Overview

overview

8

Static

static

7

91561f1a19...d1.dll

windows7-x64

8

91561f1a19...d1.dll

windows10-2004-x64

7

Analysis

  • max time kernel
    156s
  • max time network
    148s
  • platform
    windows7_x64
  • resource
    win7-20231215-en
  • resource tags

    arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
  • submitted
    05-02-2024 06:59

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    91561f1a19a2775801740fe036ba63d1.dll

  • Size

    178KB

  • MD5

    91561f1a19a2775801740fe036ba63d1

  • SHA1

    7e5e365d572893741c61f542cfbcd93ab83aebed

  • SHA256

    b1d1891bb3213a58f7334531b191d35fc446c72a34809fca8887e8ee610005cd

  • SHA512

    055fbc92e33d2a9269a8d1e6f193911f21574de208e1dc52bcf56398e1abdac4ce3cb64d5f9a1c70a1bb7bd1994dbbecc1a9440c22751317eebe3e6a06cc2539

  • SSDEEP

    3072:IKNFpxUSZ1ABlbo1uA+4zDbNehZ8AnJWRtbzhQ1jA25lyXdD9+E455FTKg61xouB:FNFYSZ1wRoVzDbIbVnkRp9Q1LS/UTg1L

Score
8/10
evasionupx

Malware Config

Signatures

  • Disables Task Manager via registry modification
    evasion
  • UPX packed file 3 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Modifies Internet Explorer Protected Mode 1 TTPs 15 IoCs
  • Modifies Internet Explorer Protected Mode Banner 1 TTPs 3 IoCs
  • Modifies Internet Explorer settings 1 TTPs 40 IoCs
    adwarespyware
  • Modifies registry class 5 IoCs
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of FindShellTrayWindow 12 IoCs
  • Suspicious use of SetWindowsHookEx 4 IoCs
  • Suspicious use of WriteProcessMemory 29 IoCs

Processes

  • C:\Windows\system32\rundll32.exe
    rundll32.exe C:\Users\Admin\AppData\Local\Temp\91561f1a19a2775801740fe036ba63d1.dll,#1
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:1728
    • C:\Windows\SysWOW64\rundll32.exe
      rundll32.exe C:\Users\Admin\AppData\Local\Temp\91561f1a19a2775801740fe036ba63d1.dll,#1
      2⤵
      • Modifies Internet Explorer Protected Mode
      • Modifies Internet Explorer Protected Mode Banner
      • Modifies Internet Explorer settings
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of WriteProcessMemory
      PID:2968
      • C:\Windows\SysWOW64\explorer.exe
        explorer.exe
        3⤵
          PID:2668
        • C:\Windows\SysWOW64\notepad.exe
          notepad.exe
          3⤵
          • Modifies Internet Explorer Protected Mode
          • Modifies Internet Explorer Protected Mode Banner
          • Modifies Internet Explorer settings
          • Suspicious behavior: EnumeratesProcesses
          PID:2688
        • C:\Windows\SysWOW64\notepad.exe
          notepad.exe
          3⤵
          • Modifies Internet Explorer Protected Mode
          • Modifies Internet Explorer Protected Mode Banner
          • Modifies Internet Explorer settings
          • Suspicious behavior: EnumeratesProcesses
          PID:2736
    • C:\Windows\explorer.exe
      C:\Windows\explorer.exe /factory,{682159d9-c321-47ca-b3f1-30e36b2ec8b9} -Embedding
      1⤵
      • Modifies Internet Explorer settings
      • Modifies registry class
      • Suspicious use of WriteProcessMemory
      PID:2836
      • C:\Windows\system32\ctfmon.exe
        ctfmon.exe
        2⤵
        • Suspicious use of FindShellTrayWindow
        PID:2980
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" -Embedding
      1⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:2572
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2572 CREDAT:275457 /prefetch:2
        2⤵
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:2540

