Overview

overview

6

Static

static

3

a2fc5d0114...12.exe

windows7-x64

6

a2fc5d0114...12.exe

windows10-2004-x64

6

Analysis

  • max time kernel
    140s
  • max time network
    129s
  • platform
    windows7_x64
  • resource
    win7-20240221-en
  • resource tags

    arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
  • submitted
    25/02/2024, 05:17

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    a2fc5d011477c6bd2e0c19310d989812.exe

  • Size

    1.0MB

  • MD5

    a2fc5d011477c6bd2e0c19310d989812

  • SHA1

    a1eb051e77ec87aac237a18cc4162fdc42749a19

  • SHA256

    12c4b0c18340acfa0e1481b2a8db7a748878ab12ffa43ea08aa239ba103f9493

  • SHA512

    ebacf33be7d43f7e1d85a9ec47c4b63a9810fd2227183b986b20922fed1b4c166617fa0face1ddd99201360b8ca285b845efe47ff1563c945979dac7c7f13559

  • SSDEEP

    24576:szYXUpnxEIk1AqsXJV9G71AobOZ+R/prGFh3gJOCP7su:Fkpxk1AXJV9K1NbW+uuJOCPwu

Score
6/10
evasiontrojan

Malware Config

Signatures

  • Checks whether UAC is enabled 1 TTPs 1 IoCs
    evasiontrojan
  • Modifies Internet Explorer settings 1 TTPs 34 IoCs
    adwarespyware
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 8 IoCs
  • Suspicious use of WriteProcessMemory 7 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\a2fc5d011477c6bd2e0c19310d989812.exe
    "C:\Users\Admin\AppData\Local\Temp\a2fc5d011477c6bd2e0c19310d989812.exe"
    1⤵
    • Checks whether UAC is enabled
    • Modifies Internet Explorer settings
    • Suspicious use of SetWindowsHookEx
    PID:2856
  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" -startmediumtab -Embedding
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:3008
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:3008 CREDAT:275457 /prefetch:2
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      PID:2608

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    1c941d120d1b1a398fbe000cd50cee95

    SHA1

    faca914f56a8cefb5decf6e541e43a953bfbf8c7

    SHA256

    6b72808c54ee60e542b6e999dfd36c6e12515918ec0b32fe4cd3f91836e3f61a

    SHA512

    45ba8d2f5e69be630bcbfb02f2c63265932aad153506daef2985b6403be8f28c62cfab93d67b295a252071d9d3aea3860592dc4dbaa7102e23a895615d7f7e0c

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    04b2d44a283db4aec65ca6ba0302dad8

    SHA1

    ca1a22187756760b255295a48c228708d6c12d72

    SHA256

    074821597ae98a9e76f18433b3b030852e15f92dbcbd11f4b18a8ed1258ddab6

    SHA512

    28d31d36fd62c7a115c8a941f7ca35892758a4f0cea618d7414f2a94bee16cd81ec3ac8d6a66ae16e0912dddd4a39a493290a57c2ea22dd5e619697e64961b2e

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    7b849a727439abb4224f3c2512a6e5be

    SHA1

    93f01018f8b0e4d17a0e9df440f4a4a7600d8277

    SHA256

    58cbaf5f6e1ca81475fd247a60a726611d66194605f02a9f12cf7369107fef46

    SHA512

    0e67d7aaba1c0ce590d259c066aac67e378431a3e0399a582b8b52f4b7999767f97b042f64d2c746717238df964c03bd5b99ee4105459189125e5cd781f8ebd9

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    817bf6dbf2ebdabea062a9765cb34215

    SHA1

    37d509baef68cbe7f0d71c08a977000ad93d1612

    SHA256

    27f4d800ebf440485cf13dd4f54fbc0ea0284582b6ae4f4b7f93d914ca9fc525

    SHA512

    a3fefec4900697bae677222bceee5d6fd39492b6281946d70b2d3fd364f359ee2e13ecc48d1ce950a7a12f8907fcd95b92f3b6b681654da4a4769113207b0a2b

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    72851ec6c8d36f2b4e3b850ef6c0e59b

