Analysis

  • max time kernel
    66s
  • max time network
    55s
  • platform
    windows7_x64
  • resource
    win7-20240221-en
  • resource tags

    arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
  • submitted
    02/03/2024, 16:30

General

  • Target

  • Size

    14KB

  • MD5

    19dbec50735b5f2a72d4199c4e184960

  • SHA1

    6fed7732f7cb6f59743795b2ab154a3676f4c822

  • SHA256

    a3d5715a81f2fbeb5f76c88c9c21eeee87142909716472f911ff6950c790c24d

  • SHA512

    aa8a6bbb1ec516d5d5acf8be6863a4c6c5d754cee12b3d374c3a6acb393376806edc422f0ffb661c210e5b9485da88521e4a0956a4b7b08a5467cfaacd90591d

  • SSDEEP

    192:sIvxdXSQeWSg9JJS/lcIEiwqZKBkDFR43xWTM3LHn8f26gyr6yfFCj3r:sMVSaSEglcIqq3agmLc+6gyWqFCj

Score
6/10

Malware Config

Signatures

  • Writes to the Master Boot Record (MBR) 1 TTPs 1 IoCs

    Bootkits write to the MBR to gain persistence at a level below the operating system.

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Modifies Internet Explorer settings 1 TTPs 36 IoCs
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 40 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\[email protected]
    "C:\Users\Admin\AppData\Local\Temp\[email protected]"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2892
    • C:\Users\Admin\AppData\Local\Temp\[email protected]
      "C:\Users\Admin\AppData\Local\Temp\[email protected]" /main
      2⤵
      • Writes to the Master Boot Record (MBR)
      • Suspicious use of WriteProcessMemory
      PID:2556
      • C:\Windows\SysWOW64\notepad.exe
        "C:\Windows\System32\notepad.exe" \note.txt
        3⤵
          PID:2500
        • C:\Program Files\Internet Explorer\iexplore.exe
          "C:\Program Files\Internet Explorer\iexplore.exe" http://google.co.ck/search?q=how+to+code+a+virus+in+visual+basic
          3⤵
          • Modifies Internet Explorer settings
          • Suspicious use of FindShellTrayWindow
          • Suspicious use of SetWindowsHookEx
          • Suspicious use of WriteProcessMemory
          PID:2716
          • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
            "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2716 CREDAT:275457 /prefetch:2
            4⤵
            • Modifies Internet Explorer settings
            • Suspicious use of SetWindowsHookEx
            PID:2844
          • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
            "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2716 CREDAT:275478 /prefetch:2
            4⤵
              PID:2500

      Network

            MITRE ATT&CK Enterprise v15

            Replay Monitor

            Loading Replay Monitor...

            Downloads

            • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015

              Filesize

              67KB

              MD5

              753df6889fd7410a2e9fe333da83a429

              SHA1

              3c425f16e8267186061dd48ac1c77c122962456e

              SHA256

              b42dc237e44cbc9a43400e7d3f9cbd406dbdefd62bfe87328f8663897d69df78

              SHA512

              9d56f79410ad0cf852c74c3ef9454e7ae86e80bdd6ff67773994b48ccac71142bcf5c90635da6a056e1406e81e64674db9584928e867c55b77b59e2851cf6444

            • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

              Filesize

              344B

              MD5

              7c2e280f9f756479cd13fcd888917241

              SHA1

              603acd133289246f52ff48b064fe44674211d121

              SHA256

              415394770bbd89afef1668268f604a82d36d85bb270a9027288ee97a8c7eaf87

              SHA512

              ba2471013b042a0bd8efb97e92e2c7e76e1ecd670d41f97d1775dc2a0e79e513bd4acecf723780260d7236b138026aa496242be4143434582544a4c34ceab35a

            • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

              Filesize

              344B

              MD5

              a01c8b7dd7ad98e668604998ee62e8c1

              SHA1

              b952a83692fe63ed65bd1305981443baa1475a25

              SHA256

              47afe2b555182f26f1bce438d9999cfbe3cc55fbd37f99c456ebc39a0058cfd7

              SHA512

              44180fa74f0b0904318b999d57aaa9c9c532f0d2d5e7bf08e414b051c384af7a3de2f1a29340e6d7f9c95f5577d0c665ab538f66a484bef26a7501fc559dbcf8

            • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

              Filesize

              344B

              MD5

              d621c36f1497a3250f627dea0a5ca441

              SHA1

              0d205de154363f18bbbe4ab235c3414ddd0b12ea

              SHA256

              31c9d8b4e307076b0b4dc594604dde951d5bcf13c8f47a140c492d94e37bbb76

              SHA512

              327a9e59df1b3d3ce6cc2c5f19e0dea55a9ac87f5e44b724cbe34f7de6dbedfc00e71891d476e3ee6bf4f88403f72ea049a3c8ea501818408b1cbda43a44d957

            • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

              Filesize

              344B

              MD5

              eef2a8c458573e224ca98a9a2076329c

              SHA1

              98620654bc39ff4333740dc7c3261bbbf9d3bcd1

              SHA256

              cd34b834775bb81f3eeb6da97dcd90dd92315323d32765e8d4d09b04a3669ba4

              SHA512

              7d4fd6c81f2c3fa179fe05d8f9c527fae5e3d96aa1ba35f6c47ef923952fa89aaeac13f3dc5ac3ac0897b20be6f8f29394828e078129e6d867135e13485adc0b

            • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

              Filesize

              344B

              MD5

              2bdaf2f19eb0e2cee35074913c0d4c86

              SHA1

              7103a46aee7c0cdd720fe9fbd3894091943f63ca

              SHA256

              0a44d4dcc756b2215afd86f23d17204472d1bff89793175609690e8bd460fc21

              SHA512

              87c5b0c3cbcadfd9da71495414582a3930dfa6393952e50ac8af3e25d4af37b05735ab0585fd6c41d0b6841b33818d47c7c03659ea3e5510b1f4c645b452e8f9

            • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

              Filesize

              344B

              MD5

              68d6975e5ad0e0645a0654a97a1366a2

              SHA1

              5aad069d90846cf3094bd73322f515b816573935

              SHA256

              f02b1311197406d2923ced4dbe26c38984ae28d0e86526b04f8feadd0b844e1a

              SHA512

              0a715e3bcb917227d9acec02aa1e3aa9a7548400b540abeb77d5d249c1ec344d258b739aa3d950ddc9754722315e7c129eb9eed9f0faad9397df296347de7390

            • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

              Filesize

              344B

              MD5

              dca715621d9ab9fa6d7464ee816018d8

              SHA1

              44a59b1156b8c6a311e7a94970b4f2f64846c3e6

              SHA256

              5b27fd0ff81719ce915a2404d9588dfa2e82e735731fff4bdfde367d6be58c1d

              SHA512

              370867262a4106a6d2dcd1965193e84aad9175bbe1f649b4b865b80bc1c01be56e7d0e5cca524f300dfd69b43636aad897de6ee0f83cca88d0e91031d6d0eb9b

            • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

              Filesize

              344B

              MD5

              646090ca4a4cf840bebeeb575c22b7e7

              SHA1

              36c38188e175cda49b71103782da83e4c0299ac0

              SHA256

              3293fe33d8400932b8dabe935fcc492bd353e1339fb47c7c66d64dc0a60cbe3e

              SHA512

              437e6201bb9659a94d2da86b6300493217862efd7bd47b07d4f95d2fee8247da30a844f81cc0ab735442c42b09d015082740d86569a143444b7dbe8a73dba58e

            • C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\imagestore\5dcsbzd\imagestore.dat

              Filesize

              5KB

              MD5

              f89edce68188e15339acff7446440a02

              SHA1

              b5f6f7e75425af91ad8a4b8b6188f06510f99ecd

              SHA256

              aabb09d1ea84b5db762242b128ecf705bca5cdab40898de39304d1012e240b51

              SHA512

              188617bc280577d15f01139e9a8b2b0dacd82ba6ebb1fae13f931a2e3000fc4ec7d291d1beec2c5033905f923a6df0716afec8818c670ff97d0275572629383a

