Overview

overview

7

Static

static

3

7743e85e4a...fe.exe

windows7-x64

7

7743e85e4a...fe.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    134s
  • max time network
    127s
  • platform
    windows7_x64
  • resource
    win7-20231215-en
  • resource tags

    arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
  • submitted
    26/01/2024, 11:41

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    7743e85e4aab9c595053d4a605887cfe.exe

  • Size

    45KB

  • MD5

    7743e85e4aab9c595053d4a605887cfe

  • SHA1

    91c318d180aef4abae035cf5d11705d307caf4d2

  • SHA256

    92fceb949c5b1c34aa19377b103439c44a8f61ea4db43173883262ddcd71a5b8

  • SHA512

    4a1112def84d26c4f42b40d46256f2b9bba2e60ace6f7da2e73f38234b539ed9901c8856bc70556a1fa741c44aede6088cb771a9a7eb3c0f2f2949da5c0cb82e

  • SSDEEP

    768:y3J3kyPnf7zO23G43LLc/2vYPif9Ia3gn+hpJqOcsMVKFGARS+igNz:y3J3ka3/XEfif9PJT1F7FG2S+igNz

Score
7/10
persistence

Malware Config

Signatures

  • Deletes itself 1 IoCs
  • Loads dropped DLL 1 IoCs
  • Adds Run key to start application 2 TTPs 1 IoCs
    persistence
  • Drops file in System32 directory 2 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Modifies Internet Explorer settings 1 TTPs 25 IoCs
    adwarespyware
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 4 IoCs
  • Suspicious use of WriteProcessMemory 24 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\7743e85e4aab9c595053d4a605887cfe.exe
    "C:\Users\Admin\AppData\Local\Temp\7743e85e4aab9c595053d4a605887cfe.exe"
    1⤵
    • Loads dropped DLL
    • Adds Run key to start application
    • Drops file in System32 directory
    • Suspicious use of WriteProcessMemory
    PID:3008
    • C:\Windows\SysWOW64\cmd.exe
      cmd /c start iexplore -embedding
      2⤵
      • Suspicious use of WriteProcessMemory
      PID:2936
      • C:\Program Files\Internet Explorer\iexplore.exe
        "C:\Program Files\Internet Explorer\iexplore.exe" -embedding
        3⤵
        • Modifies Internet Explorer settings
        • Suspicious use of FindShellTrayWindow
        • Suspicious use of SetWindowsHookEx
        • Suspicious use of WriteProcessMemory
        PID:2868
        • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
          "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2868 CREDAT:275457 /prefetch:2
          4⤵
          • Modifies Internet Explorer settings
          • Suspicious use of SetWindowsHookEx
          PID:2944
    • C:\Windows\SysWOW64\cmd.exe
      cmd /c "C:\Users\Admin\AppData\Local\Temp\twe1E69.bat"
      2⤵
        PID:2600
      • C:\Windows\SysWOW64\cmd.exe
        cmd /c "C:\Users\Admin\AppData\Local\Temp\7743e85e4aab9c595053d4a605887cfe.bat"
        2⤵
        • Deletes itself
        PID:2652

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      afa95809f1fcf2b284503ec8d5833e95

      SHA1

      5aedb56c75b1f8a54a657f64d2ffafd5609b82d5

      SHA256

      1b4829ee71a71c6dfd5b0bfee955dec84c4a7f44ec5137ff76cb42f0a3b23165

      SHA512

      7c2a566274fbf98e4c21969a2d63829e6f2b96d765516bb6dc3e863c0e3f79375774c6933fb104a61b3185d5329fc48600a15901aafd9e91a6a705df2026ea8c

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      8e04a826e439ee90581e28e3845cdfdd

      SHA1

      b3068bacec34fbe743a2d7cb33984d71f964c607

      SHA256

      fea17359efcb08d27d0646df636b28c9829ba3dc28f9e0546a7acf76c22a51ea

      SHA512

      6cdce307e376eaa636c49ce99929dff0b18534280dc82a386310199f4304660081e66c7f2380a8d4b531a5e0318f475f8a5277bd1c83276bc6d5b59d93cc49c7

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      1de89f4c9e9cd76e8582e4c8c3b2d598

      SHA1

      9b029a91aae04add7f45a3398e7ce19ba16a1e66

      SHA256

      4171c4d678fb212a84fb977e40628b7d6a3186aa2a3297f7e1e1bd971b0df356

      SHA512

      14e94c5cd38fe013bd0a833630e3a76f7f22962baa8b6ac8eb8b6ea311616b875b8e6d26e67188d595b75cd7cf7f13bd3ef078d42fba1b968b4b2802bc9d5449

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      6ec90318ec56b91210be4c7bac48474b

      SHA1

      670967462e14d69aadf50f8ee667dde1be33973a

      SHA256

      860843fa2147204d27e6d35c690241fdcc288024764a8af6118501f782462238

      SHA512

      ded208e032d083dcef55f2b2691eb26ea97d93cca0e80ee67dfaee16dd7aedc82a53709bce27bb3ae03714fe5b9d0533f080863ff85377d5df16f8fa0c0199da

