Overview

overview

8

Static

static

7

644afc029b...70.dll

windows7-x64

8

644afc029b...70.dll

windows10-2004-x64

7

Analysis

  • max time kernel
    150s
  • max time network
    135s
  • platform
    windows7_x64
  • resource
    win7-20231215-en
  • resource tags

    arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
  • submitted
    18-01-2024 02:57

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    644afc029b04160bbb3a998595c2b970.dll

  • Size

    199KB

  • MD5

    644afc029b04160bbb3a998595c2b970

  • SHA1

    a3d53a4ae75304118ec44d379a3a5e7896c0e2a4

  • SHA256

    1f605cae44fca207e2f3192b28a3545d64b9541cb22a8d376284e45d8a42f324

  • SHA512

    0cc791022bd42ed9322e6af48a99a40295c2ee6160c5b93f1f9a07f591977c6af856a516f7e041d2da5fa97c8351fc79fab3eb03e9c3dde63410e7f1b2551010

  • SSDEEP

    3072:KRBKSEX6vbnHbZRN6O0y6T/dd0Xukd8zIsXUp7KKwgdDRhPAJ+h4RsJxKPpAiYM:oKtqvbnHbZRALguk8I7KOf8RsqxA

Score
8/10
evasionupx

Malware Config

Signatures

  • Disables Task Manager via registry modification
    evasion
  • UPX packed file 3 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Modifies Internet Explorer Protected Mode 1 TTPs 15 IoCs
  • Modifies Internet Explorer Protected Mode Banner 1 TTPs 3 IoCs
  • Modifies Internet Explorer settings 1 TTPs 40 IoCs
    adwarespyware
  • Modifies registry class 5 IoCs
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of FindShellTrayWindow 13 IoCs
  • Suspicious use of SetWindowsHookEx 4 IoCs
  • Suspicious use of WriteProcessMemory 29 IoCs

Processes

  • C:\Windows\system32\rundll32.exe
    rundll32.exe C:\Users\Admin\AppData\Local\Temp\644afc029b04160bbb3a998595c2b970.dll,#1
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:1436
    • C:\Windows\SysWOW64\rundll32.exe
      rundll32.exe C:\Users\Admin\AppData\Local\Temp\644afc029b04160bbb3a998595c2b970.dll,#1
      2⤵
      • Modifies Internet Explorer Protected Mode
      • Modifies Internet Explorer Protected Mode Banner
      • Modifies Internet Explorer settings
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of WriteProcessMemory
      PID:1740
      • C:\Windows\SysWOW64\explorer.exe
        explorer.exe
        3⤵
          PID:2676
        • C:\Windows\SysWOW64\notepad.exe
          notepad.exe
          3⤵
          • Modifies Internet Explorer Protected Mode
          • Modifies Internet Explorer Protected Mode Banner
          • Modifies Internet Explorer settings
          • Suspicious behavior: EnumeratesProcesses
          PID:2396
        • C:\Windows\SysWOW64\notepad.exe
          notepad.exe
          3⤵
          • Modifies Internet Explorer Protected Mode
          • Modifies Internet Explorer Protected Mode Banner
          • Modifies Internet Explorer settings
          • Suspicious behavior: EnumeratesProcesses
          PID:2568
    • C:\Windows\explorer.exe
      C:\Windows\explorer.exe /factory,{682159d9-c321-47ca-b3f1-30e36b2ec8b9} -Embedding
      1⤵
      • Modifies Internet Explorer settings
      • Modifies registry class
      • Suspicious use of WriteProcessMemory
      PID:2800
      • C:\Windows\system32\ctfmon.exe
        ctfmon.exe
        2⤵
        • Suspicious use of FindShellTrayWindow
        PID:2804
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" -Embedding
      1⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:2632
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2632 CREDAT:275457 /prefetch:2
        2⤵
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:2748

    Network

    MITRE ATT&CK Matrix ATT&CK v13

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      8ba52dd4da496d7ab839b60298af1735

      SHA1

      0b698a91b830d48be414089724736fcf69807bc4

      SHA256

      df47fde0efe1ca6765c938b938f1a9a0d6b34fd40295e833ea16bd2eb3b9dddd

      SHA512

      dffb1de4edb83c87d18432da188db1d1b4303e205086319895bc7421f3ccf2e8b14481e5b474458d8a72acf84c6d6bc21416335da2c29456e59a57ade5d8b409

      Download Submit
    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      36d5052e2990916014126c18ea938ab4