            • C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8HPZEQOB\favicon[1].ico

              Filesize

              5KB

              MD5

              f3418a443e7d841097c714d69ec4bcb8

              SHA1

              49263695f6b0cdd72f45cf1b775e660fdc36c606

              SHA256

              6da5620880159634213e197fafca1dde0272153be3e4590818533fab8d040770

              SHA512

              82d017c4b7ec8e0c46e8b75da0ca6a52fd8bce7fcf4e556cbdf16b49fc81be9953fe7e25a05f63ecd41c7272e8bb0a9fd9aedf0ac06cb6032330b096b3702563

            • C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FF5J0ZJ9\recaptcha__en[1].js

              Filesize

              491KB

              MD5

              884d00314602d7cb55bbcd2e909f7310

              SHA1

              dcb353b63aefc091523915f4562a819c31463611

              SHA256

              2c6a3425cec9ba0cbcfcf1dbba2120a72ac369674a6d02e06bd3b0c16efbdcf7

              SHA512

              50091f9e37dcf299bc8cf9cfeed4e71709011713ca0701be0ff79c4fb42699c9f9894cbc3a0819b3fece4f698c2201d403b987e6a76a259fbf58fb19e493b87c

            • C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\KS3HRGDJ\styles__ltr[1].css

              Filesize

              55KB

              MD5

              eb4bc511f79f7a1573b45f5775b3a99b

              SHA1

              d910fb51ad7316aa54f055079374574698e74b35

              SHA256

              7859a62e04b0acb06516eb12454de6673883ecfaeaed6c254659bca7cd59c050

              SHA512

              ec9bdf1c91b6262b183fd23f640eac22016d1f42db631380676ed34b962e01badda91f9cbdfa189b42fe3182a992f1b95a7353af41e41b2d6e1dab17e87637a0

            • C:\Users\Admin\AppData\Local\Temp\Cab14D9.tmp

              Filesize

              65KB

              MD5

              ac05d27423a85adc1622c714f2cb6184

              SHA1

              b0fe2b1abddb97837ea0195be70ab2ff14d43198

              SHA256

              c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

              SHA512

              6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

            • C:\Users\Admin\AppData\Local\Temp\Tar14EC.tmp

              Filesize

              171KB

              MD5

              9c0c641c06238516f27941aa1166d427

              SHA1

              64cd549fb8cf014fcd9312aa7a5b023847b6c977

              SHA256

              4276af3669a141a59388bc56a87f6614d9a9bdddf560636c264219a7eb11256f

              SHA512

              936ed0c0b0a7ff8e606b1cc4175a1f9b3699748ccbba1c3aff96203033d2e9edabf090e5148370df42fbfc4e31d7229493706ff24f19ff42ff7bef74a6baad06

            • C:\Users\Admin\AppData\Local\Temp\Tar16D5.tmp

              Filesize

              175KB

              MD5

              dd73cead4b93366cf3465c8cd32e2796

              SHA1

              74546226dfe9ceb8184651e920d1dbfb432b314e

              SHA256

              a6752b7851b591550e4625b832a393aabcc428de18d83e8593cd540f7d7cae22

              SHA512

              ce1bdd595065c94fa528badf4a6a8777893807d6789267612755df818ba6ffe55e4df429710aea29526ee4aa8ef20e25f2f05341da53992157d21ae032c0fb63

            • C:\note.txt

              Filesize

              218B

              MD5

              afa6955439b8d516721231029fb9ca1b

              SHA1

              087a043cc123c0c0df2ffadcf8e71e3ac86bbae9

              SHA256

              8e9f20f6864c66576536c0b866c6ffdcf11397db67fe120e972e244c3c022270

              SHA512

              5da21a31fbc4e8250dffed30f66b896bdf007ac91948140334fe36a3f010e1bac3e70a07e9f3eb9da8633189091fd5cadcabbaacd3e01da0fe7ae28a11b3dddf