277dfe02a6101bcfe58ed

    SHA1

    9b549682fffc3312b4e34b2eb10859205b68f641

    SHA256

    435e166c76c25c4f8e3f0ee030357c680af3b4da3b87e7457d6a0582d020ea55

    SHA512

    f29d194626dfbfcf5a3ca4dbfcaefcfac0c86dc0c6287a6b9907d110d335349fa203684159b6d88bc0f0cd54d72a00265570ee36dc2c74193bd359b398771ebd

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    e88143eb697d157aee76f76d19e2686e

    SHA1

    b06964caf7dab653986dff810690bc7b878d82b8

    SHA256

    8747df4f4efeb0f1781c7bde570614c5fa8873fd116e96b991e71ce9e8f13f05

    SHA512

    5eb26852a477fe4a85aa57cc5605404f3c7380ecccfb73d827d849086c8fb7edc640ff3daf4d017e3d5c325b0ba5e8c66cd46711aca236f3c7a85c1ad0190516

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    bbc97e6f474eec0ceb2699993d24e0b3

    SHA1

    8627d6d6c76e4c1fbf466eed4ee3b7df06c3018e

    SHA256

    1282370c3f5b418cd14a9bb7adb10bc8e9ebf2c98c6e0906c492c26a41df265f

    SHA512

    c8a8b454153a83bee2115678613ff1e8d10497198a5314fbd2d3660dceb07284746441f497590d0881d23edbdacc41d7076180027444aa948dccec8ef4800adf

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    cb11f17ca367d60b397df48cb3cf4110

    SHA1

    f53aa5315b91f1c9be8b935b7a2c767da82ac572

    SHA256

    774031ea1c9a37b733de1b0f98f84a01854b574f094d275fed90c9928278f702

    SHA512

    2a15910623aeb233f34a3fed1a98eec4b7e6eff93e963d5d1be9f33143055087ee218321a4135cb7fbec1bad523535e630af1e2bbb45b402a16d60c06cdbe0b0

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    c6fa8e2047425cb6734003920b12e24c

    SHA1

    c53ac1b2dd811da0d0bc5b7da7b44892080ebb57

    SHA256

    24ea34dc4e9026214ed748774e4521dffd935072307efd04e4fa3fa8f74ad3f3

    SHA512

    4f406770d484223cd22aa3ad1f581e40e1e55e823c6ea9050926d50279c4df1e6cd0c08bc1b42ba75783530bc27a71dbd5b065e62cd99423e1f0fa1b7b6dda65

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    dec8e88760e9ac093591fca93e584ce2

    SHA1

    0dd29c4a53b79b145e479063c16d92db68c4d3c2

    SHA256

    c54a6c1ab37c35d0ef37b8aba223ea4d1ba0a03651aa444fd7ab7d61ccae5b08

    SHA512

    446734c1ed25813941921c9d47b0ab002ba723bde65ebaf7aa4dac7d2e2893d16cc41a5e8e2320543a6006aeaccb47612f1d992abb7b6592d78748b2776a2b02

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    f323a04a2b29f1f83e8dd10e3ca1f951

    SHA1

    7d351dcf2f2eb964977c392d5724bf81cde8fa72

    SHA256

    82a327e0133c7e6487005e80f6359931ad21ce5102c9f2e88d706207b077a908

    SHA512

    ccddcf12b62da2071c76931b9445b75f508f9f3af65a666d1f3cb2b961f7c698f7411236f532a264a144c24fe8cce29b27270b53e44a5a30d5d8b651f7c4e082

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    7ca1b3e8f354996991c26fcda529532f

    SHA1

    23f87c320816a3180e72a333ace131a834191950

    SHA256

    c755fd3e27a1659f34794528024f98064c1652d8f12fc559b560c4b6f6433b9a

    SHA512

    b4e2b7fa4d933658e799bc952bd65839f8d60a5120c6444fa06314ebe804bcb0d864bbf0b7e9ff4127463d3b10ae9caf9fea8c16fef33f2069a817a3ed3b02c3

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Cab5E68.tmp
    Filesize

    65KB

    MD5

    ac05d27423a85adc1622c714f2cb6184

    SHA1

    b0fe2b1abddb97837ea0195be70ab2ff14d43198

    SHA256

    c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

    SHA512

    6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\FG.url
    Filesize

    192B

    MD5

    0fcf82b5a915470e8a79d3516f582a36

    SHA1

    75f81b41607905b231521243129aff3554a58db0

    SHA256

    076264d4f165cef82f0cb07f6795f1d5ffa74741a943fca42cdeac65823bcae4

    SHA512

    adf69ec56756fe672677b039cb44bb13fc3adfac569f5ea4eda4e7b35de5ebe0229c5825ca8337aa2c623a773bdf775ddd3689e9fae03a7af1f694576d954293

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Tar5EE8.tmp
    Filesize

    171KB

    MD5

    9c0c641c06238516f27941aa1166d427

    SHA1

    64cd549fb8cf014fcd9312aa7a5b023847b6c977

    SHA256

    4276af3669a141a59388bc56a87f6614d9a9bdddf560636c264219a7eb11256f

    SHA512

    936ed0c0b0a7ff8e606b1cc4175a1f9b3699748ccbba1c3aff96203033d2e9edabf090e5148370df42fbfc4e31d7229493706ff24f19ff42ff7bef74a6baad06

    Download Submit

  • memory/2080-0-0x0000000000400000-0x000000000055F000-memory.dmp

    Filesize

    1.4MB

    Download