Overview

overview

10

Static

static

3

7518f196c0...00.exe

windows7-x64

10

7518f196c0...00.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    134s
  • max time network
    128s
  • platform
    windows7_x64
  • resource
    win7-20231129-en
  • resource tags

    arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
  • submitted
    25-01-2024 17:30

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    7518f196c0a30ca7202bf1d353236f00.exe

  • Size

    44KB

  • MD5

    7518f196c0a30ca7202bf1d353236f00

  • SHA1

    acf912b642638db249d4576746851cab2e763f64

  • SHA256

    dc8f630031cc2f319050a819f97ded6361fda04eeb43cff56729a0e7fba421eb

  • SHA512

    7ec2e35eab20d0d8c124a2cba340cc7d8c85d6c6c9bba7baa141924c666edf9829b48086c8422e1eab9c85673e162f12ccb6c84b2973d67ea3471266cdb128be

  • SSDEEP

    768:YC6NHpHUhtUaFuGusosVYUSb8GXc3rt82CqI:YC6NBUhKXdjsh3GXKtt

Score
10/10
persistence

Malware Config

Signatures

  • Modifies WinLogon for persistence 2 TTPs 1 IoCs
    persistence
  • Drops file in System32 directory 1 IoCs
  • Modifies Internet Explorer settings 1 TTPs 25 IoCs
    adwarespyware
  • Suspicious behavior: EnumeratesProcesses 2 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 4 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\7518f196c0a30ca7202bf1d353236f00.exe
    "C:\Users\Admin\AppData\Local\Temp\7518f196c0a30ca7202bf1d353236f00.exe"
    1⤵
    • Modifies WinLogon for persistence
    • Drops file in System32 directory
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of WriteProcessMemory
    PID:2384
  • C:\Windows\system32\DllHost.exe
    C:\Windows\system32\DllHost.exe /Processid:{3EB3C877-1F16-487C-9050-104DBCD66683}
    1⤵
      PID:2176
    • C:\Windows\Explorer.EXE
      C:\Windows\Explorer.EXE
      1⤵
        PID:1248
      • C:\Windows\system32\Dwm.exe
        "C:\Windows\system32\Dwm.exe"
        1⤵
          PID:1208
        • C:\Windows\system32\taskhost.exe
          "taskhost.exe"
          1⤵
            PID:1100
          • C:\Program Files\Internet Explorer\iexplore.exe
            "C:\Program Files\Internet Explorer\iexplore.exe" -Embedding
            1⤵
            • Modifies Internet Explorer settings
            • Suspicious use of FindShellTrayWindow
            • Suspicious use of SetWindowsHookEx
            • Suspicious use of WriteProcessMemory
            PID:2192
            • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
              "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2192 CREDAT:275457 /prefetch:2
              2⤵
              • Modifies Internet Explorer settings
              • Suspicious use of SetWindowsHookEx
              PID:2208

          Network

          MITRE ATT&CK Enterprise v15

          Replay Monitor

          Loading Replay Monitor...

          Downloads

          • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC
            Filesize

            914B

            MD5

            e4a68ac854ac5242460afd72481b2a44

            SHA1

            df3c24f9bfd666761b268073fe06d1cc8d4f82a4

            SHA256

            cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f

            SHA512

            5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5

            Download Submit

          • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
            Filesize

            65KB

            MD5

            ac05d27423a85adc1622c714f2cb6184

            SHA1

            b0fe2b1abddb97837ea0195be70ab2ff14d43198

            SHA256

            c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

            SHA512

            6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

            Download Submit

          • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357
            Filesize

            1KB

            MD5

            a266bb7dcc38a562631361bbf61dd11b

            SHA1

            3b1efd3a66ea28b16697394703a72ca340a05bd5

            SHA256

            df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e

            SHA512

            0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc

            Download Submit

          • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC
            Filesize

            252B

            MD5

            8dfdb780956517a3f54167670f5bb212

            SHA1

            364c69cfc6d920ef4f8a1bdcf8caa458203d4ee1

            SHA256

            1697ce149ac18af2aacac0dff5a72639ce0d7678a930b047c2aef9eeb1c6de34

            SHA512

            9634f6ba5da77cf2a9fd224575a5b6bc983ec3433eada298881e6f5264693bb1c14723c9c15cc95d89214ecc0bac72f9d9c165b2520af1f0c8d668f40eeaacfd

