Overview

overview

8

Static

static

3

ab2546f949...d6.exe

windows7-x64

8

ab2546f949...d6.exe

windows10-2004-x64

8

Analysis

  • max time kernel
    117s
  • max time network
    143s
  • platform
    windows7_x64
  • resource
    win7-20240221-en
  • resource tags

    arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
  • submitted
    28-02-2024 05:46

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    ab2546f949ead0848d5e8f086a1f5fd6.exe

  • Size

    31KB

  • MD5

    ab2546f949ead0848d5e8f086a1f5fd6

  • SHA1

    cba8058ea7310016e68dec02b2bb17a288590a23

  • SHA256

    c2348846b38573ae1e926cc67e561d0ee3600696b5eb16c8cca5edf0e81c43ac

  • SHA512

    324aeb66a81fc1b992b7f63683244d99ef2f3fc968a34c2bc348aafee22eda8416845fa0a54951ad0cc38c3a716a65d74dca19b973e226c951cf10a3274874c7

  • SSDEEP

    768:FdNnMLkH+xuRoXK64fKjuY/HbPoVk5PRxSlzlY:FXMLvuKXK6yKjP/7gkai

Score
8/10
persistence

Malware Config

Signatures

  • Adds policy Run key to start application 2 TTPs 2 IoCs
    persistence
  • Deletes itself 1 IoCs
  • Drops file in Windows directory 4 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Modifies Internet Explorer settings 1 TTPs 29 IoCs
    adwarespyware
  • Runs ping.exe 1 TTPs 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 7 IoCs
  • Suspicious use of AdjustPrivilegeToken 5 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 18 IoCs

Processes

  • C:\Windows\Explorer.EXE
    C:\Windows\Explorer.EXE
    1⤵
      PID:1344
      • C:\Users\Admin\AppData\Local\Temp\ab2546f949ead0848d5e8f086a1f5fd6.exe
        "C:\Users\Admin\AppData\Local\Temp\ab2546f949ead0848d5e8f086a1f5fd6.exe"
        2⤵
        • Adds policy Run key to start application
        • Drops file in Windows directory
        • Modifies Internet Explorer settings
        • Suspicious behavior: EnumeratesProcesses
        • Suspicious use of AdjustPrivilegeToken
        • Suspicious use of WriteProcessMemory
        PID:2368
        • C:\program files\internet explorer\iexplore.exe
          "C:\program files\internet explorer\iexplore.exe"
          3⤵
          • Modifies Internet Explorer settings
          • Suspicious use of FindShellTrayWindow
          • Suspicious use of SetWindowsHookEx
          • Suspicious use of WriteProcessMemory
          PID:2616
          • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
            "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2616 CREDAT:275457 /prefetch:2
            4⤵
            • Modifies Internet Explorer settings
            • Suspicious use of SetWindowsHookEx
            PID:3012
        • C:\Windows\SysWOW64\cmd.exe
          cmd /c ""C:\dfDelmlljy.bat" "
          3⤵
          • Deletes itself
          • Suspicious use of WriteProcessMemory
          PID:1916
          • C:\Windows\SysWOW64\PING.EXE
            ping 127.0.0.1
            4⤵
            • Runs ping.exe
            PID:2392

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
      Filesize

      67KB

      MD5

      753df6889fd7410a2e9fe333da83a429

      SHA1

      3c425f16e8267186061dd48ac1c77c122962456e

      SHA256

      b42dc237e44cbc9a43400e7d3f9cbd406dbdefd62bfe87328f8663897d69df78

      SHA512

      9d56f79410ad0cf852c74c3ef9454e7ae86e80bdd6ff67773994b48ccac71142bcf5c90635da6a056e1406e81e64674db9584928e867c55b77b59e2851cf6444

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      324f0f293ecb6fde31707313254c4c62

      SHA1

      9653be7d7c3906b3dae59777ec9395da32fbec3a

      SHA256

      1fa2186d1ce9ae499b80fc2e5ab1112968964bdf805efc38b0d85f2eddf9b9fc

      SHA512

      368ea54058ac1c6af4201d7c7566d67da6751ef4f507a3442a576507e8c3cf17e75645c75c9f115dc4fed8060c24e8be17ca9dd304fbf442d0783c78b6287a7b

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      98e1f781a24df74a4bdddb2eea1304e7

      SHA1

      47db078872591f301db03d99ac5adc8b025c954d

      SHA256

      1a0892c62cda2902234ed7be1906c5169a13cef6aa75cf3f92bbda91348e0e9e

      SHA512

      4580e6763b71b68d222d3a36628b9b40d804354c9f2069c20238a51fa826258e2561cc08fa30fa51f3dab76399039f7067305d655b368bf99c6958f0e28e4db2

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      8e20c1b447e019f7235621ff48304b14