    SHA1

    0528bc9be436ef0c887adfe60afc25b28e02fcd1

    SHA256

    76346d43a9cd4b2f005790e2e40952edd31b5e8b7a81abe68a2e1285a6b486f3

    SHA512

    572b1fc890df728d59a81bab128f47ede2f80122f7dc85b612026e1e4f8312dbc8601df62213682ab47c8e790a89988bb9b5768109976001f444081bffdadf54

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    a537926d6738860ad4b2ed9296357f94

    SHA1

    013d55bdd4c1ab0033a1d560130c066c39c0be5a

    SHA256

    8e305139e8be77148ef883e6dec0cbf5c6cf336a9dd24f0c80cb4b3546cd55e2

    SHA512

    2781066637f93d33cb5a809d71fee74a3e3c4eaf22065b57f67885036743f377e7953efc502b352907b9410fb6482b7ad03523a514125256336fe3f3cc342b88

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    a580cbe6c1b54d881ce79da79d9073a2

    SHA1

    aa93c812926f07b182d6b589b4e4a89ada574e9b

    SHA256

    772209d90033a4a4320534db622eb25b75830cfedc56fea368df6e23fc90f454

    SHA512

    4031da89c637d0c6f401f9d12ae31e3dc77a2cd73d0bfe8f81be6fae6ecd3c6144c98117734bec901bd0d74271437b6e7f51dcbf14cd3083668ce76414cc70de

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    2fe17c4601f154c543dcf5e7bf252dd4

    SHA1

    6056840bbf4933c7f5795763d5b9551a81517ea1

    SHA256

    655363b43b3dfc1c668014620aed9c1dd756efbf3fc4e92ae30a35dda17c256d

    SHA512

    011e3c4323ec6f07ddd2fd20d45a100bb9404cf7a96a6fb22b69f09d8c587380a0229ff027a2daffe3af76c529fb73a37d92219f67843b655e64e6b565e2bfeb

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    49cae9111c8f35a01e5e6dab240c09c0

    SHA1

    68e795afff4a543de153cfc19534e3dcb1897a0a

    SHA256

    58b03d2db307bb81a8c846ce612ced9255ef4de89f2d42606f09947fc60b3327

    SHA512

    f43fd02a08292360f1c0025f2903c7ab349ae229ac70b7a629158936438ef82d7c71f3754e7c5ff5c6be77cc02146a4061cd67922fe420bd492a0ff513d6d4c4

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    e0ccfb5ed0703d4b7fe80f1afb3045a1

    SHA1

    7f542cd6c019d9b2228f606bfad08eb7e37ebdc3

    SHA256

    1870bace02b7df5585ddfd6de1126fc81d0ec0e820f388ec80fc3975fdcf4cb6

    SHA512

    7d6f660c46d6284b20d2a956f3e78872d70b933371c7412393d0578ebbbe6ae245faa03759cb75cadd549e7a9e6d7b1df8fb75e9a967ad16e6e26767b25eb6d7

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    b6c189bd3841bcf430b121a9fd5b6e3d

    SHA1

    8a5e83e0bc846691ba7e401eaa41af572baa6ab2

    SHA256

    c4a88a18da84ffef2deea6d583365ac2f8c02c5050be6041c940ffcc57233486

    SHA512

    42de76ea293f6db08ecc38cd06284c8e529252d7923bd9c5c64c6b9837d5ab5dae09da0b08260ad1556e0a3573c06702c8ede7fcf63fb366fc55889f184a0398

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    78503002d946e5864da4193962517bae

    SHA1

    9d2b6d538b1b1bd44d42ca671e90a4beadbe6cfd

    SHA256

    7e2a0d57ff03ec82787d7855f0acff7e3f1b19e127b664019284bd6b34109eb0

    SHA512

    e58c96fd848773541d8941df81f97a0f86e847aa6507a8524d01cfb831ea7c2081f7e91ff188fd2229c34be0708bbdd7ab8ed1bfd5976133d65c901990087225

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    fa4fb4c471dd1461689629fb0dccd088

    SHA1

    a3f4468d7faad18bdb37fc892553319eae769e42

    SHA256

    8224b7c7724bd21ed2f0303df50f08eaa3473ec454ab59b5db969db5a2cead72

    SHA512

    69bfdcf61de90e86cc5f5d69473b0e6cd67b1cf72f920511f90f99a451fb7e203aad8395075b7f45f40d0d4b53f19b12322866d35c37df80a0cea2a714fc8e5a