            Download Submit

          • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
            Filesize

            344B

            MD5

            083f3cd1d9888cb235744d68049babf4

            SHA1

            694dd72af645497b5f049716964cf83911603881

            SHA256

            e8d06fe7508e022de01f70940ff268f61b39be8fe648ba92801d50a528516a6d

            SHA512

            a0becd5864c4be2385e2e8bb6a1e6b0f4b941b6263de5828159d205a2e1a01c0c7f4be37aa20c754d875b87ef22cdaa0a6cbce97194db44d77f6652e68b3e5f1

            Download Submit

          • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
            Filesize

            344B

            MD5

            f335e85f611663cdc8b2b07cf0d1eca1

            SHA1

            caeff5c3182b842c0a0a40a6d3c8e904b99eb326

            SHA256

            275882654502e6a4276600932cd893aec0bc599476a77f42f9da3ffd92933e84

            SHA512

            044fad03069e8194e682d6f7ef5315aa8aa1a9eba0821831673310dc02b0db9d7eaffc8e0e285c4a2aced3f8716debadb01670cf857112c442778b55e3c5cbd7

            Download Submit

          • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
            Filesize

            344B

            MD5

            0363446cdf65feb481b2a634513e5fa7

            SHA1

            4b48da70fe5ea4524792005a6b3933cb40409b59

            SHA256

            9151143ed5a06f6038769d28af013836cce132f81bd62fadd5e026665e9a6eae

            SHA512

            9e232910a509e057eb2a9c4e92cc28ee66e9409dcc97505846362ea579ce2b1aa448a82df07f24409fa1cc3127463ee6c8b260c2c9c4bbc9f58b7190b7ab484a

            Download Submit

          • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
            Filesize

            344B

            MD5

            88bef80ca6ca085afb73697831939362

            SHA1

            555f1d0e9ff045b5571fe24d4113b322150bd65c

            SHA256

            c93fec22d1a29cc3bc703fc899cb2e6a24040a2a79867fb00161c13afc7d0d7e

            SHA512

            f86f5633cc88fd286ffe88310f520de759b32374f80d2910c4676041e8627d587f30fe185d657fa2cb1d4dee9f5fabc68f1147671499c404df0127b0d490fe9f

            Download Submit

          • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
            Filesize

            344B

            MD5

            ed873ff8db037d6353a467a330aa3b49

            SHA1

            0c348ba59c6d1b10f6e6398ed4c28bd18d689bce

            SHA256

            fa095eddc171621b1afc580fa7aea929406972144b2c40418d0408fce7930343

            SHA512

            444ee01e2ffe6777b09ec7983c47ac334eb6ff1f39d89e1f4c28fc211c4ee666edf5c1ebd4e8a5dae1e45a025dd56ec49507ce0274cf822e80b528b13d27143f

            Download Submit

          • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
            Filesize

            344B

            MD5

            4691c27a0bf0741d35dc834b907acc5d

            SHA1

            ceeda5e4892e12cf7d85b6768a7ad9724e63a997

            SHA256

            d7138c24aaa50cc42c87b092a1438e79c108dd64fe3f6c8b49bd42e0a5aa8de9

            SHA512

            449c7a8e70204feb73450b6ce7ca6b30600bb21770a3aa8bef2f264c6c9f06be05e804bf207892692e75ca954a84e0d02f857a056e00746e4865148cdfce6f16

            Download Submit

          • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
            Filesize

            344B

            MD5

            0e849c411c180b84227a02793fa1ef51

            SHA1

            4948f0dd613f187add7da12378c112caaa509c70

            SHA256

            48ef1ce21b962af1a606ab5822caf18d81bc0bee5aa22a6267df251d35c96ccb

            SHA512

            bbe3f8bfad11f75748f27c3a0e0b015dde66cc9a0bcb3255ad80ee7ccd10259957b26241bb39a7e0262c3ff5638f3ed2629a2aea61a425eb2ec1eff072204b95

            Download Submit

          • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
            Filesize

            344B

            MD5

            4f1d6e417f6b65afd41c10b3e4f08f20

            SHA1

            084603f1253d82f108cf10c299ff6b0e046e1745

            SHA256

            ec58e4b07ce995d1972ee92628640919783038e5496c275b6d860f5a452c337e

            SHA512

            03c7e523fffa368320d43344d0007f28f46d287a0c72635ac1e488bfd8306aebaf33f441decb27a4c8acc4595c8524cc63450cfe4dc2b8af11b160c1a4005731

