Analysis

  • max time kernel
    117s
  • max time network
    121s
  • platform
    windows7_x64
  • resource
    win7-20240215-en
  • resource tags

    arch:x64arch:x86image:win7-20240215-enlocale:en-usos:windows7-x64system
  • submitted
    05/03/2024, 00:28

General

  • Target

    b3539ef19c283d0c8fc86e19ee189789.exe

  • Size

    75KB

  • MD5

    b3539ef19c283d0c8fc86e19ee189789

  • SHA1

    e8b4cd1651d0a598d8438d8c418fa495b2fe9dfc

  • SHA256

    6c42936a3622c445249955ded10f6ecf2a9bcbfadd9aa825d58f842b4871e453

  • SHA512

    d6281650bb03cabf057ad0927d2af6b612fe77f2e7c1e192847e9c922c63069548d38001d212c2739641a7fe9449b9e7f755cd8949416a66f7c295e3bd635338

  • SSDEEP

    1536:D6fAkH51RDm+4ljVokwZR3t8pk4X9wucneMcyi8uUNXEk:651RDm+45VonZhkHwucnyEV

Score
7/10

Malware Config

Signatures

  • Deletes itself 1 IoCs
  • Drops file in System32 directory 1 IoCs
  • Modifies Internet Explorer settings 1 TTPs 28 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 13 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\b3539ef19c283d0c8fc86e19ee189789.exe
    "C:\Users\Admin\AppData\Local\Temp\b3539ef19c283d0c8fc86e19ee189789.exe"
    1⤵
    • Drops file in System32 directory
    • Suspicious use of WriteProcessMemory
    PID:1888
    • C:\Program Files\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files\Internet Explorer\IEXPLORE.EXE"
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:2804
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2804 CREDAT:275457 /prefetch:2
        3⤵
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:2696
    • C:\Windows\SysWOW64\cmd.exe
      cmd /c C:\Users\Admin\AppData\Local\Temp\$$30689.bat
      2⤵
      • Deletes itself
      PID:1980

Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015

          Filesize

          67KB

          MD5

          753df6889fd7410a2e9fe333da83a429

          SHA1

          3c425f16e8267186061dd48ac1c77c122962456e

          SHA256

          b42dc237e44cbc9a43400e7d3f9cbd406dbdefd62bfe87328f8663897d69df78

          SHA512

          9d56f79410ad0cf852c74c3ef9454e7ae86e80bdd6ff67773994b48ccac71142bcf5c90635da6a056e1406e81e64674db9584928e867c55b77b59e2851cf6444

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          344B

          MD5

          568d18d8515b04ddf512063afb4a2950

          SHA1

          e1cbe9276319dfc6099e8dbdbae5beb49ea9e248

          SHA256

          535451b7d4a4e0504b559a8f9b2253dacfb444cb6c811e7e5f994ade3313a06f

          SHA512

          8e9deff8711f1c9d27a530dd43ac8eee9e0bb088fbcefc56c572bcbb81ea642fecfef605ebb1642349f5e4ed547cab9884d9725b4afa7dfe997461fd5067a481

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          344B

          MD5

          d49e9de3519e77c1e04055fe70f9da9c

          SHA1

          8fc1f679636f89535101b34a4222b062b06fd4ac

          SHA256

          61286f8dfd76264a58d6465fe6060697d1f13ad30e4c4aef098c5cffc7bc349b

          SHA512

          f707fbc903bb8360952441c9d871ffb8e49a0cd8c66a13eccf2952df29b24cdfdf67cd68314d26314921ca85f3f5f888f4e6303105249c8a70d93533c87f8745

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          344B

          MD5

          e5c50d1ad314eb14fd16a73da60319fa

          SHA1

          980e20bbfe7e29364aa2f90bdeaef1b736dfd07d

          SHA256

          b9898ebcc7b8bb1ce96570f1da2e588df9da3db8d915d94827a0db28804eee65

          SHA512

          4897c3f3810fc09ce22333889a3a49669372584e0908d20833d35baa65a694c14ac32fc4b57c8bd29446fe24912044a964873b455e0521f0f64dab58bf272148

