Analysis

  • max time kernel
    142s
  • max time network
    143s
  • platform
    windows7_x64
  • resource
    win7-20231215-en
  • resource tags

    arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
  • submitted
    14-01-2024 10:03

General

  • Target

    5af37af053c07978cfa6019f0e8ff3e0.exe

  • Size

    882KB

  • MD5

    5af37af053c07978cfa6019f0e8ff3e0

  • SHA1

    60d90000472be16f90458656ca4c6f6d66c65328

  • SHA256

    212131343d90a37bcd95674c3acf914f36a6816c7d6b964087b6b5b9c3ad615c

  • SHA512

    a4c30ce1b5b4ce0e2d62f4d43bd2244d4be10dae04729022ab59dc65283660078a34d9d8c08eb961cd50af1ab7af0fe4857c37bbe88de6a56b98c2e6ac2304ef

  • SSDEEP

    24576:qWqMqYV0bVZFSq+RJqwPHEPw7isSnP+eUJLGbXUY8DgsO/:qWj0BZFSq+imEPw7isSLUFGbSgsO/

Malware Config

Signatures

  • UPX packed file 3 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

  • Writes to the Master Boot Record (MBR) 1 TTPs 1 IoCs

    Bootkits write to the MBR to gain persistence at a level below the operating system.

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Modifies Internet Explorer settings 1 TTPs 36 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 7 IoCs
  • Suspicious use of WriteProcessMemory 8 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\5af37af053c07978cfa6019f0e8ff3e0.exe
    "C:\Users\Admin\AppData\Local\Temp\5af37af053c07978cfa6019f0e8ff3e0.exe"
    1⤵
    • Writes to the Master Boot Record (MBR)
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:2400
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" http://www.kakasoft.com/lock/howtouse.htm
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:2676
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2676 CREDAT:275457 /prefetch:2
        3⤵
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:2780

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC

    Filesize

    914B

    MD5

    e4a68ac854ac5242460afd72481b2a44

    SHA1

    df3c24f9bfd666761b268073fe06d1cc8d4f82a4

    SHA256

    cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f

    SHA512

    5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357

    Filesize

    1KB

    MD5

    a266bb7dcc38a562631361bbf61dd11b

    SHA1

    3b1efd3a66ea28b16697394703a72ca340a05bd5

    SHA256

    df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e

    SHA512

    0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC

    Filesize

    252B

    MD5

    cfd592da91fa6c10cfae428fa477f395

    SHA1

    bc0c428455c404e35b6e04d3f69cdd10f5cf022a

    SHA256

    c1c728730774fdc7b675b319d2dd877082742d7575c72bf2036cad71c2454fea

    SHA512

    7bc5ca6eaec3a227a412ffae856de014487821aa24513ab96e5a217a125811bfca768e60d1401cd3aafe7ed7a2d06d0f785d0a18fa69928e7d274b9494366ab5

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    2957776b4fb4f7b88fc9ebf5d50f368a

    SHA1

    added795f5f84898872f9c0de488b260409a020b

    SHA256

    aad8dea5fb8d464525d954798ea5fd9bfb7b6eac7e495cebfd9e3d485daf6fd7

    SHA512

    544ca8c70ebfbacf34b01e9b4905907157d84e9881c9bf8764a8787a01835c61a650e588b3934efeed1efef0d48ae81b3f41c3e3365f99b1e1305d02d1392930

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    697b03c939571cff3123d58a66b46975

    SHA1

    2ea58b2240b660cfd9ecb29fc5a005b737bea06e

    SHA256

    afff079cdf97b186fb3af82b8f6de69df221d6200edea128791cec21a7d1513d

    SHA512

    c78a6dbd38c1bccfa983339eb76feeabc4e9047ed8509766bd0ecdebed377649aaed0934492f4d69190bcb5454a6da07b8269d68db57bb1030cf8ba152aa86ff

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    e16f491f72b65a234b7876e332c7dd37

