Overview

overview

7

Static

static

7

98d9f0f0c1...e1.exe

windows7-x64

7

98d9f0f0c1...e1.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    140s
  • max time network
    149s
  • platform
    windows7_x64
  • resource
    win7-20231215-en
  • resource tags

    arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
  • submitted
    13-02-2024 07:40

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    98d9f0f0c1e2a4017bbdc2c3916cf8e1.exe

  • Size

    216KB

  • MD5

    98d9f0f0c1e2a4017bbdc2c3916cf8e1

  • SHA1

    3271609d5c79e15d29e9d74157fb954f9cc47077

  • SHA256

    abc21d04f07a1c0f227161a88e00dc2a23e29b7942cfaa9999cbac324841d025

  • SHA512

    844f3a3aee276badfb314c51524062a2eb0d26e3ce8f6a734f63387494a100e576955d1f14a32bc62bc13471ab30af8a90cdb8157c62bb39b97b337c20a7132f

  • SSDEEP

    6144:7NCzLYXnXmUhko3w4ge971kk3YEJ9aghoSReR:7NCzLctvw4geda87JYghoSReR

Score
7/10
evasiontrojanupx

Malware Config

Signatures

  • UPX packed file 4 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Checks whether UAC is enabled 1 TTPs 1 IoCs
    evasiontrojan
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Modifies Internet Explorer settings 1 TTPs 35 IoCs
    adwarespyware
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 9 IoCs
  • Suspicious use of WriteProcessMemory 8 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\98d9f0f0c1e2a4017bbdc2c3916cf8e1.exe
    "C:\Users\Admin\AppData\Local\Temp\98d9f0f0c1e2a4017bbdc2c3916cf8e1.exe"
    1⤵
    • Checks whether UAC is enabled
    • Modifies Internet Explorer settings
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:1928
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" http://www.gamecentersolution.com/downloadgame.aspx?CID=21157&AID=1292
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:1648
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1648 CREDAT:275457 /prefetch:2
        3⤵
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:1488

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    13138b089c954cebbf1b0329e3022c28

    SHA1

    16baab9fb54b7c7ecc2104dc970c287e9921e1b7

    SHA256

    d14390660db8fbe8f248d8bc6592600340b74f1a979be638e34f46fd54544f89

    SHA512

    f0ae0580c25b34991eb1f1cd2219dd0fd6589afa46046ca3d28109c231d338f38e531e42a8c944f925ec24eb19ddb3a5e7b59cf19982dd27fa4320450c50603a

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    2f62eddef7afeb08f6800289555de10b

    SHA1

    1baaa1e50f087922eb67c84700cb54b9bd312d33

    SHA256

    b064faeafe71d5d6524de2756e3c82e4724d0da3f73725ed0ea7f55301051a94

    SHA512

    4b8c2cfb01adead13483ec9f702c8b66fe9e9e65553a6b978a38380b9736f3a46fe7af1ce251833872050c0e7901ce019f008f244325fa168873410cdaff9e9a

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    cc9217a8b7c0a0b5a7812f28289b2e67

    SHA1

    75272e2d1cdefd4b7862266e428b4f8e1208d66d

    SHA256

    3102b10e349478ea0a7d5037972b3faa1d0de89dafb9c46f8bc93ff233a46bc2

    SHA512

    bc33a02d5850ba4ca1bdc3dec9558ff86e20dfddbcff5f8ffc2695a1ede27ea1bae9f46bf03db710f55cf7b30eae80b4aeca76f3a713d354345b1bde46aef758

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    d3b3af8fef52bfebf9dc5cc3850f24f5

    SHA1

    989603ab921eaf21496cc4e830c9e5bbac983b90

    SHA256

    3d1c3673f92fbb2aed411788d28581f8a1cb8e209bca12471f59014dd9010ea7

    SHA512

    e5aaf8c8a05255541482e70301fed2528b81ed3584df7b0e231375d1102ad7afb46c6f59cf2f46adfcb4903f45f0ced4fe037123e45915aae08cbd9a1e69a842

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    86624d6ecc7e5b36449247b2c6b7272a

    SHA1

    70cf5297be732fb3dbec8c3c83deb8ee16b39a22

    SHA256

    2e17b794edd8124b564b26f3381789ed5273c26070bcfee630b96a9dda0179b5

    SHA512

    e3616d2e5ed7f9923ec4f8601f7d8ffe5e8c33400a9eec9ba136b170e9135c6f9505aa6e294e2aec20025d3f5473a7af3353a9736b91ee67240a1a41f94e9b4f

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    e2989ca451cef7fb29e51b271a9fcac9