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    3a093c10bab6f18ff62a91c5e51def00

    SHA1

    2151fff5a6941734f5bae6ddc606d06afd4b370e

    SHA256

    254ea29f8f0a21920fe04890744faae657021a3e706c37adefcca2be654c5783

    SHA512

    ef80761870e441d4488bba3e67b397f9742bad1c90b5b5c92a13732d4cc9bc9a93c3cdb7d92922f646404e00999328ede3772ee6d6172835856b4501e5c5f160

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    f51fa7a5fa57bc25866237b9eef0a606

    SHA1

    18580721d5a44586aa1600f091abaf30dbf69db2

    SHA256

    45322c5c7d4830119d31dd3e37f38f74536924f251fdc3894c0799c93938b609

    SHA512

    4332447d334bf40a70c0266d43ff782e7fcb8168f8ae151d0c201f13486605a365ead471a7a1a0d19104a09f90d39990f5a9cf22b7907627dca55a060fd2e6a1

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    84d8f24d41ef3f59bd77db6159bb1467

    SHA1

    e453d060c7df4af4be857b3fdc3d37921271622f

    SHA256

    4d57515780e51d099060383f88e411e46ce92d5d36b5731295f039fca8d60267

    SHA512

    c135f4be201e4b06c4cd90da711e8e610b2b91fd5128ca3f6c1dd421eec03990951a57a7d159ad14993370ed56874fd9cc43779ea0627e430d5976711fbac5d4

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    5a49c56cd2fa400206a4d41ad7c03a8a

    SHA1

    3369ece47c11dc57899451083224972f088021a9

    SHA256

    0a945f78d9f7debfb305a8b9e3335c66aac74c96d143ee64409f8f3a8535c865

    SHA512

    5cbb0929db2a4c8af90cde4fc5e1cb4c4052572bc6e9959e0effc4300fd60885272c7313bbc3ce929e32c0557b0c3e5b319578eb4d65351a0565eeb648619ff0

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    2f9ae63c5b3eb824c71c5c30f08e8a7f

    SHA1

    04b7c3846b92814fa939b6007a696bd9fe118337

    SHA256

    3a0dbbe156cba84b98de9212443609ceccc94e12c9ce7e323977092ffb280a83

    SHA512

    ec1a73afd93cffa57d42d0fd5e49030d0069c74130395991b4f649fa8c57d2066a1a9aca14161b3c9c993e7ba53e07cf1269e3461e7c21e23fc503adc5ac45e2

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    dfe4631c9a932b34ed95a77c0ffe26e1

    SHA1

    e6dd49d37109ba57e25d0a9b17070df63ac78a36

    SHA256

    0286323f69ec5e590f40960c2898a3e5baecc25252b1f2b1697b701fcb8e7415

    SHA512

    298e461cabb74e26ccf64b31fc1271ae92f8cad54eda8fb7a3c967f1f6efb76706bf8d81a130f14ce51cb8165c9afd49d8fd0cbb9b921f38f94935aff64e291d

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Cab3E88.tmp
    Filesize

    65KB

    MD5

    ac05d27423a85adc1622c714f2cb6184

    SHA1

    b0fe2b1abddb97837ea0195be70ab2ff14d43198

    SHA256

    c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

    SHA512

    6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Tar3F86.tmp
    Filesize

    171KB

    MD5

    9c0c641c06238516f27941aa1166d427

    SHA1

    64cd549fb8cf014fcd9312aa7a5b023847b6c977

    SHA256

    4276af3669a141a59388bc56a87f6614d9a9bdddf560636c264219a7eb11256f

    SHA512

    936ed0c0b0a7ff8e606b1cc4175a1f9b3699748ccbba1c3aff96203033d2e9edabf090e5148370df42fbfc4e31d7229493706ff24f19ff42ff7bef74a6baad06

    Download Submit

  • memory/2856-429-0x0000000000400000-0x0000000000420000-memory.dmp

    Filesize

    128KB

    Download

  • memory/2856-0-0x0000000003970000-0x0000000003972000-memory.dmp

    Filesize

    8KB

    Download