Overview

overview

7

Static

static

3

5393432e82...5c.exe

windows7-x64

7

5393432e82...5c.exe

windows10-2004-x64

3

Analysis

  • max time kernel
    121s
  • max time network
    135s
  • platform
    windows7_x64
  • resource
    win7-20231215-en
  • resource tags

    arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
  • submitted
    11/01/2024, 12:54

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    5393432e826b15fb8cdc1824d29e535c.exe

  • Size

    40KB

  • MD5

    5393432e826b15fb8cdc1824d29e535c

  • SHA1

    c55eaa54e87e0d4c5fe7eacf148e7c80bb641711

  • SHA256

    f9dec0eced7162e3f19fd45ada870078e955b758e2364b97c19c41bb7405c881

  • SHA512

    f101521b38125a1e643e54e6ba0edce52754eac515657eb2fe062f85784815e557e642518a7ea8c682364afe7468e3513ff422c1b72ff117899235b7c8933f9b

  • SSDEEP

    768:GUdc8DoPnnDEQC1gyYxFGMlOMywGvwftEWpc7L1sGaXY0F2kG0TZiBI:lDOB5lOnjWid58EQZ0I

Score
7/10

Malware Config

Signatures

  • Deletes itself 1 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Modifies Internet Explorer settings 1 TTPs 36 IoCs
    adwarespyware
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 12 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\5393432e826b15fb8cdc1824d29e535c.exe
    "C:\Users\Admin\AppData\Local\Temp\5393432e826b15fb8cdc1824d29e535c.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2392
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" http://www.orkut.com/
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:2864
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2864 CREDAT:275457 /prefetch:2
        3⤵
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:2824
    • C:\Windows\SysWOW64\cmd.exe
      cmd /c C:\Users\Admin\AppData\Local\Temp\5393432e826b15fb8cdc1824d29e535c.bat
      2⤵
      • Deletes itself
      PID:1972

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    d216a11e73923ed0d29d17822eda4233

    SHA1

    766d6c87fae839ddf0f0c0f4c4245ac5d21e8710

    SHA256

    d45d25978ee02d8cae9e55aa5e972498e86351439d6fcbc20fc4e2bb41c7610c

    SHA512

    a77400b0e8b1b5480c7ce9f269218bfbf53bf34e266f340b139144fb1caa125554aac74caa6b6ec6ff09baafe85de0b047d1d0431bae51c9a087104e334dc2d9

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    ad22d989972dd6301fa06f70f87da616

    SHA1

    14201755c2200a6c9d17ad6c903efff6ddb7e207

    SHA256

    c8c45d196b21b064bf8fb8f9b41efebcb708c24dbdedf2fdefab0c6cbb3da746

    SHA512

    b94908af1e3c1a0e609deb74ae2cf314b1ea16f9d5ae2fd9f28daa470d0f2379cd6fa22a97c66cd9637426119dc23c860d848427a666473c39e1d3182ce31a6c

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    7847287c8a472c326a460f0bab3d19b4

    SHA1

    3d1fa3a60276b6de442966e9bc14e45397cb3e7b

    SHA256

    d52d34a3294c9c7329f26fb8effa2d3a22f08a30daee2f767804613b674cdb88

    SHA512

    e822cec254f1eb91226ad526bec1505757b263ff65f3e24b08d7b9d4084813a32cce8fd40c632fbcb35a3d68ecc8d1f77584a4dda1ab1faa3d3c19e426f14a3e

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    b62d4e95888fea4520b42de69779d014

    SHA1

    24145243a004aa01235cc9afc62ffdd29be376b4

    SHA256

    9568b319641c067d8e86a56170b1a99f9eb03a69bc649d2ed8afa6d0ddfa54ee

    SHA512

    8b4e586df06c9651e248f1aa44c4fd24078f6ff896f0c5d54302ee79081a89d12a2ecbe817b8ba82815766b9ce571b7d4ac53cf9548cf7965d8f13f1b8a68c37

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    c6870cc86536ed54739efb5a5915f2e7

    SHA1

    39dacb12e6ffa5108c0726b37f5465664a746c4e

    SHA256

    2bfc17edcb20b1ad1cb45e8e955b1095f7b20c07aa4d432b9e9ce5c09db96030

    SHA512

    23768d1a9bbb7615510ceaa009da0d3ab88f7f56ebd58ebd0789a408eff0550a4d1313ef6c473d0f579386f153ee8ffff63648693d5f9cd8a08c91a419bf959c

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    b95d03ac7d8e6306c6ff95b61bbb59ba

    SHA1

    a21394b9fc877fad9e331f7043a3d00a4a88e9c6

    SHA256

    44091defe73d488515ca6598fa6d5f9536a9e70f10b91a8acdac78fa8ea1ddf6

    SHA512

    de675ec5e91b129a008833fdb3798e4a4c6347503fb58d7dba5b98fc4586182ca6484de3960b60fb1bed77a90d7354a5e97693cbafb8e04d708bbfbc9cce2949

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    1378912c18d47a61ed3a8f5e9c8e9f0a