    SHA1

    02835dbf639492bd6caeedf4d61c885a93b227a7

    SHA256

    cb83ff76ae0ea39de10905ce3cd655f86baf7376c981e082a2547b5de088cbbf

    SHA512

    2ec3e063308134fbb1282c6de5e6b710265a1de7fa97deb864a09330e48c26e4aa9b8dab8b021d9e3dbc68a52e0ec189fb21bc24cbe3e3c0bb4fd9e50b856e6b

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    e64fd7ef3ac516fdf138c03f3b3aa4de

    SHA1

    28a197c2ba506d344f63d006289984a103bbd6c5

    SHA256

    4f5fe282562f016d472591bf8b6d645a15b12c28f2787b05a9d798983e124aba

    SHA512

    4d44ec37c98675974e69dd1a2f3c78194df09bc5c8f050f0c19477e154314f0a9bf10ca15cdfae9717da52471414d86d89eaf01c90ab1e038816d793b96606ba

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    95e374d72d99746288db6442298d7f03

    SHA1

    9685a3c1135af816d4fed51da2e2a22a662f29f2

    SHA256

    e9c4407066f987a56cafe81f6216944ab8db178b513703e946009bb46a65f8cc

    SHA512

    72417a81ad5563a587d8c67b1d3287b430568dabace12913d300802d6fd313a77f16094f08781a57a9ba99a14bba29bab9d006b0ac926825c8f2a126ef08b1f2

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    50cebe6b1b2122ee86a5cdc4bb85275c

    SHA1

    7eddccfe4ca8e1c83344311d499745e79a675c1f

    SHA256

    06d30ef4fcb6c64d0ebc084d256b5ca957380c2188e4e142800ec1cc9bea4198

    SHA512

    56804ed45d825e41ee9b4bac7e2db8aa30fb10e20a7665f62096aa91b1b09f2b77dbf0de07c69e883a1b1ea77842acb47840b3ab0d378ca6c78524d6b835bbfd

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    2ca4d6a943690d42be7898693fc8d4ff

    SHA1

    5baa6e3f2ac93f6cfbabfb683e094fe4f66c039f

    SHA256

    6248170b63971c9378387cb195619fcd8724100a2aaee66159b8977fbb697b10

    SHA512

    8cecc73917a6c19191449990c4242395671d6cba4f55f4c8eb8aa6a3a2d957b5a295ac881524924f86593a37093550cabc4baeef949c37434d459a53317c1e38

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    bf54d3ef08cb8719cc5d6deb823bc6e7

    SHA1

    c73e6fae84cb4a2d4dfb2e94f3e22f6de96826d0

    SHA256

    86af202f154f2f4829da80381f29103c80a2a69772418b47e349ba075962c901

    SHA512

    106445360cc525a76dd3ffde36e9d43a317b04bc6cd2ac17459e12965be22fbbd08ed6833c054db23cdda87d525e85094e829a74754d692a78a6604454259001

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    6acf7549e4513761e4a91d94da38a360

    SHA1

    a9fdc432bf7b4be6e2480088de8aa8e9d57b8916

    SHA256

    cc7a1f07c63f755763020c222f1c78c0a1c9353ad1b72cd4ad7d5826d7d1a73a

    SHA512

    7c9ed0446c4abc5a9692ebc1bbf5cf97d0a1ea162511241fdd8fac29f6a5d1ff49f213a164493cda9221edb08b664c616d53dfd2fe499d44f0e3e691f8bb3a9a

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    8cb86d369e5caf308f58b1851b5c4536

    SHA1

    8de9a6e79203e74c614c923b019e6c5132acb8d7

    SHA256

    5b8a26180484589b2cf78ad5da79414d6441d1ff1189c17bf198126265fcd1ad

    SHA512

    e2263d9b98dad919cec80a4b5f25a1002812b721b3b86f1d2d057cdb4e27908fd9d807de2a78fc6347b4cba50df18632e5ebf04f5cc29c720dfdbbaef77ccb25

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    8806e3bc8d226f28cef604e044eb3440

    SHA1

    d84903c37860b35f01e5eaac614e1be67e483e46

    SHA256

    c013cdffd480c13b6fae3699c439d65d0c2cc1165ca7da2ddea0b87b3ba7e570

    SHA512

    32f676fca3a5b0aafd8799571e3c076edfa03b86e27893c8b6580ea71ea92cf06ca98463599dd8d5081d5993fc97e3cf77ebe4af5168e3bd9118f530674f1a57

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    baaf723cf88b6cd8508193f755caedb4

    SHA1

    b3452d7848727c965b8c37c2ef9ce5e61b76babf

    SHA256

    6e1a24c0d9bf82343cf62845439075bcfe650d31c9aa521d525e91bb6153cfa6

    SHA512

    84207da77cba0dc35c7f9b5b1eef9c76b7c102b336b25dc19ccc545121f4130779ccb674299c9c250720c66754d3651a468090e0003ec1bc37d74455c9e5daaa

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    cfdcdc628e7d9d8c8e6ef56396b851f8

