Overview

overview

7

Static

static

7

50935f56ed...b3.exe

windows7-x64

7

50935f56ed...b3.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    119s
  • max time network
    129s
  • platform
    windows7_x64
  • resource
    win7-20231215-en
  • resource tags

    arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
  • submitted
    10-01-2024 12:38

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    50935f56ed6d3eebcb015437d0b93eb3.exe

  • Size

    26KB

  • MD5

    50935f56ed6d3eebcb015437d0b93eb3

  • SHA1

    bb34f45b1dfee0fd3968d69c8af7154c5ca48039

  • SHA256

    dd7a5be3c384c80a257e184fc4bdafd1937dc5f656bf609d28bcbc4240b11b2c

  • SHA512

    08f8be2a5c185c21a07d560165bcc4356931e9135402b5dde19ade3a35d5505c2405635fd8f62380f44afddba2ae2356ddd45a9304d4ed56ecaa26bd188d52ab

  • SSDEEP

    768:YqqMwNXdhvc9n0nibyokkBbFRKeoozjwMo2Y:YqIpct9dvFjKeXnwMo2

Score
7/10
upx

Malware Config

Signatures

  • UPX packed file 2 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Modifies Internet Explorer settings 1 TTPs 33 IoCs
    adwarespyware
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 4 IoCs
  • Suspicious use of WriteProcessMemory 8 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\50935f56ed6d3eebcb015437d0b93eb3.exe
    "C:\Users\Admin\AppData\Local\Temp\50935f56ed6d3eebcb015437d0b93eb3.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2256
    • C:\Windows\SysWOW64\WScript.exe
      "C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\43F4BB.js"
      2⤵
        PID:2676
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" -Embedding
      1⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:2948
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2948 CREDAT:275457 /prefetch:2
        2⤵
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:2584

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      8b7b88cceee0fdcbaeaf3fbe7bd05464

      SHA1

      c1e9d9804a8b27edee6cbc8a213584e472140220

      SHA256

      8d9217b1e651cfbb9f8da2d5756c13349e0021184859498ec46dffb7373cafa4

      SHA512

      05d683cc3e3ccc52022ca37d4e9f9b9ee0bd5e8cf2adc15ac0a32907cd0776c9a852b9863b8f032a4c1510c6ff13469a4028fcba44670b31d1f689cf6c75c008

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      fc873a9cd4b72e097a8d6fba9f49b4e6

      SHA1

      be35c40b2fa9cef377134bf92300a53dcd0b7582

      SHA256

      29cfc47c7e580505b77029d4bcd6e0078b45f33af76f8593fd2de7ed625aa202

      SHA512

      f5a7e770168f8e37f6a5bcc43d69600e89cff65f0c15108da291e491b59f0557819c1297e6b57a54d45bdd2a5c54c37e443d7dc48ce9b9beb34dea62bdeb899b

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      936f1f25907728836e1b046b3ebbd9cc

      SHA1

      ac3471e64f2e8b7c04803d2885cdeeff70b84706

      SHA256

      2b5352c251843a7a175de3a74137e908af787ee38dca114f0a7e9db63e1cacfd

      SHA512

      4c23096fcba16d6de0acedf400b8cad83fffe015885cf8734e34f361102eb87dbc2fc234f85ec5ac87733dc507c4c8f2d9adcff6f238b2cb88cded67fbe0caf9

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      077867001c1dc0c51f95fddf3d871908

      SHA1

      98303e7523977f441adca70eac4475776de62d04

      SHA256

      94b2e9e55ade491d320670c93c82df88201bf10462ea0f5f6d5e1a245aa5804f

      SHA512

      cbbe88b0228e159458bcbad204d426c73245bcc368019a1e1c9f0ace68dc7c359491bb620f1220e9bfa1bbf161586cc12d22387a4fb694a834e934d71692c051

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      fd053a0a1f224264325430d6483265d3