    SHA1

    576d26e3621dddf6a012de2aa6892257cb2c406f

    SHA256

    e175277696c59093e5e3e71d08d7dccbbf83c67e1241f910a473100cf78e4a8e

    SHA512

    7918250430afb5d79389a1153c2e66448432e7ee105ea4b5e0d1d70edce9a6d23bdfb0bc140e15921c2a1fb4f49d5a4f4cc8838f07075849cea9dd271820cad1

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    2fd28682b6f9d395e1b80b13a061be8d

    SHA1

    73f3702429e7ba33fbc86e1b0af37b503224920a

    SHA256

    d99d4b714dae46c276b67ecc8f702c98ebfbcfaa2960c4b7f1a260dc78e0b2f2

    SHA512

    ba3c16c0ad9621612e306f3239337fd1ba68e45548a922d482891a613a2bc685f6ae01493e1fb9e7eb9b0a1d03e221fc34a9cc791aadeb46b23040a694d85c92

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    35f2d6b309d31405701c5a314fdb180f

    SHA1

    1b64272cdf915d36e2f83bf62baf3a2ae2d8577b

    SHA256

    5fb6ef5a98cae76a5e6bb2c43d6da6076796013d157e05d6c56593d93eaf77d8

    SHA512

    c64e362dbd293fd1223faac7b6032de3878067da70f97cfa36b741ed50e1d99aaefb456494beb083f785c7096b4f3551bad3cc0dc570ba653f95b5b73f8cea70

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    47ee6159d67ac56235868f455825b080

    SHA1

    d203ba157a2d08e730017fd5dc9baa0e18e2d5e1

    SHA256

    ae39c4159504642e0a29c75408d27de13dda6bec082c1044d1d2783f72cbe06f

    SHA512

    4b742b1ebab796f29f8d45b34b8917a8e74498f4c02a7952bd98a86f5dbe6b260008de8f3094ed1db86081ad482cacd6490d5e65b25f5c6139826aa86fd4a13d

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    8e351438abcc9f2c886babc56b767e1b

    SHA1

    12037b7ca99fab78bd98fa32d53a23a32ea41d8f

    SHA256

    21f6684d5a095fb312a89cd992e6aa19adb46351b1fad0bc5fb3b1de9fcf949e

    SHA512

    846e94b4511e1b7f6b9f833fd9487e6d3974a79b0ea51b6267633c5df0b47f300c8928192d669ae05f854c5e7e2df3f49acb606be28b6bc36dd3a8616e9fc936

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    d94788b6e7963fc3150937ffdfb7759d

    SHA1

    c74cac78a2fcbda952ddd9b9b89ef6a2e018625a

    SHA256

    b239f5d883dd7a89b5b2c98816f7b0a05e2bb24cfd52c1c960dba8c9d882a9c0

    SHA512

    9a5d40425ef1c6cf8dd858434295ea437d893e7562b9d1656220656bf12616b2758bd5c2939456827eb6ebbf904f62b1894912721e302f86b9c69c3e1890d52f

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    ec96e5ae8eabcb6bb40f5e7f3a1f50b9

    SHA1

    e2c9e6f8c2fd06c05cd7bc028fd6975c659187b8

    SHA256

    51050306b5c180b1274ef7ca9e6e28b47cae26f48d4f27f1e927d04b515e7580

    SHA512

    7eca137714d64c80d31038f29b395b4106c303e7064544dd5acf728a63ab09e1d2b1906a1a3999a264fa48696b57d7f75d5ed6896eacd05f6cdc644a9a37e2d4

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    796814ae1c8d69af9b50930522a14d9e

    SHA1

    3876c2875270f1197dd76556c9bd7b2aa19877f5

    SHA256

    c54be8657cbfbdd277fb4a6fc3b40bf14787ed653fb1d137bb522e3b6459a4a5

    SHA512

    6098dc365fcbc7e565c8f9847085e5b86315febdb12e2454422c5f73b2a443ff655291e0bf562245a5c8b19ea16e37e4fc34049048f337a5ce297e574479babf