    Network

    MITRE ATT&CK Matrix ATT&CK v13

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      08649e8bbaeb6643a4ee53b1c70f941d

      SHA1

      7f1e9c46982df9ec597b87ae19fb1ed9e1ee8a68

      SHA256

      b7fe8fde83888b7952f45e12aff632103976717f67fa71dcf3889189977b9d9a

      SHA512

      fd3c66b1334ad921158c1de70471be6ac046c2a26193c3f9e8d4fb046b5a209d2d06c7818376036b75ad1cc72e4d15d82ad05dc05549b34d2827e60d9e766e8d

      Download Submit
    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      97119f72ec00e03a223c1f1932d97d67

      SHA1

      3086994a3dec1244cf5d9610790e0ebd795476c4

      SHA256

      acbbb95ae5f31f9d3e6cead30e63ce801ce392bc9c9d8cb50a1532394112bb6b

      SHA512

      bd6682fc41e2021c259dae9c9388a73ac09e1b0ba8adb958c138359e9f3a0cb6210f6bb05508cde0a6a7bfb94600bd577580c458fb4cadd7c171ede0ee07c8d1

      Download Submit
    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      667621ae0036b0665be87e0e566acf1b

      SHA1

      407f00e82e901c406cdb683856e1693587ec38d4

      SHA256

      77bd478d99786d064cad74c9b19a813a22b57e768c3e6c54258eabee6da5794d

      SHA512

      7bfe132131c924bc6bd2f875f8de561d56c0042b0558c72a4b8bc7324bda88df44f49d0baa3161bac8be5fb9e533c7b77c6dc73a91fcd31f7725a87b74b6b58f

      Download Submit
    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      052bcedc36d6cf32787d4c375bc8abf7

      SHA1

      b98d6ad8c1ad3669d2466211b617b85c9f333ae0

      SHA256

      2d3cc80de76fbb432dc881baa110940011bba7131da76ee2a5bbfc00f0429180

      SHA512

      46a763c2f6ab16f19e9dbd95e58af1df8a90fc50f4bee4f125634df3c0abdf06f7a576f623e8b700b784146b82d474a796c084b59ac2d2c927bba49624c6b91c

      Download Submit
    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      d601f1d64a0f84b286425c11ead478bd

      SHA1

      38606ac0742475c84a394170f7d38c6a2c5d9055

      SHA256

      fe3422080b680bd1615c5bf5c85752fdfe2842bc7ea17fafed31de6c3f5b1ab8

      SHA512

      388ec0fec0f5485a897f6c96ca91e1cf92888b780177322edadea844836dbaa15c954f9c5054a700d183db3156b482dbbf771660b65e2f3dd5a201c42d159a43

      Download Submit
    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      c4b750987d2ed9e75e407347198d7d1b

      SHA1

      cedf46c54a70eb6a1973870610f4b3a3bb1d5d51

      SHA256

      5d02137ba8c3a4095120452beb5532a8bfdbfbe7b71602a2d6e23e16f5db8341

      SHA512

      dd71861a427340ac066485d57419b422f3dbddf1302944e175288ce60c6c6c362c1cd7a801ec50ab690a9f5c9a97587f58a35e89a592e703e55b3e7f3e22fa88

      Download Submit
    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      58950e459eac4c62e5cf31380e170243

      SHA1

      08662e8438f8c78113800e3e7b9665d5e7be5858

      SHA256

      d18b30ef20d173b1e9a397cc3ffa14c5ef497db0918f8ef23434ed0e5fe45d6c

      SHA512

      93f52dd910fac26b16707ab2ecaddd9fb3ca3de13f97e9358be319bdd69327ee24ce0900daaf46a4c14304fabe252f748ffc942d43bec21a82472d39821e3673

      Download Submit
    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      4f41c21d9be2fa463b68818c705c701c

