Analysis

  • max time kernel
    150s
  • max time network
    135s
  • platform
    windows7_x64
  • resource
    win7-20240221-en
  • resource tags

    arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
  • submitted
    04-03-2024 17:05

General

  • Target

    b2aa23d6b4adb8f8623cc51498ba5c5d.dll

  • Size

    184KB

  • MD5

    b2aa23d6b4adb8f8623cc51498ba5c5d

  • SHA1

    93c9b95d401213f3d9197a3d8c6398da335b6c96

  • SHA256

    a3a875372a18e1e91397e6c3e7f5e0ab3dba911c5908188eb9f4de48b40f0416

  • SHA512

    630639faa98888d5cd268340a4219e199df2b7d95b9ce37f961ecfa62e6d080900f9680fec2bcb74f4652a686b173537e00b5089f144519c468e185274d911d9

  • SSDEEP

    3072:QILqzszmqBPWnF3wTn/4zxHHA1qi9R2BtzwD6TCaBPQGHHfWB4ulpj4SqJOrcYHG:QLhqB4FgT/4zRg2rzqCFBPR/WBDj4OrF

Score
8/10

Malware Config

Signatures

  • Disables Task Manager via registry modification
  • UPX packed file 3 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Modifies Internet Explorer Protected Mode 1 TTPs 15 IoCs
  • Modifies Internet Explorer Protected Mode Banner 1 TTPs 3 IoCs
  • Modifies Internet Explorer settings 1 TTPs 40 IoCs
  • Modifies registry class 5 IoCs
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of FindShellTrayWindow 12 IoCs
  • Suspicious use of SetWindowsHookEx 4 IoCs
  • Suspicious use of WriteProcessMemory 29 IoCs

Processes

  • C:\Windows\system32\rundll32.exe
    rundll32.exe C:\Users\Admin\AppData\Local\Temp\b2aa23d6b4adb8f8623cc51498ba5c5d.dll,#1
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:1276
    • C:\Windows\SysWOW64\rundll32.exe
      rundll32.exe C:\Users\Admin\AppData\Local\Temp\b2aa23d6b4adb8f8623cc51498ba5c5d.dll,#1
      2⤵
      • Modifies Internet Explorer Protected Mode
      • Modifies Internet Explorer Protected Mode Banner
      • Modifies Internet Explorer settings
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of WriteProcessMemory
      PID:2144
      • C:\Windows\SysWOW64\explorer.exe
        explorer.exe
        3⤵
          PID:2292
        • C:\Windows\SysWOW64\notepad.exe
          notepad.exe
          3⤵
          • Modifies Internet Explorer Protected Mode
          • Modifies Internet Explorer Protected Mode Banner
          • Modifies Internet Explorer settings
          • Suspicious behavior: EnumeratesProcesses
          PID:3068
        • C:\Windows\SysWOW64\notepad.exe
          notepad.exe
          3⤵
          • Modifies Internet Explorer Protected Mode
          • Modifies Internet Explorer Protected Mode Banner
          • Modifies Internet Explorer settings
          • Suspicious behavior: EnumeratesProcesses
          PID:2212
    • C:\Windows\explorer.exe
      C:\Windows\explorer.exe /factory,{682159d9-c321-47ca-b3f1-30e36b2ec8b9} -Embedding
      1⤵
      • Modifies Internet Explorer settings
      • Modifies registry class
      • Suspicious use of WriteProcessMemory
      PID:2592
      • C:\Windows\system32\ctfmon.exe
        ctfmon.exe
        2⤵
        • Suspicious use of FindShellTrayWindow
        PID:2704
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" -Embedding
      1⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:2588
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2588 CREDAT:275457 /prefetch:2
        2⤵
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:2620

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015

      Filesize

      67KB

      MD5

      753df6889fd7410a2e9fe333da83a429

      SHA1

      3c425f16e8267186061dd48ac1c77c122962456e

      SHA256

      b42dc237e44cbc9a43400e7d3f9cbd406dbdefd62bfe87328f8663897d69df78

      SHA512

      9d56f79410ad0cf852c74c3ef9454e7ae86e80bdd6ff67773994b48ccac71142bcf5c90635da6a056e1406e81e64674db9584928e867c55b77b59e2851cf6444

