Overview

overview

7

Static

static

3

6e0d66dfa6...bd.exe

windows7-x64

7

6e0d66dfa6...bd.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    119s
  • max time network
    127s
  • platform
    windows7_x64
  • resource
    win7-20231129-en
  • resource tags

    arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
  • submitted
    23/01/2024, 02:08

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    6e0d66dfa66d6effc28a8c06fed67fbd.exe

  • Size

    15KB

  • MD5

    6e0d66dfa66d6effc28a8c06fed67fbd

  • SHA1

    d9450f37990442cf4122162fa5d8ff9ff7a56d95

  • SHA256

    b89b526c2fac84463eb5a11433b3e53cc03eb8d3c58d086c0e33866dbd9166a6

  • SHA512

    1f4565fac53132ccf3c4f03c2b7f9e9b3a80ce756e5f2f35d06b9dd9966d39279f874705ff46856de469bac5f4716ec2e71b3a964571462b50faf084913536b0

  • SSDEEP

    192:phAIQZl+cRN4yYfHblZ7efmG6/KkM6OXxR2bSP/rQX22Xq7XvCAIhrrcStpdyyO/:vArzN49c1ryb8pyVyyOKf9P15

Score
7/10

Malware Config

Signatures

  • Checks computer location settings 2 TTPs 1 IoCs

    Looks up country code configured in the registry, likely geofence.

  • Modifies Control Panel 1 IoCs
    evasion
  • Modifies Internet Explorer settings 1 TTPs 35 IoCs
    adwarespyware
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 4 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\6e0d66dfa66d6effc28a8c06fed67fbd.exe
    "C:\Users\Admin\AppData\Local\Temp\6e0d66dfa66d6effc28a8c06fed67fbd.exe"
    1⤵
    • Checks computer location settings
    • Modifies Control Panel
    PID:1276
  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" -Embedding
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:2840
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2840 CREDAT:275457 /prefetch:2
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      PID:1052

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC
    Filesize

    914B

    MD5

    e4a68ac854ac5242460afd72481b2a44

    SHA1

    df3c24f9bfd666761b268073fe06d1cc8d4f82a4

    SHA256

    cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f

    SHA512

    5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
    Filesize

    65KB

    MD5

    ac05d27423a85adc1622c714f2cb6184

    SHA1

    b0fe2b1abddb97837ea0195be70ab2ff14d43198

    SHA256

    c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

    SHA512

    6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357
    Filesize

    1KB

    MD5

    a266bb7dcc38a562631361bbf61dd11b

    SHA1

    3b1efd3a66ea28b16697394703a72ca340a05bd5

    SHA256

    df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e

    SHA512

    0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC
    Filesize

    252B

    MD5

    58cb38c1c880de7752ade45b63b1be06

    SHA1

    913a337b40d219e87381f757123941684ca254b2

    SHA256

    8fcde37f042ff134c8e1e05ffeb574ee0b8dd3a8445c48c3ef8091ffb6535f08

    SHA512

    7c28f69456dddf216967002d519760994e769bd542e84f3cc9e050aa52cf45dae5817501be43942bf4866f12a66afa384afca0c7fa0dc763e0733ae0ee4eca7b

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    be8dbbbdf2ba3c3683a0fb51278e71a0

    SHA1

    6615efeab62d6742833e755a64baa1215677d5f3

    SHA256

    00588a9ce2da11633f132aa548767cd1bb662a97b176b48f8bdcf1e9d66d1274

    SHA512

    7218f04c1ad0eb201c800d3679e3e145e8c8c7601c17355c6086ca556be776efdf5ca4c00f5e8b307c918d7c8726d805297de9a4240df936e98b75cbc05a93bb

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    23c3875871e255a97ece1e84b216f337

    SHA1

    632eca464a73653a17a230c76c8ddb5e53ae99d8

    SHA256

    a3a4b0968be9050bc1c0bc92b2c1a40d57516768b319e7693435edf9602de338

    SHA512

    d49b3f25c10e195312d71a50c278a1dc3a13dfbfb3f4ec715a5576f2d7023d438666264fa35317742a689884b670b4dcfc89e0a65fc16a9b6d3ac628ab84ed40

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    5f79fa55796d93da9ba24f6f6575376e

    SHA1

    e3a7cd7e5753b1936081214abaf8ed1160291210

    SHA256

    b09f270b00527ce847d4b4b997dda06eb83110df48adde12e3122fa021fb6edf

    SHA512

    217054cbb42a164865352ffefc5664591db5c57f4d42ad7d95130ebde17fab5f8a0014fc4b8404e94b65712527dae4d7cd99b69cfeed30140c27515da729cd7e

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    8551f0fafc5eba13625437c5c5a5a70f

