Overview

overview

8

Static

static

1

80054001af...a7.dll

windows7-x64

8

80054001af...a7.dll

windows10-2004-x64

8

Analysis

  • max time kernel
    150s
  • max time network
    133s
  • platform
    windows7_x64
  • resource
    win7-20231215-en
  • resource tags

    arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
  • submitted
    29-01-2024 14:04

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    80054001afe33630ae6a41228590c0a7.dll

  • Size

    244KB

  • MD5

    80054001afe33630ae6a41228590c0a7

  • SHA1

    1bc14526dd9605fc3b6ad67481e95aeefd5c4d29

  • SHA256

    c67c0da4fbf62085a5d674bcf8379b44ba810179ff34334c94beaeb4d99d48fb

  • SHA512

    215c7bac999252e026a78755c20d6ba3d7c0bb6e9aaad6068c6315f362399899637310b4f145865c7c45027bfacd64ec441d3a8d003f8359da462b5445c33868

  • SSDEEP

    6144:HG4tOwXcgIgfSxdL4H7de+1hxpsc1eT5L:H5vciGade2xpsc1Gl

Score
8/10
evasion

Malware Config

Signatures

  • Disables Task Manager via registry modification
    evasion
  • Modifies Internet Explorer Protected Mode 1 TTPs 15 IoCs
  • Modifies Internet Explorer Protected Mode Banner 1 TTPs 3 IoCs
  • Modifies Internet Explorer settings 1 TTPs 40 IoCs
    adwarespyware
  • Modifies registry class 5 IoCs
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of FindShellTrayWindow 12 IoCs
  • Suspicious use of SetWindowsHookEx 4 IoCs
  • Suspicious use of WriteProcessMemory 29 IoCs

Processes

  • C:\Windows\system32\rundll32.exe
    rundll32.exe C:\Users\Admin\AppData\Local\Temp\80054001afe33630ae6a41228590c0a7.dll,#1
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:1708
    • C:\Windows\SysWOW64\rundll32.exe
      rundll32.exe C:\Users\Admin\AppData\Local\Temp\80054001afe33630ae6a41228590c0a7.dll,#1
      2⤵
      • Modifies Internet Explorer Protected Mode
      • Modifies Internet Explorer Protected Mode Banner
      • Modifies Internet Explorer settings
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of WriteProcessMemory
      PID:2040
      • C:\Windows\SysWOW64\explorer.exe
        explorer.exe
        3⤵
          PID:2108
        • C:\Windows\SysWOW64\notepad.exe
          notepad.exe
          3⤵
          • Modifies Internet Explorer Protected Mode
          • Modifies Internet Explorer Protected Mode Banner
          • Modifies Internet Explorer settings
          • Suspicious behavior: EnumeratesProcesses
          PID:2604
        • C:\Windows\SysWOW64\notepad.exe
          notepad.exe
          3⤵
          • Modifies Internet Explorer Protected Mode
          • Modifies Internet Explorer Protected Mode Banner
          • Modifies Internet Explorer settings
          • Suspicious behavior: EnumeratesProcesses
          PID:2908
    • C:\Windows\explorer.exe
      C:\Windows\explorer.exe /factory,{682159d9-c321-47ca-b3f1-30e36b2ec8b9} -Embedding
      1⤵
      • Modifies Internet Explorer settings
      • Modifies registry class
      • Suspicious use of WriteProcessMemory
      PID:2652
      • C:\Windows\system32\ctfmon.exe
        ctfmon.exe
        2⤵
        • Suspicious use of FindShellTrayWindow
        PID:2800
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" -Embedding
      1⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:2560
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2560 CREDAT:275457 /prefetch:2
        2⤵
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:3020

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      bd3de91e21d89fdeeafc2d13d3e12b54

      SHA1

      6a6bb99abc4e02d6212e0ea8d8f583b206e03610

      SHA256

      0895d7d015455593bc6ba7b5c849ab3b3a16bf32ea38f5d2bdebab9b2d3f1748

      SHA512

      d37a9a1f32468b37b4d2f489a6874e861bdddfbb8a8196feb40eb70300197133f79366f3afc794a877fe9da05fe33eb0ce2c9d2319eaa57594c9efa84aecd9e3