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      344B

      MD5

      50b8802692c8942428298814fd909c62

      SHA1

      cd033aba1392a9e969f7b476c2b0c8fe3939bbf7

      SHA256

      6e279c0f0eebd1eaff9715382eaf522a68d760c20074f5634922cb5af5f83434

      SHA512

      962301e1fb08425b921bab57b48d685edfb1c53500b9256cb87c8005603be6049af960fff352e22967bae717e7c2ba2478638af7f2234ed1a86206125c582b7a

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      344B

      MD5

      f666c03032a6d9267c6d0cf8fae7b6f6

      SHA1

      860b7ea6acd502ef9183d85d033b87e31b710efa

      SHA256

      50b997cb73b10303cd2cecb48e0bc1286254390054c5f9c8e691fd44521c62f3

      SHA512

      26d9ba27a45569dfa44f5d607cedbdea0bdfd69fbb0ea9985c17497db6b8db5cba014e74e98f323b827a7a9312a0095369dd09870f5bb708cfa7ac08ac6742e4

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      344B

      MD5

      f2bf1d5afe4efdc0cd05b04635763d88

      SHA1

      28ae49a964654866f0b054ac4d78e97be57a87e6

      SHA256

      15e8cdc9db0b4bb5945cfe919324e256aef850aa2a431cf159ff2dbc87aad2ec

      SHA512

      0b92f4dfb7e60b607512200ee70fa2c5f656fcdee3ef8684a94b334493158cc3d3901a02ef8420516acc612920575f55c2df24827af266a39d12087dfebe1f0b

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      344B

      MD5

      032e4c2363f6b186b56bdb5cd1790112

      SHA1

      6d0742709b38bb84fa9b7de6ca69e606c970a80e

      SHA256

      b4c9bd03c17549288fb0018a15958ba5b342cf46cf598de34260e47a78162b0e

      SHA512

      06836706e055f424ff3b25d9a8efbe6b848221adc5068746e2f99532f203072a298b5c63f1c059dc190956e6556214b42b104c756cc150ee0cf307d81321fce8

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      344B

      MD5

      c4b86a65ba019facae8c0b76ebea343b

      SHA1

      9636f0afe3ab808c919f4c0b2fadfd6a0a42bd37

      SHA256

      e6f162a1eae519f8d1008c98e0900652fbd5e780212bcab7e2c529f05c8a19a6

      SHA512

      ed46796a4d2e9191fbb56e6132602b3702e90993e887301b017a3edf2d48929131ebd334b2f990b3a34aabdffd0646816dfd389409ffb991fc0b6f855618dfef

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      344B

      MD5

      a88bae9a60f123ebd08463350d6749a4

      SHA1

      81b374534192c3fe7cf0e4d19ca97bc67b861232

      SHA256

      621ef53c70c4b43f05e1cfd810eef1eed2396f91c03da6cf81b01415b1ac8387

      SHA512

      d2fa66d9d35f529167617f1cc32a1a58a25e0d0ec213ef469fe22b7353e17667d4565829df53e79e7c2160538b5887be39fa43f218f7e7ff8d052dc1c141c564

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      344B

      MD5

      b14cef0d7eccfcdd18ac662ee277bbce

      SHA1

      ecaa7d58f63880bbab6edeb174791f5be2cf415d

      SHA256

      0629c341b6ac1417a44f7f94da716523e83c18ce56565f4d6cf898b038bdc93e

      SHA512

      1c958b13027cfebb2026cdf8fafd214aa360484577b853cf856cf1b1ad12e7c6af2a2d5c0097e70d6b81f556a481380b7b03269cc0a08b4eedee157bd9a9bc9b

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      344B

      MD5

      9fb6d6e47fe9c3c9bc0aafe286f39aae

      SHA1

      40fddf4a4792a5b11eda53201c69d47e8b1bf37b

      SHA256

      ccc9da4c9f31bbaa67283854f598d6cb193617b6c335c97372ae04edc5eb6ecb

      SHA512

      4a7641f070ba9132d1e15cc48eac888bae1fc9d2056c2aa2d84466701ac0fecc20a21b49e33a04a27dbcab2d855e70a6faa2097b9695c6075be462d6d38e31aa

