Overview

overview

8

Static

static

7

9ca13dadaf...5c.dll

windows7-x64

8

9ca13dadaf...5c.dll

windows10-2004-x64

7

Analysis

  • max time kernel
    150s
  • max time network
    128s
  • platform
    windows7_x64
  • resource
    win7-20231129-en
  • resource tags

    arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
  • submitted
    15-02-2024 01:47

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    9ca13dadaf32bca689ec86dd5c69bc5c.dll

  • Size

    216KB

  • MD5

    9ca13dadaf32bca689ec86dd5c69bc5c

  • SHA1

    1c6da178f7b9c3ae28a2370fa797385e993775f2

  • SHA256

    88da80af3cb1b030e5264bb64fb6e8e33fbd952c88be17ce3c3d064bc641e287

  • SHA512

    f9856044417e7e1a1389d182d40f2920080cfee4c1c7cce69c2b9d59fbcf0d91f666c2f464576f9fa87326c632562915eee8fd26ff5b2b9816e2619c8fa62aba

  • SSDEEP

    6144:Hj4+5PYFPco1Zq/TSucVWPo4Bpof1mslhx:5YFRZq/TdUWQ4BCmsP

Score
8/10
evasionupx

Malware Config

Signatures

  • Disables Task Manager via registry modification
    evasion
  • UPX packed file 4 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Modifies Internet Explorer Protected Mode 1 TTPs 15 IoCs
  • Modifies Internet Explorer Protected Mode Banner 1 TTPs 3 IoCs
  • Modifies Internet Explorer settings 1 TTPs 42 IoCs
    adwarespyware
  • Modifies registry class 5 IoCs
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of FindShellTrayWindow 13 IoCs
  • Suspicious use of SetWindowsHookEx 4 IoCs
  • Suspicious use of WriteProcessMemory 29 IoCs

Processes

  • C:\Windows\system32\rundll32.exe
    rundll32.exe C:\Users\Admin\AppData\Local\Temp\9ca13dadaf32bca689ec86dd5c69bc5c.dll,#1
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:640
    • C:\Windows\SysWOW64\rundll32.exe
      rundll32.exe C:\Users\Admin\AppData\Local\Temp\9ca13dadaf32bca689ec86dd5c69bc5c.dll,#1
      2⤵
      • Modifies Internet Explorer Protected Mode
      • Modifies Internet Explorer Protected Mode Banner
      • Modifies Internet Explorer settings
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of WriteProcessMemory
      PID:2224
      • C:\Windows\SysWOW64\explorer.exe
        explorer.exe
        3⤵
          PID:1968
        • C:\Windows\SysWOW64\notepad.exe
          notepad.exe
          3⤵
          • Modifies Internet Explorer Protected Mode
          • Modifies Internet Explorer Protected Mode Banner
          • Modifies Internet Explorer settings
          • Suspicious behavior: EnumeratesProcesses
          PID:2328
        • C:\Windows\SysWOW64\notepad.exe
          notepad.exe
          3⤵
          • Modifies Internet Explorer Protected Mode
          • Modifies Internet Explorer Protected Mode Banner
          • Modifies Internet Explorer settings
          • Suspicious behavior: EnumeratesProcesses
          PID:3036
    • C:\Windows\explorer.exe
      C:\Windows\explorer.exe /factory,{682159d9-c321-47ca-b3f1-30e36b2ec8b9} -Embedding
      1⤵
      • Modifies Internet Explorer settings
      • Modifies registry class
      • Suspicious use of WriteProcessMemory
      PID:2352
      • C:\Windows\system32\ctfmon.exe
        ctfmon.exe
        2⤵
        • Suspicious use of FindShellTrayWindow
        PID:2600
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" -Embedding
      1⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:2668
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2668 CREDAT:275457 /prefetch:2
        2⤵
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:2456

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC
      Filesize

      914B

      MD5

      e4a68ac854ac5242460afd72481b2a44

      SHA1

      df3c24f9bfd666761b268073fe06d1cc8d4f82a4

      SHA256

      cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f

      SHA512

      5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
      Filesize

      65KB

      MD5

      ac05d27423a85adc1622c714f2cb6184

      SHA1

      b0fe2b1abddb97837ea0195be70ab2ff14d43198

      SHA256

      c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

      SHA512

      6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357
      Filesize

      1KB

      MD5

      a266bb7dcc38a562631361bbf61dd11b

      SHA1

      3b1efd3a66ea28b16697394703a72ca340a05bd5

      SHA256

      df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e

      SHA512

      0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC
      Filesize

      252B

      MD5

      18420c6f396c70bf727f8bba09b0c417

      SHA1

      d73c57969bce0910f5b2067bf882ff02d2eb2714

      SHA256

      2e156960bacf58a21a2bfd6545d3e6b8f79be76cd99de6cf6ec262a078686b51

      SHA512

      79eb18a668bee83247657c6d6a1a470a9e806df075d421f72e8decfb3605cb0361a32b47714a84c2348752ead8550bcf83920208d0561b1c037dd79abeab8801