            Download Submit

          • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
            Filesize

            344B

            MD5

            57b61db5bfac5bcb0f2688f99c1ec4a4

            SHA1

            a4ee5ec5e0b73fd3132152fe2c9912304b711858

            SHA256

            adc17c2929f75b34ca62a0d370f3146ba1b52d6cc310d4e417110399d0eed345

            SHA512

            94262bd4872208270befa61578f182e77e0237dc2b55d0e1c1298ac07729661d8bf7574af76bc602c4985ce8903fa3b3fce107aa4af0f498c28b8b4f34977e99

            Download Submit

          • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357
            Filesize

            242B

            MD5

            844325165a5ef3f2976ee83d4b8de047

            SHA1

            de8bdf3541e2933f248ce1bbecb008714cd36b57

            SHA256

            8e15384ea6f9327560dc198f6e8f6c153ffbd865646da348a089009ef24fdf30

            SHA512

            7727d4320716a867c17e572efb42cde13f5951935b2c3f56a4fe01d5278dba67fbde5a0ccfa62cc2fd19d4abebfd17a9357b49fe07fb9db94c35082cefc969f7

            Download Submit

          • C:\Users\Admin\AppData\Local\Temp\Tar1183.tmp
            Filesize

            171KB

            MD5

            9c0c641c06238516f27941aa1166d427

            SHA1

            64cd549fb8cf014fcd9312aa7a5b023847b6c977

            SHA256

            4276af3669a141a59388bc56a87f6614d9a9bdddf560636c264219a7eb11256f

            SHA512

            936ed0c0b0a7ff8e606b1cc4175a1f9b3699748ccbba1c3aff96203033d2e9edabf090e5148370df42fbfc4e31d7229493706ff24f19ff42ff7bef74a6baad06

            Download Submit

          • C:\Windows\SysWOW64\order_opt1.bin
            Filesize

            4KB

            MD5

            5b5eccda32fe8ac871c404afd5d8e528

            SHA1

            08eab5d313ff212e3754021f42663f7ff6449161

            SHA256

            8b747a9cddb6ebec66572228e581a01ea6e9a4997af51df0467af171da8b65e7

            SHA512

            f6e72340c41fa5d1b0bd7381ae07cb60081893e433a8c3e16dce768b127781764ba5515caefb99e780c8cdf126d61e575bf9dc976caa5e89555c0d20d38ad8e6

            Download Submit

          • memory/1100-17-0x000000002AA00000-0x000000002AA0B000-memory.dmp

            Filesize

            44KB

            Download

          • memory/1100-26-0x000000002AA00000-0x000000002AA0B000-memory.dmp

            Filesize

            44KB

            Download

          • memory/1100-35-0x000000002AA00000-0x000000002AA0B000-memory.dmp

            Filesize

            44KB

            Download

          • memory/1100-5-0x000000002AA00000-0x000000002AA0B000-memory.dmp

            Filesize

            44KB

            Download

          • memory/1100-8-0x000000002AA00000-0x000000002AA0B000-memory.dmp

            Filesize

            44KB

            Download

          • memory/1100-11-0x000000002AA00000-0x000000002AA0B000-memory.dmp

            Filesize

            44KB

            Download

          • memory/1100-14-0x000000002AA00000-0x000000002AA0B000-memory.dmp

            Filesize

            44KB

            Download

          • memory/1100-32-0x000000002AA00000-0x000000002AA0B000-memory.dmp

            Filesize

            44KB

            Download

          • memory/1100-20-0x000000002AA00000-0x000000002AA0B000-memory.dmp

            Filesize

            44KB

            Download

          • memory/1100-23-0x000000002AA00000-0x000000002AA0B000-memory.dmp

            Filesize

            44KB

            Download

          • memory/1100-29-0x000000002AA00000-0x000000002AA0B000-memory.dmp

            Filesize

            44KB

            Download

          • memory/2384-138-0x000000002AA00000-0x000000002AA0B000-memory.dmp

            Filesize

            44KB

            Download

          • memory/2384-0-0x000000002AA00000-0x000000002AA0B000-memory.dmp

            Filesize

            44KB

            Download

          • memory/2384-4-0x0000000000250000-0x0000000000252000-memory.dmp

            Filesize

            8KB

            Download