Overview

overview

7

Static

static

7

7f866840b9...c2.exe

windows7-x64

7

7f866840b9...c2.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    145s
  • max time network
    134s
  • platform
    windows7_x64
  • resource
    win7-20231215-en
  • resource tags

    arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
  • submitted
    29-01-2024 09:47

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    7f866840b9b867d64161b113555cacc2.exe

  • Size

    9KB

  • MD5

    7f866840b9b867d64161b113555cacc2

  • SHA1

    53cbaae3fd26ba1654a950db8d1f58a6f85ffd18

  • SHA256

    35950d4721a5af0d026df06664069f25a5ace918797c445036d7a7c4a2c793d9

  • SHA512

    bba5efabd3c77793b84bb828693420f9d7c43afa961b58b5463b402ad2f7a744cc44a8a5b3d89fa3fe331dce38eeb665d1aff9f468d4ca65d31ac700ddb94970

  • SSDEEP

    192:/TlMi6dUCC1WZTqoXqVLlGTT4UDaZPLJoJuasrVKEkR:/TaIJ1UTqoaVZGXYP+2VKEkR

Score
7/10
upx

Malware Config

Signatures

  • UPX packed file 2 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Modifies Internet Explorer settings 1 TTPs 64 IoCs
    adwarespyware
  • Suspicious use of FindShellTrayWindow 4 IoCs
  • Suspicious use of SetWindowsHookEx 19 IoCs
  • Suspicious use of WriteProcessMemory 32 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\7f866840b9b867d64161b113555cacc2.exe
    "C:\Users\Admin\AppData\Local\Temp\7f866840b9b867d64161b113555cacc2.exe"
    1⤵
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:2060
    • C:\Program Files\Internet Explorer\IEXPLORE.exe
      "C:\Program Files\Internet Explorer\IEXPLORE.exe" http://www.baidu.com/
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:1376
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1376 CREDAT:275457 /prefetch:2
        3⤵
        • Suspicious use of SetWindowsHookEx
        PID:2148
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1376 CREDAT:209923 /prefetch:2
        3⤵
        • Suspicious use of SetWindowsHookEx
        PID:2692
    • C:\Program Files\Internet Explorer\IEXPLORE.exe
      "C:\Program Files\Internet Explorer\IEXPLORE.exe" http://dl.kanlink.cn:1287/CPAdown/Loader_jieku_977.html
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:2052
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2052 CREDAT:275457 /prefetch:2
        3⤵
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:2688
    • C:\Program Files\Internet Explorer\IEXPLORE.exe
      "C:\Program Files\Internet Explorer\IEXPLORE.exe" http://dl.kanlink.cn:1287/CPAdown/haozip_tiny.200629.html
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:2708
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2708 CREDAT:275457 /prefetch:2
        3⤵
        • Suspicious use of SetWindowsHookEx
        PID:2588
    • C:\Program Files\Internet Explorer\IEXPLORE.exe
      "C:\Program Files\Internet Explorer\IEXPLORE.exe" http://dl.kanlink.cn:1287/CPAdown/vplay.html
      2⤵
        PID:2716

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      baf9a33f888b6a0834d71217a143500d

      SHA1

      6e635eca411498e4dc2c84d369fa14b55ac9a88f

      SHA256

      03d1fe8f86fcf6e60ab38be5547a79e34afa22c0319ab98f0deedf2d92793b35

      SHA512

      c0d301fab0a35ad7c7ddd0ed45b4fadd257d757c4229e68931c571dbaab25b2d924fc4efd0aed6bfe9c5691554fe0aa524b140b699e8230c5d8538f7dc447c5e

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      e9cdc25dc52b6f755ff5adf0c58fa6dd

      SHA1

      07c98829521ff68b8935056d017c4ceeed542bce

      SHA256

      ffbff737288f131b31ab2a915a9f4bfb6822f8c49067bf059825394c2bd9c641

      SHA512

      2afb9e3b046c2a1ba3973fb73dc60597b18ba0d00ab787066bee5acaa005ba819bd2b089f3307a7d9ac66259ee4c09359afbc0cc7514911c5bafe9aed77daab5

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      ae3f62200441de145cf87592c6e063e3

      SHA1

      92b4c1e2a4034bdb7378463a0b2a091fb7dd12fd

      SHA256

      f8a509921857c97959ab16a019776921cd0340bfc0de9bc2833bb05eb22e2186

      SHA512

      f35c5a2c8acfa9fbd5b903392d4e3e85f7f9d49c8f13efbd6b2a2a540e75f6b831d4bbe6dd2af82d66b9cb1f45a115a04b0829fbc66c0c099c025c5f08328ff1