    SHA1

    e381fbfdae2c075086e8cf5d8032e502670658ae

    SHA256

    fbaf48af8f8dd667359567c79b460c674573711d142e856f7913bd9ecf3e1152

    SHA512

    e284576c496ec8a0b2c768aae0242b287ac479969f4911cf09d63f1a82f235f5c76c0d703b7efc39d7108d662e8f2bc5de9ed3f5f2554b87d516c130dc16c7ce

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    d47655be3b2240133e6e3deeb05acf41

    SHA1

    f14cd503972d210b07aa92d9af4e69f1e0f290cf

    SHA256

    ceb8057a3973cfcb943f601d0cec7f5b399dabbbc6516d3a2fde023c98de2252

    SHA512

    41e53cdf5dceb98957f3c486d92a63cc7deff931c7dd875b636c8c5fffc5d8161a555934870e57a64511ee534c1594b182e69f4b9f3b0451cc798aacc2310c97

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    8b464a0f8fccf30e6dd39fbc4242b4d4

    SHA1

    58a03092d71b2b41add2fde56000d1561f954ab9

    SHA256

    84529b91b994d9baa59030fcf62d2b8745c8fdfad1bdbe35df2172cc9b2cfdb2

    SHA512

    9ad30d9af4d54ac8ecfb35f496d45a1bc172fd517bc9ffb1d62cfdb1f187df686b45ea25c4cdf1053e019eaffb6e71fea1231f7387ca5e7a042734e6c073c794

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    81d96c055bc5fb73394dc73674ad5c6f

    SHA1

    6e12447dbcd8506e92efaa4ca5d0830ea22a1c42

    SHA256

    2237cef4149bdccd845c1b3fa1a1ed2913e0f1f5d25e0942a548fb16002f162d

    SHA512

    1f29625693835cb0b0905bddabd8f4bccf4194ec556709737686e590657a4a51fdcac6ce41a88d397623345be8c03207c90f455a93b2e0fef53a4e589294ab2b

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\imagestore\2s0hu3f\imagestore.dat
    Filesize

    99KB

    MD5

    43eecdcdcd29e246407659af29b9640e

    SHA1

    d136d4bf37fc6fda73794850e9a7bcd47e62fbb0

    SHA256

    da71b81ac0250641af5224608b24b7b43b78b0dbbb17235d3c62f0b37537b3c5

    SHA512

    2fb12da2c50494d8072af2183389707d90098c6480cfdb8f8aa908aadcc5c6051929d0fa37a27ceb5fc3ca7d8d3a0144e09c87d8521bc6727fec083b3d871067

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\R1EBDLS6\favicon[2].ico
    Filesize

    99KB

    MD5

    562fe6b5bc02c09537b054ba674740f3

    SHA1

    082f9d8d488f49c3085384009e9700b207dbd8c4

    SHA256

    29b906ce83796e0f46ff07dffbb9cd63278bace576d063fe3d888ab41c76e0d3

    SHA512

    c1a82e9104b03fc145aa8df7146b316e737d60cbacf6ec5221e0b7ccec4ef8f0bb9267f950363c84d3f67e916d728f36ca79f9d244400f8bcf3ff14a909a20ad

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\5393432e826b15fb8cdc1824d29e535c.bat
    Filesize

    254B

    MD5

    29bc5f9bb28f7e68359a7ed0c2884f75

    SHA1

    726f95c55bf2b76a204d42446d58dde41797e61c

    SHA256

    f332de54b9c3b2d0d052470ad9d0c3536f897b04914f602604c9a7dc615bc4c9

    SHA512

    8d2ff7ba0a46e2842c76f5a4ee113b528d304f99cb64fdd0a3980e01a98d307ff71d65505dba649f58c9583341e6eec26df187aa7a83e7b8050ae268e3c3f965

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Cab60F7.tmp
    Filesize

    65KB

    MD5

    ac05d27423a85adc1622c714f2cb6184

    SHA1

    b0fe2b1abddb97837ea0195be70ab2ff14d43198

    SHA256

    c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

    SHA512

    6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Tar60F8.tmp
    Filesize

    171KB

    MD5

    9c0c641c06238516f27941aa1166d427

    SHA1

    64cd549fb8cf014fcd9312aa7a5b023847b6c977

    SHA256

    4276af3669a141a59388bc56a87f6614d9a9bdddf560636c264219a7eb11256f

    SHA512

    936ed0c0b0a7ff8e606b1cc4175a1f9b3699748ccbba1c3aff96203033d2e9edabf090e5148370df42fbfc4e31d7229493706ff24f19ff42ff7bef74a6baad06

    Download Submit

  • memory/2392-70-0x0000000000400000-0x000000000041E000-memory.dmp

    Filesize

    120KB

    Download

  • memory/2392-0-0x0000000000400000-0x000000000041E000-memory.dmp

    Filesize

    120KB

    Download

  • memory/2392-1-0x0000000000220000-0x0000000000222000-memory.dmp

    Filesize

    8KB

    Download