Overview

overview

7

Static

static

7

531a9df44e...5c.exe

windows7-x64

7

531a9df44e...5c.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    150s
  • max time network
    146s
  • platform
    windows7_x64
  • resource
    win7-20231215-en
  • resource tags

    arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
  • submitted
    11/01/2024, 09:08

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    531a9df44e228da94c32d332720a175c.exe

  • Size

    104KB

  • MD5

    531a9df44e228da94c32d332720a175c

  • SHA1

    f7a7ce2930b852552c8e3cf6b717eb17012dc795

  • SHA256

    7b947eb46d4262a73c6b8d7f2c81396c24ad968a0dd9a766fc8e5954c32e0088

  • SHA512

    de1b83115d1e29f91fff37d984aaee0b2d94194c6d839e8c251ebc26bbd258e3e155689aa6e00a2d1b48f0832620b5e91516d65cc83e47edeca500a62f7d9bb0

  • SSDEEP

    1536:e/JZqulpodsUitz71NQ9wYHZO3D8DzgJ8r0:e/1wd5ozjQ9wYHZOIs8r0

Score
7/10
bootkitpersistenceupx

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • UPX packed file 5 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Writes to the Master Boot Record (MBR) 1 TTPs 1 IoCs

    Bootkits write to the MBR to gain persistence at a level below the operating system.

    bootkitpersistence
  • Drops file in Windows directory 2 IoCs
  • Modifies Internet Explorer settings 1 TTPs 34 IoCs
    adwarespyware
  • Suspicious behavior: EnumeratesProcesses 1 IoCs
  • Suspicious use of FindShellTrayWindow 2 IoCs
  • Suspicious use of SetWindowsHookEx 8 IoCs
  • Suspicious use of WriteProcessMemory 12 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\531a9df44e228da94c32d332720a175c.exe
    "C:\Users\Admin\AppData\Local\Temp\531a9df44e228da94c32d332720a175c.exe"
    1⤵
    • Writes to the Master Boot Record (MBR)
    • Drops file in Windows directory
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:2904
    • C:\Windows\winlogon.exe
      C:\Windows\winlogon.exe auto
      2⤵
      • Executes dropped EXE
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      PID:2352
    • C:\progra~1\Intern~1\iexplore.exe
      C:\\progra~1\\Intern~1\\iexplore.exe http://houtai168.com:99/AddSetup.asp?id=01&localID=QM00013&isqq=3
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:2836
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2836 CREDAT:275457 /prefetch:2
        3⤵
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:2864

Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          344B

          MD5

          115880cfa240c021c31cf1295ef4ef8f

          SHA1

          a698832d9178c78ffc06cbe607605392cb60dd04

          SHA256

          b060d484b61234ea053130b8e44c05dc5aabd8b848b9260fc973f20855698fcc

          SHA512

          161ca4befaf28ff1fe04ce5f06af5ac0ec573256bed51f19a9a699efb877330fb080c2d6bb31a466faf7101d044fff69a58a455a80dab8cfd1f953eb8ff70c87

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          344B

          MD5

          24b2066f3fafa69315fee8465c998a1c

          SHA1

          f9b655f474c6d348e04413f22e8c16bac27b1ac5

          SHA256

          6afe496d63998304d8cab305742746fa4aebb0b09268da625903411c2ec8a3fd

          SHA512

          ce2931375a6348a3ba673050e0f7ebd7b7662b6f3e37a71a915b059a4a3ec2cfb9b47f449ab760b72d9e3dcad837dfe00e008d73b7094affc6438ccebafe3825

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          344B

          MD5

          3612e361e4d94aa55db51a96ef70c9bd

          SHA1

          a677d7b0f70ea38a9be1cb5188e2d106505dcac9

          SHA256

          1ff2a7761e397fd8b6d1baa4ad9ee33306ed1be58aa18396df0a130af61e6fe9

          SHA512

          6aa76df7350d5e60fc5d30033c23120818ceea65df3434583dac5e69e0e8147386339756b4cd595077355f456dae031f940c28a033c21ab94fe32c529a732985

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          344B

          MD5

          b7b21ca9795a974194682c1de0a51a30

          SHA1

          6185310fb2014d53b5f3feb1630228711231acbe

          SHA256

          b9e28ee93d63545bb9b7bda787cbfa4213116e89633faa112e4273fe3b56a61d

          SHA512

          6fe90f13c48a03201dbb6c758a29e448eab221613cfa9a6196357ed736255b8691c38ae15db195e569a5be11a90f17b447008a4b91022236e8b5868688690c19