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      6a6b2530d9ba5d09264664d788f413ae

      SHA1

      7582368dc4136ec4a80966741b48ccbc87911307

      SHA256

      52fe26dbe58755c023a43d402b07b112c864cfc53e77d0528075c5676e46cb4c

      SHA512

      8a2b9a43790fd343709a882506028d3f9a86e1bcf7363850f9ffda46211c7b7df3b39cc990e804673cb3f8f0d29335d3ac8a0530cfd091ece166509390793d68

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      120c300f1dc3781acaa476a4d60b2057

      SHA1

      5e6c321f1ba31111609f1fb0dd8217443b42e2b8

      SHA256

      b5a2b03cead8b51c4a84499ab2383281f8cecca7937d06789fc84ac6ea047506

      SHA512

      745bc833e235cea03a72cced09820b3125da500921e9670658e267dab7a5fed407e14de4ba5e26705d73aa9346b3c0d0229fb564eddb55dcab1ea10eee8ac7ea

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      5aadf177039ffd018c252f2401917e83

      SHA1

      1cb9f3b19e64e1743c98854d1e488d540a91a238

      SHA256

      d38f614ed1b907980a05395651fbdb4ad8bf3b48bcd562f419dd2102ecdc91c0

      SHA512

      f9aba958997ec31a0a913d664c73e81fc48df20c735f62e65322eab0e5eac8bc84eb3a7b7fe27e1efd1878805e380f19413f1ad5277351c9ae8515913de83e80

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      717681889543633d730968eab4ef384b

      SHA1

      5854ea6ac30fadfa8749ce72ce3fe346b83dd9ac

      SHA256

      6af1915fca4bf0185dd6501994237c15d07b51637f9464b56a106e4f8a75bd74

      SHA512

      160a5efbf17dfc82cecc1e0b7a22a0140989fa35b85e5aa1a9ccfb803243ca6c79db298d19d79ce64c6449d533c423d880780ab2a9a453cadc30a6e4347342c5

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      f29c4110c4d835d077d95ac9b6cde9f0

      SHA1

      de11f4a7a35a4fb124891d72f0e674fd441da6b9

      SHA256

      3525abf1a2848f14dd54902ba49e2251d13d3d83194d5f3723cbff0d1750ed29

      SHA512

      5e3203db7b7f5a537cdb2bfb35a1d8f135513fc8d3db36b113f58cb030d08b034d5ff80f61effc5d0500bdb199c7a95450530d9c4d4c8238acc0cbc58f147a1b

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      3d92b98ff9db8c15b6c847c0bcdd96e1

      SHA1

      600e3236d9066ba787560611255cb9b340dfa3e4

      SHA256

      70910e905c40c1d1fd142a5ca13bc95c92f6926c3a02f06b7dd4c21f4cb1042b

      SHA512

      88cdd2537a91f8f5d85168872361ec9a2afb51a5583fea9033402950a86e43b0aa9f0579b0117541d1a5774d2263cc6faab1ddb16da96fa93ad92bf9fde667ad

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      17643272d1e17693b880d8c353a88421

      SHA1

      7f59ad998ec4f93336a2586f35e06949f7fd5b7f

      SHA256

      2ae3dc25a2106df925e1e94bd646b57f138b65c0501a3a2661421a8d8755f74a

      SHA512

      4c260de83d7ee3a402d5820b1871b7eda3f137e0ad3e4b29df83666596a6a0476e83501b14f1cac6e229da004c3b0b92339a53ef95e42d490c3fc17a873aab14

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      bb50eaea05a280d7b798744cabf64553

      SHA1

      a4e9ff581dc81ce77f4a00db68fa630be40fec49

      SHA256

      a11c412807a3d4c2640a288577513fd1795e379310691d53b2550461a6d7ce66

      SHA512

      4354893355606b5cac4e29d7ec6e15aaa278f377a5748d3ff162a33eda31288409cedbb69bf14c43d112f1d0d6623a3cd6d5d5d1c195842462e5a7ef4d325828

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      2932c333536318f68a3c97abfc11f707