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      39ba2a7dc11d10609ab33a01ff948828

      SHA1

      f518209f1eeed35d4944d320b1d0b358960babb2

      SHA256

      560f6b74ad169afedc05779a6c08fc9a2b1a11377f0f90564ac50009725d2c42

      SHA512

      07de58807b6ad7d10303841e2f54c9548afbf498379b3cbec396e5d13428a5e45546fccfbf053a9c3306ed283d91212fabb97b854e9783a4497c59e662f54935

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      dc60e27b39f094e81e65027edeb3e97d

      SHA1

      7ed7ee4bc40eb6ba9b32816ed8a9734e939bb039

      SHA256

      02bdc18c2e4578eeee6c3988010f5f739acc957c9a81241c4d5a7b81825e4151

      SHA512

      7965977b8ec5948d68d00ea6724c027b31db6c674f84c14fe00fa0945393f4a6ceff3d0b8114169306745e452504275854c6c45b3db50f6d1d6e2b9103b156bd

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      a976d2c8ccda9922841ad0760d84f57f

      SHA1

      6dab81197fc00f30c5095e6676be665f488537e7

      SHA256

      18e93d3ff2f5715cb24251b2417f1a33ba89aa3b926e934e28bce31371127e55

      SHA512

      05a30fd130a270a8aeb990e515373c80e735e3b9a9019c8488aea9a6852872448d8a5ae21cf328cba3fa0095841e0b9de5c0ba58ebae6dce14ee0d77e0a21a33

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      7427d3bcb8c56ad0876b0f8e7ffc7cac

      SHA1

      f43b4ad25b10b0fe792821fbec86d66d0be33bb4

      SHA256

      6a047e2c4ea4709e54823d98e4c00ffb78bed3657ddf8fee4b146bffdfcdb041

      SHA512

      8b696d22defd00255cb93bf863426b707b720953cd1a66a72a6be5b76f535ed5c04e82eab3f36006a93bf68ff827f3d9c8c492bc0ee45ab54756a83b5cfafa1b

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      320cb441c6125a8fa49bc552b439ecdd

      SHA1

      2b1a7b18251baec4fd3eddfed80630c8ce00f922

      SHA256

      ad53a597c160ea6731ad667135012f34f270e3759cb79defbfb9438e061c5e78

      SHA512

      a16a5b6405ff4b7e4dba5474c110beec1b7c801fad3cd4b8537f2b5957f1c99cf1611abd23da3cf85dd96139de979ad27e34219cb955f6cadcd17e3a5148eff3

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      289a05efe73c9a54856d8b1af205f3b3

      SHA1

      657bbcd33b338fb0e378bdbba3549de941b9af6f

      SHA256

      caa471d0494ef14254f5c4af7a39dff5c5c1c80fa7d8476b1f75d496e4a56fdc

      SHA512

      ca2865a66427ee1f4b6a7a64cb70730405f14a16b1ceb173846a3cf96aae611937268703e82c19115f613a8a20a68f9af5cb60c8c0eb4a44217cc937a9998b21

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      07207851b03c4dab0ffa9de04e9dc741

      SHA1

      10fb1caa74efb4099670fdba2a735cccbb7e11ca

      SHA256

      08fdd54eee6c67569879c1304b3aae20e51c24475178913d8deb3bde219a6c32

      SHA512

      b7fbb315adcebf5548e36c96726dfa5692b64db10f46ba73616b72915a98dba28817696051a4b8333c8bf31b2f5f07b8aa7fd979b5d3365a3ffa49cea15c2136

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      242e0efbfbde3ebfe6a540fe15a69b22

      SHA1

      9e8e5777052027e69a9243101d9adfab6733bfea

      SHA256

      af95af1a3c219811a31368eb4b387e0f30730555defcde175ce90b5b1dcf8afa

      SHA512

      33048302049590687f5798d147e0d208ce1503433e9b0c9277f7c46598d34168fcad1c0a52c7186885cf484c9987ec0c0717b479b46a37c5acfb1afd6937d1f4

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      71ef457f79eb2dfc79e2cc630a031460