      SHA1

      117da7ddeb246c528a0868b64f9990299c09dea3

      SHA256

      ea2118b336f1065b0a60c5c17c2d5483a50949b863666ab0a27ee95ce253a2f4

      SHA512

      3d1dd2e91cd7047bd413279d62e30ebaa67c50f4cbdcd11f5bd185b003cef9d78c537561d513f88fd844cfd4b6b46f115c3850aa4d95c2f798d6903886bb2381

      Download Submit
    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      e48149f88a62f448c1fe97e088d90076

      SHA1

      59098f45e60e68555b7adc5bcc25480058090a17

      SHA256

      631d9e752412bceed7291fdd12d4dd97024c15bd2caa1f9984867e57fe66ac72

      SHA512

      f495ccf4ca58077146681d7164beeb4a596c020648776fbc9f8e6aac6ceb2f71414dce8064104a9bc7963dd6790b503f726930c2e72a668878c6b554a987e139

      Download Submit
    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      2927e3e09e999a19b321800b1ac10a5c

      SHA1

      e17fd8e3f9a5992d1c93ea1df0966c00aab77ef6

      SHA256

      b8960a6da4e1238fd057a19bf56a91933eccae342e83d7d769a58b1728ba531b

      SHA512

      5a6902c680f935d9d71fe41ffb79929f7175ff78ddbe458e0875bdf77a0148b3fcdb3740e5b79a5ee433ad7ad19007ce832075e5bde8618bb3ef9051ddfe5ff4

      Download Submit
    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      d36621bf2a10e9d358256032b406b98e

      SHA1

      42dd00f7159137b4d8e5ede2bb41237c036a0815

      SHA256

      1b155f9f1acd83ae57a44026d06a0c65c26c67cc4f2e1e9f1cb80e8eb8c5d2e1

      SHA512

      06f99f9d45401a2cc97f69451004508db2a3041235ac32cea998079c1490e0beaf7313fb5566a76cba8d0ea4e9b5d8363b42de9a34f2340e32d4c73b59986e8b

      Download Submit
    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      9750df12624e19e2c439190ac1f5fe81

      SHA1

      593cc39fc1d96e377ec35b3520377113cec2edd0

      SHA256

      281f114a580d3bd21ea49e265afbc2a0fd7e8144d7aed23acf38cfc36b6dbbf9

      SHA512

      b503c372bedf1a129a1b623364cdb5e07f0ebc177986b5cf22c0222a549772e61a5650ba222dd759b0aef55a3e1f5e705cf725113feab8bb60159d3375dea1db

      Download Submit
    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      8412192fe74e7d199df5d502f025e897

      SHA1

      02d3dff337fcf8d5e355fa32d84bfb166c8d2e02

      SHA256

      f1bdc1d7f639ea5049871e47d72945afdc97387bb9244e177f9a34d33c1f4163

      SHA512

      7451ed7ea7f283e537fa25b748bbca338326101b03babde6d40b4fc9d44a3538a5340414bc4140e0497c0108ab7ace3c77c40bbacb595dc04cb4cab8fcf54e37

      Download Submit
    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      ddaadb5cc7b6dc86a16ee8a51fb15696

      SHA1

      ce1bb739a0409836dd2952515e6874bff6fe969a

      SHA256

      4792fa7e23843d990bf524ee07455383b003f54045394b228e2a8241d87e866b

      SHA512

      f2237b99460f8e352b0bba4e46761adfba34bedd6002f9bac1400a7e3fbf8ba51f5972539edff89eccfd03bbee1f367a3c7d2436a9360727092289d828934a28

      Download Submit
    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      e48bd9f18217bb9765dc83f14658bf88

      SHA1

      b947f461a207a0a85b343c93fdb6980beddc93c4

      SHA256

      f542e21fec73a30964a600401509891bf82325a7f2ad9cc5962724f8fcc4deff

      SHA512

      23e1dc031707575e852d8dd471a64e334dfd1609ebd6b018d8ce0df97f24d56a1d539904b97b805f7c09dbb9affaf997a704c452ec5fef2b567678298a4f9952

