Overview

overview

8

Static

static

7

6781197c92...9e.dll

windows7-x64

8

6781197c92...9e.dll

windows10-2004-x64

7

Analysis

  • max time kernel
    150s
  • max time network
    131s
  • platform
    windows7_x64
  • resource
    win7-20231129-en
  • resource tags

    arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
  • submitted
    19-01-2024 11:26

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    6781197c92bc19798b92411306f5d99e.dll

  • Size

    171KB

  • MD5

    6781197c92bc19798b92411306f5d99e

  • SHA1

    e2a944f8453137ea0e1a081c004ecf33b4fe9d5e

  • SHA256

    cfb568ffa756f889f2fef28e17c1fb9388603ccbae27ab3cdc491914d298e81e

  • SHA512

    86580a860e02ee6f56078200ccd9eb5f7613a3c8076f8272ded432a389ebdf31535a9e854eee019b7eeced4fdc1d5e77d4d217076b34d369ca6fbdaffc19f68a

  • SSDEEP

    3072:pXgNfqDLdhcCu5Q+Mc29SPSuQlTBPvOLkonVpoNABc4N1vhCsOGHboutA:pwkUc8KJlU4on3DyYCsroS

Score
8/10
evasionupx

Malware Config

Signatures

  • Disables Task Manager via registry modification
    evasion
  • UPX packed file 4 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Modifies Internet Explorer Protected Mode 1 TTPs 15 IoCs
  • Modifies Internet Explorer Protected Mode Banner 1 TTPs 3 IoCs
  • Modifies Internet Explorer settings 1 TTPs 42 IoCs
    adwarespyware
  • Modifies registry class 5 IoCs
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of FindShellTrayWindow 13 IoCs
  • Suspicious use of SetWindowsHookEx 4 IoCs
  • Suspicious use of WriteProcessMemory 29 IoCs

Processes

  • C:\Windows\system32\rundll32.exe
    rundll32.exe C:\Users\Admin\AppData\Local\Temp\6781197c92bc19798b92411306f5d99e.dll,#1
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2220
    • C:\Windows\SysWOW64\rundll32.exe
      rundll32.exe C:\Users\Admin\AppData\Local\Temp\6781197c92bc19798b92411306f5d99e.dll,#1
      2⤵
      • Modifies Internet Explorer Protected Mode
      • Modifies Internet Explorer Protected Mode Banner
      • Modifies Internet Explorer settings
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of WriteProcessMemory
      PID:1068
      • C:\Windows\SysWOW64\explorer.exe
        explorer.exe
        3⤵
          PID:2372
        • C:\Windows\SysWOW64\notepad.exe
          notepad.exe
          3⤵
          • Modifies Internet Explorer Protected Mode
          • Modifies Internet Explorer Protected Mode Banner
          • Modifies Internet Explorer settings
          • Suspicious behavior: EnumeratesProcesses
          PID:2988
        • C:\Windows\SysWOW64\notepad.exe
          notepad.exe
          3⤵
          • Modifies Internet Explorer Protected Mode
          • Modifies Internet Explorer Protected Mode Banner
          • Modifies Internet Explorer settings
          • Suspicious behavior: EnumeratesProcesses
          PID:2152
    • C:\Windows\explorer.exe
      C:\Windows\explorer.exe /factory,{682159d9-c321-47ca-b3f1-30e36b2ec8b9} -Embedding
      1⤵
      • Modifies Internet Explorer settings
      • Modifies registry class
      • Suspicious use of WriteProcessMemory
      PID:2544
      • C:\Windows\system32\ctfmon.exe
        ctfmon.exe
        2⤵
        • Suspicious use of FindShellTrayWindow
        PID:2124
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" -Embedding
      1⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:2836
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2836 CREDAT:275457 /prefetch:2
        2⤵
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:2288

    Network

    MITRE ATT&CK Matrix ATT&CK v13

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC
      Filesize

      914B

      MD5

      e4a68ac854ac5242460afd72481b2a44

      SHA1

      df3c24f9bfd666761b268073fe06d1cc8d4f82a4

      SHA256

      cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f

      SHA512

      5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5

      Download Submit
    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
      Filesize

      65KB

      MD5

      ac05d27423a85adc1622c714f2cb6184

      SHA1

      b0fe2b1abddb97837ea0195be70ab2ff14d43198

      SHA256

      c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

      SHA512

      6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

      Download Submit
    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357
      Filesize

      1KB

      MD5

      a266bb7dcc38a562631361bbf61dd11b

      SHA1

      3b1efd3a66ea28b16697394703a72ca340a05bd5

      SHA256

      df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e

      SHA512

      0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc

      Download Submit
    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC
      Filesize

