Overview

overview

10

Static

static

7

750d4b7b1b...59.dll

windows7-x64

8

750d4b7b1b...59.dll

windows10-2004-x64

10

Analysis

  • max time kernel
    150s
  • max time network
    134s
  • platform
    windows7_x64
  • resource
    win7-20231215-en
  • resource tags

    arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
  • submitted
    25-01-2024 17:09

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    750d4b7b1b0278b34f3afe15d81df559.dll

  • Size

    178KB

  • MD5

    750d4b7b1b0278b34f3afe15d81df559

  • SHA1

    22d64bd528139f8b0a91578e5f41bee1c38a43c4

  • SHA256

    4adf0e3d85e63defc28d5de344221397e8f1eefc348a13c6914ea66f907bc3ba

  • SHA512

    c84b8141d2a4f56cf9de07e4fb8997af910b36822474751ab6341ca1e9cd38b86229958b27d0ce6a7bb5972f8bd25d7ca26191ea0f78ff9b69b1cf1f5d560463

  • SSDEEP

    3072:K2LFv+g/lbyScAvbrF16PfE2YNK+V68cCIWeei99v2:vnZacKfE2Xk62IJp

Score
8/10
evasionupx

Malware Config

Signatures

  • Disables Task Manager via registry modification
    evasion
  • UPX packed file 3 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Modifies Internet Explorer Protected Mode 1 TTPs 15 IoCs
  • Modifies Internet Explorer Protected Mode Banner 1 TTPs 3 IoCs
  • Modifies Internet Explorer settings 1 TTPs 40 IoCs
    adwarespyware
  • Modifies registry class 5 IoCs
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of FindShellTrayWindow 12 IoCs
  • Suspicious use of SetWindowsHookEx 4 IoCs
  • Suspicious use of WriteProcessMemory 28 IoCs

Processes

  • C:\Windows\system32\rundll32.exe
    rundll32.exe C:\Users\Admin\AppData\Local\Temp\750d4b7b1b0278b34f3afe15d81df559.dll,#1
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2208
    • C:\Windows\SysWOW64\rundll32.exe
      rundll32.exe C:\Users\Admin\AppData\Local\Temp\750d4b7b1b0278b34f3afe15d81df559.dll,#1
      2⤵
      • Modifies Internet Explorer Protected Mode
      • Modifies Internet Explorer Protected Mode Banner
      • Modifies Internet Explorer settings
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of WriteProcessMemory
      PID:2760
      • C:\Windows\SysWOW64\explorer.exe
        explorer.exe
        3⤵
          PID:1944
        • C:\Windows\SysWOW64\notepad.exe
          notepad.exe
          3⤵
          • Modifies Internet Explorer Protected Mode
          • Modifies Internet Explorer Protected Mode Banner
          • Modifies Internet Explorer settings
          • Suspicious behavior: EnumeratesProcesses
          PID:2316
        • C:\Windows\SysWOW64\notepad.exe
          notepad.exe
          3⤵
          • Modifies Internet Explorer Protected Mode
          • Modifies Internet Explorer Protected Mode Banner
          • Modifies Internet Explorer settings
          • Suspicious behavior: EnumeratesProcesses
          PID:664
    • C:\Windows\explorer.exe
      C:\Windows\explorer.exe /factory,{682159d9-c321-47ca-b3f1-30e36b2ec8b9} -Embedding
      1⤵
      • Modifies Internet Explorer settings
      • Modifies registry class
      • Suspicious use of WriteProcessMemory
      PID:2812
      • C:\Windows\system32\ctfmon.exe
        ctfmon.exe
        2⤵
        • Suspicious use of FindShellTrayWindow
        PID:2728
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" -Embedding
      1⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:2592
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2592 CREDAT:275457 /prefetch:2
        2⤵
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:2628

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      5376f3e1f03ccf4c94bc88bc8d9e1283

      SHA1

      babdc95e0bb56b7782fcc92db9ebb99e4cbdc4bf

      SHA256

      07e53e166b4a2b4072015d039f72fbda2b33ad4817de358df37cd6a4de0d1e5a

      SHA512

      1a2103b1c653cabc7e4fe9b57a76766f55e5327e938ce666b067d03ee822310007f67729273f022a0da5ae0d1273140a54d68128404dc594dac907beafd30d06

      Download Submit
    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      1bdef79b0f1dc6290d1f9a73e9c51efa

      SHA1

      0cd0528661bc8beecc4b54b250e9c97c4674dc8c

      SHA256

      198c4afca61cfe501832281abd31dc4585c2434def4fa3ce6aa0ef18e87f967c

      SHA512

      8489f1f3ede2b026b43947b82d26db488431088b0fba3f4a2e3170d42ff940657c9377d1e006bc7f785956c6722ec8bf7a72a6a43ec519cafd2cb1f3d17de64f