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          344B

          MD5

          f65227a45af90fa03cecb993977d63d6

          SHA1

          8aa2dddbc9c1df720ce0ccba1b0b4ea8d80171ae

          SHA256

          70690cda79372fa1e540f0f93a47b0a946359ae39506d9664df96a33cf789e45

          SHA512

          4e3eaef93be6608b2b2f6881dce07089a8917cac7cad7b233628549c4c661fd8bcb2948d16ba989945a06d2a261aa219b6c4ac85f7fd5c549f1f34ec6b5ebc05

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          344B

          MD5

          39b6e38bd856bacc9be993bcdbadf263

          SHA1

          703ab8b08d6ea61278018289d9d5f09ca5e6c7c4

          SHA256

          a49c140e7da8466a2c8ff59953b1f544b361c3a0377d7e4ea24088bcb30637e8

          SHA512

          e02fe13fc46242059d1174e57a1e275a1904c6fd668e8ef6b20bcf589f24671b9342b9d9e90505e24fc02da4e638cf4df0d1562df47d99933833ad34dedcb860

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          344B

          MD5

          dda5e00cd5eed9c3568c9abffe25c404

          SHA1

          5ff2d12dfa755ea9de60c974efe4225fd9182f03

          SHA256

          226360947bc9b0ca472f47e65c3f5408e7f84b5ff9220321d5418cbad75028c5

          SHA512

          902e80c25c3d22faeeca27bd4854f2d1460ffde550eb3a0590e74bca3b70614595c83ee30a2848a679b65073a26e8a1ab134298012f364c5ce4c88035cec88a3

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          344B

          MD5

          1f4d045b47a9b7f550afb26254be37c8

          SHA1

          272cc53bb49634cf0e75af78b3e1b86b7110a7ec

          SHA256

          e3679ce0e55b70321b77112a3c279ebb27bba79f19974fc8fb6a312b23638887

          SHA512

          894c76ce21e69b59852f3d11d38bdea8c89ebbe5cbe62610e01197b7c9f1bbf3b6c1a1c2ae24f9f8ad37d6e0d7df738a0d4cd033241c9ccba0342c819f131043

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          344B

          MD5

          3cd06f3379b894fd90af87480568f150

          SHA1

          7b095ce6abbe86bd7be18c3642ab80f751920fdb

          SHA256

          24d00b43b921d065ac3a0e3e045a00cf1d7f8711fabef0d08f6530879c35e0d7

          SHA512

          57cb0a877c9a929516d621d645a4cfc09b71d8c73de4def338fef16c91bcc57863f7ca315a63aab33a2d6db6d97398eff587366902aa1602ad3ac5646263b820

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          344B

          MD5

          c890fb08b372c704b0c7022171d87266

          SHA1

          04f3738685e09fd8f214ebff6e3064127b619e2a

          SHA256

          65746b3c9db04d475427d13de6914567b56ad0e9accfb4208e14a227e6fdb99e

          SHA512

          dc250e5f5ccde1b6af7db61e1523508dfdc1790ca347308dd6d9eb835abef34df75ea54d68a4b69b156b000338d981bc11d195ef25d1f0c55c0628c819269961

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          344B

          MD5

          1c204b2df53ca65d50d22463fb9f02f7

          SHA1

          ae562c4094ac9a607cf587d04973409096b93528

          SHA256

          36d35c405d6863d1e1ff2b446f1df9b571ff89182f0dbe141ed2ab20c4d6c6f0

          SHA512

          0fc67c8009f06d15166c24195cb5b940c2306571d9fd0112d22ae1d2b786999a8c69f991903c4684dd03761d1f0daa55b1b292274c806d51cfebc760e59c52ce

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          344B

          MD5

          6fcddc9e6363f75552293c01a7c58048

          SHA1

          2437687309c7b2610bf056dddede534639bfa1b8

          SHA256

          03abd60c01b245caaf83e92f208917608dc2439ddcc07175cf3ad5b8d666371c

          SHA512

          421e897dab149da6279b52bed37be68787efa6d52af80275cfe8fd2d4d5661675cf55fcd2402a848fd82d38f242d26b24bbd406fd863fdb0b5c3368cd06afb2b