      SHA1

      bc8443f2d58041d0740308ce7bf10add4e62f371

      SHA256

      f6226e2f6689d131886ed2090de6733cec55b7c5748cc0b9a516da0b6bf157d7

      SHA512

      859b6929093e4a6a1a7e99a5f3885a13ddfd459c54ea89bed9d7fa290e243e2ac2cb38ede65f705b6f26f9dda11e46065fc83cb10d047782a36bf2fd2de9bf27

      Download Submit
    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      2fe70305f0bd7ddb6c1dfbfb0d4b74f7

      SHA1

      b29517b5a4a6a3e4072798295ca3a8d2b3afc24f

      SHA256

      ff37a8d4a3162fe603dcd559d8bb959d6951471cbd7fadb88d0e13bfd764d903

      SHA512

      4ee58bfa5c2f8fd2c80d2524290246b7ac990fe10d1559e9469a416a4706429c6c335cb0adc11fc16209bcd736820792faa32e22d5e26758097b76bf993dad24

      Download Submit
    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      dcd2be179ef48357ca72c3bd5814e6e5

      SHA1

      1be5bed1e6214e8bf3774b30fc6a003ac76e6e0c

      SHA256

      1218eee9e6d396c2e34f14506153c3f37cf0cf908daf0e4815314c6bab40af98

      SHA512

      ff62581dbdfe7ad55e3e5f3739c34c56bcaa5b4dd09336bd309cbdcc5f883f30f1e25e57ab308a847fa7a69cbf720a03c661c9643b516e6949e573cee74f0da3

      Download Submit
    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      7b85f6bf7bc4fe9c74293be6fedd202b

      SHA1

      0bcb29eb82d30da1d5e681d8cdaef49938cb3ac7

      SHA256

      c3c8c889519c0e211e492016644e32386329869417dc41459aa0a16d3eb64ed2

      SHA512

      d602d59d4993eab8fe14118dfdd584eb4507295f954673a4d2a2c55f6f79f858add9748fe38d09d6a1135800a0bb5a3d7b183adb6a84e014649b7b483367ee55

      Download Submit
    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      f7163b55d31ef3fdc6464c64cf2db37e

      SHA1

      e12cb8329bd36522bc6822d938785948ad6d00f5

      SHA256

      237517909454dfa04fd4663c907f23bb5f50e7580e1b2bad5242896bd359035a

      SHA512

      6da771524968ad7e69a695ea304a08935c62a3c1c577f1baa3103df2dbec5fa609febeb6f7a6b4af8e9f6e041b128034318010d16a613ed4da6edf7ba87f5669

      Download Submit
    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      5687e36f207821b12eb511ca22425cd6

      SHA1

      087e1fddfbe773653dc92094501c53ed8f01da2a

      SHA256

      07b57d99e5e36db11ba964baba1dbcb9f80239db9f3568be767f9b04953e785e

      SHA512

      9743dad09faed51811b768983c1033efb7948a046ebf22152ff64e39fd5b6301c3b7c02214ddab2cb13eb55ba6de7794eebb3e4c9090ce8922ccbbe1edf9dbdf

      Download Submit
    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      869cd57d07f9a9a0b62f5cc59d2948e2

      SHA1

      d7bf4a66dea371dfe84b2f2cf979c4e9e86b803c

      SHA256

      3eb42c90d6404a5f216eef3bab87daf8cfe953e1870767eefdc778b52d622c43

      SHA512

      e7cccabd202125b65de2475a812bff2312bf40f5127b7df7065ffaa4960aa07483d2ea2abb67ace5facfa4d527d4d186768d9da72bd48edfd4c6dffd82619079

      Download Submit
    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      8b5f344f9502b948c6739adadc0cdf4a

      SHA1

      97dd71d100fb200e91eac8b0eb6ea2f4ef58f31d

      SHA256

      7a4bdc64c41540633322e1e8d6c8874a714beffc1b717b4a5b47e9af1824bc1f

      SHA512

      2cafab99965ae4e7500b6cec1ecdbc182a609e126216f6302933d430491593f4ab63ea55fdbdad1b87857565da6208bb5eb3ee008d687372236aa5c94081b891

      Download Submit
    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      59ce13f99840927fdee94cb05638b222

      SHA1

      8b611aa53ac5ea3b2514d7b1430bc012063e3d9e

      SHA256

      934e5722089e925a283a13ce4df0867ff9dafac9732c2ead961a2c6f874c9047

      SHA512

      61916442f6895669eccbe692cffda902533eb39c4dbf7d3f1694e090d2fd4a5c0c63e19d5c47981c6ff0efac57d0cd10aa93c25ab7bafbd2bd01e16a4a02a524

      Download Submit
    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      f6618abad887b27bcb6b676d41102c17