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      344B

      MD5

      6917df70ec8b849ebed527a3ed15797f

      SHA1

      980537fa37c95026eb514e3f9afb7c1016fb806a

      SHA256

      87baec184f0e15954444c27e80dbf6fab4d24e110b4a9890686d2ce4685d7f29

      SHA512

      90b3d72adc403192b4470124e7a6ee612f9ec33ee22a42cb3deb7c63f275c5d692338eeb310e974a87a3ee5afc4e3dc4d0f008ba9bc4d2cfd5c887b8a9d796f7

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      344B

      MD5

      2b467254474429e964b439ac7056c497

      SHA1

      73004720e6e699d421358d4b2b7e6df25838c741

      SHA256

      275b6b67c37d4ff70f48c2fee843fb83fe3ed6303c1e970e997b4558384eb425

      SHA512

      c6c7706713b02140601b586b07c0dc9cd5f49dff0f2f3ec3590b1d39ffae9f3439e9889084e89763b5e27b448972c746baaa69a641c89e5ac3a39820374c6db8

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      344B

      MD5

      a8f8d8c56c26912a9594128f2ded6762

      SHA1

      5712c91a1f8cd37f1e75a54731688520ee2a180f

      SHA256

      fe835a9862edab6764424310b9501eabda2cc08a83a2bfbfe4fc7abf3e66f7a8

      SHA512

      df6bbf7c0a2e54f0dfcc0b93d8a61a99019709dd207c289dad616ab82bebcafa69ef6e62db17fee43503dd401771be778fbdce74b66155153fc27d571dca07d2

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      344B

      MD5

      33e6cc7e162d767a57e8d4c1aa711a88

      SHA1

      393501e944a3f33a8e8768a3e95e2a200c38f511

      SHA256

      1ca7347410d819e5573f4ea285e049f0c915fd060d402185973388d09421c577

      SHA512

      057535510f19f12a464e8e74f477b8e57b4024f341d4e50ec4feed1e8d7fa2e6b6d9aba7122391b4a5820ac90f73e4c1ae27b415f4a89abf90720da198e4e391

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      344B

      MD5

      7260e57b205455b32330c0cc701fd7af

      SHA1

      57f06a70739714e108cda7a6f1bd3e363ec91130

      SHA256

      b9a95e6c7b411c0f25cd40e041412d659e978b7dfedde1f2e7944d21a40bc536

      SHA512

      032a87b88f623c351a358489ce881dcaa840709667578de91604cc1d3b8e03f03842928497115a6be6d6dbfeb1cc4ebdcdb6ea6f01768bbf54fe3a769b296003

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      344B

      MD5

      aa233052c1fbf9b99ccc416f6a654d7a

      SHA1

      8022c2aa6ad55b8f74196c7c8f3cb507ba332bad

      SHA256

      0a18f6a67be9071a59012f7300e821c7353d4a8531cc17e32451f48268ceb32b

      SHA512

      2055d1cd6b1821f63a6f98b868b468f0ab8699a4b10cc9f80c95f996006553c910c38b692bee003377e60539b8824f14e674743e0ba6b2d0344074846e2da985

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      344B

      MD5

      62e9825bf28c990148a73fb47b8fddef

      SHA1

      2cb1e989285bd03550f48981a253b6c940d8f79b

      SHA256

      ae7066cdf81a37e27dc852cbf4267f6f900b9623dacb80e9c671802fdcbd8cb6

      SHA512

      21b615340fd6d425854647a1c714f9868719e45e39b3bdf00b4109c4c27330e0c5fadc9a85c84f7b67ed47c12a2c573c327d565112eeda7e7487d49feafe860b

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      344B

      MD5

      138b3cb227348e925829e6d3a6b3fcbe

      SHA1

      bcb4670a155e119f51f473c88fd2ac1a17bf012e

      SHA256

      479376ee7b0ccdfc67c8aa99a70b2ba27c369289917057b88b3eedbc9d1a6a52

      SHA512

      67ac5deeb9289434b0dde9fac123be154ba60a71addd1d2922014997f8170de650b090f3988391eb0bfdc2ccce846104ffc5ded3c59138a6e144f60c6d5a154e