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      cf093ccb7d22a544c852adaa3964b7b7

      SHA1

      8649ceb011e3dc03d9f830be4f0ffa8d4cf33ab4

      SHA256

      bd5f65c42dbccd4de8349cf10643510ed41ffff8d783f7b65a310cdeb1f4c0d7

      SHA512

      c86f7b2b47647e2e820efe1d3299372fa4f40fb2f922712b6db58913e8145bcd60dfb79c387c97bfa6c688f97e07a373575c292264e1b34c67821f5122c012c2

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      7d44edc10e25d079d1dea05c7e8eb2dd

      SHA1

      81d7755290ce164e6f8163702ae3b2f07df13399

      SHA256

      69940d22506cfd0f926a36aadb0eefe8a1b94c9f949b9cf08bfb5f574c3e26b1

      SHA512

      a496e0e34b372593d740c091966cbe9fe52de8b31cb52e0fbd7dfe94740697734bd1b05c8c775ee8e0d5611a2b5a79f27eefbe41880eb7c2b019747c65d53b7f

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      2ccd569800147288e56ca33e1f1e40f1

      SHA1

      db17957db565911bc485b4bdb9e53310898e3ff8

      SHA256

      72e5daac5cfe6cc76ca243efb0465d436c74096cae823501d503881ff723d5ca

      SHA512

      83e019f6fa13eb61e6c7e559cafb10272c6cb1ea03bc03c0feab097d105773259bec7b38825126ed08484c1cc4b7fe4c48d185edee9c848a31a2416a05dcde74

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      2f3e5c2cca4ea03f73d369cf914a3d68

      SHA1

      e108cf47e16ff6a9a913270902cf2545a86e8057

      SHA256

      765879b15f694132907ed53ae41297070c6a39a2a8bb66aa731e3f6cecce1c25

      SHA512

      f3c1fffff3ad8d185d751c42e8f26ae4cb045a428d17a0317df7600af093d990ebedc93eeddb9e1fe12fab5504be2a135fb20c4e7dcab8065ba3a2d451cfa8d5

      Download Submit

    • C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{7FA121B1-BE8B-11EE-8809-CE253106968E}.dat
      Filesize

      4KB

      MD5

      ff5497ac13f00ea3b1cb7f415af9bcb2

      SHA1

      e20d005933cf2a14a3cad9f48304b7faa3d24e5e

      SHA256

      3e93e34b3b43ba72cac6d663afb20434f9aef94edf0e6f950fdd001a681d0411

      SHA512

      5a2bb924b96d936aab1252e67e2e1c0574ac1e8cd6bd9f16d188244fbf92a231a0dc0c70c813d65f7a3a5c256d281f0b4e81be15dc6429855015cd2580b319b2

      Download Submit

    • C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{7FA845D1-BE8B-11EE-8809-CE253106968E}.dat
      Filesize

      5KB

      MD5

      92a3f294e0537a85389065a78f8ab05e

      SHA1

      0f0d49684ebe2d7dc26b5ebac182bdfbd15cf7ec

      SHA256

      f24f9b7a7e17fed547739439afe36ecff6d671c6aad4c957f733ef515d40e16e

      SHA512

      177874191f5d027c4816fbff40ef56999eec0ca131d328c93d89e654897e951b778bad048a7d0e2dde26113cc4cdcccd2a54473d68aca34dcf26e915eaee72ba

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\Cab426F.tmp
      Filesize

      65KB

      MD5

      ac05d27423a85adc1622c714f2cb6184

      SHA1

      b0fe2b1abddb97837ea0195be70ab2ff14d43198

      SHA256

      c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

      SHA512

      6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\Tar42C0.tmp
      Filesize

      171KB

      MD5

      9c0c641c06238516f27941aa1166d427

      SHA1

      64cd549fb8cf014fcd9312aa7a5b023847b6c977

      SHA256

      4276af3669a141a59388bc56a87f6614d9a9bdddf560636c264219a7eb11256f

      SHA512

      936ed0c0b0a7ff8e606b1cc4175a1f9b3699748ccbba1c3aff96203033d2e9edabf090e5148370df42fbfc4e31d7229493706ff24f19ff42ff7bef74a6baad06

      Download Submit

    • memory/2060-0-0x0000000000400000-0x000000000040B000-memory.dmp

      Filesize

      44KB

      Download

    • memory/2060-17-0x0000000000400000-0x000000000040B000-memory.dmp

      Filesize

      44KB

      Download