Overview

overview

7

Static

static

7

51c5dec36e...c0.exe

windows7-x64

7

51c5dec36e...c0.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    148s
  • max time network
    142s
  • platform
    windows7_x64
  • resource
    win7-20231129-en
  • resource tags

    arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
  • submitted
    10/01/2024, 22:22

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    51c5dec36eefa488295095d3e08bf3c0.exe

  • Size

    20KB

  • MD5

    51c5dec36eefa488295095d3e08bf3c0

  • SHA1

    5529cfa927535dfcf239689883a13f71bad43416

  • SHA256

    767de26092a63a74572e8bf5649059ab8318a41014f6df673af91b7b0170e00a

  • SHA512

    3eac8bf4ed8f9bbaf03264f71103a4be64d70418be6f28f1d4f87ba90e66b70702cb2bb990b092b549de697112da66170ba59d98e694ebd5610120605f0f3762

  • SSDEEP

    384:cxuQlrR7Mg+nppS8td0u8sC9Bpdf/EenDF/zN/+P6moHbfXIDhsv1:6/xMg+qa0u8rXf8eDFx/+i/HLIli1

Score
7/10
upx

Malware Config

Signatures

  • UPX packed file 2 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Drops file in System32 directory 2 IoCs
  • Modifies Internet Explorer settings 1 TTPs 30 IoCs
    adwarespyware
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 8 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\51c5dec36eefa488295095d3e08bf3c0.exe
    "C:\Users\Admin\AppData\Local\Temp\51c5dec36eefa488295095d3e08bf3c0.exe"
    1⤵
    • Drops file in System32 directory
    • Suspicious use of WriteProcessMemory
    PID:1912
    • C:\Program Files\Internet Explorer\iexplore.exe
      C:\Users\Admin\AppData\Local\Temp\51c5dec36eefa488295095d3e08bf3c0.exe
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:3004
  • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
    "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:3004 CREDAT:275457 /prefetch:2
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious use of SetWindowsHookEx
    PID:1696

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC
    Filesize

    914B

    MD5

    e4a68ac854ac5242460afd72481b2a44

    SHA1

    df3c24f9bfd666761b268073fe06d1cc8d4f82a4

    SHA256

    cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f

    SHA512

    5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
    Filesize

    65KB

    MD5

    ac05d27423a85adc1622c714f2cb6184

    SHA1

    b0fe2b1abddb97837ea0195be70ab2ff14d43198

    SHA256

    c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

    SHA512

    6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357
    Filesize

    1KB

    MD5

    a266bb7dcc38a562631361bbf61dd11b

    SHA1

    3b1efd3a66ea28b16697394703a72ca340a05bd5

    SHA256

    df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e

    SHA512

    0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC
    Filesize

    252B

    MD5

    ac9f2afd1aa58bcc6ebc4e85c8c9f80c

    SHA1

    b8c146a9e30f142b7e2e262d699cddf851a9a2c2

    SHA256

    3f7fe59073628e5291a3cd74b24060fccc1571232122fc472bad62cfd0cd7937

    SHA512

    78576d7ad6ec3307f9fe65b6bda7c2545f6bbcc72f1ded5670fc4192a55141d31d5c8f8f074d55b4219e076e59f7a99191e9dc5cdb3730e3f8e4ad74db6afeaf

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    3e489f9686eb1b845f051cf518b81d28

    SHA1

    e66ff5d5992f3446977bc249985fe5081e964141

    SHA256

    7ecd47d69e627746d437a08dd788f4ac07d4cbe72ecfb6acd804c9a1a046ec43

    SHA512

    a1961b181d8e2cba52737c69ff48216cccece3ab8882f75a08abe988fbfca60c55bff9f58bb47f107811032c179f99fe3ed26fc57d358b687424afd2e82579d6

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    f6799109e5bb086b9cfc5e7e141ab430

    SHA1

    ee41ee4ade452661f89be1887dcc62e11ce5a366

    SHA256

    c33dc4280baa589335e45237a02c2a045588a86faf044ca3a39dffea7f2de257

    SHA512

    fa8e301b05247a73a733675c0c6f766a8420433b5cdc607dea9e4ffe2a646075f65d103075bf1c78d58995ad3249f546bd2297250038a54f294455a3ab6a298f