    SHA1

    425dc3235b9666b00bc9c57727cae477847ad51d

    SHA256

    a1712be1a23a60a7844712e1fc501d84c5d7b5e1be9004cad2e601e306b158a0

    SHA512

    053d6e721d3e0606da431aa19b988dc7ef61f68123a15791f1f809b0293a731d8435d7791478f8b1e180d8f28edad56944a7fef9cfe724ebada68fdb2017f1f1

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    02bec878ff679d17de8a70f54f92ed15

    SHA1

    5ec2d8aba179644ca297003a9a23fed4d98abe70

    SHA256

    cec9e576c99b38c3df87a47f4d2b8960c7c42b01ef51a09d4cc68e6e8a142007

    SHA512

    3d091a5b0d38651fd18f47a08bf1b4f3b5a26e2d0242002f90b32e3b2fa1cd24c9e7c4e777d116ae031670770a83c79f0334ea503c680ad8b8fd4d3273619734

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    15443bac0bfc2a74492f8f9e2a0da71b

    SHA1

    4d0f6cb2ced3dbc41f967fe18f9f9a9da0bf0c3f

    SHA256

    3df6095e5ac549a79c4bffc488ed73cfd40637de9e160cbcf915c459d116c525

    SHA512

    0150511eb192402e59ee759784bbe1a90319dfd87c070216b11e50ce1bf488e20a1d2cd3a6bf2cc61b70d4425bc7e28b5fcb1d33fe4cfb66500037162ce30d79

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    a7ccd5144bf5c15779467de45fc92d80

    SHA1

    409880ffb71f4d538891e540b18286756188df2d

    SHA256

    f735d0126072b636c03ac8a1649e33246e0f30b5c83c281a42915343bf853d1f

    SHA512

    31c14c8517cd1e90a99fec8fa29322179a4c0229ce51458f292472b0253f8872a844d3a42f3dde5b0a862e67384e257e1f859d76f5e5e2e094abaef81abb8b14

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    e3cd2f2405d17d823f840b9b017f1a5a

    SHA1

    64673cf4ed6f4dd9d7fcf3269c9bf6bc6b0a03a2

    SHA256

    3a3c4c2018006b16fcfa51fbdbb91cc426a31d122d6a874e32389bb402c0789e

    SHA512

    75d6b0ccefe0fb9bbd91e06c918bb7acacc05945a49ed708e1e86518792b8e120e349c645ee1c9ed6c307375fe7c5ad59e80f3131d8b5b5cfac1b756464fd6fe

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    3999ecc36c5626a664a78ba2840b7573

    SHA1

    58ead5721625db6203e55f1956e9d168053be446

    SHA256

    177072369607e5af8e6e0d597a827b1993dce2776140009d952df5848db50bad

    SHA512

    7ee6b263af582ad8625c69d9644c76e091bb143ac36d85ff0666ef5ba0bab6ad5ed30e5be0457d5723dce9f5d8f8ef68531fec1660f0ab4d2f5be986aac55886

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    3160986be68f9adf8ee43455e9b530d4

    SHA1

    26ba4a0ce87a445ff0164dda3566e97906962e12

    SHA256

    df5a58aba2a7a0e55618eb17c99d5a595e089b548046939d82d55fbff9e15e06

    SHA512

    787f5b17dc51275e608cf0314b15234652a3960243434ba2a5beed2a7a3c3093f39568ecccfaa3bcd438d6ec89d27ee6c7c1c0963f67b874f77606f1a7e9cca2

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    1e20c6a96bf453b56e21ddfdd6a26e90

    SHA1

    32f5d6cbf82a3d183ebd05adca8709c2d581e404

    SHA256

    5846b7904e313a614277225c7f70343d2048de51ebb0a62fea08b31dce5aa152

    SHA512

    17d157e17be356802a42b8066f63db2944cf7d7078e24bc8272b799380c3d47c70af93772a2d01198b9c30649482693da504f566299abb07756eadd639a17b16

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    a9603ef1af071662cbf3f44b0bedbed7

    SHA1

    65e6833d42c45aa075bc3995cd599862d2f1b8ae

    SHA256

    f96e75cd416019d7209e8ec2e11ec382fd9da25a597175d7f95a4c80ed1e7e0a

    SHA512

    1cbae53ca35b6ba7d74538f26cd661f48721ba26d067f55763605dfec0f0f2122581da4b326e72efbca9464c2c4f3f5a00e59363473fe561ae8883b12ad9dcd8

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    12616b178960612d48ccd8f9a2dca91a

    SHA1

    1fa08828b546d1d768af9e53d543b0e3ec61ae52

    SHA256

    f3b324571f3b00601e40af95b7c0bd900738a0f51250c202178e75e964c689d2

    SHA512

    496e2e58783f38a63f55505a8570e4392aae9c24869b61719d233a2b890bb8c48d8f3739e12c777727c0c1221387fea8f9dc384563e705cb45448447870d047e

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    f83f14c3806d155fd9b98c76b98938d4