      SHA1

      85f515258514721588b6fc8dbc5218e1b6da1bb2

      SHA256

      84493dc94e6581560a97760ed22f7c87088b62eef4f6f9075423275fce8c4dc9

      SHA512

      fc20b5748fa9e3d1e48bfe8d2eb07bf8343afe1b0545fafa795708914179b59825077793445d63617af3fe0a477404568bd543e5201f28d621c54b14c7ed3e2b

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      959c8fa0a3405a74753d730026342148

      SHA1

      16bb1b6bb6e97800c5fd16602ec16ff776be455f

      SHA256

      d9eafb5c02d1cc84ff909ef0c409271d949c0dfd71485723961daf7cd69470a7

      SHA512

      7fa634de095187bf1bda793c58a2fb8c8c0f252b3e9f7552464369d13c82254738193c73d703542859a04c8573289e3973eb30c5edf1c4e7a3f6689e54a9159f

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      487b1427d0381d7e7ee07e4cf4a8c8df

      SHA1

      af45f966c208090a2ef9febce41ea68535ba9157

      SHA256

      c001e7430fd85220a933b25f951d90fe3b22b107e5f422fc4233f2b7a630ab3a

      SHA512

      9b9eba992076ae47ce9ed1f85dd41f7a8959ee8ba7e0ccc60a46277e5713de1234eb5049ecdd90399a3d7383835206de0364b9237fbdfd42c236fe7e99e7477b

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      2b8fc183e5e425ff98c67ac4b2e560b7

      SHA1

      70f645bfb5f432cb3ca3665a04ea1019342110b0

      SHA256

      ede44112ececf720364678a72bbdd00043e8fc8e5030607e3f19b513a9c5a64d

      SHA512

      7ea63b468f3c451eb3b848cda2f2377d7cadcdbf3733969151080fe03544c0b38befdec63b5219bd7e10149d5e2e8b9c7eaf8137e256a8a4731ad07110f0b302

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      41573b502c27bdb9ac0540f302f5a2fb

      SHA1

      c81f5e1d9b36a3aff428d48dcd3fe405c74a0608

      SHA256

      ca82cc4ffb229955c7b95305213aba5638eb4946464fd7dc2d922f925124bdfd

      SHA512

      a36ce81eb32e63552fae48e8b72988ad8a53f4286eb5ff0f48f191ca753950112625231aa8bc784f7a16dfedd5ae21b35a60da3dc1e83f90a473166e9d5ee847

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      59925bdf84d4fcd949077d8ab308f95a

      SHA1

      ee246182b10d7be307df9f119c0b8d662deefbea

      SHA256

      14409d83d9fa320014a208fe5868279f3db42b85e829a7f8a6a77fa550fb7b3b

      SHA512

      5879e93417dbdc9de1d73ca0ad10a8db0f9c2813c48f2d2d06065ee8ca6665d1a3dcefd18add14c277a8b5b801f9fa3701c1ad9745e1f609d41d1f49bf260809

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      256e5ce63c288dd7d175ef93a9fe5e6e

      SHA1

      15e8f18314fe3b4aab496e301d900ed3abb110d3

      SHA256

      6b100e99d5b8d85040e3e5c00aa87deb3074bbf9ce18e0d7f60e836e7949008b

      SHA512

      d02b8ec03aca63cde7111ac29ae3f9c249009007fd3f0622a44f410378c16640fb0027e09731991a2324e7d9b6e44f351ba84c7d2babb388e0419ff2f0466d24

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      3957e9415f4c2702eab62e2d53e79ce8

      SHA1

      08ba60269c3fd5569b477c29ff051762f45ba0a9

      SHA256

      2a6e5c4b16087b5c5d5351f0d02c1c07d3578c24a205d49656f7b887ad01dd0b

      SHA512

      b6dced1fe66d6904bf1b53d6664975f1bb9ceeb8979b277a979fae3ca3061580c63f0214bc6331ae5c3d578f5621e56d6df8c93684d371671864559b10746d4d

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      edbadf4e72a4ccfdd9a0e3352ef38832

      SHA1

      dd6ccc8bc92bbad89b511c6c0195f396654bdaea

      SHA256

      6e43f8bb5b57c89a2ca3828f76717275f6eae5d74e158f8a896b99df9b72d356

      SHA512

      050386b5109788d32c342248e3b09f445c0f53870ba98f00f16fde1b6e75613b7ad7336c83b5bb119e3501a8a8f339ff6e354adae61ebcc140762fde00e7ea3a

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      39819e9268343dc31d54e141193787c4

