Analysis

  • max time kernel
    141s
  • max time network
    151s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231215-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
  • submitted
    12/02/2024, 04:19

General

  • Target

    963b37b4582bc3f36021b801338a8363.exe

  • Size

    14KB

  • MD5

    963b37b4582bc3f36021b801338a8363

  • SHA1

    285000b5160ba424e8f084c37a7df99f6e9833a1

  • SHA256

    06fc1779292668a9d5aa606e5d3c06390bbbffccf24023be28a522e182ccf36a

  • SHA512

    63134930f805f80af94cf8220d609359c0ab6fa015ad1370eb32c2936fa8ba40c5aed253d788d961c945423ac64521249835f43f12100b78038ba0b059cb54f4

  • SSDEEP

    384:+7Jn8r3JUv0YLq14ukfaX1tJNNnU/s7U4:QJn6ZUv0RkSX1b+WL

Score
7/10

Malware Config

Signatures

  • Checks computer location settings 2 TTPs 1 IoCs

    Looks up country code configured in the registry, likely geofence.

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Modifies Internet Explorer settings 1 TTPs 37 IoCs
  • Suspicious behavior: EnumeratesProcesses 4 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 5 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\963b37b4582bc3f36021b801338a8363.exe
    "C:\Users\Admin\AppData\Local\Temp\963b37b4582bc3f36021b801338a8363.exe"
    1⤵
    • Checks computer location settings
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of WriteProcessMemory
    PID:2528
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" http://a.doginhispen.com/149/in/htmlg3870458449.html?cid=51094673&aid=10381&time=3870458449&fw=0&v=149&m=0
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:4036
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:4036 CREDAT:17410 /prefetch:2
        3⤵
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:3324

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776

    Filesize

    471B

    MD5

    6e89104dc54cf9f6ef8ec2df9d38dc2b

    SHA1

    ba9fa8653a6c58cb3d8c7bce69d8ea2baf78db61

    SHA256

    4c94a38ada16dde13fe44544154beb16b85545366b221f34470146ff9fb653af

    SHA512

    649d1cb392a06c3791f531d4f9469182497f2bf9b4bb1ae0e83c64d6942c33796d0735517f36c3a7d08c85443e7f791f613ecb8eee18fe89cf19d0f76539bea2

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776

    Filesize

    404B

    MD5

    9c137aece0a72667f927d6970a6e0c42

    SHA1

    d61e332a13104065228361bff714e54badb717b5

    SHA256

    d3f83eef68d1cfba1b9239c19754f6e492e6782574d325f5418100ad92da1167

    SHA512

    1b98b88a06e6dc0461ce1c6d69719cae5f73aad11fe04e9b248b3d9b908991ebc0ae9088ffc29c92eb5832190bfccdd1adeb3f98bdb5972b97b4511824e7b1d6