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    d07d19eb6169419653abbd55ead508a2

    SHA1

    3c85f191333c951be4591e1a607880e0e18c0bcb

    SHA256

    69a266185e35e9af3ed345dc864d8aa3b4416d26348926052f3e3bbbc4820fab

    SHA512

    e9adf7d9349cb6f74fb8d6573e220d3c9cd1ccc89fe522b0772ea5082e9bd02dd5261742bf70f194212cbfd2a20fa07dbb651f2f51bb55d6f2f78d1bee5881d1

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    326abaf93841c39b52ec06bd83a98787

    SHA1

    5a9ef30ee03d81ce373d650f4899530d7e949042

    SHA256

    38685d69f87dc02c92a8014928e3dd4de7283643cc6c21b48323e06a553c44f4

    SHA512

    b6c92dbb135cf861aa0414d8ba6286f0c5b516dfba71fd66cb4263efed3df609ff5188a28fdf9a58ddfa17b49d47013a520847b63f184aa852c0c02670eaecf6

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    3aa455d8c406eb75c2cc7fd190b8e463

    SHA1

    eb6f011a89a6f473cdd58e360f75730e514b9ac1

    SHA256

    1e5715ee23d9fc32b68eba1434f42d817f5e17a4b1bba1216afe1bbfc5ff5cec

    SHA512

    195dab49ead56aeff3f45148da9517a0ba037ba7cd54eb3bf3ec00f435b7b35fcc13cb06b18d4461134ffa6b2bf62efd69adefd5f7d969b453e462d1e566461f

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    2b18033dd86dacc4a8aa60b152a00fea

    SHA1

    f6179009ff8b087a94dbd21bb1778aad322311c6

    SHA256

    57c0e7c681197e7dd05358adea5b7bfed2fcfd97a640125b218ea8fdc0901fbb

    SHA512

    b2930390e17fbcd220f4642b0e9bf421f3aef382710cd183c18ce2f7f06b66e635d927f760d7dd61b72d4d53a25ae6ca9a65bc97998a1fd679bfb09db251d2da

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    a77b8215bfba69c16bbcf8efb7aa9dba

    SHA1

    b45dbc87d4e6c4c343e8889b04367bf5bc0ddd17

    SHA256

    9948702cf994b705b10c8c5e2322301b5f06ba90210bff375f4724f72be035a0

    SHA512

    69576ccfc487ab4d2145959c6e38fdd8ecaef0ac86190506e1cb52a381e5ef7939d2b119e931f5d842d5aac896ed8a22db891f28f996944e8a3d96811ccc6c3a

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    e27c6476d68c17c31d084e1d6eb5c08a

    SHA1

    0d01454e879142d6a6dac1a87a65aebac6abc655

    SHA256

    39dea1556b9e7612130bab51d718b5938eb3b345bfbfd92b4bfc910b1bb37602

    SHA512

    5a56b7ae9a02acb580a2c79c2f9dbcd340beb48753329930393804e32c082e58b36c88638b60b5f3040d238e075247aa2ed4b969daca221c507e36f8ec59e7b3

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    6c146ac5fa0c8ac7ef5c4e956bfe84d6

    SHA1

    e7e46e9c66396a8348f3a09782a6ea1023277b6c

    SHA256

    dcb04e9fc160bb0f5ee1d7347aed0f68c2b4a15e38464a7040d99550e89d6a45

    SHA512

    4b905291720d8d3b0a696706cf1fa2ea7a3d9acc24adad84f3bc590dc36d4df31fbe6b292eefa6328b03ee9cb521aab1423a61038eedd24877126139f68849a6

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    b21a250218c84efa9468a1573d809637

    SHA1

    cc2f45f4d4d04eb1bd143a5b7118eed8d499049e

    SHA256

    7c75a3fa86844f6903f48c5ef4c1e78b1be231301189060563cd2c2e80633782

    SHA512

    f0d42456089fa3fe373965fce9b7f8e23f73382c5a96e5f700a515f01977d72e9f63a4c736df08c168cf662f17a7bf4cc85dc4566c34a8bd14398be6cf4caee6