      SHA1

      bf2903018457cf099342f557e107b941ca528e47

      SHA256

      c27d194012bf5476f357ac68ac5fa129a4c8d270dc2caebeebfa0bc1d8a93ea4

      SHA512

      da834047c98d95ee5e50b3ebf01a3646794f2e079159a63a71b998f346b1546a93bcd03f53b2c2d0be871b0598bccc9f3d0e3927b062b061a6856e2ac0cf304d

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      587f271b86b1c81763cd6b788b815211

      SHA1

      be9af85dea02a368519c385b3f4a66a352bf8f6f

      SHA256

      9ebb5a5a6090c60d9de4c47ce4e150ec103a4135c2f242c1189e492626f77a2f

      SHA512

      884037dda3cfad536c51ae533aa4802bd42c4922bb4564184ed660221ee9ff08361e06560c464a223518ed435e31f3c83ab969ae0297817af5bbaca22718a901

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      ecbb1ecd6a5c766a99bb266b76e69e61

      SHA1

      06c95f6175a3b0d9114cef425c002db21ee68a04

      SHA256

      e7883074cf903528f81a8e81ed102353a00945dfa3abef51e5be91c604ffd330

      SHA512

      05ca807408848086538018debb7e153800214eeca536f41e05a4d49ae93f8cf48b61a22e93dbc8772cc82f6311f1ba300cfc7d46e99a75de9211f7f7600041c8

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      08bfa94f384bade77213f5e0fc1a21f3

      SHA1

      dfb6848b7d24d521fc66b5602855bfa000afdca2

      SHA256

      0e2a953c1f3e580e201623dd7298f8561c6eaa7079c344fb6123eb6ebf7f4544

      SHA512

      7c3e808ff4f5f93e7aebf073bf751ae057dd5631f269844e7bb4f1e34f7230c3b63c183a8b08db00029308a4ef43a253bcaa10fb5c78c417b8059200956b6e3d

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      41e3624cc0862d073f60248cb5e33664

      SHA1

      aeb0dcae09816e7d29efe61386155f7b9d7d526e

      SHA256

      914cb7e726bd824192dc5e2d1ce0337dca7c60159dedd3ec92c29527995978fb

      SHA512

      f66860c7630aa2f6fd0dc462a91200ebce1421804670cb2bdb737537881057fd66d9ca64a5bb7f2afc871fbf8c1129ed632bfe72ffd4dc5a88a4804cbf256d09

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      e8d387c217d7b98548c939f6df7e9a86

      SHA1

      16d4db3e14b690760f71070ba94a1c3bd69e2fde

      SHA256

      89198fbe8dd6e64362383013c20e9eac0bf6f05fcd1d4f460697c6ffba603f94

      SHA512

      aa1b0df8da0baf77516e0df91ee825dab0ac5d5f44fcb46405b3725ba48ab896ae252c1d05e38399232bef723679cb3b2cc07943c9379a381f469dbe5c4b6455

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      7176a6048bc9af83a854df59b4184f53

      SHA1

      16ea2d3c7cc58b453cea6d9ec52439d243252aa5

      SHA256

      11d624ef0337731520d123808f6c6d957d4caff0a635e118cf5671353bb48481

      SHA512

      94cd02ef95698f7d62e2be690963ef00c8a924814418fb15e7960f0147e8b38a52fc347c403c57b65bac5a907fe5c41121427a43d91e494efd36b8fab8774a3c

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      689e7b94171fab171b646559b5255c7f

      SHA1

      59bbf4590ca1e693ed3f05f737ca20dc6eab7cb9

      SHA256

      1abeaae584ed0cc7936ad99676243e40335c324e667a4e6ea11a46a142f0f8df

      SHA512

      e9e1d4b6f7580c48e713f85cf44c360718b52f9b4b522169a95f905bcefb2bbaba6ae3c61a05f4ce1b71a60ac35ac9dbce9b4056bbda42bd3c575293696a3b49

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      de153e7f957b85d80aae9681b4693cc3

      SHA1

      d6165fd3108e7fa453df6e276c521b2de03a93b0

      SHA256

      290d46ffd1845b14ea1ec6e34260abf7ecc8693332c32adca0e86d13940de6c8

      SHA512

      cbd7be258d828a0616b6d27d0748759951ad01cc6c3d79cef63666129db246bd26b90e88f48e8a7a40a9810b1cac826bbead6f2fda25be689c64be816226d50f