      Download Submit
    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      93a2d06cc738962db0fc2fde44424d50

      SHA1

      c75162309886bbb2c7862b0e1bdbc2c40e539bdf

      SHA256

      0eac8b939421b28a4da040119e10549b0f4d5eeeb8ef90faa84ddaa866e6e645

      SHA512

      a424d41c9292977fd49fc27e3a35d8bfd0b37c7c634d246c0b8376bcde32bc79a9833be645d1a168c87c2ea0a382d56d4b371adc518c103c9aa331af4d9db836

      Download Submit
    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      fcb4e2fe16c29664190f4cf3e850147b

      SHA1

      8d9868bfc829e61312751f34ff0f6c9972f9bff0

      SHA256

      41c2fb189effc574e3d74852b2c9a680d423b1ddfa856c1608dbd369e7a61ab0

      SHA512

      48cbfd323e8fe7c0283abad0dc735d4065653b3e1de50a906252af34eff8b2c8f82627b0e7245c9cd3e87ec3b76801d9f48204dd952c1a8630fd68fb636e5b55

      Download Submit
    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      7c4adbf666c1a61025780dd60b27c5d2

      SHA1

      66da1430cd6642be1d327699d82fceda4731f5f0

      SHA256

      7270a4258b413810e781db7c2d9e4bedf8f3592e9d0946af32c483d4b7009a35

      SHA512

      99205fc91a6580a4b3f8f7edb6921adaa7587c79af96f751afd0d2bb31d9441c963f497b3b1b9a06e68ec2f4b9c9ea1f3c8a0a8d6870a106dfff2061ed269680

      Download Submit
    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      3b82d8dccfb5c09417a3db26717f1797

      SHA1

      0b5d598ffe407b9daa2bd124f0e5b12119996b6b

      SHA256

      41fe0353e2b1c21d7c0a5b1d5ad5d2c2fd0aaeeeb46d4f78856d7d8a6b33950d

      SHA512

      98ac0d2778e7d7cffdbc072996147888bb3486b569a7f33cfad8c6b33980a735a2da713b018ba5379e920c59e85b4e53959c45f0c0d1c8acf87f48939126c396

      Download Submit
    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      633582f60f4a62965c47a355019ddb08

      SHA1

      9024e9e82ae5d3eaa89d1a1964b97de776a7da6a

      SHA256

      de93367faf3cc4dc88214f119fcaf782507e40bdd12a22457a00fd2b6efa9c51

      SHA512

      fb79769c0fbbf3720a51d0dfc5cf8b60c6a39f10cab8c4c2995feced3b3582bc45acea0ba0be5f09757a265ee8469c4f4d8146af3e08610662b01a5a88517d08

      Download Submit
    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      393063b2be28ffd2aae11aa565e1b5be

      SHA1

      fbe1fb6525c6cd244720f1370d028f23efb038c8

      SHA256

      05d753e767a94b3a48b362fd01896f256e6357dfdc6c25c98d56193e89f59358

      SHA512

      8888973c64fddf43b1be5a0f27d8fb51da90edc38230c6d904340c389d483c304b1f2930e3b509eba67e4abbcbe4eeb64a8b9341aeba3e4bd11f6172e12aa978

      Download Submit
    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      874118b5817b2c37bfdb82beba8c1a29

      SHA1

      3c66913d02f56b87ea5d14c730d0a957a209f921

      SHA256

      97bda86fc8114d3188dc4543af11d06ec41ad493f659fe5735b29bcac0ce4bb4

      SHA512

      2b9b6ab5de6e7282629c00787a8784b804e7f3107d0b88cec809cdcde43aeaf133cff79716fa723c2550f49bc907cc931fe0c16c7b4150aa92cd5503b4f10ad9

      Download Submit
    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      4b53d0fb4ede1e3115b0dd8fcccff8b1

      SHA1

      0c8696a54d257a00f36afafa3f45d022a1441b69

      SHA256

      d0d50761c385b31903521ea6304ff174836df712394991c5d35fc1f86eb8aa98

      SHA512

      6ddf017fa4dff1c327c7001a4d9eabf5b8e5f1e0994b49a41e4f0c974904b3a9213c2466921d1273681c10aa134fbac1f34a5e6c1255b70b00f8c981430a187d

      Download Submit
    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      284e75828801498c3414b763cd8c150c