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    5e1d8ec6f91abad6290acaadaa4045fa

    SHA1

    601bdb75be0dc7fbadad952c297affa1d948073d

    SHA256

    ae9ccfb9ad3d3423ab6d647614f6349a23789bd51b70e1bf981e567519de1b1d

    SHA512

    fdc8bf01909db7b35963bf7a29c96b9aaf63abbdd4b76b5b4236d1893a2f92e678924c2c0246c37c659a693ffd4c69f00ab63c598da9905af64983302df586d5

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    83d89600abe69fab6b3fa75f3ecd2f74

    SHA1

    492df5226f6c7d61d1cba9c7f48f441c5f0a40e7

    SHA256

    74eba1f0f7b2f6cf7ff4c4c8efbb05817d1f20219779dfbbb31f14a6a257f608

    SHA512

    0f6294541af38b379bcfadbf2c02aeeeac6569c9190a83c71f1db9e86a2b3f3c783d42a8c5c64e701ee20862711849cd1d90dd0f5889ddd648261ce0079917f1

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    de33cd1eb1d4bff9435a8c6394a6ffd9

    SHA1

    dbe4b488ad12a1f2604605faca09ca014f5b16c8

    SHA256

    76d0430374a7cf2d2f5de0751e5c1e892c3a813b38dfc0eb953c28565f125932

    SHA512

    5a074c451d5787cd8ca0b790a47f26c004bd2643d83ec4fa3bf08032be073ec412e06e125611643b2fe0d3ccf3d0c447a5dbf4f25695b62e6fd9ea2cc6ffa052

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    3b9d2cda73251dcfb02ae85ad52144cf

    SHA1

    000a0c2646c2796b98a5b6cd167166f24413ff24

    SHA256

    2f71536feb914f4690e7a35550ec90d1675e6b6c037bba92f84c3e6e362fe983

    SHA512

    3a9ddbebdafd5b91d6920f55c254bd2e36b930a98fcfe1c32a236a88550391be63c50593f0d969f4e94d3df0ae4687459c38485495d84b961377e02eebaa4701

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357
    Filesize

    242B

    MD5

    425530b0d229a077db414391fc5f2546

    SHA1

    677f28ae1f03c8aabd521facb2857ecccf119ba5

    SHA256

    c6bdec3eb8ef8608f362d07cce8dfa197d15618a5b1ae6a9fcfea2018797ace3

    SHA512

    e7c764c76d1503600505de24c570e308df5073058863b63213b0e7326fb4f00b20e5a0e407c2bda8392a9db71e4d754aab906bf8536f9797aa865854be6107cb

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\Internet Explorer\Services\search_{0633EE93-D776-472f-A0FF-E1416B8B2E3A}.ico
    Filesize

    4KB

    MD5

    da597791be3b6e732f0bc8b20e38ee62

    SHA1

    1125c45d285c360542027d7554a5c442288974de

    SHA256

    5b2c34b3c4e8dd898b664dba6c3786e2ff9869eff55d673aa48361f11325ed07

    SHA512

    d8dc8358727590a1ed74dc70356aedc0499552c2dc0cd4f7a01853dd85ceb3aead5fbdc7c75d7da36db6af2448ce5abdff64cebdca3533ecad953c061a9b338e

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Tar3D93.tmp
    Filesize

    171KB

    MD5

    9c0c641c06238516f27941aa1166d427

    SHA1

    64cd549fb8cf014fcd9312aa7a5b023847b6c977

    SHA256

    4276af3669a141a59388bc56a87f6614d9a9bdddf560636c264219a7eb11256f

    SHA512

    936ed0c0b0a7ff8e606b1cc4175a1f9b3699748ccbba1c3aff96203033d2e9edabf090e5148370df42fbfc4e31d7229493706ff24f19ff42ff7bef74a6baad06

    Download Submit

  • memory/1912-2-0x0000000000400000-0x0000000000413000-memory.dmp

    Filesize

    76KB

    Download

  • memory/1912-0-0x0000000000400000-0x0000000000413000-memory.dmp

    Filesize

    76KB

    Download