Analysis

  • max time kernel
    147s
  • max time network
    145s
  • platform
    windows7_x64
  • resource
    win7-20231129-en
  • resource tags

    arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
  • submitted
    19-01-2024 16:34

General

  • Target

    uninst.exe

  • Size

    66KB

  • MD5

    5a3e389a4a5bca519ef0424328789d5d

  • SHA1

    4393c9efeb112c6bcc905eb9192e1b89f3fdf6e4

  • SHA256

    2dd4a826c7e763c0d5c6e2e3546c82ed62c1e93535b42c98b9402c0690231cfb

  • SHA512

    e202560fedf65fb6475df3e02b5926fc72ed2888bbd8d61e26640ed155d36263a066b79856c543d106ac90839267d629151c7c77a427863ac837b660c3cb32c2

  • SSDEEP

    1536:shq3+uta99Hj25XvwLXJLi5YRN6QcIwHtN5z:estajHKBvYXJL8qitNN

Score
7/10

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 1 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • NSIS installer 2 IoCs
  • Modifies Internet Explorer settings 1 TTPs 36 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 12 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\uninst.exe
    "C:\Users\Admin\AppData\Local\Temp\uninst.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious use of WriteProcessMemory
    PID:1720
    • C:\Users\Admin\AppData\Local\Temp\~nsu.tmp\Au_.exe
      "C:\Users\Admin\AppData\Local\Temp\~nsu.tmp\Au_.exe" _?=C:\Users\Admin\AppData\Local\Temp\
      2⤵
      • Executes dropped EXE
      • Suspicious use of WriteProcessMemory
      PID:1580
      • C:\Program Files\Internet Explorer\iexplore.exe
        "C:\Program Files\Internet Explorer\iexplore.exe" http://www.newasp.net/
        3⤵
        • Modifies Internet Explorer settings
        • Suspicious use of FindShellTrayWindow
        • Suspicious use of SetWindowsHookEx
        • Suspicious use of WriteProcessMemory
        PID:2548
        • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
          "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2548 CREDAT:275457 /prefetch:2
          4⤵
          • Modifies Internet Explorer settings
          • Suspicious use of SetWindowsHookEx
          PID:2560

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC

    Filesize

    914B

    MD5

    e4a68ac854ac5242460afd72481b2a44

    SHA1

    df3c24f9bfd666761b268073fe06d1cc8d4f82a4

    SHA256

    cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f

    SHA512

    5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015

    Filesize

    65KB

    MD5

    ac05d27423a85adc1622c714f2cb6184

    SHA1

    b0fe2b1abddb97837ea0195be70ab2ff14d43198

    SHA256

    c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

    SHA512

    6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357

    Filesize

    1KB

    MD5

    a266bb7dcc38a562631361bbf61dd11b

    SHA1

    3b1efd3a66ea28b16697394703a72ca340a05bd5

    SHA256

    df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e

    SHA512

    0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC

    Filesize

    252B

    MD5

    8a0ae8c85a1a1ab2a1e829834f86d249

    SHA1

    0c3bbaefb7479e25ba33637d7ea5cc6033c72f7d

    SHA256

    85b695eae368940bad4e53c52f40579bea054f2f4c05e40490870818abe859be

    SHA512

    2e49a9156623c2e99b22850125eaf6a30478325525be0e49e3c616695c60bcc45cd9d534219a5598da20fa86fd7c0d2ec3887b2e4ed953f8dd455111bd6039b3

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    bef727193c8ffa8b65f12cea6f6d0570

    SHA1

    221febe3ace5c7d47ad6235d0c03d6625d6f80b3

    SHA256

    1c38f3109b567d2f1fe46ffffcae04bc5891f1af4ae0b77ed6252b7601430768

    SHA512

    8c48eb727e093ec770aa5a3ad8cbd2f2e88fae8c79254b93bd6bb3d774075e6da78ba7e6652250f1b55294cc1cd070903cc76750d3a940ec1409dbaa4ae5b847

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    8e90db38483986635252fff8650554e4