      SHA1

      f05a881a65bdf18ced27554430223219cd429546

      SHA256

      9e3e9247e4b1ed7d92a93aef7fa8bf6e11d5a1173b0ef14e08d2c5437df069e8

      SHA512

      486e32b8dcfc078fc3da4b9a0936f9da437d057475e358f16d22eb54956387c137a9427b69ada5eb0e2db617e77064b8f53ad6f6ba1f7fe8dc5a82f19f10560e

      Download Submit
    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      b54dea4b7f9028d276c99b1e50592e98

      SHA1

      742680308489d4aa9c35cbafa14d1fe8a1f719ed

      SHA256

      1e0893ac6076a9fcd2235e2cd4a1697f8f0dc69639075849ceee9b1438c63c4d

      SHA512

      b0aa09d80664b73a5937d4ac64d093ed154370a30fd14df3df438b3ccaa5dbe631549dd6ef08fa999e6c98d24f9456c743334413880e7a17c13780ba954011a8

      Download Submit
    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      f46a4671bbcc36b145e386667bc83179

      SHA1

      7f3797a2820b0c90aa8f0515019c0f036c310dfd

      SHA256

      837220ff2458aa46b5d73b88ed3f5e5369307e0cfab75212bd401c9326d75021

      SHA512

      b7becc383dfb65d9b435511082d5142b709245972c26d7890e417c8bf87568d9c545007e32a13486b9d9b74990049bd460d46c5e6990578a192d0fa7132650e6

      Download Submit
    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      a2690e4e038c4fa1461bc418006ac3f4

      SHA1

      1dafec6237cdf327b60887591462b1bea0ed7d52

      SHA256

      75c8a75d224f58ce5ab08fa2fa3121c39b947e4ee37185443ab7574981e900a5

      SHA512

      d778ad9fd7ddc84aa23dc9c290545edcc83c5778a5ccd50755f80f8ca8bdb74b96667bbd552c4dfe2649f708e72d2d2df5023af1b5cc7797838adc53a7dd3f4b

      Download Submit
    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      d3d7aa0af0baf7e79b248c9d870a2427

      SHA1

      9f8fd5a6ec48882f54195c3facc0f07bcdbdf6ec

      SHA256

      ab0379bcd96fac29133c31286cc84d952cafa6b1fd5575bdd1edc2f64ddd53ba

      SHA512

      81dee8c65e5ee32b24449a173feb45a52593c0cde149f9ed6bafaaa7483cbc53f835feb06bada52d407deeef5f65a20193e1bef6f4ee227c1a382e3738074ac5

      Download Submit
    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      b33e12e23fb6e009653924d0899da8b6

      SHA1

      c866d47f990579ad769bcbaa34093fad115b2a12

      SHA256

      a129920f7c4621e4e7bdeadcc75e19cb9934335a75669441bf39a87c73511942

      SHA512

      dac3d5f7daf750e49ab486ae619ee5f3e8041272581fbe9b6e84f0ac5ba919d16c314faa25a323e44cb9b318108362964c52c887c77c9a9aabd7ba4f669f1e6a

      Download Submit
    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      dbbf7bf74e78fbc50539dcc23ccb67df

      SHA1

      932968c1f5f4908aed2f7f1bba03a5938b1e1994

      SHA256

      c316cddb861d633ddbefee8248952d1faff51269b950772ed5a6feaa9ead0116

      SHA512

      24a0c517bd94f74a41970cb62fae39a9c752ac14c03c39b80c0d3e988793b986ec3cdf6bd548d80b1c4970c1db342a51833c2a0fface04baea1c91e46d3b7bb8

      Download Submit
    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      5b816104253b7cddb528ab03dce9edce

      SHA1

      5deded3da24a75e3f00c69dc9ad71c14ca1f3573

      SHA256

      a3af505fbca681aba437b4f5c5172d5c63e7a32f9277d18f822c139396fc79e8

      SHA512

      703787ad68604ed97c8492f8df902b098437c4ddeb8c143431041b00f4d5109765b52e34207eee946fcc5fc9d5731a780e2d9bb1b288c62c926517597eb48e10

      Download Submit
    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      37e609702483b204122fa439cecc38c7

      SHA1

      3b19288c41bd6bc180d7f001cf1138cb6e6044ee

      SHA256

      d9d94859c931c962d1d85302d01edf20487bc7897195a1ed6aba1097b78b3080

      SHA512

      f874055c6e1d9debc7570a987dcfa325b5fc7be513f9c71bf5c7c41eb6dff29e3c9dc8865daae1eb9c82d4fbf8fa332ad0337e40867b869f2a9aee092b4d2b4a