      252B

      MD5

      805e5f891e33f04e1d78ea65be82a346

      SHA1

      506b2cc0d0d02970c3f1e149db13b5df3352ff73

      SHA256

      316e8d172b2268464ec35c2ac0961d4371c1ccee3a6eda5f6e241726ccc525ab

      SHA512

      cc85ebda213f0c343f8a0d440ba62bdbfcf0cd9475fe678fe4a97520c116a3d9293a4e03fe5e2fb2adcca0d0381608adc2edc229f95a1a47c0d68509398afc99

      Download Submit
    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      e878335bd671f49d2aade55dc2c04543

      SHA1

      53e16803e0f5a675836461707aa3d1c14be5afba

      SHA256

      ce4f23b6d8995611b39df196ca4c59585c35b067ca9bef8aa84fab1dca3cedaf

      SHA512

      c18836c9d4e4713a873db06a1c6abc289b5e902c57c3ceba13565ac2191212a7e223a9d6d272ca6c56e0b19bbd6bcd79123521f7fb00622c38acae7997f196d8

      Download Submit
    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      aa28e87e7378ef5e5864c44a6af50f79

      SHA1

      5e9962458283c46d9d5037b25cc94b5dd7973a80

      SHA256

      5dfacc72f01ea5250407358e9f9532640e096ae765bbb721e1f09070b8cd9027

      SHA512

      1fdcd19f375852807088b170cfb94f451a1c077af5d78e69e16aee10e9538d1c9cb1f71acfa86abc942b39af46425f93e4e6a93bd1ff92b4f07897c8ad4a90fc

      Download Submit
    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      974359467a7003b319c83830a2cffad1

      SHA1

      f974b9fd5548b9f1de28bf17bc73b1b5fa54bbee

      SHA256

      2c35ec910bde77b6b0546ea90eb80b81fb3ac7e6af8088016cd4629ede38e96a

      SHA512

      e5052c740a96e5511973b047662312df14dccaf2a1f89a9b645292113308a3e713c2469541c13a09e90bf16ab720bc40cba79f21b7f0175900c1d7d95e0676d4

      Download Submit
    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      c1c1e90101b1e707c09e57f04f6b1e67

      SHA1

      b868447c055352410a77180c18633a10e8c06f7b

      SHA256

      1a8aa1db9d95d11fd02618c210266a40b8095d397529424b7868bac5359cc87e

      SHA512

      c7898fa96060c8d1fe3e45d1cbe8c6d820b6f4cfdbc4fc5e40b81c2e43aab5327024027285e328b8a7a4d12eea39e0225e01b2e222cd75222f6da1776df287f9

      Download Submit
    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      e5eba6a2322547f54b41ff3dbc833846

      SHA1

      5e6cfa7d26a94939ba29199d5e2941c252d74c2c

      SHA256

      5b5718a895aa191b4932b5a9f1295e676c3bdf3387b116a72f894356ca897767

      SHA512

      407d0a84afd46015e2c3da6b01e7fd28d44b5a83bee1001ab7a25a98f54c2c8c5942860ebc925e05fb4d8a6321354dbd92f03a0a9cd894fb3ac237f3654ce130

      Download Submit
    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      8706db00cd10bd841c83f49363e6d0c5

      SHA1

      2dcbaee6555005551bdc8d19957fbc68fc7dc7c2

      SHA256

      9fbc5964b1aea5a046e9137ebba76afb940f8b47e56f54ffaa37262ff81c789e

      SHA512

      c7af2e61deed13b1f0bfcbefa4f38882c260d52fe51e0beb4bd8215a9d6cfe5f6a27fb8bca0b0e639601c2cedf9ce29415aa3bffa0860aa25391e47581a76f96

      Download Submit
    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      5ff0518f43d87cfbbd16adc7db007fac

      SHA1

      425c15e2b8a29889780f477b2d368734c1a76fc6

      SHA256

      129c38d12fc95e468d5e98d87edeff5124d9457d25b355c4cbc543bd2598ee06

      SHA512

      73c1d12c41df7ed0a9b55b74c8a35df30fb90d0224b3f9329905254408ddc9be3e0798329b416e34b9007cee9269493f4e2f5c959c813b92b7523bc37b628e8f

      Download Submit
    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      2999c01cd13d5270f6ba800b543daaac

      SHA1

      21f3bba59337c123a7c4368258eca26222030b6e

      SHA256

      f5c57fcca8e7f0d2695e0d0cf999edc566d7bdef06e226c554e8c83fcf4ae6d3

      SHA512

      3c3951261914c3fa7f6d8daf9b65a3e85f03327215fa71fc522d6f36d7b386250cfe40351c2dd0bbaf5336eed8b8734759d60ca05650d5fd6b13e0d31b75fcc0

      Download Submit
    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      7627d01de9487f000cf2fb65578c18f2

