Overview

overview

6

Static

static

3

b4a225cce8...4e.exe

windows7-x64

6

b4a225cce8...4e.exe

windows10-2004-x64

6

Analysis

  • max time kernel
    144s
  • max time network
    142s
  • platform
    windows7_x64
  • resource
    win7-20240221-en
  • resource tags

    arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
  • submitted
    05-03-2024 11:51

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    b4a225cce8536ab40a822649201a634e.exe

  • Size

    139KB

  • MD5

    b4a225cce8536ab40a822649201a634e

  • SHA1

    e86ca2c3ba82fc614c3d558f0231a94cbfd3b52c

  • SHA256

    6b7b67b18ef5729aef3acaf3b6b473bc600b0f22ae68593f08d4f4b1aa444521

  • SHA512

    2047144db9d68d310f657ec67f69f99e5c33a7e3544a4aa2626789703d74a05dfdd823020bbdfce02740bb2faccd739db8fa6d1b43141ad7859a0238ab353cd5

  • SSDEEP

    3072:b825EbE4Gsgj5t0q3FjyDwdhiKbR/s0MIwvlvofkkc/BBzZqlHvm:bp5ETGwq3FukdhD00MIBftc/BBzcVvm

Score
6/10
persistence

Malware Config

Signatures

  • Adds Run key to start application 2 TTPs 1 IoCs
    persistence
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Modifies Internet Explorer settings 1 TTPs 34 IoCs
    adwarespyware
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 8 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\b4a225cce8536ab40a822649201a634e.exe
    "C:\Users\Admin\AppData\Local\Temp\b4a225cce8536ab40a822649201a634e.exe"
    1⤵
    • Adds Run key to start application
    • Suspicious use of WriteProcessMemory
    PID:1808
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" http://64.183.165.5/down/Novembro/
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:2884
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2884 CREDAT:275457 /prefetch:2
        3⤵
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:2512

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
    Filesize

    67KB

    MD5

    753df6889fd7410a2e9fe333da83a429

    SHA1

    3c425f16e8267186061dd48ac1c77c122962456e

    SHA256

    b42dc237e44cbc9a43400e7d3f9cbd406dbdefd62bfe87328f8663897d69df78

    SHA512

    9d56f79410ad0cf852c74c3ef9454e7ae86e80bdd6ff67773994b48ccac71142bcf5c90635da6a056e1406e81e64674db9584928e867c55b77b59e2851cf6444

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    af406500fa11a593e4e0f0d71313f217

    SHA1

    f2e605db920f1eb4ffa4961dcfbf6084e7cf7c78

    SHA256

    24b7206f3d54d6f8427f9f8ef7696d9d1b463ecde40de2b4a7e0d6bf70784002

    SHA512

    6a02dade783c133e3777116162c1c64aa6bb9e31e6347b4a48d3e7f0687684cd7a88fd553f840273a6d5806e4b9a5ad3d49b08dc0c5d8d3e6d6c94bada58cfc9

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    e7104ff63b7528d645999a722427ab29

    SHA1

    d2a27bb25cce1aa0c6530a8e040a4651f330f50a

    SHA256

    228a98d7dc2d81b23fc41ba83eb013e2f8e294ed732340962980a03a506a3a39

    SHA512

    a096207f56787914b57b106a4de259f8e6b57679f52f08371232cfea103a6a0dd56e4e302f8db1911bf42f82ba0d7ad0bc975270ecfb11fb64f1cb1f1da7e3a7

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    cab9a8bfc54486a242521bfe2cd77c54

    SHA1

    8c864623de081894d47938d7cabcfe844d05f169

    SHA256

    d49008d02f387b91d30393a11def0c20df1d09087003b4ff5a179f5318e1dfbf

    SHA512

    672969348b2a1131f43acae7db7eb4a6ed8bca187d885a3f05830427556dafd8b04fed3aa05e2bd4ba0d22fa5f3754ff0580ec187f0d1319a17ed7bc78366931

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    55b0277e95c959ac736f463443bb1a6b