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          344B

          MD5

          0a0245f756083947d3ac910ba3c955ad

          SHA1

          f6583b47588f80ec0f61e669bf48c77f4a32885c

          SHA256

          f488c521e7ab114d56d79681da26f7b4b285551d091ad2ccad02418378b67e2b

          SHA512

          24de0ec707f7a50edcb15d5b5b78a3680a7db53ea9caddb9092da899c1cd54f3962eb4fb1e61d981d03796684d33d2c1b22ead7d729e26d225194026326f5759

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          344B

          MD5

          79dacf68a69d507ed9dfcb0f638fa881

          SHA1

          bd288813d8e947de3952c529e269e6c5a27bed61

          SHA256

          835e46ead014a7f785fe59d090f48a48d99c0f2e860d44094b748a6d2fd4b11f

          SHA512

          d563b88f6eed964283aa8e96601c24c14b4b47fe2406169c05c02a1978c14ba198ffb979d55c5dbc0bde385810c366c75efb91b1c95c2aa98bd679e80f64ca2b

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          344B

          MD5

          c85464031f2cdd930d052040eb19addd

          SHA1

          94519e142abbd40241f6440ffb3002f389817b0f

          SHA256

          0a25fd0623720ddaa57fcf13d2cc6177ef244038c8ca3f09879397fbc7aa370c

          SHA512

          31afff99798ff9941dd286999265a6a0d1338094a9fdc405174d3605699b2a7fab0000a4f74fbd3c8e7e1f66b43f8584fea51688c3f955273e12f2a5dc430849

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          344B

          MD5

          6f89ad4e81c137f0b3a48f16f9cd6f16

          SHA1

          18d7ab2950f55241bcd9f53f1bd06433fe9d161e

          SHA256

          1566c10695b50a58a7a80b9cc5173bdc0178931909abe864207ed51cc9070568

          SHA512

          e81d284441dc0632b6a04cabf9b8ccc63ebcccf42f6895c621b5d45b792508b555962e248d6deffb12681aa5912c289e86cd7d5c9e54ddcfc6087586ee50ef56

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          344B

          MD5

          5b7111c6dd315fc6f90ed519a161cb70

          SHA1

          9069c5c69ec73bcd63b0a2e45a521327a3d724c2

          SHA256

          e2cd4a6cc1c38a9ac6a0ab67c391b554b174d1416d00fdcbd884c710cdfc5d9d

          SHA512

          713d2327c6fdf478fc3c6f1c572c060c186f4e38bb3e77d39885c4620af61bfec380ea514b802bcd038eccb2ea1beee2feaef85a0a705fadd6379ebe1a418fd7

        • C:\Users\Admin\AppData\Local\Temp\$$30689.bat

          Filesize

          181B

          MD5

          9ff639d0580cfc3c5aab34867d3d35dd

          SHA1

          ea150cf0608bab1651d0b226a5e4a1d7b90d8b42

          SHA256

          1491bbb1c506651714a246b9f51aeea213d336f7da33cafb507d715f9d91c90f

          SHA512

          fe077c16c84c60f23452cbf57232e086126d1bb281a73a93fa6617f1344827d32f20ac048a533d2a7fbfe76f6e46e9660aaf9e272bc735bd9e359537417142d5

        • C:\Users\Admin\AppData\Local\Temp\Cab89EB.tmp

          Filesize

          65KB

          MD5

          ac05d27423a85adc1622c714f2cb6184

          SHA1

          b0fe2b1abddb97837ea0195be70ab2ff14d43198

          SHA256

          c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

          SHA512

          6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

        • C:\Users\Admin\AppData\Local\Temp\Tar8B1A.tmp

          Filesize

          175KB

          MD5

          dd73cead4b93366cf3465c8cd32e2796

          SHA1

          74546226dfe9ceb8184651e920d1dbfb432b314e

          SHA256

          a6752b7851b591550e4625b832a393aabcc428de18d83e8593cd540f7d7cae22

          SHA512

          ce1bdd595065c94fa528badf4a6a8777893807d6789267612755df818ba6ffe55e4df429710aea29526ee4aa8ef20e25f2f05341da53992157d21ae032c0fb63

        • memory/1888-9-0x0000000013140000-0x000000001316C000-memory.dmp

          Filesize

          176KB

        • memory/1888-1-0x0000000013140000-0x000000001316C000-memory.dmp

          Filesize

          176KB

        • memory/1888-0-0x0000000013140000-0x000000001316C000-memory.dmp

          Filesize

          176KB