      SHA1

      fc57b5427f6c38ff643f68736d18028342a92d39

      SHA256

      e7bc70ab7761c3560d09d356fa4187ffd9cd25a1a01eab19edb36d64cb7d7fab

      SHA512

      624e5b1b39cb0a732393274df238faf4d8b96a53fdf8ffa3002b2b40228c004d9df3a0cdb23a261a3dd83f7acece2e28b9430a64225692d0f549a8375c8f7632

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      0d36c80de52cd61044e71c055168786d

      SHA1

      f5e72deb95954fa9b91f105e159fe43e47ab6382

      SHA256

      90391d1970d909f0467e520711817198fc90bc5de680088c675f29b3cc6b43ff

      SHA512

      f5378fe65a5dd57a8e3b071dacd3454599b2da28a6699cebb085474d79420b64f9b3645be3d17cce6e4d29ad7274682000dc564873d10e78ac0cc00a84ecf825

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      f9da0fbb128a8498e2ddfbc8b6da8e62

      SHA1

      a4a4a13400c5f11fa2194b0fb7a0f510672e5886

      SHA256

      70df0d9e3afa4b5231ad74df81ab55e9e993701bc71c50e726d16b122358289f

      SHA512

      cf5926862e5343bdd694c192fd04166c590b07637b3a89cfd29de85cbd9d4c2f03ef14cf153def1378a035e1af58d13b0a981d38e545a8f2ca46ea281cc4898b

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      228763681cb95bc78540bfbd09041e41

      SHA1

      c95bc041353f60211ba9757761a17cafa7c68311

      SHA256

      afde3310a7be8b27fd32b9474b556a3660fbd6f7beaa64c71d223b036c52cecb

      SHA512

      d8ddcbcf895274c293a0e22504a7fa08a71ffea4522771986ecb32af057df4969bbbd3944be9f1d9840e1221738f010f5bd3659136718bbbd7fce374c69d0f33

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      a13f626eb2a989d8d3012baf9bf3e123

      SHA1

      44f0d32ee871b850953dbc7b06b321ee9e1e506c

      SHA256

      1242318a7ea0512a6bd02861c8155320364c0abb5adf4dc7af5e420edc442b57

      SHA512

      676594edb9e90cd8ddaa1d550949cd1ee13551f8286f24052f1343ace13abdb499a00bf0320ad1324a4dff1cc539b73348cee7fa54bf419f6db1919dd2006ca4

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      e4f4303933962143beca8b95410d7087

      SHA1

      ccc91343b08a27df9a9efdaea2b8b2f558189e70

      SHA256

      f5c04aadd6a4de674543189d12b84b65b85d806fe99514274348bc5e69e6fa61

      SHA512

      67f57ff1fe4c0edea28aa300600c54132c1997b2232752811b7b6f3f4ba2ac62cdb7620785e91ffc242ce4bc34356e002f648a38d5857bc7e39edc4fa98f1d7b

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      be2345d0ae396adbc15a5ab87ef362a0

      SHA1

      a3075c223cf9393e6717013e865ae71f8c199a06

      SHA256

      3a8a1fded24d36b8223ea736a805002f65112216ce51a894abcaa86d653efd6e

      SHA512

      37837c6d029776477e0d28f34b8abd57f846a385e8aa7f2df5e978747c62313aca80ee7f28beb64ce0240ba41790ef951120335611d37c6c312398fedd692a6a

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\CabA4BB.tmp
      Filesize

      65KB

      MD5

      ac05d27423a85adc1622c714f2cb6184

      SHA1

      b0fe2b1abddb97837ea0195be70ab2ff14d43198

      SHA256

      c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

      SHA512

      6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\TarA5DB.tmp
      Filesize

      175KB

      MD5

      dd73cead4b93366cf3465c8cd32e2796

      SHA1

      74546226dfe9ceb8184651e920d1dbfb432b314e

      SHA256

      a6752b7851b591550e4625b832a393aabcc428de18d83e8593cd540f7d7cae22

      SHA512

      ce1bdd595065c94fa528badf4a6a8777893807d6789267612755df818ba6ffe55e4df429710aea29526ee4aa8ef20e25f2f05341da53992157d21ae032c0fb63

      Download Submit

    • C:\dfDelmlljy.bat
      Filesize

      205B

      MD5

      23d2697c7aa531e3488bf4854d8d8984

      SHA1

      8d0d0c4c2287cbbb67a24b8dbd25d94e7667d9a2

      SHA256

      257e79ec76700438711be925bdc55a59c26b06aa02ca7caa49384ab15e0909c2

      SHA512

      c9fa0feaaf508f7863068f608699dc62b8a8aa63723d4c837ab06d5dcdda1509c397f8819d4bc5926db91fe379f3a9ff979e565fbc519c88d9249a3b257e624f

      Download Submit

    • memory/1344-20-0x00000000029D0000-0x00000000029D1000-memory.dmp

      Filesize

      4KB

      Download