      SHA1

      ee5d834b578100a19952b18d68a42d3c7b7fc4c9

      SHA256

      6f388ce2274c498a82883e0ff2ae2837eeca084cf6127c5269629dd31cf6b8f3

      SHA512

      4f1892797d09800ff0eb9b69968de96696ba33c6a1015157f050e2cdaa2eadc02df7d6ccaa685087d0351799c9d40ad5c8ab779b37e0d17b8e2ff4d6bd438116

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      a71f3181140234f8396ca15b5c5789b4

      SHA1

      ec2d303acb32c310758604a69dee8c6249e4baf6

      SHA256

      d0c1f5cbc0cdde6013cfddc34b63d31da74ab153a23f2f469bc10936e15b1e59

      SHA512

      f31f1093533aa87deea889767b48d2b0226add8522838370ca5d463deca4b0196f2c425e555e7231f4a318ac8306457e9d9d9f660c42fbdbbf832c3e45476017

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      408c9d168a4bb2d770ee16b179d1882a

      SHA1

      cfcfff10cc8997dde9b83a6501d82b7229b10165

      SHA256

      64eadcfa188a064e5717916df28c1e45e552a417c01952dd4b8010856025457d

      SHA512

      f7804e6691b1483561969c4b1f3b5d9640f666fb6c0c5e053834ffcb5e54c6e498175f0e63a14f754bfeb7df3c1f7b7cc193daa001512a6f3b721795ed2699e4

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      933ff7284dd258462f913039abfe3e52

      SHA1

      2e8824df94dc68873100972e2d8fc51fe0b8ea7d

      SHA256

      31fe89a5c6b6a0f92c791c84e6dd516cce3898823428d3e5f5fc46bd3b42127f

      SHA512

      a7e82d2f9471215b22caedd01741db2a25e8694538e0cf4ba2d0e5432d9ffdb8fbc72fc6d4134272b7cae83eae3a6d0f0f202aea1194f148b9a8e14d56cf5c7f

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      3798d991c01d169861b01532794844ea

      SHA1

      13f22c6cdc91036f6146d4a9a1effe418fd14b53

      SHA256

      e06cf0d4d5f5adcf565bbdcf5718506e8c97cdfb7b9f8a077aeebaeb508c6c35

      SHA512

      e6b668c50213b4ce87dfe6fcfd488993d87caa4bfe0f3884100ede86d8049c3ef93f909ef78a98cdfaa525e96dff7ad6e9e06c0feb6da377c8c1ea4ba937ec79

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      87d646a09ddb0ebef59ca38b740ad67c

      SHA1

      e9a19d49ca7bc08504d152eb72403fdf52147e22

      SHA256

      36167672891344a94217af1f90738eaf9056c8f296ecd9dac4a21448409ba6d6

      SHA512

      acc41891db0113c6b3b2b6e93f4beb05fcbb96b0954821197e99ec191402350ac69e6b8d5a94ca7096068aaab0f798aa82bfb1790d0035e05442db1c82411452

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      f22a2da881433c82ae67a2e12e71d4f3

      SHA1

      adf11dab4e7b64080a902b5d0f5b5c03a3bb5231

      SHA256

      25b90d16ea5a018673944ffdd8a8198ce3865ddbe124e2c3d80642f59f37ea58

      SHA512

      8a351b5b21b25287c55f9d8d3bf2c10f1dfe05e14013d5d91a192d8fbe0eea024551b7092b1f989e6c662167f5d7c3e777aa07ce97724ed2865159ab2af179ec

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      c510d3c04f51f894d98fd1cf90eaca1b

      SHA1

      a52163459b6ba801551a5b6734398eb7fbcf92f9

      SHA256

      ac74b7aaa663c10797bcf2721f74f5bdc9c1209d81b7200fe7c10d3e08e1af4a

      SHA512

      3a8a703ad13437bb7d38cc40d49aca47c2be03a9d9b0183003ff97985df32331dbc22f8dcc6768305a48be45a001de55bd002bf13e615d8c29cb5ce3d5ce0601

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      5ec8e08a062d8ed96da931052bff7e93

      SHA1

      ad7d1ea7794424db7332eeefcf87421111036f31

      SHA256

      71b67b5cccdd3e7d3df46e33cb16983c915388bceff3c073537246268397d4c6

      SHA512

      697c8aba2531a25c31d1399446e2ead2e937db50709f0902643085add4ad3e74284d67453c0829e2a43c51bee2fac12525b9afd959f8ab9949c610fdda9b477d

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      799a69ef0fee932a581b8a72d8b2bece

