Analysis

  • max time kernel
    122s
  • max time network
    127s
  • platform
    windows7_x64
  • resource
    win7-20231215-en
  • resource tags

    arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
  • submitted
    04/02/2024, 19:42

General

  • Target

    8ffcef8076920d374af454c1f3b406f9.exe

  • Size

    153KB

  • MD5

    8ffcef8076920d374af454c1f3b406f9

  • SHA1

    958bceda667365dc5700d75705afb52b34172872

  • SHA256

    c18f66b20db148aff2ff1bc3e2b6634cc8f6f6ed6842fa17839ef435a4ec3d84

  • SHA512

    67d3121dc1e148af04fafceb101db34f34648ac2907d67888bc57c3334c2ef95fa89a42015b9368b334e9f1e4ad81ffac72b32820a502924f4420a4682e3cc39

  • SSDEEP

    3072:QvxetzT1kBMjoQWJQEnUJPIH1TsNyI6SLtA8vIaiM:yI1kCodm6KPuYNyPSLtlqM

Score
7/10

Malware Config

Signatures

  • Loads dropped DLL 1 IoCs
  • UPX packed file 2 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

  • Installs/modifies Browser Helper Object 2 TTPs 1 IoCs

    BHOs are DLL modules which act as plugins for Internet Explorer.

  • Drops file in System32 directory 7 IoCs
  • Drops file in Windows directory 1 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Modifies Internet Explorer settings 1 TTPs 34 IoCs
  • Modifies registry class 60 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 15 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\8ffcef8076920d374af454c1f3b406f9.exe
    "C:\Users\Admin\AppData\Local\Temp\8ffcef8076920d374af454c1f3b406f9.exe"
    1⤵
    • Drops file in System32 directory
    • Drops file in Windows directory
    • Suspicious use of WriteProcessMemory
    PID:2372
    • C:\Windows\SysWOW64\regsvr32.exe
      "C:\Windows\System32\regsvr32.exe" /s C:\Windows\system32\eyfwin.dll
      2⤵
      • Loads dropped DLL
      • Installs/modifies Browser Helper Object
      • Modifies registry class
      PID:3000
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" http://configupdatestart.com/bind2.php?id=3913842
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:2780
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2780 CREDAT:275457 /prefetch:2
        3⤵
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:2824

Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          344B

          MD5

          30e4cdc2d137eebcae046057c2733c9b

          SHA1

          600cff8ea458649196055d8cb410b010b8948f27

          SHA256

          0294f464c7aa4b5a882515a9922f7f836d407c809a261743f85fdb319cb0cb82

          SHA512

          abf1ec370543e9b149a25d567a42b60cbd982f5392b7b8f0a102852ea75c297dcb9528ec90fe9d206b2e090719d0c0bbf036dc60826cfe4a5d264df879fec768

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          344B

          MD5

          e459c8be50281da4046a613507d365a6

          SHA1

          9eac1bf278cb9a6ee5ee9450af3aa56a13973fbd

          SHA256

          9c9b3993c57f2710594712029d10adb8b3f5a8208a1824f937734cf67f341f63

          SHA512

          7927966bee9705450ca5ccadb91117beb5458e210ae832a29c7a90cef40b6cf5881ee76d494507b9e00d640f189bf3efc18c7a697e328798d05e69f124c8c414

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          344B

          MD5

          8974dafe9683042fb749ef1c95728ad8

          SHA1

          f342973a9fe0bb83d50f5256edeba0cd3fdb1c9c

          SHA256

          9f82fff5e9e551c5f06c23c1c1602538afd772d53b930bb8b57a704ae1021902

          SHA512

          498b15100ad69a9fff85b80bf95cd68a6528916e69ee93d543a94d7cd42615e41a2e25d49054854e3b526ab819aa1b83f063b0da77c026a6d0d0b0c40cdd0700

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          344B

          MD5

          876ab6fd75b174455e3d8ef78e3125cf

          SHA1

          4e25c5cbcb6a07889111644261c2097b7746e5ea

          SHA256

          785a61294b47e5f11561bd3399ed8fb457211cb1a7420a9e849773cc8519be17

          SHA512

          10e13a795525cba53f0bef5b5a4cba65ea86d9661c77c7f8ce7f1d8ca4c8e7b7b976815bee29504d6bd9d5e4c7533aa19930c40630df6061d6f4d6841ce38d05

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          344B

          MD5

          f129a7584bfca49ca9d542a5dec1d270

          SHA1

          78ad5b9f686911cb83b41977f8b63b9f526ed3b1

          SHA256

          7cb25e74916977abcb0c63ee1f2f53504b32373ec961464f0170f8f617652b3c

          SHA512

          8d36431ae0669ebc016a03adebc4e7bac7ff4f04f43db178c220074893bbbc3effc70ceea82734a58f8162a8bc050ea6baa3edb311a483c64779da7d29a615c3

