Overview

overview

8

Static

static

3

52f30521af...fc.exe

windows7-x64

8

52f30521af...fc.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    145s
  • max time network
    148s
  • platform
    windows7_x64
  • resource
    win7-20231215-en
  • resource tags

    arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
  • submitted
    11/01/2024, 07:48

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    52f30521af2bfae6abedcbc5f7d701fc.exe

  • Size

    56KB

  • MD5

    52f30521af2bfae6abedcbc5f7d701fc

  • SHA1

    9c7fb09ec96432fce6aacdfa86e99b6e72608bc2

  • SHA256

    89b94026628101352b40cda21b9988c70a5a139b23d6936416635bcdde3d211a

  • SHA512

    916b1dde79eae2ce430df13ebccdd72500fb9512b1518d2aff0bf5abc05c97673b626501398b7c387ecc595324bb7f479cd35e73df3528ada4b4d548d9d54ad9

  • SSDEEP

    1536:nn/oYXOXkUp87fsDyloLpoWUEuN2Sql8:n/oo7EBpo1EuN88

Score
8/10

Malware Config

Signatures

  • Downloads MZ/PE file
  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 2 IoCs
  • Drops file in Windows directory 1 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Modifies Internet Explorer Phishing Filter 1 TTPs 2 IoCs
  • Modifies Internet Explorer settings 1 TTPs 27 IoCs
    adwarespyware
  • Runs net.exe
  • Suspicious use of FindShellTrayWindow 2 IoCs
  • Suspicious use of SetWindowsHookEx 5 IoCs
  • Suspicious use of WriteProcessMemory 20 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\52f30521af2bfae6abedcbc5f7d701fc.exe
    "C:\Users\Admin\AppData\Local\Temp\52f30521af2bfae6abedcbc5f7d701fc.exe"
    1⤵
    • Loads dropped DLL
    • Drops file in Windows directory
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of WriteProcessMemory
    PID:1572
    • C:\WINDOWS\Tasks\SMSS.EXE
      "C:\WINDOWS\Tasks\SMSS.EXE"
      2⤵
      • Executes dropped EXE
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:1076
      • C:\Windows\SysWOW64\cmd.exe
        "C:\Windows\System32\cmd.exe" /c net stop sharedaccess
        3⤵
        • Suspicious use of WriteProcessMemory
        PID:2752
        • C:\Windows\SysWOW64\net.exe
          net stop sharedaccess
          4⤵
          • Suspicious use of WriteProcessMemory
          PID:2796
          • C:\Windows\SysWOW64\net1.exe
            C:\Windows\system32\net1 stop sharedaccess
            5⤵
              PID:2104
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" -Embedding
      1⤵
      • Modifies Internet Explorer Phishing Filter
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:1268
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1268 CREDAT:275457 /prefetch:2
        2⤵
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:2664

    Network

          MITRE ATT&CK Enterprise v15

          Replay Monitor

          Loading Replay Monitor...

          Downloads

          • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
            Filesize

            344B

            MD5

            f6a6f70baff0d9f610d3b52b37e9ec67

            SHA1

            ca1f08d79d83212528ae361991b0918f080a1907

            SHA256

            d60679af61cd6a950ec6ec4c3816bb808bc6c7f7e445570685d730262d32791f

            SHA512

            a8b2dc150f257daa5758978a1c08f9da3e88477c1dc23acbb6c58bd4c9fbd06c5bf016862a93d61a065e18b939e808a673f89e8da36b727415f069ff624182bc

            Download Submit

          • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
            Filesize

            344B

            MD5

            ee71f083a962dda32791bd9828eff39e

            SHA1

            110dc9a3c25e4d7f33e2707fa3cf52ddca72830f

            SHA256

            f36d4432e483dd551446c076eaacb923acb2b0ecb6e2ca57fb2a47ea5fae3d85

            SHA512

            4cc37407d6e2937c7c68a1075b5a79f5be95d3135f003a0c5612e70f2df8d995b585c23ac0fd6e2dea635ae9a5037e2146c44bb766b9b3ad28b963ee0896c3bd

            Download Submit

          • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
            Filesize

            344B

            MD5

            c873e01ee727ac0bb88d631667554a05

            SHA1

            f901b0566ab08c598292b009643e69b31859df26

            SHA256

            b1417e474bc3ad132025ef666afca11838e7a4d9bf0775698accdbd62441ad3a

            SHA512

            66af2a79d5ff4e7f63067fba615e254bd4485be62a187e8a0706131252fff20565250ce6e14587b4e9715629721bfc7fc26dd096b2e5d89789b98a1c28e2e17c

            Download Submit

          • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
            Filesize

            344B

            MD5

            f422646d0fdd7081ca4dc0325b4778c1

            SHA1

            13861e50000de818f3c063f73428c7fc03428c7f

            SHA256

            b272f0aa33681c13aee8524e52b92c8f42ab94780a9d965b9e810e19c12f4c0a

            SHA512

            db96652253be1e386019d3a9832b45a4111eebd2e5679dd80a3d1d8613a66b91438df49ac8fe1cf10ab08e263f7c33e76ecf1144b1f0bfef52620d4f98a41548