      SHA1

      f117b3a4b78e7a57c150f8b2cd69050a88d47569

      SHA256

      d9a64fb26f3969c5940b920a97648be6db0b6ccb323477e0b4f9279725db3ef9

      SHA512

      c4e952f76585b0bdc64b7727d9c68ed74aa1ce92830b3ddbb1960ae47c33d12e11d4fbbf0b885a9fe951a194272aa81d48c1debce5db2d0eea017fa5a6dd54a0

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      4dd365dd34367bf6deb1fbf308dfb1a9

      SHA1

      334535794a311cc8800057dbde91d38f17b8e7dc

      SHA256

      a2178f4ce38e1b97b67f9cca3f420bcf678e6259d6fd10e3dcc8b01ba829ac40

      SHA512

      967047a488641b5f9ebf6b33767d7754f35da0713085f44eb1bdf138c69dbbfdba2df42bd2c0d305401db8e9e2d8dae3ec9b7ac6cdb8fd1627584be82ca45dd5

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357
      Filesize

      242B

      MD5

      fdb79cdd4ea5abf4d9ad23fa8ded926a

      SHA1

      2b1d05bb9d60f601c6a2f4416d8c8b2418311d80

      SHA256

      8e7dc448367bf91b7105754a05c1004f8df4a8fdbfefff97d135a5560df4667e

      SHA512

      6eda921b9bf56072cf5ab1f68f59b3c5c44501ebb72e0d247d15009cbfa074cda4843b62dd9cb508ebf41126f1f34350e4c6a07a33bf49ecb508e1340f73259f

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\Internet Explorer\Services\search_{0633EE93-D776-472f-A0FF-E1416B8B2E3A}.ico
      Filesize

      4KB

      MD5

      da597791be3b6e732f0bc8b20e38ee62

      SHA1

      1125c45d285c360542027d7554a5c442288974de

      SHA256

      5b2c34b3c4e8dd898b664dba6c3786e2ff9869eff55d673aa48361f11325ed07

      SHA512

      d8dc8358727590a1ed74dc70356aedc0499552c2dc0cd4f7a01853dd85ceb3aead5fbdc7c75d7da36db6af2448ce5abdff64cebdca3533ecad953c061a9b338e

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\TarD60B.tmp
      Filesize

      171KB

      MD5

      9c0c641c06238516f27941aa1166d427

      SHA1

      64cd549fb8cf014fcd9312aa7a5b023847b6c977

      SHA256

      4276af3669a141a59388bc56a87f6614d9a9bdddf560636c264219a7eb11256f

      SHA512

      936ed0c0b0a7ff8e606b1cc4175a1f9b3699748ccbba1c3aff96203033d2e9edabf090e5148370df42fbfc4e31d7229493706ff24f19ff42ff7bef74a6baad06

      Download Submit

    • memory/2224-1-0x0000000000400000-0x0000000000456000-memory.dmp

      Filesize

      344KB

      Download

    • memory/2224-2-0x0000000000170000-0x0000000000185000-memory.dmp

      Filesize

      84KB

      Download

    • memory/2224-4-0x0000000000400000-0x0000000000456000-memory.dmp

      Filesize

      344KB

      Download

    • memory/2224-3-0x0000000000400000-0x0000000000456000-memory.dmp

      Filesize

      344KB

      Download

    • memory/2224-0-0x0000000000400000-0x0000000000456000-memory.dmp

      Filesize

      344KB

      Download

    • memory/2328-10-0x00000000008A0000-0x00000000008F6000-memory.dmp

      Filesize

      344KB

      Download

    • memory/2328-11-0x00000000008A0000-0x00000000008F6000-memory.dmp

      Filesize

      344KB

      Download

    • memory/2328-12-0x0000000000830000-0x0000000000832000-memory.dmp

      Filesize

      8KB

      Download

    • memory/2328-8-0x00000000007E0000-0x00000000007E1000-memory.dmp

      Filesize

      4KB

      Download

    • memory/2328-17-0x00000000008A0000-0x00000000008F6000-memory.dmp

      Filesize

      344KB

      Download

    • memory/2352-7-0x0000000003AF0000-0x0000000003AF1000-memory.dmp

      Filesize

      4KB

      Download

    • memory/2352-6-0x0000000003B00000-0x0000000003B10000-memory.dmp

      Filesize

      64KB

      Download

    • memory/3036-15-0x0000000000500000-0x0000000000556000-memory.dmp

      Filesize

      344KB

      Download

    • memory/3036-16-0x0000000000500000-0x0000000000556000-memory.dmp

      Filesize

      344KB

      Download

    • memory/3036-18-0x0000000000500000-0x0000000000556000-memory.dmp

      Filesize

      344KB

      Download