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          344B

          MD5

          6f2c1b0824ace765fe2baefece1fe768

          SHA1

          d4f283e8e7605390023c8e55ae557cc8e836bbff

          SHA256

          5b10db8df1e642bb38294a19da61e0feefc423ceddd3d80290c8578fdb0264ea

          SHA512

          c82f9874bd50ddbb4b73473eb9f63417d024abd9e088554c4e5a0dc4e0a7f07c531fb43d681e7ad1b49d3309fed5ea1023f53f4a5ac4a332084a746ede1a7016

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          344B

          MD5

          f438fcc6a9b10da54c4ced3d64658886

          SHA1

          322b91aef090ab2728f8c06d7a647f5d28716be7

          SHA256

          6a876a12207b0ea806aaaa94d57d9534d7ada7c1b27a94491307eccd539c5113

          SHA512

          2ecd425176e24d645272be0952d6bb967a1d3e7f7875d5c06d15459a46f6928a8d92ca45d410ea520db12d697b7a2c1283034dc052b637e7aa5d6ae9969e138c

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          344B

          MD5

          69ec01c27e22686a553e3c94f5394c72

          SHA1

          657383be1ec860a1b2fd59e68b4341d86277cbdf

          SHA256

          d9f33e3e21f1d6da032fc772c3e3f7be2fd7b8bedc07b1debbe058ed7ba00497

          SHA512

          ed4acc5c8769da913b42bfa46975eca30b521aaafe07b8a2a494dfbbaf9db2438b4dd976a1f505c20fca2fb2756985f1f0ef885ff1b1886a5ffac8bd6608fa2a

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          344B

          MD5

          3c0e4d35acbd2ef05abd322ecaa5eb15

          SHA1

          3531d7f99f710c5126dfbdcbe6473d81bdaa9dce

          SHA256

          7a8d9df8f43910b2411700ef7db64cdb42b55b9c05ef663d6d73060b0d69ad56

          SHA512

          64ac5bca35374326a77f00f6681905a77fdbe8e27578bf85b5d7d99a3a46c590226e502d46bdea96afd0095ff4107af7e2c8e389fe5733d9da1aa3d5f961885b

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          344B

          MD5

          367dcef0fe9c67c55f15fa21ad09f6f2

          SHA1

          c2731ce226fc9ee50f3cda95aaadbced646aaf2d

          SHA256

          7df5755d36adc33dc04f354458037a3649dbf82daf028bef17d2119bf2ea28da

          SHA512

          88b74696754baf1d141923fb88e97f1e48fb620c4b643fda598b1d60d9394880dc8bfe1e112d8e61956c1670d264342c5413fd712b2982dc469bd0bb32c04634

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          344B

          MD5

          e789ed7acaf0e3e374abad0065bdecef

          SHA1

          cd69cfa42c3596ff1c587a9ab60c78840ca20d03

          SHA256

          fd2bf820088e8fd91d11b9a6971e1c606d3d5eb9ebb2d2fd8c1cae93ad395e78

          SHA512

          951e218aa89060704b688f9c6f378640262f079c7774c9d11e5ce7b895f886970504aa29649a6f36587a574ae3f1bf4418b3e3acc5b04324e05fca8bd170b531

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          344B

          MD5

          2904ab405bdb5dfa9101408416dda90a

          SHA1

          7a135cc0b54d97253249d8305998d049a4d55d77

          SHA256

          3a003280243da33f36001ddd202c7c35ae4ca75ac25aab5876a730be4590f8b5

          SHA512

          7f8d9219d841d6d82c036435e89051425f652bb10b08c9ef9c75cdb24798cf9f6e28bdcc78d3004f8b96721b6958cd92e85a700dc9ec9058e1970ba487c5f686

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          344B

          MD5

          60c27e4ea9787f7c6005e81c87cc6277

          SHA1

          b7fdda940467090d520d1cfdbe56cc704fa293a8

          SHA256

          4a96c801e20ae70ea980f98ca2937637cc2f1175c6d7faa11b97f9de263c2e64

          SHA512

          8ff28c92d8841a3ff87bfca5d2460d4a2c89c8f4bccd2911a645e5df3017e83e008df8b3502922e3356134b5e0ea784a5a87f17c935cbba0c3de0556ea39cce6

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          344B

          MD5

          409fc0a781e38a9e0b3a61bc34e95797

          SHA1

          1e0dce5555658d89115017d0432818f9e10d8da6

          SHA256

          6e185d3b59a23df9c9abab59059a240f84e5b0ee238a37977a19f92328877905

          SHA512

          4fd486113829c7c9dbd2b7127373c0b7e9b869ba6e1115a9f44ed6f51d8b963bbb7cc1af930c0fb586c98d731e1c268a128e1a124e76f009c36e90d245c6dec2