            Download Submit

          • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
            Filesize

            344B

            MD5

            d35af58772854feb72d869b8021d42d5

            SHA1

            f7efad94113b12ded836e0bfc8ab739c8e477250

            SHA256

            e42ccffc3a06581e196224714d9f716fd1fe5cc7bc4a09ccdf0392eff9b5a25a

            SHA512

            19f5e5fdd0dc04c55209e322aa9d874461f5ef9b625028ed04266bc0a88ee50e10c1ea561a67e7facd6b4a2b55a1b569ae60d2a6f3be4c5d8fe194130c383d46

            Download Submit

          • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
            Filesize

            344B

            MD5

            2cd0cb5e408feacdb5cdcfd0dcb98959

            SHA1

            4653e732dce0013b0b686444751b10fa301d63ea

            SHA256

            f8b4962f94177f57460c58f19c12c4354d2c0ed17f31e9a395cb760a17cb66cb

            SHA512

            d0021fc6c2c4fd1d05a178debb5b91793dc987452e5e9c3af5580b0147911aa8eccbb359bad3573e28b105e4078dfc9d38fcbfe8aad6e51316d9023c6b7a9ca4

            Download Submit

          • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
            Filesize

            344B

            MD5

            d99870229a41eaa515993cdc6c7d3b8e

            SHA1

            41dcf189afcf047ae5619775a08ada745c4e2a89

            SHA256

            0ee8c53996427b31307fd954c198cce25857190f33783c9babb8f56231144648

            SHA512

            1dca72c7ae518bdc77e01e37ec359fa9d736a85691283f6d1c84fe94a3fa9717b63ddee81317c9cbd0803ca7205dc37a734814f38528c869441db80b3d03179f

            Download Submit

          • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
            Filesize

            344B

            MD5

            77af594582a5fece798cb24fc69ba771

            SHA1

            deef999939108795492bad3fdf324b7e18729b5e

            SHA256

            a18701887cd221e953c15ad99082ac8a102c34b472b5cfd763bc03136eb37089

            SHA512

            71915a3ece36c5e6e6553f7482f5f25400deaba6334070fa65c860b2ef7471ed24e72006a7a53ea43f3aad4fa970da7ad8cf92a3485d6da87c8ca738243213ab

            Download Submit

          • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
            Filesize

            344B

            MD5

            02f5170cb4376085bdd8f315e39efbb3

            SHA1

            2bc6559d07bada5dc8b4d5c16126e9e970a09430

            SHA256

            1b0cfea1fe26bbdde38270453c53cc5ee16213904a106893cf6e54bd6f816751

            SHA512

            f81585fa7032a07d93210eaf6b9de5d5503aeb4a285aa66dd514b56e74547774758480886f969dbab9ae6ede30a7344936923bdab25f6a2ef8dbeb7cf39c8988

            Download Submit

          • C:\Users\Admin\AppData\Local\Temp\Cab193D.tmp
            Filesize

            65KB

            MD5

            ac05d27423a85adc1622c714f2cb6184

            SHA1

            b0fe2b1abddb97837ea0195be70ab2ff14d43198

            SHA256

            c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

            SHA512

            6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

            Download Submit

          • C:\Users\Admin\AppData\Local\Temp\Tar1DC3.tmp
            Filesize

            171KB

            MD5

            9c0c641c06238516f27941aa1166d427

            SHA1

            64cd549fb8cf014fcd9312aa7a5b023847b6c977

            SHA256

            4276af3669a141a59388bc56a87f6614d9a9bdddf560636c264219a7eb11256f

            SHA512

            936ed0c0b0a7ff8e606b1cc4175a1f9b3699748ccbba1c3aff96203033d2e9edabf090e5148370df42fbfc4e31d7229493706ff24f19ff42ff7bef74a6baad06

            Download Submit

          • \Windows\Tasks\SMSS.EXE
            Filesize

            13KB

            MD5

            c5957b883b32ccdd4421af38436704cb

            SHA1

            331009a0b9f71638634a3232f7f7c653811a1646

            SHA256

            a0517cd1dc714ec9c34263e68e11336aeff6b4c8ebbcca13e955107f052b5d92

            SHA512

            cc210f48f5b52cd76cfc967cc5ae22dab288ada4c88c6d9ed3f56bca58b9219b83fc6bd425343d37a67eb6a6327a9cb2b0488d9e4a77ca78c7018cc1028c0c94

            Download Submit

          • memory/1076-14-0x0000000000400000-0x0000000000412000-memory.dmp

            Filesize

            72KB

            Download

          • memory/1076-13-0x0000000000400000-0x0000000000412000-memory.dmp

            Filesize

            72KB

            Download

          • memory/1076-12-0x00000000049E0000-0x0000000004A18000-memory.dmp

            Filesize

            224KB

            Download

          • memory/1572-0-0x0000000000400000-0x0000000000411000-memory.dmp

            Filesize

            68KB

            Download