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\Cab6A89.tmp
      Filesize

      65KB

      MD5

      ac05d27423a85adc1622c714f2cb6184

      SHA1

      b0fe2b1abddb97837ea0195be70ab2ff14d43198

      SHA256

      c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

      SHA512

      6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\Tar6B09.tmp
      Filesize

      171KB

      MD5

      9c0c641c06238516f27941aa1166d427

      SHA1

      64cd549fb8cf014fcd9312aa7a5b023847b6c977

      SHA256

      4276af3669a141a59388bc56a87f6614d9a9bdddf560636c264219a7eb11256f

      SHA512

      936ed0c0b0a7ff8e606b1cc4175a1f9b3699748ccbba1c3aff96203033d2e9edabf090e5148370df42fbfc4e31d7229493706ff24f19ff42ff7bef74a6baad06

      Download Submit

    • memory/2040-0-0x00000000001D0000-0x0000000000200000-memory.dmp

      Filesize

      192KB

      Download

    • memory/2040-9-0x00000000002B0000-0x00000000002E0000-memory.dmp

      Filesize

      192KB

      Download

    • memory/2040-7-0x00000000002B0000-0x00000000002E0000-memory.dmp

      Filesize

      192KB

      Download

    • memory/2040-28-0x00000000002B0000-0x00000000002E0000-memory.dmp

      Filesize

      192KB

      Download

    • memory/2040-5-0x00000000002B0000-0x00000000002E0000-memory.dmp

      Filesize

      192KB

      Download

    • memory/2040-3-0x00000000002B0000-0x00000000002E0000-memory.dmp

      Filesize

      192KB

      Download

    • memory/2040-2-0x00000000002B0000-0x00000000002E0000-memory.dmp

      Filesize

      192KB

      Download

    • memory/2040-1-0x0000000000240000-0x0000000000280000-memory.dmp

      Filesize

      256KB

      Download

    • memory/2604-16-0x0000000000370000-0x00000000003B0000-memory.dmp

      Filesize

      256KB

      Download

    • memory/2604-22-0x0000000001C00000-0x0000000001C30000-memory.dmp

      Filesize

      192KB

      Download

    • memory/2604-13-0x0000000000260000-0x0000000000261000-memory.dmp

      Filesize

      4KB

      Download

    • memory/2604-15-0x0000000000340000-0x0000000000370000-memory.dmp

      Filesize

      192KB

      Download

    • memory/2604-458-0x0000000001C00000-0x0000000001C30000-memory.dmp

      Filesize

      192KB

      Download

    • memory/2604-18-0x0000000001C00000-0x0000000001C30000-memory.dmp

      Filesize

      192KB

      Download

    • memory/2604-19-0x0000000001C00000-0x0000000001C30000-memory.dmp

      Filesize

      192KB

      Download

    • memory/2604-20-0x0000000001C50000-0x0000000001C52000-memory.dmp

      Filesize

      8KB

      Download

    • memory/2604-21-0x0000000001C00000-0x0000000001C30000-memory.dmp

      Filesize

      192KB

      Download

    • memory/2652-457-0x00000000037B0000-0x00000000037B1000-memory.dmp

      Filesize

      4KB

      Download

    • memory/2652-12-0x00000000037C0000-0x00000000037D0000-memory.dmp

      Filesize

      64KB

      Download

    • memory/2652-11-0x00000000037B0000-0x00000000037B1000-memory.dmp

      Filesize

      4KB

      Download

    • memory/2908-27-0x0000000001D90000-0x0000000001DC0000-memory.dmp

      Filesize

      192KB

      Download

    • memory/2908-25-0x0000000000230000-0x0000000000260000-memory.dmp

      Filesize

      192KB

      Download

    • memory/2908-459-0x0000000001D90000-0x0000000001DC0000-memory.dmp

      Filesize

      192KB

      Download

    • memory/2908-26-0x0000000001CC0000-0x0000000001D00000-memory.dmp

      Filesize

      256KB

      Download