      SHA1

      1fb520772767043ad4addaf310e544b748034d3e

      SHA256

      115fc7c58d9a3451fa61da00f36bf2d264dbad0235b96621bfc82865085f485a

      SHA512

      0515454a59b0843922586d83589c63662e99432252e04efcc5d4d1b8cf04279de40ed2f7d0777f7e11f2380abc302e1e5d75bd4890a52ca83dd3f35d88176319

      Download Submit
    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      c4da52de1b89528a69211c62185c3903

      SHA1

      6053917348d7de0f10caad09a57492b3d19f28f7

      SHA256

      af30ca02f0a4945d0e07de490acde4710ba90c73690c7d0f8177ae3bfedc7d30

      SHA512

      725cbe7de98ac89ab4a3ee85d03e1b57d8cdb5d9952b41591df1c3a71593637877a89ba9eeb531922e59921ab4a3967b560c9bc7de2de4fbd320e0930615ae9e

      Download Submit
    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      885e03a34b4e60be18f386d663ef539f

      SHA1

      a3cbc95b43b7265c8f6c4b6b1d74780954722935

      SHA256

      4a2164827ad0e113852032c1f9d86377b0fdcdd7471fbceada6ec383de64376f

      SHA512

      68e95ab22a53f927f8a3417a85373396045d9d00449f0f3f24cec133bc1f421427e78d08438237522769c1ff6fb4d63f3c546313c12935ee0f27b45af43c6250

      Download Submit
    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      2595053a85b0b3709c49b1ee836106f6

      SHA1

      a8d37fe170b288cb9d4210d990569521e566731e

      SHA256

      4d2988200f595d43917063b7b1be35d2a533f3912e38c853d9673822d801ad16

      SHA512

      ee5615225a37df6bf444103027c9eff3e25c5694589fdf1ac8019ba4c3127e04f9ce0cc7e1000a3bfee44a9d7c5553bfda2e7f79a90a85a68e22cddeeaabfea4

      Download Submit
    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      5af9830f9cafe1207c88c3a7ce3e0589

      SHA1

      b39bdbe12d6ac505f07f24fd636cae4a232e452b

      SHA256

      216040daf769fcbe7124b717f4f33a26660fe17e3267559ad74df8a9dfdab0ff

      SHA512

      c73cdc8093617154d3ee538a456f39a6cf6c6dbdf76cb05db6f401fbbe29ae526a78a435a77009f6c73ecf673fee6beb7f3ef3a9d491d89f8a52d6f7bd596c99

      Download Submit
    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      b9a1bfbf1a85e31b5b0bf00be64ec532

      SHA1

      6088d41a1aa480f8440ad17c3699e970507ae1da

      SHA256

      837b6ae58d28a7d5706b6a66c507999ab710e5479912e90cdbf35089c12c889f

      SHA512

      66d3cc07ff7438ad01266ea30163a5b503d6cfb0cea3e540b3f1bf31a27eafdb96802f99fccedbeda6968bf79f3b44e2fadda487df9da64dd2919268d3826b6a

      Download Submit
    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      9e0c40f458cfaceff68ed422d9b02beb

      SHA1

      ae1fa9717a1338304d5f5fd3e70b4347f82d063f

      SHA256

      f9a76787082f5be93695694368b043f33e7bea5145b19e4878e4e1ce78a8d78c

      SHA512

      158dd210a5dffab65053b42a12ceabf798fe7d8684612a86164eaf609eb9757825e719c3f6b4a676c1622dc58fd447699b8d973756211a7482aa057fae6cb4a5

      Download Submit
    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      e9186417422e4235128e9c6f109e9744

      SHA1

      f56363f07e1450db3d3fc8aee6a7f5e0a8a3f641

      SHA256

      788a73240759d34c4cdf5d01060e719656db282078b9ae154ad01413085b297a

      SHA512

      6ad530983d8a69b30c56bf4ce8338dc85b35dc9cc41c9232aa36c2f59adcc898b735d14551853125b2a508f987e35fdeacf083dd23fa653bc23dbdd3bce1187d

      Download Submit
    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      ff3c07aa4200db15a7743ebdf6f9fa20

      SHA1

      3bab5423f73b7e6c7c8d6e0688535a251f2b3e7c

      SHA256

      5090935f817020ba57e9268c7534efa2d5738c2d9e9207f6ea8383562673f4f2

      SHA512

      af24af133b293aff4ce8973af46d82bf6cdcff9c9f7cc892da678520f8f8759b6ed84e803c87b6e203035ad5035841e60bde5a90e44c6a6b83acf249662bf119

      Download Submit
    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      d24cb0095ca5808173af12e4d38da443

