Overview

overview

3

Static

static

3

56462c26c3...5d.exe

windows7-x64

1

56462c26c3...5d.exe

windows10-2004-x64

1

Analysis

  • max time kernel
    150s
  • max time network
    138s
  • platform
    windows7_x64
  • resource
    win7-20231215-en
  • resource tags

    arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
  • submitted
    12/01/2024, 11:01

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    56462c26c37385d9919e66bf35f1a45d.exe

  • Size

    36KB

  • MD5

    56462c26c37385d9919e66bf35f1a45d

  • SHA1

    e99c2bfa9537d675cb36e0c312e4bb2f382bff23

  • SHA256

    548fdc081d187dcdf96da31937c6c1e0971507a4d53b36afa1707bd3f2b6d96f

  • SHA512

    69cf49a67b9f9339738fe0805be72cec7df1500bd5a149ba074ddd6c40c559b1e4ce3163fbc2e17acc7ff19301990100320f7a8fa2d853361e173b0ed5af3e16

  • SSDEEP

    768:/tW6x9t3nNRZZHdSQhnqaD8nWQE5+XHP/mRFju0Ek:/tpx99MQhnTDGWm/mR5ek

Score
1/10

Malware Config

Signatures

  • Modifies Internet Explorer settings 1 TTPs 58 IoCs
    adwarespyware
  • Suspicious use of FindShellTrayWindow 2 IoCs
  • Suspicious use of SetWindowsHookEx 11 IoCs
  • Suspicious use of WriteProcessMemory 16 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\56462c26c37385d9919e66bf35f1a45d.exe
    "C:\Users\Admin\AppData\Local\Temp\56462c26c37385d9919e66bf35f1a45d.exe"
    1⤵
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:108
    • C:\Program Files\Internet Explorer\IEXPLORE.exe
      "C:\Program Files\Internet Explorer\IEXPLORE.exe" http://dl.kanlink.cn:1287/CPAdown/vplay.php
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:2128
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2128 CREDAT:275457 /prefetch:2
        3⤵
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:2980
    • C:\Program Files\Internet Explorer\IEXPLORE.exe
      "C:\Program Files\Internet Explorer\IEXPLORE.exe" http://dl.kanlink.cn:1287/CPAdown/PPTV(pplive)_forxuyan_0977.html
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:2852
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2852 CREDAT:275457 /prefetch:2
        3⤵
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:2884

Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          344B

          MD5

          e252bb3205994a80b69ba97f950a4917

          SHA1

          6c35ba3f0ffb4a40de372a6129ead44a933b91d8

          SHA256

          05f83dfcdeda4c99d1ab41457c50a52643887e9affb214ef71517b8dfaa6d949

          SHA512

          3ca4532a540cdb4a872d9cce2b4e688094d8f6e24947bd98aec77c723a22d22b3209558b4d81f4511db116f96466947321166999be88ac45602bf1675cbe8da5

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          344B

          MD5

          2c35ac4c0b253110e8a1025c8da1e118

          SHA1

          90303fb71d34041f7e832fd96dc9da273d354f17

          SHA256

          df9c1ad2f5009dc0e6d5d4186de25272f868b9a9aa7037e7b40e74425c648c59

          SHA512

          58d13a05f75a9008b2af3492f1a998708991ba96c4c7d643ff39d6fe349f679bdee01e3203f2ab10b891db86333c11dfb6036ec1a580ebabc3f43880f2b00a41

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          344B

          MD5

          d053bc2f9c95fe01ac02c3a8caa53810

          SHA1

          706537cca6cc4c0df99c9087cb05c09e2a575951

          SHA256

          2c1742d138229de7284060ab4729fc34b2b588de3fa3ae8c52c24b87b7b748b2

          SHA512

          430f244aa304b7230a5c0036e2c2c735e3d77c997d445e10b138058e59f9bc66a1977b50104f417f622a32db1a32161fbaac69c10fbcc89f05a7b416bebd74a2

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          344B

          MD5

          e069339597a9ffe4ecfc52aec5a3a8f9

          SHA1

          fd4aa4076d494d318d123b820f11cd830c8c9aa1

          SHA256

          bb9a50e10c55b54075d6b48ce9a654f629d0f25f42a440460fe4e8001f718eca

          SHA512

          be04b7e19446c982d5820f804b8c789ca1a9fd64a8b64f66b2e1e6f3ebac621d0079177eee845b1e50b47637e1be77e32ae89649f1d6b43f2748ddc939273e10

