Overview

overview

7

Static

static

3

55745c2c0e...e1.exe

windows7-x64

7

55745c2c0e...e1.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    118s
  • max time network
    149s
  • platform
    windows7_x64
  • resource
    win7-20231129-en
  • resource tags

    arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
  • submitted
    12/01/2024, 04:11

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    55745c2c0e6655a72702e2282e9804e1.exe

  • Size

    1.9MB

  • MD5

    55745c2c0e6655a72702e2282e9804e1

  • SHA1

    f4639ad4aada1d8fbee586d94194f5f986979b10

  • SHA256

    e670b229ff2549024daaccdaca7a939257f09a9c30fe901a3ec6ead6afbe2b3f

  • SHA512

    8468d274b808e85b4738445e16a95735a96461d674606125c6f299e1239975f409ea2c2e7ac8f8b356c4e4f562caf7747ceb5cf1ff218fa7903deb1de5af67ec

  • SSDEEP

    24576:KTAd/yqMt+GyjAyKtmrUTejQg0jgRYOeNgGH15MhzM0nO4Cwtkrhoj5bbwCKaeQ:K5qMtfyKSae6WYiG3M5M0nCojaceQ

Score
7/10

Malware Config

Signatures

  • Loads dropped DLL 6 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Modifies Internet Explorer settings 1 TTPs 44 IoCs
    adwarespyware
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 53 IoCs
  • Suspicious use of WriteProcessMemory 8 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\55745c2c0e6655a72702e2282e9804e1.exe
    "C:\Users\Admin\AppData\Local\Temp\55745c2c0e6655a72702e2282e9804e1.exe"
    1⤵
    • Loads dropped DLL
    • Modifies Internet Explorer settings
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:756
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" http://www.soft778.cn/
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:2472
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2472 CREDAT:275457 /prefetch:2
        3⤵
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:2252

Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC
          Filesize

          914B

          MD5

          e4a68ac854ac5242460afd72481b2a44

          SHA1

          df3c24f9bfd666761b268073fe06d1cc8d4f82a4

          SHA256

          cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f

          SHA512

          5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
          Filesize

          65KB

          MD5

          ac05d27423a85adc1622c714f2cb6184

          SHA1

          b0fe2b1abddb97837ea0195be70ab2ff14d43198

          SHA256

          c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

          SHA512

          6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          304B

          MD5

          53579d962500d7a97927327bb7d72323

          SHA1

          940616ca2b93dd4ca0790002035edddb137065c4

          SHA256

          61b291d961eecc37b0e3592e8f385b4d25148475628dcd3c73344e3346fd31a6

          SHA512

          d57adaab28e118ee82cace7006f9991c646d5dfe0092cab0ecfb1350b965a0bfa3ae58e1133e5a8ffa7557a3be1204bb987e5bb80b993f2fb3a3ebc421b1a84c

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          304B

          MD5

          4a2ad9e48f0d5b57ed5c9cc2a10c0b0a

          SHA1

          189ea16defdc52b104549359b86a930c0b9e69c4

          SHA256

          18560efaaf428d8920624328a49f86ec5455dcc3091e15f3fb58e3b6847b916c

          SHA512

          745b5c03422b905f867a32636bb72462d24ee94c6115305743f67202e803b496a4487da982903ff368747a78f7038b98a3bc1ba980e0942c192d8ebc1bdc7cfc

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          304B

          MD5

          bf24a81c08c2839ad232bb3c782e2853

          SHA1

          8fc70805ecab94eb331524d3d40c6108da087010

          SHA256

          bdab25e9a7aef24bcb475867c1f07d9f7111a9dbcd0d1ff9cf64c81af2733154

          SHA512

          e039a60626127075a49982aed351923e172627423fe63d713a24a9e205be5b77dc07bf3e955aefd4495601c7002e9020616bb8b009ce4e2008ae88e4b69fce97

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          304B

          MD5

          13e6e87fab7a0106e353d0865e88e2de

          SHA1

          c71a9b376bf48ca3abee29e7898f9137f2ed1b5b

          SHA256

          bfe6b429e855d1497fe6d1a42b1f9c55ea2ff5bfa442516593352410eba73de1

          SHA512

          a20bcde45aa7795283fa9e58852a4c8f0483b0cf84ab9ba033fd535b70d797a5d6fdea66a4eb11c29c19fca1408ff5a0d5d95289a3eb7a367f390c8907a536e8

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          304B

          MD5

          cb9da8446a8e69be1cf0e569922e7d4b

          SHA1

          6e69d680386e06d7576f9474f33e442d01b1f862

          SHA256

          8b4b0c3e53c5bf594c13b344a08854ec89e106cdd04676e4738614636179b547

          SHA512

          8a27f05af327d8864065a557dfc2fda887e8a1973cbca4599d3f930aa666cd103ea8dd0cc5c3b0129f728d73dfe8144896bc32c82fc61c20b36e43bdcee3c1cc