    SHA1

    6937d5f7c397861c1aa0253632f40c79db9f1b58

    SHA256

    e037874b6dabc829d3138e517349d8eae18c41ed784a1ecd679a8cc2e70c33d1

    SHA512

    aa08b1553da97013e4a972199a84e140ba067be6f8341f2b5a96549619eb580b6c5acf281ec9b4aef606e1cc21f79332ad90b033069594d894438f21d1a6885a

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    0404e782dfbe99fcd59a2dee7e082402

    SHA1

    ef1a97ee56ac4ddd6757a295079c25faf4020b8d

    SHA256

    a037484f507312defd56bc65e34a1a8d9ce3c51d83eee2cdb116ac60672aec69

    SHA512

    f54e27140ee36651d88eae097ad50a85e2752a88d986bfd77a72ef5670acca2c5c7cbb473b7e5095261adb8f4af883874aab868b483e399f9676e9f2e71e72fd

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    482fb06060e6c6bfd06d16af0086c93b

    SHA1

    0253a99ef27bb3a86d406fc98b05b22dc233030f

    SHA256

    c2c3588f6db3a157a0c774b1e55d4ed2d831ad15189897b4b553cf0d56f35d72

    SHA512

    aca2590c94d4523b2d56b13a5646ee10d22e1fd10cf3a772944120442bb5dc3f6bace800321a9981f3be96dbaee11178fb53570a80fb0acfdb90005c253cfa58

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    7ffb3f0557b6d9caff022b91f22c6e69

    SHA1

    c785e138a8b2c434d31b827564cdf1db764d617b

    SHA256

    85eb7de76bfa1f88b27cc60a9252acb33c1bfaf51e56877d1ad1740ed0d4b4c0

    SHA512

    4371d917f6fd3903a5972620d311cae16d9db22bb0a90cc8c7dab9d0574e2c89150d04154f0ac01389c095596d8bb31bcfffb508d3e3a4d4a700ab2c939659bb

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    b430d83fae5b999af7084c5a2655aef3

    SHA1

    c982efa168607de2685ebd35037ee0bb7524a77c

    SHA256

    648722d4ba65fe7fec7796d03e0f161b499df71001a288db63bb84c6e6526471

    SHA512

    45e99a4845edeb60761b1ea9ee68f770deebefb78bd2c1947cd59463907e3740dbabdd82bcb42e735fd2e26c3b6751e9f5903008ab6439cc0d03e1b5bf68d7c5

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    4bd7c1c0a3baf257844db7dbf52d2ff3

    SHA1

    4f2330b36ab02aa1fd4fbc2e2b56bc728007fef9

    SHA256

    2b89dcb337425b72bb9c5cb1ccf0655bc275bb76577a2d0d8ed1dc8c634a7254

    SHA512

    22072864c3c97d83b11ad7ee8b974c6a416a73f9f403789ccb3031a3281ecf616319ac07a4ea0e4666a439487960b020453b231788de2f63dcbad1fd4bc7d18a

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    274551f39d30fdd405f0b737f8f90456

    SHA1

    5d6a72d7638242b0c7c1a33ae130d77b8a3d802e

    SHA256

    da6018fbd2da8eb6c0942c3253c21fdc026ff5b8a7c350b09cd964d7165738b9

    SHA512

    c8c28927959a73267c2cc644cf207133f8d48b890451f762da98606b9faaa11a7d4595ff3cc3b588bf2fb148367076e728654ac662d6f2e63f89a3e58243077b

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    56c91e0a578da855825f1214fa7b62a9

    SHA1

    9efb05daba53274cc62161e48d71d50fa76f5323

    SHA256

    35d8a0410f65d8725dabf2ecd38fd8ee0f1ec4b73be11e3882ae3a4af786c8ab

    SHA512

    c9f7246f4d89b9436f093f04a1f9ee8117c8a9f88b68f162f4ca41af03a1b3169163e902c3f02a785f4e53a70210eeb4ff91ba047e4acc98fbc9fc56f482d263

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    5de76df8cf4f52e13781444d38e3cf8f