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      344B

      MD5

      aa4e1b19051f52a1bafcd1e039554b36

      SHA1

      164dcef2ccda8480f631f2ee3c91791179c2be93

      SHA256

      b31d1a5bcd96c243d1ff2fa20880ee380d00c533e56f7e1a219c60c0139104ac

      SHA512

      513f5f1037a8b5ebc9918c5dd94d7a08a49030cffde911de288c1b19dcf3bf88c498d37dfec7f796febbfde8f8c8903e0af71cf5719caa6af6d43863d39331f5

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      344B

      MD5

      32047da1ef6d25d4c16e25b74f59f287

      SHA1

      acd0adfff4fb6594c4386e6eb24ecab1f6ec5d78

      SHA256

      c361e715e39dee1e2f51e4b0c5f18a7fcfc0b0b6d8b0da1079eee2a61f7f8e9a

      SHA512

      2cbc4eecad23c2809c84d6a2e3182a8dadccd5932d34e16ad8d0b3fa7ec7b993e11254d7186b9165228d6080a2b0b87be2995d627ca17929e89f3ad0a5aab2f4

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      344B

      MD5

      afda55c25a6b592c49fc686bd16b9882

      SHA1

      9b998daa60e32842aabbdbc629b7a037c6a74566

      SHA256

      47bd0c0788032b9bd141b31fa7eef30b8fe56161c7ffb8c40d2952f0d31dbc3d

      SHA512

      8c41204353137bb8c09bccc415a094ed15ef82117d285372e0a724a1c5678375bb1c52ebc4096a438122b09a9c6d93e173e7b46860d80fc9e8277a5098e7e493

    • C:\Users\Admin\AppData\Local\Temp\CabEA3.tmp

      Filesize

      65KB

      MD5

      ac05d27423a85adc1622c714f2cb6184

      SHA1

      b0fe2b1abddb97837ea0195be70ab2ff14d43198

      SHA256

      c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

      SHA512

      6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

    • C:\Users\Admin\AppData\Local\Temp\Tar1050.tmp

      Filesize

      175KB

      MD5

      dd73cead4b93366cf3465c8cd32e2796

      SHA1

      74546226dfe9ceb8184651e920d1dbfb432b314e

      SHA256

      a6752b7851b591550e4625b832a393aabcc428de18d83e8593cd540f7d7cae22

      SHA512

      ce1bdd595065c94fa528badf4a6a8777893807d6789267612755df818ba6ffe55e4df429710aea29526ee4aa8ef20e25f2f05341da53992157d21ae032c0fb63

    • memory/2144-4-0x0000000000120000-0x0000000000169000-memory.dmp

      Filesize

      292KB

    • memory/2144-1-0x0000000000110000-0x0000000000159000-memory.dmp

      Filesize

      292KB

    • memory/2144-2-0x0000000000120000-0x0000000000169000-memory.dmp

      Filesize

      292KB

    • memory/2144-3-0x0000000000170000-0x0000000000185000-memory.dmp

      Filesize

      84KB

    • memory/2144-0-0x0000000000110000-0x0000000000159000-memory.dmp

      Filesize

      292KB

    • memory/2212-16-0x0000000000230000-0x0000000000279000-memory.dmp

      Filesize

      292KB

    • memory/2212-15-0x0000000000230000-0x0000000000279000-memory.dmp

      Filesize

      292KB

    • memory/2212-18-0x0000000000230000-0x0000000000279000-memory.dmp

      Filesize

      292KB

    • memory/2592-6-0x0000000003A40000-0x0000000003A50000-memory.dmp

      Filesize

      64KB

    • memory/2592-7-0x0000000003A30000-0x0000000003A31000-memory.dmp

      Filesize

      4KB

    • memory/2592-19-0x0000000003A30000-0x0000000003A31000-memory.dmp

      Filesize

      4KB

    • memory/3068-12-0x00000000001E0000-0x00000000001E2000-memory.dmp

      Filesize

      8KB

    • memory/3068-11-0x0000000000380000-0x00000000003C9000-memory.dmp

      Filesize

      292KB

    • memory/3068-10-0x0000000000380000-0x00000000003C9000-memory.dmp

      Filesize

      292KB

    • memory/3068-8-0x0000000000160000-0x0000000000161000-memory.dmp

      Filesize

      4KB

    • memory/3068-17-0x0000000000380000-0x00000000003C9000-memory.dmp

      Filesize

      292KB