Overview

overview

8

Static

static

7

86c37dba10...1a.exe

windows7-x64

8

86c37dba10...1a.exe

windows10-2004-x64

8

Analysis

  • max time kernel
    134s
  • max time network
    127s
  • platform
    windows7_x64
  • resource
    win7-20231215-en
  • resource tags

    arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
  • submitted
    01/02/2024, 11:18

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    86c37dba105686e109738afe5f5d511a.exe

  • Size

    283KB

  • MD5

    86c37dba105686e109738afe5f5d511a

  • SHA1

    ece979753c8481ff7933216b8e1997e268e71dbb

  • SHA256

    4f6a154f03609705faec46aab8ab859eb61e1736f1c04737461c85a3f177af6e

  • SHA512

    ee3657b38ea2e9e89a0e04c0dd036ba05efc5649103e228e02e29818997ade780e393788105fda8b8ec82888de71cf5e50aeea1497a50aadf93c36ae043836a1

  • SSDEEP

    6144:zpEt3vKlRQrCYnd3oSor2wj4yIUG1sUiVS9:z+tfwNYnhoSor2zRWVg

Score
8/10
upx

Malware Config

Signatures

  • Drops file in Drivers directory 3 IoCs
  • UPX packed file 2 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Modifies Internet Explorer settings 1 TTPs 34 IoCs
    adwarespyware
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 12 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\86c37dba105686e109738afe5f5d511a.exe
    "C:\Users\Admin\AppData\Local\Temp\86c37dba105686e109738afe5f5d511a.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2512
    • C:\Windows\SysWOW64\cmd.exe
      cmd /c ""C:\Users\Admin\AppData\Local\Temp\E24.tmp\nil.bat" "
      2⤵
      • Drops file in Drivers directory
      • Suspicious use of WriteProcessMemory
      PID:2704
      • C:\Program Files\Internet Explorer\iexplore.exe
        "C:\Program Files\Internet Explorer\iexplore.exe" http://174.140.165.163/total_visitas.php
        3⤵
        • Modifies Internet Explorer settings
        • Suspicious use of FindShellTrayWindow
        • Suspicious use of SetWindowsHookEx
        • Suspicious use of WriteProcessMemory
        PID:1756
        • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
          "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1756 CREDAT:275457 /prefetch:2
          4⤵
          • Modifies Internet Explorer settings
          • Suspicious use of SetWindowsHookEx
          PID:764

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    8d04a7166d4d605f15f6672a53d5dcd7

    SHA1

    2dad13379f5f4581f7ca0429352c2205842ae71c

    SHA256

    9bcdaa7a0d553969a156b50ca3d3a2956a156e77197faf848235ab2f2343869c

    SHA512

    6f1404429a2a0ff088afdcda8db6665c314a30156001b2c192b7bb974d0087a21a0d9b707033e3626d6a61dca7fd37636be3f53c22b913001abb1156c872712e

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    48f7172c1d76ab1a217c5500e83110c5

    SHA1

    0d3ed295033b2cc8ba41b52baafa2da5cc531d32

    SHA256

    4389a4ff2d5b1f08613c0b58ef2d199a03d29f7efafe1acad9e7e9e1f79a7997

    SHA512

    2928603018f90a0fecbca66457be98fd9d98b054411ced68d74967b175f1430b3ca23f6a6e10f9d967bb4d31bc82edd10695b2e040800a578910f50f9c2eb1e2

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    7a9b8d65d18675ee27830e27ae61a5d8

    SHA1

    75a0039c0db87227afee0558ae715202824d15a1

    SHA256

    5e0ca5a09197c037d95176860c1ae2d6e8e7677363f3a958281d8baf3d447b14

    SHA512

    436bee136bd7ae9fcf6babb244aacaca2914afdc754e7c792c85ac6b38c5dabd3fc2f0a8f500e325e87ff50329d9dfd05283a0f04ec014480f9262015449900e

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    7e4d6bccbe7f53590740033a2f61edae

    SHA1

    56270d9f462e800527aeb158deac8b2f7b1e0f6e

    SHA256

    481952c8a2430980f748b6519597dc41c67ff3b29f3072a90a5b36b4122b37f9

    SHA512

    249b525698f9d8d1008c1a290e4a5ba73c9e14a3a99fd5011c8460891096b419cd259957dbf14d3f93b67b67e52355c4ca80ac8fcaed71f1efc03d8d5e00784b

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    537842e98a57eef0f64e20e5a51c16b5