    SHA1

    f3f2f07b2448b58a1614bdb8c9378266e9133278

    SHA256

    c62746edc266b239f7b4b25314b00e5cb01e7129fbc5f134bf634b7a5a6f1592

    SHA512

    23f05d00b4a6e8909768e9b2d58569d533ce05ee8d99cd01f7f5dd7b34fd1defb9de87c32cd2ca052226d38cae9348b403493fb7893530a19ea39360a7ac422f

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    960e712d3486e89000948f8a32d1e76e

    SHA1

    80dbf7e53a819cf66414ddb58a09e3ec05c222ba

    SHA256

    3dd1200c6ac2d18ece92c5cc1ba313b9462444bed820ef9a342881a95a1fad40

    SHA512

    1ef12daf1c29f3befd179971386a3789425ada945c78b8b88b1fc9529464b50c5ed3f6c91bc55a525ee26109bbcaa4425a080dfacebb6b9384590cace65ede58

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357

    Filesize

    242B

    MD5

    945146085dbbc2f833ca24bf9180fd7b

    SHA1

    8e853f74aca3ffcd44973da63f59eb6c99cef071

    SHA256

    4d2b87cf4d1cabb3edb5691857882327eefef32cf747770618bbb87db329d61b

    SHA512

    1083406f05a02cdf6054c2e96b053af3cc1889ea1ec66f4227c9c184f5d32cf4596f127892946763a475c11bc60a27f9ef74e52a98a6342f67d1d30c4d42673d

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357

    Filesize

    242B

    MD5

    1062d6748f02e0597c064109e40172c8

    SHA1

    ff0e73f3e9a09bc7f5e8d469b5aff092c4784927

    SHA256

    eaf2165b14fe8f2d4b1f44b580a45231f691ca418aac1e46be68aa18e7f0af5f

    SHA512

    54589ba5bf6fe0f79a7bfa5fb55f52ad1410606d60fe7c09954497d9ed96d51e2b20c9c4659d517547560a878139bc14c60cc0ed3f3d2415b16734266899b9c8

  • C:\Users\Admin\AppData\LocalLow\Microsoft\Internet Explorer\Services\search_{0633EE93-D776-472f-A0FF-E1416B8B2E3A}.ico

    Filesize

    4KB

    MD5

    da597791be3b6e732f0bc8b20e38ee62

    SHA1

    1125c45d285c360542027d7554a5c442288974de

    SHA256

    5b2c34b3c4e8dd898b664dba6c3786e2ff9869eff55d673aa48361f11325ed07

    SHA512

    d8dc8358727590a1ed74dc70356aedc0499552c2dc0cd4f7a01853dd85ceb3aead5fbdc7c75d7da36db6af2448ce5abdff64cebdca3533ecad953c061a9b338e

  • C:\Users\Admin\AppData\Local\Temp\Tar6D79.tmp

    Filesize

    171KB

    MD5

    9c0c641c06238516f27941aa1166d427

    SHA1

    64cd549fb8cf014fcd9312aa7a5b023847b6c977

    SHA256

    4276af3669a141a59388bc56a87f6614d9a9bdddf560636c264219a7eb11256f

    SHA512

    936ed0c0b0a7ff8e606b1cc4175a1f9b3699748ccbba1c3aff96203033d2e9edabf090e5148370df42fbfc4e31d7229493706ff24f19ff42ff7bef74a6baad06

  • \Users\Admin\AppData\Local\Temp\~nsu.tmp\Au_.exe

    Filesize

    66KB

    MD5

    5a3e389a4a5bca519ef0424328789d5d

    SHA1

    4393c9efeb112c6bcc905eb9192e1b89f3fdf6e4

    SHA256

    2dd4a826c7e763c0d5c6e2e3546c82ed62c1e93535b42c98b9402c0690231cfb

    SHA512

    e202560fedf65fb6475df3e02b5926fc72ed2888bbd8d61e26640ed155d36263a066b79856c543d106ac90839267d629151c7c77a427863ac837b660c3cb32c2