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      9d84d37f1088f8514224093a66bf68d2

      SHA1

      5de6ced003463d96e3e3476fc4850aea8c8720ef

      SHA256

      94486468035db5a70ec16783d240c56081c22c7c9947548c5ff090c49e97f477

      SHA512

      0e849c06e638e8f7e629a812344647c69969ffc91a54576349f8f01be061beb05630eaad8817c2ad46451573285849696ecbd268fccba2640f9cf265ff4c1a98

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      aa9d13388136dcbc58747ab8cfc21fed

      SHA1

      a21549a65a8a0cee3315898d4a863db375b6ca73

      SHA256

      dae0e30043f6fa4271bb70b9dcae510202365f3990414badf67943da37e6e85f

      SHA512

      0927fb044a086aa7bd9bf73cb113ec9c38be51f22d88e8bea5b4b3f0f7277252f374195b71060b84e762e630a4ea704354761a28673fb78bf930ffcb82ed9829

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      3577c1ff29d848ed3028669456acb221

      SHA1

      fba20b22eabc6edc06e8b4eb39d6b7ecdb2eafec

      SHA256

      88c6f8e16ed9a38d8d460301e062d5202e22129864bd47e14e6b475da41df8d5

      SHA512

      2d962f5957e8fe85c5957a613c54a984ed64930b29c98ee297df83957750ea2180cf22e4662bd0a50f574fb65a460b28cb33c30fa26f5b88671c6f6018d4a903

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      ff162fc58ee6c7b904298689f365f25b

      SHA1

      6ad439f30671806ba674a203d86263de6e22e0dd

      SHA256

      46f105610633de59db8868b533c2d4d7aa385b657b640db932cb3e0e6524ce35

      SHA512

      09525a0528231316dcbdff1b4f06deb45a06eb4ce93414b8f3b735bb3637c5d666120530f8c81805d11b14852b17fb4e1078bb3855b6fe40d4932a28e8bbfe74

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      338e5e33288d5b085d042909d6196cc8

      SHA1

      f2da76f14c575485a065738b0450b6420174b0db

      SHA256

      f53cb4c549c4051226ec1106d5c679a0bb76b6e82eb0534dfb9c5c5ca2dc28d8

      SHA512

      911bf6fdb57e77df4391fc6d1da6f62f29cbc891e3f7c412fc2d23ca4a6afabdff9208a23b638b214bfa7229a6a8a6c0159f175ae85645c5fef0ee15aa8a5eff

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\7743e85e4aab9c595053d4a605887cfe.bat
      Filesize

      263B

      MD5

      2468b86b10f8b8e753fc7e0437c06b22

      SHA1

      0252da17bac8d7c61b91d9da6f8f32efa6e986aa

      SHA256

      d5e6ac8863d1647ef2a6848bad1d6794991803b818c3b54a8aa00dab2e333788

      SHA512

      20dea88fc5968395c7993fd32f04234b9c06cb90976e4fcdfaaf4770da5ba7f7892aaf7f21e1dcbf2df765cb7cbaa835f0baacd07b0d1d6a0960b1e1baa4c74a

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\Cab1EF8.tmp
      Filesize

      65KB

      MD5

      ac05d27423a85adc1622c714f2cb6184

      SHA1

      b0fe2b1abddb97837ea0195be70ab2ff14d43198

      SHA256

      c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

      SHA512

      6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\Tar1F87.tmp
      Filesize

      171KB

      MD5

      9c0c641c06238516f27941aa1166d427

      SHA1

      64cd549fb8cf014fcd9312aa7a5b023847b6c977

      SHA256

      4276af3669a141a59388bc56a87f6614d9a9bdddf560636c264219a7eb11256f

      SHA512

      936ed0c0b0a7ff8e606b1cc4175a1f9b3699748ccbba1c3aff96203033d2e9edabf090e5148370df42fbfc4e31d7229493706ff24f19ff42ff7bef74a6baad06

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\twe1E69.bat
      Filesize

      188B

      MD5

      1867f0151be5c0deea47d4eb582701f1

      SHA1

      2b9e0366e9551d9522f226d604afafdb5113643f

      SHA256

      6844932b5c8012fc5de2b4ad74c2e96dde97f63ea5d71b353704b15d988b9838

      SHA512

      2ba26647f9e79ff5e292a9b520fbf97f04fcf23e5350cba1dfbe16c2fdba9f157ba9cc0e68babe4cd5674aea095b09b2f2d62a040f400f5af6e6d1111548f2cd

      Download Submit

    • C:\Windows\SysWOW64\winbau32.rom
      Filesize

      32KB

      MD5

      7ac9acb5469776c2f03d943037d47298

      SHA1

      8f8838c3da0df25c95c6fb50205c427d2afc7543

      SHA256

      16a9514b509206e55689a8bd6a1edae52987efc8459a021d5cec3b5c54946b15

      SHA512

      51b168d05103e9439e920e6b1c9b5b817e3e7255b7d18b89d88140311fa9313240037f1449c908c512b5c0b105581895b31a6182f60ced2d6ad396fb67502d3e

      Download Submit