    SHA1

    16c1e6c309be2f073c7a628527a38bbd0c8b84b3

    SHA256

    0c3324faea0c50329d0ee3f82c0b6f132e2f2beefaa654e3ace3e17402348673

    SHA512

    d6449617a7ba70fd601c50155214e6c40365e96fd5a9963d5ead724995a776ee8db9c040d722c137b342fe3923838e8953c83da78a874d17e4aecc89aece42f9

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    01308855f62416986da3997630ed3355

    SHA1

    ebfec8dc84a3d40807e1243a113e2e66f77e89c9

    SHA256

    89936432f05575789a0e4424beb3013a0aee7cf802dd8fff7292263d32652621

    SHA512

    6d40ce5a06fe833bbda4ebacecf7e431e890b3a941d00e6f0354f77a25277d24ddd6b75d6cdac2952cbd3407a93de9a5b26bb23d51b2a69e908b144699eb59d7

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    73b8b60be5409a1049ba1dad8f330f27

    SHA1

    9f146421a26be0cbc64a6ff248b959b8f43f6541

    SHA256

    bb77aa8f871fb06a113aa5249d45dcde9c725516874975e94b58068c6dbd4545

    SHA512

    23574fb8d36a9684930ef032044c6be645cf680605f49d82b302dc1ca20de055d300c93d6cf517e7f300a84f170712982c40dfb14110746c57eec0637f2a77f5

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    691c5cfd2b096205960efd0ee96f810f

    SHA1

    4cd9c4c7b7837fc3f87af7efe677fc71161db3bd

    SHA256

    8c13be0369551d6663caccca128961dfa95dedfa26e2366246c4e5d1706b0cb6

    SHA512

    936a2fe796ade04708abe83cedc7dab62199a3c58628b455857d2189fcbff93e8570ecf7ed43bc7428208716422086d77b9c3fd03d4e6b25795462f6ef4ab735

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    40c1194afc9fa134b210848988494948

    SHA1

    463bde0f7ea1ac83afa7e0a57e2a66a10ca32148

    SHA256

    ab6aa77bf6b09c8e96533bdc49e7ae40595749a0479e056a97c0b759faed6564

    SHA512

    469a38f4d886e95fcd128781a0b804a8b7f6a16b95e5aeaaa86d6e4767f636756776e42a6c9fc4259e6770e8fd7a8064cfe2c3d3edd90b53c49f5033fa18ae18

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    a4a6ac5fef3278fd7a4e63d1bb5bcd4e

    SHA1

    62bcba4b6472cf423ba33f992c9df997a88f4b29

    SHA256

    5a7b72a0728adc00567a1b7d0ee082996d654ec49b4812746638bcd126d43df3

    SHA512

    deabb9b5ed251a07f90bb36ecf206e25002595ee98159a853eebb14b80bc33ee39e45faab320b892fe7b171a3de1782ac9895cbf914f290b1801c605962c5821

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    53e78df19ef3cdb127465e84019668c0

    SHA1

    f366da7d882d2933bb59469d3e4abe7cc5fde9ab

    SHA256

    91d432ca14f216c7ea5a5ef961080572e245c94d0f140115d5f719992f1d4ae2

    SHA512

    7618aaf557fe0761ed5cd72bf92cd3fb73072ab4b85a8f62b4db5c746a6acceece2bfd289e8951995f24aa0cd2b063792942f294b00f73f3f9a1dd50606a28ec

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    aa687d5cb2f619075f48cbc6f5a3836f

    SHA1

    473c1e40902018da20a7d99d071eb67d40d9ba5c

    SHA256

    eb23bfce853c8f238e5f824b2f03b691e998e023ae271534c6959a256c4484cc

    SHA512

    47a9d1c4ff971972cf6d0bbb53c495ca13adc78fa6330afe82bb8722ecf2e2196726f9c5fe83a5f82d8e3be4ee5b8a50cdbf40097af066ce0cd53c3857e42e58

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    08308cc77a9673c4728c5ff8c26ee906

    SHA1

    d8f7533a9f6f0ecb54718000b93100bfa5e71742

    SHA256

    17e089a46f2c57b07a5b57fb0221c897abd5255b5ae3545d6fb2feca6446a0d6

    SHA512

    47f24b5b53b05bcce120d5cbf2a1c70daf906d15534b28d7885d03b622bb400684b228c24c701b13a2f5989ec326022767c670e52152d72aece6ad9b92bab9f1

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    849fa14d332a326f91049efd143b3015