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          344B

          MD5

          3d7270a8ccd316eb5eda6b9c18331d97

          SHA1

          086a542883a621fe7d8713841bfa8dead50976cc

          SHA256

          98d152e69b95c631bd2f0254c403d355e02a8f4b2eaa17779645816b9e8c736e

          SHA512

          4b9e4932ee161401db33283f9e58509367a2bf3c339118ed7124b883c67911b631140f1fac7e89d3eef8895fe1deaa626b4d2c795fc56e3cc52287847bdcab24

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          344B

          MD5

          1026bcaddb41aaf8f748efd2777ad93a

          SHA1

          3604d62fcc7e54fc77887563db9c0b020021a108

          SHA256

          a2c75d11941e4b45714f1675cdf502731a24639e24e6dc8eb420135ddd77635c

          SHA512

          8528e97bea6ba0b339d86ad5d107432702aa87b6a8c0b7bbca1c18883b20f7a94668773720263197bd538bb095b9aefdc930484aba0079a2f31235263c69fedf

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          344B

          MD5

          eb0938a72a0813db09413b652b49e9f5

          SHA1

          0662e22ef357d40c69e5d33b31facbffc4531611

          SHA256

          6295654464db8d0e8bc45334927de396b95fa7514ba3c1cb6d3d5ebc8ad90434

          SHA512

          da3dd3b869c32f8939e746e7a0787a9d9ce09b89a096b37d15312ebcfb5045de38286857bbd29813d54093fadc64ef8f2e99011fae864f72c584d15702bb40e2

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          344B

          MD5

          2e0840a3b3d74fe5ba53f984b1a2e1eb

          SHA1

          09a9ccdee17b11fe7af2065f84677867947a0712

          SHA256

          f15ea3e563d99ac84833ca511de9d5367749eb7ee3b8975242eb3c0cc7f7d4a9

          SHA512

          41fb71901859e510ea59c36a27f468ad0bc1ed2de81dd0e039036a046343961eae17c7288c0ee0db2000dd57d4588e12f62333b6863dedf48ddf072e5311e9b3

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          344B

          MD5

          10042bd5dd9c7b331008d9374fb59195

          SHA1

          f84f5798a5d6decc12d068752338544cf9abb648

          SHA256

          2c8527a0cfaeaff547a7d4e55a820bbd56f517b7d9e957841e569a93cc375b07

          SHA512

          afb82ade038cd6eef276f989abdb82084398fb6b1c0b11013d5b71f607405293a47386f070a7de2cf6c86177758051bc59bf6bfaf1a67b3ef2552ff14fbb5db2

          Download Submit

        • C:\Users\Admin\AppData\Local\Temp\Cab9ABC.tmp
          Filesize

          65KB

          MD5

          ac05d27423a85adc1622c714f2cb6184

          SHA1

          b0fe2b1abddb97837ea0195be70ab2ff14d43198

          SHA256

          c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

          SHA512

          6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

          Download Submit

        • C:\Users\Admin\AppData\Local\Temp\Tar9F61.tmp
          Filesize

          171KB

          MD5

          9c0c641c06238516f27941aa1166d427

          SHA1

          64cd549fb8cf014fcd9312aa7a5b023847b6c977

          SHA256

          4276af3669a141a59388bc56a87f6614d9a9bdddf560636c264219a7eb11256f

          SHA512

          936ed0c0b0a7ff8e606b1cc4175a1f9b3699748ccbba1c3aff96203033d2e9edabf090e5148370df42fbfc4e31d7229493706ff24f19ff42ff7bef74a6baad06

          Download Submit

        • C:\Windows\winlogon.exe
          Filesize

          104KB

          MD5

          531a9df44e228da94c32d332720a175c

          SHA1

          f7a7ce2930b852552c8e3cf6b717eb17012dc795

          SHA256

          7b947eb46d4262a73c6b8d7f2c81396c24ad968a0dd9a766fc8e5954c32e0088

          SHA512

          de1b83115d1e29f91fff37d984aaee0b2d94194c6d839e8c251ebc26bbd258e3e155689aa6e00a2d1b48f0832620b5e91516d65cc83e47edeca500a62f7d9bb0

          Download Submit

        • memory/2352-12-0x0000000000400000-0x000000000041B000-memory.dmp

          Filesize

          108KB

          Download

        • memory/2352-295-0x0000000000400000-0x000000000041B000-memory.dmp

          Filesize

          108KB

          Download

        • memory/2836-14-0x0000000002B90000-0x0000000002BA0000-memory.dmp

          Filesize

          64KB

          Download

        • memory/2904-0-0x0000000000400000-0x000000000041B000-memory.dmp

          Filesize

          108KB

          Download

        • memory/2904-15-0x0000000000400000-0x000000000041B000-memory.dmp

          Filesize

          108KB

          Download

        • memory/2904-10-0x0000000000290000-0x00000000002AB000-memory.dmp

          Filesize

          108KB

          Download