    SHA1

    17a959cdd975afa401927135c4699f3ff41548d2

    SHA256

    b28a7d50ab0b5bfa0dba0a7edf5e27573400e10816c86046e6153d88dca7d017

    SHA512

    f2f857f1e730e860b7ce5887b0acca489a03909a08ff33c5f8618b38b2fd810585bde5d180b3d6bde33c155b92685485f3382707ca0b518efe2d086c11610207

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    be310f7b441f03818b65f3817b305a25

    SHA1

    ae8249567bff18308f0ffeef8c4a25dfc1fb5bba

    SHA256

    6e777e4c4efc784eb4cfb1fbff4b9e8e392577493342e64d309bd2b1c6a71c63

    SHA512

    29ca4665b31663745c08a0281e0c698c5b453fd7f54c0749bea979f7397da724d48cd98ca48a00205733621b60e1ac833476765b79b5df33a1d7904d9691a301

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    922b27b44c4dbcfedea6f93416547e6a

    SHA1

    84ebe0b7a8e55e07f50e8ae551a024d3c95b9f0b

    SHA256

    eaa00ec1db018972d95326132aa994c30acf95ce06e9a7af1482178092bf68fc

    SHA512

    6639b8ebfaef0ae37591a18d6d741c223676c54c3fbd1b52cbbec924e6dea0b66ec473c9afe2f5695919d7d14ee56e4d22aa1018810b3601a1f095bfcea275ad

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    731cbe205a164a9a61abc9f7954c5564

    SHA1

    98195f16bc74e8a57be9600074f6cedd2f9cd761

    SHA256

    3d7e368d3f643bd0b1633d3a1144ebfdf5eb3947cd78413c718daf90453795c7

    SHA512

    cb55ad241e3b08f325af48ba8575236ae1091bcbba5d036fceb30af6534951f35e07d0c2401cc709c20b538f455c136864ee096872fe20c642924f3298330bda

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    9761d5f1c9b75536a60e3eb426a298bf

    SHA1

    264289e688c16ba225bf8067cd90338566043119

    SHA256

    ffc3ed98fa3bdf41e54fcf8e977fe00490d018c8e1fd6c80aecdce3c811f1c28

    SHA512

    763e6f066c242dcb2801752b716847004795c4d6507f2861945812c36581fdcb751cbc98f8fff9978f7914ac7883ac567a05fcca79d5595fb6d39b15414a3f96

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    fd50291d3b70f71dade2b87236105128

    SHA1

    626b4743bee3d9d35a5aaabad0a98c0cea89e063

    SHA256

    dad3ed63ac85656ed14b1da362aa8470b22a91d19efcad200eb7f695afa8bbd8

    SHA512

    ca9852bd7bd8b9f6fa609f2984606c1a880c99e4a6bca3d8acd55c8846225cc1e38e5dde84ebb80349006cd157e8f64f9ce9d1ec50648ed289df78388fdc1a54

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357
    Filesize

    242B

    MD5

    7f18fe98366b01626bf519e2e8f1dcf8

    SHA1

    5d9d2a13460f3e3201cd274c1aa3f9505142e25a

    SHA256

    1ad1c0fc8211e85a77129d89c0484593423c977debde38f3e1d279b1757165a9

    SHA512

    934b8af963197cbde2afbfd96e25fb2ca6a9c47b9a7e6290e4da09dba00173da0a5151fe700a89b0e383b55849769da35b1c554ebf1f4a09981cbbce2489db8f

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\Internet Explorer\Services\search_{0633EE93-D776-472f-A0FF-E1416B8B2E3A}.ico
    Filesize

    4KB

    MD5

    da597791be3b6e732f0bc8b20e38ee62

    SHA1

    1125c45d285c360542027d7554a5c442288974de

    SHA256

    5b2c34b3c4e8dd898b664dba6c3786e2ff9869eff55d673aa48361f11325ed07

    SHA512

    d8dc8358727590a1ed74dc70356aedc0499552c2dc0cd4f7a01853dd85ceb3aead5fbdc7c75d7da36db6af2448ce5abdff64cebdca3533ecad953c061a9b338e

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\TarCB60.tmp
    Filesize

    171KB

    MD5

    9c0c641c06238516f27941aa1166d427

    SHA1

    64cd549fb8cf014fcd9312aa7a5b023847b6c977

    SHA256

    4276af3669a141a59388bc56a87f6614d9a9bdddf560636c264219a7eb11256f

    SHA512

    936ed0c0b0a7ff8e606b1cc4175a1f9b3699748ccbba1c3aff96203033d2e9edabf090e5148370df42fbfc4e31d7229493706ff24f19ff42ff7bef74a6baad06

    Download Submit

  • memory/1276-0-0x0000000000240000-0x0000000000242000-memory.dmp

    Filesize

    8KB

    Download