    SHA1

    c12796129ad9594294ec3cc0ee04bb217bd21326

    SHA256

    662fb0fee369bad74f4890e57f7b27dd88782633ec7697a6d83771b883ded117

    SHA512

    5d4297c7b1c2299d511a83d6cf98fb8341dd669fc3ca525fb979049390e30d4dafda91bc9a092545049c1e4e66aa0aeb62fb57f9b4174d5ade8972aff06597f0

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    cf063581707e7fc49a20b335ae5c5389

    SHA1

    e50b3d85ba4e0fb5a68c0cfae1b3c30a5a5795c0

    SHA256

    5a82f20bddeddc8725e07271c399de2ee10ec81d6ad372e04282cbd8dd05ac24

    SHA512

    e91fd2efa29e30f7923a551754f47462f75561f00f13bca4bb4fc8bd11b23c1cf698237c99449384fb49324e2bd04b7314f8191d2930e387802aae55037ba0b0

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    d04edcfc640b13a68625d52c43849cb9

    SHA1

    6a08643a124764a1fd9f368845855f99321c4325

    SHA256

    20d5ffc6e00f89e2e42677b1df0167ce72e3d3f27edca24f7df3988894e380a2

    SHA512

    5d8a65107aac9888767a7d013cbb7c7f2632b9a5e7278f5682ed4f78f14ae36bce3771818f98cf07a85f90ddb74f48473d278da35d3e2a969a253b6ae8ea52ee

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    7ecf19f60c3cc83b714a6439204e33f0

    SHA1

    ff7bbac89d8f3c1e4b6e4dc916ef7878478a40ff

    SHA256

    fe3b9be87c7f4279a8fb06daeceb89e7f6be21654b2da6faf0b37e813a770d2a

    SHA512

    ccbbe3d37357f65c47a8761c1f6d64005663fcd9b41452edebb5590744023860439e543e161f0c0335a72c5cd5bc3c49f1f2cae359327b7f56e68c4d07a6c62a

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    15ece2d8cba266d6e9af2eecb14a9d7d

    SHA1

    8c88d72635a966807213c462c0a9ac8b7506f5c8

    SHA256

    e922d7919db48aa43f28789c5ad221051cb0bfb088ec41058a8d733d2f570db2

    SHA512

    581253ec9c223caf12154e4acf335c3f72af4b7cd6b18f8f2401ccdc6b4d3d70468b4ccae02380895ab96bbb1471f13b939c5ec289024f42fe657cc80c7de26a

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    d01a351fd79ffb9b573f00897263e8dc

    SHA1

    b28f52097806e8b592363436835781cbc84ce912

    SHA256

    769520448d0d62b591e1f675d40c4f74afdcfa91f3a0f6e4d8642ac80c86944c

    SHA512

    f5774ad16ce1b616cbf83ffb4142eb4090ca383b136f912b3c8b78c6daf9efc1feb4670b308c70c63c632c955c808ad6e2b5032e0fef71720af5b1114ad4d95b

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\CabCB6C.tmp
    Filesize

    65KB

    MD5

    ac05d27423a85adc1622c714f2cb6184

    SHA1

    b0fe2b1abddb97837ea0195be70ab2ff14d43198

    SHA256

    c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

    SHA512

    6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\E24.tmp\nil.bat
    Filesize

    6KB

    MD5

    4a5bbf0500917b1f14b07acf197d2b5f

    SHA1

    921858046ea68852cf30f888b9a60d5fff9b6494

    SHA256

    7541335fb47f26d94f8a496ef58d3399a1111830103614b945def55f2c6daaba

    SHA512

    70bb1cd318a1700dd1f0590682ccf628bd0098bd28bb013f086f56207ed0280865be9a267bc13774e394960bde25cf9de90699b78107b6e6402450880076632e

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\TarCC1D.tmp
    Filesize

    171KB

    MD5

    9c0c641c06238516f27941aa1166d427

    SHA1

    64cd549fb8cf014fcd9312aa7a5b023847b6c977

    SHA256

    4276af3669a141a59388bc56a87f6614d9a9bdddf560636c264219a7eb11256f

    SHA512

    936ed0c0b0a7ff8e606b1cc4175a1f9b3699748ccbba1c3aff96203033d2e9edabf090e5148370df42fbfc4e31d7229493706ff24f19ff42ff7bef74a6baad06

    Download Submit

  • memory/2512-0-0x0000000000400000-0x0000000000498000-memory.dmp

    Filesize

    608KB

    Download

  • memory/2512-123-0x0000000000400000-0x0000000000498000-memory.dmp

    Filesize

    608KB

    Download