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          304B

          MD5

          d542c18222933b041a008a9408583e5a

          SHA1

          62ddecb7f68d814816a98760c4abed3254fa2180

          SHA256

          91b703d66688d3d5da48f4f2ccbd73358b47ccc07361edf726d262e06c90ab8a

          SHA512

          606cdf8e62c5ac0c73715533400b76aa761153368169bdaca1dee77009f2b766e266506bc2f2941abe9b73580b089d3bc50bcd73162a26c502a3110b3e86668d

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          304B

          MD5

          815ef367883a50215b7cf6c1acc20de9

          SHA1

          3e1159fd3640227ef4a9a840f8618c936fd57951

          SHA256

          a78422bf05aa6e41663822c8d520adaba9063cc5d661476c70322a74f048f765

          SHA512

          565c2920cc92030db4c6ddd6de1ad4c212d5621e1b5a9bb485d54a89fdbc11c153201d5e7d67514e91458558b73f3e934b17b3311517624304ffb50404648878

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          304B

          MD5

          76ab477237c5d74eab47cb1009cd282a

          SHA1

          db933b24573c07afb3462c54f77f2c96fa96642f

          SHA256

          5157387818a713ca89bda22eca2f2a8a20416df12f9df8ec23cc877373e82180

          SHA512

          b70076b604571fddb20ce0469bbe374679446a0885225fdebb1afb5c8587994dd9e0c75b3cf010f7b0386ab784b14938a4ff88e356e8d26bb2cf7237f9ad0614

          Download Submit

        • C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JM7ABAI9\common[1].js
          Filesize

          1KB

          MD5

          53336b1dd0453bff8ad5356bb61bf0a1

          SHA1

          cd228ea49a16668578e35b38c0dff29130660436

          SHA256

          a7bbec4f8f475fa985b96415c2d14c8bbc36697bc9a79a5f2268da69c8d1c054

          SHA512

          dbaad8f59f5356c29c8bf416fe2a8ddc86511ea03ea353b5492d1ebaa3cd2fd2bf45ac343ca00b98882f66892753aaff3e0309d2adfa3d85bb8603dab52a5d7f

          Download Submit

        • C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JM7ABAI9\favicon[1].htm
          Filesize

          809B

          MD5

          e512d1b1b7749efd426af10750843c28

          SHA1

          cc6bcfbfd4df17d5c49c5197ddc977dcc703a684

          SHA256

          42fc25a0be2314136863217c451e6a4eaa562fbe742e4a34ed932b30aa00097d

          SHA512

          39eb8c5c6529831f5e39fa093eb5d426feb8f7b42fcad3642a88d02f48f2636bf2d91063245b91ddfb2cfef659909e4edaa840bd1a9edc5a59c23084bc294dc0

          Download Submit

        • C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XT9W3YKY\tj[1].js
          Filesize

          986B

          MD5

          39ba2f6d07162e930c02c9d2fecb9ea2

          SHA1

          3a731ba1f0b2c7a5afbc4a07b615fda18bb7318b

          SHA256

          e1a2f3cd51a09eb5bd882620664997d87359cf0e917aaf343d6e3f1dfc03679f

          SHA512

          f5cd1ed25e9086de823fd2aeb9be1f2d2e520e749e6cd40b6e7e735fb376afc07ee890afea87d3c535aa151a835303b9e986db613301ee10f68959410172caae

          Download Submit

        • \Users\Admin\AppData\Local\Temp\E_4\eAPI.fne
          Filesize

          32KB

          MD5

          cfaab61b294486ef64fe45424283b1fb

          SHA1

          aa183a9d10f1002da32c62d55e580a44a6445044

          SHA256

          a4ad600e4891974a8953d8834984b6324b3b7eee9c53dc2d62d698850dbfc39b

          SHA512

          21f3d4c20d0c7fd7e55e5096f9223cb758d8605706caf1e25d3b58671e74f57a4de22198a69efcb6edb42d6591c6d0bfaefa324824f262eefdd27ea688c057b0

          Download Submit

        • memory/756-0-0x0000000000400000-0x0000000000436000-memory.dmp

          Filesize

          216KB

          Download

        • memory/756-48-0x0000000006EC0000-0x0000000006F21000-memory.dmp

          Filesize

          388KB

          Download

        • memory/756-53-0x0000000000400000-0x0000000000436000-memory.dmp

          Filesize

          216KB

          Download

        • memory/756-23-0x0000000001DF0000-0x0000000001DFC000-memory.dmp

          Filesize

          48KB

          Download

        • memory/756-26-0x0000000003EA0000-0x0000000003EDF000-memory.dmp

          Filesize

          252KB

          Download

        • memory/756-19-0x0000000000880000-0x00000000008BB000-memory.dmp

          Filesize

          236KB

          Download

        • memory/756-15-0x0000000000290000-0x00000000002D3000-memory.dmp

          Filesize

          268KB

          Download