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357

    Filesize

    242B

    MD5

    a71d585ddc3e80d55babf003c0f90367

    SHA1

    ef8762e48d0ac950ff9119b4822aa456f067b090

    SHA256

    871fae5f3e816121b0ce1360e699aefac817361db251340392783890ef0ace9c

    SHA512

    6c2a65ca03405f9988595615d8894e3fc6f9d8a8a23b81254329b16c153021a52e0e51370333f6e2708853332fad93d70dfc71a82711225c44d873a35156e596

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357

    Filesize

    242B

    MD5

    60f4a9d3ddcf34ba78f6d9955fd69ea8

    SHA1

    aca7519750a0dd3634771c371ecc43e37e89e1b6

    SHA256

    d4c0d645796c872dc28bab2d51f5f79d4d26367b940ac8b0f3251cc87cf9995b

    SHA512

    e446b9d2e1fb1740ea2c264d47bb9c3c82b9847cfb4ca97d62d9405e2c22784eb51def5eb6b4e656f91fa357472a195853148b7ceb48d7d2c5b2094dcf0dd3d4

  • C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\imagestore\b5orqwt\imagestore.dat

    Filesize

    4KB

    MD5

    7637e72c90c0e79e074e9521221e0d97

    SHA1

    e8211213caa2c56152a7896ba9d761dade3868a2

    SHA256

    888e62085532c5ea3313df4497d2117766a0f0ee10c28cab825af9059511afad

    SHA512

    a29c73b4a9025db9ccb018c0c913d2e615f95809e033ac8de4fe96d7796c86bbf924050e1c9add1abe661b0cbb8bf89d001e74ed4afb74e987c633ee27390be2

  • C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6IJYZ6B5\logoico1[1].png

    Filesize

    4KB

    MD5

    35f8714f5dfdb1c53aa34b881172520a

    SHA1

    c31f0648a0f7d7a1d65696076c07dc77521028e9

    SHA256

    29bf0203fac6cc030a59505595bdf0d7abd4bfb10cbe333c521927e38b3999fd

    SHA512

    c618b0c96f19e39ccf6b1df9202f6eaf7097cb190dba12ebe1e8463838053be400c8c12825ff2983aaddea60940314e95e433ed22a79cdc2494aa1c1054bebf9

  • C:\Users\Admin\AppData\Local\Temp\Cab4EDD.tmp

    Filesize

    65KB

    MD5

    ac05d27423a85adc1622c714f2cb6184

    SHA1

    b0fe2b1abddb97837ea0195be70ab2ff14d43198

    SHA256

    c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

    SHA512

    6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

  • C:\Users\Admin\AppData\Local\Temp\Tar4F7C.tmp

    Filesize

    171KB

    MD5

    9c0c641c06238516f27941aa1166d427

    SHA1

    64cd549fb8cf014fcd9312aa7a5b023847b6c977

    SHA256

    4276af3669a141a59388bc56a87f6614d9a9bdddf560636c264219a7eb11256f

    SHA512

    936ed0c0b0a7ff8e606b1cc4175a1f9b3699748ccbba1c3aff96203033d2e9edabf090e5148370df42fbfc4e31d7229493706ff24f19ff42ff7bef74a6baad06

  • memory/2400-0-0x0000000000400000-0x00000000006DF000-memory.dmp

    Filesize

    2.9MB

  • memory/2400-633-0x0000000000230000-0x0000000000231000-memory.dmp

    Filesize

    4KB

  • memory/2400-1236-0x0000000000400000-0x00000000006DF000-memory.dmp

    Filesize

    2.9MB

  • memory/2400-3-0x0000000000400000-0x00000000006DF000-memory.dmp

    Filesize

    2.9MB

  • memory/2400-1-0x0000000000230000-0x0000000000231000-memory.dmp

    Filesize

    4KB