      SHA1

      219f34edd79118241e91b6671fe5cff59bda2ede

      SHA256

      ae31fdd869597d6e5ca2f9e13f63b9ec4e634f682bb81bfa6e04a0818d66a3b1

      SHA512

      3fe55d4ce442f474e91b296d46e929bdd703fc0ef29ad2ffd32262d2746719d29532e038a9322b754b187443aff8e23337dbfa44ba25852ddfed5f38d6b36f93

      Download Submit
    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      c40346aa84215e267cfd543957123f86

      SHA1

      5722d749db50f71d6e5e1c2930080d215b8841ee

      SHA256

      6a6f4d34c38d29535be9079a5d04342346e66ef315889b6a857ab9b0d5f1f0d2

      SHA512

      0e691eec733c72ca32141de061537639bcb8307073baf4fc89abf44d7098d021acd2c73de6fcbfe95207c554b1cb0b104fb12c8e14622e1f14d800ba865ad1b9

      Download Submit
    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357
      Filesize

      242B

      MD5

      3916f7c8903ad3f233205515f4b0be54

      SHA1

      ca4a80e6b465cb1ccadebb3268fb0fedb92ff7da

      SHA256

      ecfeeec823a27f18057edc2cf4f8968ddd4468842ea87ed8534b4b41c03699e0

      SHA512

      462ff4b512262b924cf24ed22dcb1c93e1a48c608fcf881211fed6741a43953a1f1bab1441e96f3f01e70fbbca0cde5bf0fae20954178fc1260d56208dca977b

      Download Submit
    • C:\Users\Admin\AppData\LocalLow\Microsoft\Internet Explorer\Services\search_{0633EE93-D776-472f-A0FF-E1416B8B2E3A}.ico
      Filesize

      4KB

      MD5

      da597791be3b6e732f0bc8b20e38ee62

      SHA1

      1125c45d285c360542027d7554a5c442288974de

      SHA256

      5b2c34b3c4e8dd898b664dba6c3786e2ff9869eff55d673aa48361f11325ed07

      SHA512

      d8dc8358727590a1ed74dc70356aedc0499552c2dc0cd4f7a01853dd85ceb3aead5fbdc7c75d7da36db6af2448ce5abdff64cebdca3533ecad953c061a9b338e

      Download Submit
    • C:\Users\Admin\AppData\Local\Temp\Tar4782.tmp
      Filesize

      171KB

      MD5

      9c0c641c06238516f27941aa1166d427

      SHA1

      64cd549fb8cf014fcd9312aa7a5b023847b6c977

      SHA256

      4276af3669a141a59388bc56a87f6614d9a9bdddf560636c264219a7eb11256f

      SHA512

      936ed0c0b0a7ff8e606b1cc4175a1f9b3699748ccbba1c3aff96203033d2e9edabf090e5148370df42fbfc4e31d7229493706ff24f19ff42ff7bef74a6baad06

      Download Submit
    • memory/1068-0-0x0000000000210000-0x000000000025B000-memory.dmp
      Filesize

      300KB

      Download
    • memory/1068-3-0x0000000000210000-0x000000000025B000-memory.dmp
      Filesize

      300KB

      Download
    • memory/1068-2-0x00000000001B0000-0x00000000001C4000-memory.dmp
      Filesize

      80KB

      Download
    • memory/1068-1-0x0000000000210000-0x000000000025B000-memory.dmp
      Filesize

      300KB

      Download
    • memory/2152-14-0x00000000001C0000-0x000000000020B000-memory.dmp
      Filesize

      300KB

      Download
    • memory/2152-593-0x00000000001C0000-0x000000000020B000-memory.dmp
      Filesize

      300KB

      Download
    • memory/2152-15-0x00000000001C0000-0x000000000020B000-memory.dmp
      Filesize

      300KB

      Download
    • memory/2544-594-0x0000000003D80000-0x0000000003D81000-memory.dmp
      Filesize

      4KB

      Download
    • memory/2544-6-0x0000000003D80000-0x0000000003D81000-memory.dmp
      Filesize

      4KB

      Download
    • memory/2544-5-0x0000000003D90000-0x0000000003DA0000-memory.dmp
      Filesize

      64KB

      Download
    • memory/2988-484-0x0000000001C70000-0x0000000001CBB000-memory.dmp
      Filesize

      300KB

      Download
    • memory/2988-11-0x0000000001D20000-0x0000000001D22000-memory.dmp
      Filesize

      8KB

      Download
    • memory/2988-10-0x0000000001C70000-0x0000000001CBB000-memory.dmp
      Filesize

      300KB

      Download
    • memory/2988-9-0x0000000001C70000-0x0000000001CBB000-memory.dmp
      Filesize

      300KB

      Download
    • memory/2988-7-0x00000000001C0000-0x00000000001C1000-memory.dmp
      Filesize

      4KB

      Download