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          344B

          MD5

          b992063fa227af1a03b581d2da8c82dc

          SHA1

          a860672ad4ee293813a553321f15be99513f487a

          SHA256

          d4134d592473043dc23136d5c24ea97cc1e9a4a8a59f379c60d872007df764ec

          SHA512

          23216928b35525ee14d1c0a605b89a3d3c09729660efcb248945e72995de729e25790d3605448ef2e14750257f84b72aaf7d442e068bf2a50c169fb681a5ccc3

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          344B

          MD5

          85b6ac7d3a35ab677689dd7500845e8e

          SHA1

          fbae5253ea464af47a1550dc50b9ba99459fca04

          SHA256

          c91413648ad2316e987d96168d3e2eb3366108bd18129ed8539208364e9357a7

          SHA512

          91cd02664540a8f422e2cb8a3f9a772c007ce71cd34919441aefd80b84e23ea9b8e8aa976da7038ca13feca48ade1272fdefe60a378a1035e45dbde8f725c62e

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          344B

          MD5

          b8f8615133060104f7df9f1a3024c6f2

          SHA1

          925b66072630cfd3d5c77ac51277da6b6c673666

          SHA256

          7a04252c7743357f198993cc57e1b52856d50eed176d25269c738d0a6e4e68b1

          SHA512

          7be81bff5079b1614958ed62a015e639fba3b8af521902c93a941f9fdf175e16373276d5950751584789882fd696eccefe8c05cc821efa258eb6a31d09b779f1

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          344B

          MD5

          77f2988bc10a14e1c025100c0141e0e0

          SHA1

          8d081c00956131bd0dbd0d310121a885e335a12a

          SHA256

          59fe28c2e0a10d6a7339603fdf90664db09d2a2fb6d6aeca0eea25b05f88dce2

          SHA512

          bafd00fe1a0a9f7eebb248f370d419242d000613504b9a92b0e9b5b13f65b1bc76ed1375ae278d552b66a463e3b5755fbc4bfd9a0cfb5fc5a52e9a12d7dcdda2

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          344B

          MD5

          ace6f534035bd95cf18b0d2869db301a

          SHA1

          be37d02e697c885af78497a817aad4645def1690

          SHA256

          53c2f5165f3b4bc8415e92ea324ddd7474fe4ee052ef00f65d52104b73ee1818

          SHA512

          38d69dc2114dc48d70a05036faace0d86e4969a69db7797d88875708985a8dd4f6a94234d08eec8f6cb80ead8c3bd2e53e66a9b6ff8b3ef060b58037c85f153a

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          344B

          MD5

          d6b248d90ab92a2ce5b775e803de7148

          SHA1

          8e68a4004c3131fe7b006f004e510918078ea786

          SHA256

          e16b6e05fe2622007ec82922e34319461882ac0376b27b5fcaffc546113add2d

          SHA512

          f730adc9e2bac108d8f0a530ea390ab6a14563d152dbfa937091fae0f5457c59f2e93052469a4f26d0494e0be9e4c65e0e1857186adafd5c55859ffdec022682

          Download Submit

        • C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{F00EC4C1-B139-11EE-9BD1-F2B23B8A8DD7}.dat
          Filesize

          5KB

          MD5

          bb1d2c3ecf74f63a98ab5d9eb8a55cad

          SHA1

          a70abfab7597178eb1f650496ffd241b62213cbd

          SHA256

          e0ef136810a727e122c70ab858b107d48205887ff5974fa58f16ce060ada3ee8

          SHA512

          6222ce199f3e9a701f9042805f84e8ace88f8e70fbf3c3e0a42b6abd8bc9cf927e38a02b27ef0f3e5b5d83c70563f8ad5b7da6cad563ecccf297a23a454775e4

          Download Submit

        • C:\Users\Admin\AppData\Local\Temp\Cab6D65.tmp
          Filesize

          65KB

          MD5

          ac05d27423a85adc1622c714f2cb6184

          SHA1

          b0fe2b1abddb97837ea0195be70ab2ff14d43198

          SHA256

          c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

          SHA512

          6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

          Download Submit

        • C:\Users\Admin\AppData\Local\Temp\Tar6E34.tmp
          Filesize

          171KB

          MD5

          9c0c641c06238516f27941aa1166d427

          SHA1

          64cd549fb8cf014fcd9312aa7a5b023847b6c977

          SHA256

          4276af3669a141a59388bc56a87f6614d9a9bdddf560636c264219a7eb11256f

          SHA512

          936ed0c0b0a7ff8e606b1cc4175a1f9b3699748ccbba1c3aff96203033d2e9edabf090e5148370df42fbfc4e31d7229493706ff24f19ff42ff7bef74a6baad06

          Download Submit