      Download Submit
    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      5ffa93e7e59e6fe661777b21cf4ec51a

      SHA1

      bec9a383796da6b98d8f859f11075124ee861981

      SHA256

      ff1208940dcafc61e3b83a22df3374b202016d1e4dfe5c90e1c9bba22b7f22f9

      SHA512

      ed9e57afa5cc2f22c6697716d23f09a2adac2ae622202e9ef411738e78735061ec601a31ad6df98ba7c616f7014a5a0cdd68bb672ddaee1ba4df62f2209b86c7

      Download Submit
    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      d731b0dde9668c94da36a3ea9a0f3c76

      SHA1

      e85abd62a21d0f9216794f936982ae3aaad09a17

      SHA256

      2de766c3485c8016ac6aa36e917827699db4ab48a9d6f86aba6d7a802991c7d5

      SHA512

      80eb2fc260fb53372b17ebbdc2b3538cb107b0fab4ab3f8e1d2d2a50637567cf20ebc6b08eb570c9f8670bc51cae42d09f31601e508999d7480e2a422576b4c8

      Download Submit
    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      f5fe9fd1fec259d4122c64141d6ba073

      SHA1

      8fcc8dcc69e95de3a1abd01f52e80e995ff74242

      SHA256

      214c0e4119588820a84cfb6105d60789f37556f58ce41c90b74728de40ca5179

      SHA512

      84d73760de0c24c4e21c443134eb5413b2c64f99c87d053a458dc03774d2153585115075f32d134e79069c5966d47468ff073a188ffe7104dbeeac4df599f962

      Download Submit
    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      37857a191013a69ce1ea4826d3e6a9a7

      SHA1

      70420b1ab26248234452c7bcb19cecd43fb48f9b

      SHA256

      c0c322ea816d66506337b32f2e9f2372eb054a0e10189689ae2808410f58e833

      SHA512

      2c4c78746ef422e926f0906b8e7e2491b04750c47e182871d2e0ec77e7d743e6f41372621993d230f6661007144f6c839cee3b22f2a66fa9fe34fe2cb94131cb

      Download Submit
    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      cbcc5f3d550e6b509667ebd383f58198

      SHA1

      8b1cf3f0686b4a05421250b468a6f1b7350cc629

      SHA256

      becb6c335e0f40555da22345b30df03e92fc038a435b3864b0e429a2fb608edc

      SHA512

      5450056e34104b25b8c44efff98696b5161899dddd74d3ec3bca24bb648e1901e1085dcee45c7841e222e2f4bb27ba4b730f69e3fb5ad432656d3d9cde477dea

      Download Submit
    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      3555cf8cb40a9dad2a88e3fe8561091e

      SHA1

      3bcdbcce49f35649ddb6853945cd994ea418af37

      SHA256

      747f78368a6f082deb0cf9027ecbd5588ff9862cf46c8816108ef55bfcaeb2b0

      SHA512

      0dc9f56feac201b9bbb66d17fa570b0d6b0cea4ac777f0e903191109cc32e407c82ea4d91a294a2281971c417923a9abb2d63fa25390400b93aeb038b01de976

      Download Submit
    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      6374cbd8c96cbb15ae21129589ec7adb

      SHA1

      f45790732b0075a75494ac4d324085d7f4b057ed

      SHA256

      73554cf7d0415e68f96000f5b0a56f70ed5582aba39aeb2195ab2db613818f34

      SHA512

      d43b515225c5e420f448151d6f5894785ac43bac3da80444a2a86328d3a060154700c66d3ae00119b89d665af58d528066f9f1919a85a3bb9cec5caa123ddd5d

      Download Submit
    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      5a016fd7612455f595fbbe0786b81600