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          344B

          MD5

          94948acb994187ba726976dbc15668d1

          SHA1

          d2f4cd38a7fdc8f60d6996c1852d436e9a09cea3

          SHA256

          b30927ca399098e196bb7783fcff5731e799647189c97a9aa821f6e52ee0dfec

          SHA512

          1bc78a410bfe0674b1400adacea3ea8e30e4395ada83d4d0d6c6d11fb90b980b79cbfbec0af033475ddf2f1423309e589e6b55ce82775bae88874177acb91ec4

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          344B

          MD5

          16a0408b7e50caebd1e9b1be56136b38

          SHA1

          c566cb32813b099ad62d7ccbc58dfc450eee5e06

          SHA256

          7564baaac54af7922e37bb659aa523e27dee836f144e30b76f684833999839ee

          SHA512

          f7f6aba1adf2dabdc6278a70a6b9e25c9dfaac0e7bc2240b3cc6f0375ff6de79c59f29c373ac32ce011c831050a236195b8d209ef8d26786af79bc7cba8a0c34

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          344B

          MD5

          e8bcd45deff100a048e93cca379d40c4

          SHA1

          27efe2a3eb4f4a66056868ca31fca79fc85c5646

          SHA256

          125068523483e7fd9fc4bd3480220a276dea43d554e4fe91b5cc33e72d1de960

          SHA512

          1161c13910981d65beba088733f2770c069609e278d3a52a279bfa2658d184c5d79158deaf77b127a3e2301bad8038dad0431a67142abce2bf65ec85be3aee7d

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          344B

          MD5

          29091c8dc162630c302427dca5182657

          SHA1

          2d4cb12ac55365bf40b8fe5bc1a9db5ded2eb9a1

          SHA256

          b27344e52bd4279c35b74d743e949767e474c5f17aad84dd7b4544f95b141589

          SHA512

          7cb720c94f3934c32fdc4eab4cd3f90b632a82e90d321706dd8d836202ab96371c6096bb08735552987a7ae686a6cd80025d9b14fda8c03a52f8d355f8a99bdf

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          344B

          MD5

          60b047687e7c5636d62a2ea31ca18fba

          SHA1

          b10e06c6a43efb87691bf320eedcbf69b4870f31

          SHA256

          f910bc4a3faadadc608a10b2cfb33ea5e67a301b1fc1b2c24574c6f2cc279c15

          SHA512

          96638dc420a69ef1e5eab6f9c89d131c78eb4170319cf1d4f49dd68a52285e363f21316b406a111ab696830a79aa71d18ad37d55a689cceca5a97851ea511445

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          344B

          MD5

          35bf63c2f10f6b4d70baa538f7f70c4c

          SHA1

          e9dd9e51adf2469cf5221281722e608bcd8101fd

          SHA256

          41cf0e30302a32f0981358fe41a3d4dfdf9b962ca5542914766fc010c5de61b8

          SHA512

          3673616152a7c407b7ad7e44ddbb5c0b01618e2ad055e3db375cb1d506ed1265e0836422abd30b3e49e216b263c4064ae91efd52a30be2c7cc34fcf7aa0bc491

        • C:\Users\Admin\AppData\Local\Temp\Cab320B.tmp

          Filesize

          65KB

          MD5

          ac05d27423a85adc1622c714f2cb6184

          SHA1

          b0fe2b1abddb97837ea0195be70ab2ff14d43198

          SHA256

          c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

          SHA512

          6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

        • C:\Users\Admin\AppData\Local\Temp\Tar328B.tmp

          Filesize

          171KB

          MD5

          9c0c641c06238516f27941aa1166d427

          SHA1

          64cd549fb8cf014fcd9312aa7a5b023847b6c977

          SHA256

          4276af3669a141a59388bc56a87f6614d9a9bdddf560636c264219a7eb11256f

          SHA512

          936ed0c0b0a7ff8e606b1cc4175a1f9b3699748ccbba1c3aff96203033d2e9edabf090e5148370df42fbfc4e31d7229493706ff24f19ff42ff7bef74a6baad06

        • C:\Windows\SysWOW64\eyfwin.dll

          Filesize

          216KB

          MD5

          732cadeaf934ac1edc47f1a577eca711

          SHA1

          444f18e24d9c48e99b142c85ba6e65cba693988f

          SHA256

          e232ef1159527f8ef57f480dcf0399d9b718354e90449545b1a3b7ea30015871

          SHA512

          9b8a8e36b8e7292915a99a47796cd89dab6af4a506bf956093cbcefc24a4b7d3864f26c50d4b4326c38d03a8aca8c4be822e1702b436e9a97b1e084c6e9c0e5f

        • memory/2372-0-0x0000000000400000-0x0000000000470000-memory.dmp

          Filesize

          448KB

        • memory/2372-29-0x0000000000400000-0x0000000000470000-memory.dmp

          Filesize

          448KB