      Download Submit
    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      ca2cfb4a11c125a4295ddae2f5dbafd3

      SHA1

      5672bd34462bffade4a9cd3161762de6bd913fa9

      SHA256

      f4191f71df7af11b70ff933a10c59fbfa6c0c83ed3d1b7ffb918fcee6d908b0a

      SHA512

      fc76f230d709c90e075bd6420da1a335e59bee926b75e86226a58c9d1a5256385ca3739caa9584af8648b061e3143771d54ba569c28b191ba803af65abe5754f

      Download Submit
    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      18d0462fc8c43002e79c6481ec774681

      SHA1

      81b50265751d7cbb925f8bca046136ccb344b21b

      SHA256

      3959bd7caaa446925ed9ee73e7c64c9864b2bcdf0fce97ca3373462625916706

      SHA512

      a9edbf0d84e5ab714497f49a716920961ec53054bb93fefc58e4488fe5cdf39ca27126214d634a5016bbd83c35f50c5e1090d93edf01d7ffdaf929c6150f33b7

      Download Submit
    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      7edf783a5a7e1a05b558844225358e72

      SHA1

      8d21b656155db3ca61d2c0d0b0840a2612fe0267

      SHA256

      67a7a0c1f623578deb3432b7d46cc69bb2a03d30c4ff4c163f7db30037b6fbbc

      SHA512

      ec51161750c3d2347f337113c8f92ebd0b31ffc56255b3497e018d2ef32fa1d1d6b4e80f1a81eff6ee36a5a24d7e51eca5a3455dc347931da912bc1d3860b9fe

      Download Submit
    • C:\Users\Admin\AppData\Local\Temp\Cab9A5F.tmp
      Filesize

      65KB

      MD5

      ac05d27423a85adc1622c714f2cb6184

      SHA1

      b0fe2b1abddb97837ea0195be70ab2ff14d43198

      SHA256

      c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

      SHA512

      6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

      Download Submit
    • C:\Users\Admin\AppData\Local\Temp\Tar9B0D.tmp
      Filesize

      171KB

      MD5

      9c0c641c06238516f27941aa1166d427

      SHA1

      64cd549fb8cf014fcd9312aa7a5b023847b6c977

      SHA256

      4276af3669a141a59388bc56a87f6614d9a9bdddf560636c264219a7eb11256f

      SHA512

      936ed0c0b0a7ff8e606b1cc4175a1f9b3699748ccbba1c3aff96203033d2e9edabf090e5148370df42fbfc4e31d7229493706ff24f19ff42ff7bef74a6baad06

      Download Submit
    • memory/664-15-0x0000000002AA0000-0x0000000002AE3000-memory.dmp
      Filesize

      268KB

      Download
    • memory/664-14-0x0000000002AA0000-0x0000000002AE3000-memory.dmp
      Filesize

      268KB

      Download
    • memory/664-296-0x0000000002AA0000-0x0000000002AE3000-memory.dmp
      Filesize

      268KB

      Download
    • memory/2316-10-0x0000000001D70000-0x0000000001DB3000-memory.dmp
      Filesize

      268KB

      Download
    • memory/2316-8-0x00000000001F0000-0x00000000001F1000-memory.dmp
      Filesize

      4KB

      Download
    • memory/2316-9-0x0000000001D70000-0x0000000001DB3000-memory.dmp
      Filesize

      268KB

      Download
    • memory/2316-11-0x0000000001E00000-0x0000000001E02000-memory.dmp
      Filesize

      8KB

      Download
    • memory/2316-20-0x0000000001D70000-0x0000000001DB3000-memory.dmp
      Filesize

      268KB

      Download
    • memory/2760-2-0x0000000000120000-0x0000000000163000-memory.dmp
      Filesize

      268KB

      Download
    • memory/2760-1-0x0000000000110000-0x0000000000153000-memory.dmp
      Filesize

      268KB

      Download
    • memory/2760-0-0x0000000000110000-0x0000000000153000-memory.dmp
      Filesize

      268KB

      Download
    • memory/2760-3-0x0000000000170000-0x0000000000184000-memory.dmp
      Filesize

      80KB

      Download
    • memory/2760-4-0x0000000000120000-0x0000000000163000-memory.dmp
      Filesize

      268KB

      Download
    • memory/2812-450-0x00000000037B0000-0x00000000037B1000-memory.dmp
      Filesize

      4KB

      Download
    • memory/2812-6-0x00000000037C0000-0x00000000037D0000-memory.dmp
      Filesize

      64KB

      Download
    • memory/2812-7-0x00000000037B0000-0x00000000037B1000-memory.dmp
      Filesize

      4KB

      Download