      SHA1

      35b063cac8ba8273f0c342a059682fd442c7a820

      SHA256

      e83d8cdc8e87ca038279b37f1d69ff2b430207be76d378493684507b77fcefc3

      SHA512

      baa587c2f47368ae9caa3f7c3ce08d2bedcd0eaeef10dad70cfb56b46a25f7b2c5a077b0d0694b284df910c666b0d1a88f63eb0a9ac3d3b0fc8c39e34eda757d

      Download Submit
    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      445c0371b5c8dfafbab455881070012f

      SHA1

      3bdbbf7ea1db95fd169d9d4ce4e169c307f6c1b4

      SHA256

      cda80b2ae51d0619fec03ed814c789d4b4ca4cbb6489660fda8fc19644ca3b1e

      SHA512

      ea33ee4ccbc94b4a8436d783f8ac2c39468f6f370c4330da86d749f570dd2517ff8fb352b745f7a4eaa7fc611e5c246a126e2e41dd336dcbd63ebbafe32c027a

      Download Submit
    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      ad1833a409417710dafa18d42c8d4042

      SHA1

      64a4ec6dfba29c12af606fb426e065735899124b

      SHA256

      bd76142e49e42c9a18e020a91be7aef571d3836e0e230d27313108d2432b8814

      SHA512

      0ce77f094a16a36a55eff9be37d3ca1e1f380e2852a93812bc3ee2cde650163d9558af79dea78ee016daafd8452b51d6b75499c8b4238e7ce4204a63e76e18f6

      Download Submit
    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      c1c2cd4b091510aeaecf538d8f70a8c6

      SHA1

      872ce46433eab5b053acf9ea9084d0356f781c4d

      SHA256

      09df3c9e3248723acc25b5534b1ed0deb0fc07796d9697da0e6d42f9ec9cbb89

      SHA512

      4b0b602ad0e4429d26fd0f6fc046bddde808688d0a402abffd431c3975b51f5e881d529bdd810f49acfa7e1c1f97d80469dc9eb69a2988b0a61452e152c2d70e

      Download Submit
    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      cffcf1458de93a0625094b4ccbebe7d0

      SHA1

      81cf23bed96ccdaa643462fb7790357a9cb32990

      SHA256

      f5687bbc42d94c33bbed085ed55322898e61c5bac841783e57738b91695583c0

      SHA512

      c049b27b45e790821eb1626179a6004b583369c63a71b24d0e4cbff9406f8c449e814813f732aaf40079a41d102064a807fdac4f22435d9ac3968836da568b08

      Download Submit
    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      6be1a5a31e309d3f47e850704c3dec43

      SHA1

      9624e680f1a558ad4280a4fa60959530c63180f8

      SHA256

      8b0e449f46c9122b90d394b8cbae41f792091a5f4c0c76fd04acf113247eacf9

      SHA512

      95f8cd6c0946feeb81096430c1add261aeb0c30554897899c75c9e40165b88203c123a06e0455ccdcb2d9a40b87723f58539943438d82ef03870ae43294396c5

      Download Submit
    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      bc04c08b2bc99921beed3358d74b3030

      SHA1

      df5842a871152bb615ab1ca16f874b494d4ba7bd

      SHA256

      69a92414a8d54bed9ed0fd1683d6eb8b89e9dd8dd453a321335c054ff87652ce

      SHA512

      4b3cfd4d0483bfd2be1b9ec19b17dcf28b3b94a7ced0d3bc55a471e809ff4128812fe346125e16796447e289571b221bd4e9a36c95ad13e1c6a14d290944ef29

      Download Submit
    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      a4bf13c1f9591e47707922396becca21

      SHA1

      bbf5d6e6bf718ab942cf74fe90092544ec434a97

      SHA256

      181102b11303f91c05cf463b8844ad62fd33cde964878df5a292a585b24505cc

      SHA512

      ab9f23eb74f86aa5165c368ccb9bdc63e4bc9997bb6df3d9071afefb359e04f92f01eecfb83c84f40e3ece73ddb24d0486861497536b03b5e08eadc6311bd97b

      Download Submit
    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      89bb696a8248c4144147fe635bdbfe03

      SHA1

      8b9833bb1f73fba40c17f135b1d51e29cada7f5b

      SHA256

      9651f561bf195769675e95c4a6d5248c84e3009f1a61845a3a6ee554311cf167

      SHA512

      d816f6f8747894fd0f10007aa80b3131386ba550950e83428e934cb59ce05ba0de8156441d36c3ba3fb35330d061d839b285643432dbdc580104e7cdbcf2602a

      Download Submit
    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      a15c94a947667532e7d54dc3509eef19