    SHA1

    f08d31adf761f48262b180c451477db439e71349

    SHA256

    7db3677d830f2eefd68a466b477987a6ae71cba6ba29a80c14c5afa3e42a7aa2

    SHA512

    21df4aba8cf4ac1a49ad0cde2aebc4ac04a26430304d3a24bbf49605828859a603ac5c0cc9e84788c61305de7ddd0373612ed779565839b60f2c6691057e6660

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    c350b1ba625482f80ae62e287f4a2f74

    SHA1

    2294510197d274cbc91d1aeed3e0067a94b6873e

    SHA256

    29f06dbf6d01bb2049e7589025319ccbfa2921048122c9789d679c3e442f9560

    SHA512

    a054f7d5b014e7b0f3d36283ad34e970830adbe1947b72c6de1018855a8adbcc0c285044473a4127f1d15265ac12f876dde82c1f5fd2c91526d7ef001c9f4474

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    29c00fd2608ee11852b9c73b81bf55bb

    SHA1

    ced9cf267368291cf084d4544ca5ac541ee3e1c9

    SHA256

    756b97628a213e230225655c9746e721877a6ea972fdd2c78f1fa3a6bc83f771

    SHA512

    6292b40cfc03c4960fc24f5301446685513b58c19270b93786cabc8d5e91b900f052ab4730f007380203a7b3e62279e34074bc4c5abeff83361725efd2e2cf2d

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    578400767c6ca7a9854cf7fafedadf29

    SHA1

    f800f9768982f4ed9dad3f7602ffee71381f5689

    SHA256

    1e9e7a37ce4c7d7033d4f2872b48dcfdc04ae5143ce1bbd093033bf00fead92d

    SHA512

    d9cf371ba751ffb7bf37678d598482e998984cbdf128baec00f46b38165e7641a7545a21d3679327f15cac9c051bf73eabc2df7be24e57e5446cdda6658b8c83

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    ba68ba8117f0e022d9f900a209e85249

    SHA1

    287fb710e012105b547de1ceae4d72970467a703

    SHA256

    ebd85b4407de0d876e31db46e0072d1bd7f755e180a2fb5c2bb9a7b71d3ac3e1

    SHA512

    4ab02b910f46cc291da72961c1c7f48c59b4c77bdcf7711be76409bfc7f5fb3706bdbe32437a11d832a4c82a756b23a2c1f9673064618889c8f61bf0772e36d9

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    64bca73597040b0cc9a0774e24417ee7

    SHA1

    609bdbc8014f3a1063608e5c1f3c0801910320e2

    SHA256

    3bfdba2be62d8d6e6b8fa9884458f5c55cccb17788e1f3c14d7439f3f41350b4

    SHA512

    419323c6cea320dbcfe17af2abbd1a78ccaf4630be55ea6b4187abe9be5a86c780e72bc51279121066bd076bce6dec5eac436f967dc9257b6c56e5bf732d54b6

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Cab624E.tmp
    Filesize

    65KB

    MD5

    ac05d27423a85adc1622c714f2cb6184

    SHA1

    b0fe2b1abddb97837ea0195be70ab2ff14d43198

    SHA256

    c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

    SHA512

    6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Tar6A42.tmp
    Filesize

    175KB

    MD5

    dd73cead4b93366cf3465c8cd32e2796

    SHA1

    74546226dfe9ceb8184651e920d1dbfb432b314e

    SHA256

    a6752b7851b591550e4625b832a393aabcc428de18d83e8593cd540f7d7cae22

    SHA512

    ce1bdd595065c94fa528badf4a6a8777893807d6789267612755df818ba6ffe55e4df429710aea29526ee4aa8ef20e25f2f05341da53992157d21ae032c0fb63

    Download Submit

  • memory/1808-1-0x0000000000220000-0x0000000000221000-memory.dmp

    Filesize

    4KB

    Download

  • memory/1808-0-0x0000000000220000-0x0000000000221000-memory.dmp

    Filesize

    4KB

    Download