    SHA1

    0649a07bba233154adf2471ee9ca2a8298955824

    SHA256

    e93c18bacefa0b52ef97745836c32f9714d5d3535765b1072dca425eb92917f8

    SHA512

    6a1207387e3da79398376345775e673b2a2e6162a8fc148dbdab62b6ef8f1d6c25c0817d1ccff652b27cf84b59d488dd133d87018bf3c002982661c539d50afc

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    48423788da32ae372f761048c82bc836

    SHA1

    bc00eff5ebb0162dd18dfc1a18d75d49d6a0fbe4

    SHA256

    7492b95e926f4569732a4423eee8877a4c12c32e6d503e84a2fa6f40074d5065

    SHA512

    1bc2df3fd2fdab893e19545a1194dcd217d07600cfa93df28f5cef3b43f906cfa2135a1fbfce1e72bf39dbfefe84d6d8b879d9fda341ef9672f0c96eb646fd1a

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    da48d58ece8df14d301f9f745141c019

    SHA1

    fdc048598324110ad01731c1db7f2fbd23f348f2

    SHA256

    f097880cb9f7b29844819fbe4eb1bf6d1c478d19f6a1cddec166c878f4949574

    SHA512

    1f090ae2f974a0dc578152567c85d5481384933219a5c197a2eb514eaf7c912489cbee5d6c5462b46e4c5991efc34f72a53052c56c665bfcf5e120d5d48a33d2

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    13845ca5cbee6c2baca98d6fe5b7e3cd

    SHA1

    a271327fab2ee8a52daae32526c923bffcaf60a0

    SHA256

    8327d34345696a23010dc2eb71e1bec9d6c39beb9515ab30131f91b872fa4d4a

    SHA512

    a7a6ac77b571e85ef07191158bdf529fa1697f5749e7e05a253cfac2e7d3fb5ba226301dbf7204e276ef1a8ac37048902a0d3436d03a71da1a0f9a1b94ab86e0

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    ddb27542914486246f2f96ce8e891bca

    SHA1

    928de1e6ebba8a2116b4fab27162ea304d3e1f0f

    SHA256

    725c53c8aff9570143c1446b676a982b3717f21ffd17e1843133c9bbdeacb79c

    SHA512

    6a4b0413cc41c88c0f0f295630649df5b32c80a60eede9125ae7e49c1de38e658940f7e8df721fb9b8d0249cfa58ba3ed1135761b6fcc200d07deab1f823241a

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    f04ae8467137fd4ddf739511aa7cabd0

    SHA1

    256e9ec429397aa6a0c44e471361fc49f7c7f543

    SHA256

    526a2aae670bb366ea0af6a0984231bcae8cf1e6bef0c53c65d9d1532ced1eff

    SHA512

    a3780b8689da80e146175ffa66f61daa2f4d8606cfbaac5c172878e99acd59f054e4d6a55ed825d24d679a70bc6ad82f53ed9c35c5dc3de9246555d4e919acb9

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Cab3131.tmp
    Filesize

    65KB

    MD5

    ac05d27423a85adc1622c714f2cb6184

    SHA1

    b0fe2b1abddb97837ea0195be70ab2ff14d43198

    SHA256

    c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

    SHA512

    6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\FG.url
    Filesize

    192B

    MD5

    0fcf82b5a915470e8a79d3516f582a36

    SHA1

    75f81b41607905b231521243129aff3554a58db0

    SHA256

    076264d4f165cef82f0cb07f6795f1d5ffa74741a943fca42cdeac65823bcae4

    SHA512

    adf69ec56756fe672677b039cb44bb13fc3adfac569f5ea4eda4e7b35de5ebe0229c5825ca8337aa2c623a773bdf775ddd3689e9fae03a7af1f694576d954293

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Tar31C0.tmp
    Filesize

    171KB

    MD5

    9c0c641c06238516f27941aa1166d427

    SHA1

    64cd549fb8cf014fcd9312aa7a5b023847b6c977

    SHA256

    4276af3669a141a59388bc56a87f6614d9a9bdddf560636c264219a7eb11256f

    SHA512

    936ed0c0b0a7ff8e606b1cc4175a1f9b3699748ccbba1c3aff96203033d2e9edabf090e5148370df42fbfc4e31d7229493706ff24f19ff42ff7bef74a6baad06

    Download Submit

  • memory/1928-0-0x0000000000400000-0x00000000005C4000-memory.dmp

    Filesize

    1.8MB

    Download

  • memory/1928-24-0x0000000000400000-0x00000000005C4000-memory.dmp

    Filesize

    1.8MB

    Download

  • memory/1928-25-0x0000000000400000-0x00000000005C4000-memory.dmp

    Filesize

    1.8MB

    Download

  • memory/1928-26-0x0000000000400000-0x00000000005C4000-memory.dmp

    Filesize

    1.8MB

    Download