      SHA1

      3dd7415b58fcfc5042f7f6142e2dc2061950c5b5

      SHA256

      8a87f403f296140824901de8b4bfc8897c72f333b97f1abf1a2a7aee192c380b

      SHA512

      c39ddcbc2b7a6403be52edec7bdbf2ebe2142f6748a62221b9f42a623848933b995d2f0017ff61027339b611027bcd49805c82132fb8ac43215f066ee8ec2e23

      Download Submit
    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      4bb5f3e5eb7b8ad6bfd9fb4c1c93e791

      SHA1

      13cc7d3f7dcb63c547b74faecc601c2d8eed4f6e

      SHA256

      25485aedb4e77857414306f82b40c83c7985af6b13c26033f18444f11cb055fd

      SHA512

      7562e03994ce40f27d650fc86538055ec02278fb861591df78b9498ceedf6a8bca5730627e001241e2bfed4fbb17104b55dc6d2360ceb7483d85a16e2c2e7b04

      Download Submit
    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      2121ccc08eb578b933be5a896e509284

      SHA1

      cfa55d7e033843197beb104fb48785d69c3fd045

      SHA256

      b1013d7eba20b9c8e9b1b7b8c562fce82fea4f6a6fe70ffe575824817be6e98d

      SHA512

      8d82fddd7e2c0b0bb17e0cf5774a6c6b10e0ec92ddba26daf1ffe6b169c8734f275ee2eef5438eb9ca03aa43ed1353d583a084bd9fe00c0c77d7c5c2ee94c9e2

      Download Submit
    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      462363d527fc9ab9a67ca99ea22f3b02

      SHA1

      38ea56f906f9fa1da8cc441d968a3f250a86da1d

      SHA256

      a43a2a698daa7eab66741ca4ea451a96bb15aa26f70c072ba0351649c4c877d3

      SHA512

      723a3342c57d7340ef9a913d01aecede90b98c6b2c7cc543a471a249d6f0af6a9cc06961eb9176fc08c391facbcbc6090372bf54a48357d016e2cb6f546edd4a

      Download Submit
    • C:\Users\Admin\AppData\Local\Temp\CabCDE.tmp
      Filesize

      65KB

      MD5

      ac05d27423a85adc1622c714f2cb6184

      SHA1

      b0fe2b1abddb97837ea0195be70ab2ff14d43198

      SHA256

      c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

      SHA512

      6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

      Download Submit
    • C:\Users\Admin\AppData\Local\Temp\TarD7E.tmp
      Filesize

      171KB

      MD5

      9c0c641c06238516f27941aa1166d427

      SHA1

      64cd549fb8cf014fcd9312aa7a5b023847b6c977

      SHA256

      4276af3669a141a59388bc56a87f6614d9a9bdddf560636c264219a7eb11256f

      SHA512

      936ed0c0b0a7ff8e606b1cc4175a1f9b3699748ccbba1c3aff96203033d2e9edabf090e5148370df42fbfc4e31d7229493706ff24f19ff42ff7bef74a6baad06

      Download Submit
    • memory/1740-2-0x0000000000400000-0x0000000000455000-memory.dmp
      Filesize

      340KB

      Download
    • memory/1740-1-0x00000000000B0000-0x00000000000C4000-memory.dmp
      Filesize

      80KB

      Download
    • memory/1740-0-0x0000000000400000-0x0000000000455000-memory.dmp
      Filesize

      340KB

      Download
    • memory/2396-12-0x00000000001D0000-0x00000000001D2000-memory.dmp
      Filesize

      8KB

      Download
    • memory/2396-6-0x0000000000170000-0x0000000000171000-memory.dmp
      Filesize

      4KB

      Download
    • memory/2396-7-0x0000000000360000-0x00000000003B5000-memory.dmp
      Filesize

      340KB

      Download
    • memory/2396-8-0x0000000000360000-0x00000000003B5000-memory.dmp
      Filesize

      340KB

      Download
    • memory/2396-14-0x0000000000360000-0x00000000003B5000-memory.dmp
      Filesize

      340KB

      Download
    • memory/2568-11-0x00000000007A0000-0x00000000007F5000-memory.dmp
      Filesize

      340KB

      Download
    • memory/2568-13-0x00000000007A0000-0x00000000007F5000-memory.dmp
      Filesize

      340KB

      Download
    • memory/2568-15-0x00000000007A0000-0x00000000007F5000-memory.dmp
      Filesize

      340KB

      Download
    • memory/2800-4-0x00000000037B0000-0x00000000037B1000-memory.dmp
      Filesize

      4KB

      Download
    • memory/2800-5-0x00000000037C0000-0x00000000037D0000-memory.dmp
      Filesize

      64KB

      Download
    • memory/2800-16-0x00000000037B0000-0x00000000037B1000-memory.dmp
      Filesize

      4KB

      Download