      SHA1

      fc008c2712f7bc0351beb62b9eee2173a278ba67

      SHA256

      6793a5b89c44beb595ee88bca922b1abe13fd638c2e63fde63c057bdd28edb37

      SHA512

      204796ce82170c0e13b77e0c4fcf81e41d179f63a9ef0b44966887026f495707ccbafd92c1c6709d68137f0531f8b17cbe8f97901aba4767a084db0e14494dcf

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      b594a7a5dde1ded2fe3ec5723d0e7546

      SHA1

      3cbfa6934a9c563a6eb9aefc14835545ff796b69

      SHA256

      489f86ffcc25043095656b2c995735bff43b2b3293bb4d155450b072587307df

      SHA512

      270f1a00e6edbeca65fec8d0adc9c2548299bbc2d38154fbfc3b386c7eca084a5c7070a59a328e5e68e3a3630c5171a5219da66a83e46bd9ba0f281a6c3eb2f3

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      2a3b8a30ff051d0568e182bd67572d35

      SHA1

      da20ddefacd68dcf9104ba188e3daa835ade0023

      SHA256

      2baa1d32509f5c7cffa77163c8d6bb37ddf19df24e349793fa0cdc87985004df

      SHA512

      55ba777d0f6b8c3c2aa7f1d581cdecbbaad88ecffcdfca154cbe09a6581473f0dc7e99b5d537b4f82df0288ccc39ea4392d4f2b491d77414cf05fac7007ddd35

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      546413611041a83eadcf2c93b2087817

      SHA1

      190b3055b738533c50ccd95a1398cc7ebc4c7c61

      SHA256

      2603a42c43dab4c44bb6953e2912cd4889944b55711c004a7a34c3bd93c2274b

      SHA512

      ded8a90e9cad3d0d98ff92a9190a015622d94218df553422842c7354054a1038d5850dbb21ab0eb3199eefd0d794fbd8a2fdebcaf73c65b97902e56e876598b9

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      8c8b454b86ff5de151365d9c245ada15

      SHA1

      fc3fb9d3398adf7c95cfbb324cff497b587ead0b

      SHA256

      1865305cf5ac93fb6198ccdf71f5c541d0a64c5d1a621aa2bdd8386445a18895

      SHA512

      a78fa058918f1f9ed12db56132b1a0222c725ae926c8137fecb9bc498e3acfc2099d644a966bd52049f17edb461dc726c9bf3524b07500fadf78eb16a62dd0c0

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\43F4BB.js
      Filesize

      5KB

      MD5

      1f6ab71b1d2ebc2abfca2e47e1d185b4

      SHA1

      2ad1b01b73a22588f5268f83cc6fc302dc9dbe6e

      SHA256

      34f709e36e27b1cf608e316a7a47d3ff16212f18ff1ee5a4883f41c5741f95c6

      SHA512

      a292be141f938c0de8fccb5de9156b7df0ca2c74e070ac3bbed5fa01bedc0af9e04285a526cd31bc5a788e736d24d50dbe0ad000cf023d471458ce7eff6a0c7e

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\CabE745.tmp
      Filesize

      65KB

      MD5

      ac05d27423a85adc1622c714f2cb6184

      SHA1

      b0fe2b1abddb97837ea0195be70ab2ff14d43198

      SHA256

      c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

      SHA512

      6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\TarE7C6.tmp
      Filesize

      171KB

      MD5

      9c0c641c06238516f27941aa1166d427

      SHA1

      64cd549fb8cf014fcd9312aa7a5b023847b6c977

      SHA256

      4276af3669a141a59388bc56a87f6614d9a9bdddf560636c264219a7eb11256f

      SHA512

      936ed0c0b0a7ff8e606b1cc4175a1f9b3699748ccbba1c3aff96203033d2e9edabf090e5148370df42fbfc4e31d7229493706ff24f19ff42ff7bef74a6baad06

      Download Submit

    • memory/2256-0-0x0000000000010000-0x0000000000026000-memory.dmp

      Filesize

      88KB

      Download

    • memory/2256-5-0x0000000000010000-0x0000000000026000-memory.dmp

      Filesize

      88KB

      Download

    • memory/2676-330-0x0000000000290000-0x0000000000292000-memory.dmp

      Filesize

      8KB

      Download