      SHA1

      49cfa8308a44b50e18a80aea79ada5a01f1aba47

      SHA256

      50db7b64b00b542c837b426f2a2e802ff4212d4fc6a052823a4fa0969506925e

      SHA512

      0e4bd2327340c834dd96e1565885358906d5afe973e8d64bd282f07138c6f25f80d0ccda1c03dd4ec433247a9169fca2a89a33add4144178405fa0656a26b1f7

      Download Submit
    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      846b688b35c387331a29897b6d005be2

      SHA1

      66904e7252434479e727c928051d4ae4ee786eee

      SHA256

      277951258b6d11ed3db26a534fe8de6e598db589dba44523c34ecb4803fb32e6

      SHA512

      495804e50e6777304a64e4cf1d64b9e55bbb04533482f7d9fb85cd3e634abdd435ed037a0b8d8e68db8564e7ac8aad87c7f972292cc59e0dbb2cf0d35173f891

      Download Submit
    • C:\Users\Admin\AppData\Local\Temp\Cab429F.tmp
      Filesize

      65KB

      MD5

      ac05d27423a85adc1622c714f2cb6184

      SHA1

      b0fe2b1abddb97837ea0195be70ab2ff14d43198

      SHA256

      c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

      SHA512

      6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

      Download Submit
    • C:\Users\Admin\AppData\Local\Temp\Tar435D.tmp
      Filesize

      171KB

      MD5

      9c0c641c06238516f27941aa1166d427

      SHA1

      64cd549fb8cf014fcd9312aa7a5b023847b6c977

      SHA256

      4276af3669a141a59388bc56a87f6614d9a9bdddf560636c264219a7eb11256f

      SHA512

      936ed0c0b0a7ff8e606b1cc4175a1f9b3699748ccbba1c3aff96203033d2e9edabf090e5148370df42fbfc4e31d7229493706ff24f19ff42ff7bef74a6baad06

      Download Submit
    • memory/2688-12-0x00000000002F0000-0x00000000002F2000-memory.dmp
      Filesize

      8KB

      Download
    • memory/2688-8-0x0000000000130000-0x0000000000131000-memory.dmp
      Filesize

      4KB

      Download
    • memory/2688-10-0x0000000000A40000-0x0000000000A91000-memory.dmp
      Filesize

      324KB

      Download
    • memory/2688-11-0x0000000000A40000-0x0000000000A91000-memory.dmp
      Filesize

      324KB

      Download
    • memory/2688-17-0x0000000000A40000-0x0000000000A91000-memory.dmp
      Filesize

      324KB

      Download
    • memory/2736-16-0x00000000008F0000-0x0000000000941000-memory.dmp
      Filesize

      324KB

      Download
    • memory/2736-18-0x00000000008F0000-0x0000000000941000-memory.dmp
      Filesize

      324KB

      Download
    • memory/2736-15-0x00000000008F0000-0x0000000000941000-memory.dmp
      Filesize

      324KB

      Download
    • memory/2836-19-0x0000000003A30000-0x0000000003A31000-memory.dmp
      Filesize

      4KB

      Download
    • memory/2836-6-0x0000000003A40000-0x0000000003A50000-memory.dmp
      Filesize

      64KB

      Download
    • memory/2836-7-0x0000000003A30000-0x0000000003A31000-memory.dmp
      Filesize

      4KB

      Download
    • memory/2968-1-0x0000000000110000-0x0000000000161000-memory.dmp
      Filesize

      324KB

      Download
    • memory/2968-2-0x0000000000120000-0x0000000000171000-memory.dmp
      Filesize

      324KB

      Download
    • memory/2968-0-0x0000000000110000-0x0000000000161000-memory.dmp
      Filesize

      324KB

      Download
    • memory/2968-3-0x0000000000180000-0x0000000000195000-memory.dmp
      Filesize

      84KB

      Download
    • memory/2968-4-0x0000000000120000-0x0000000000171000-memory.dmp
      Filesize

      324KB

      Download