Overview

overview

7

Static

static

7

b55cadedd3...cb.exe

windows7-x64

7

b55cadedd3...cb.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    117s
  • max time network
    129s
  • platform
    windows7_x64
  • resource
    win7-20240215-en
  • resource tags

    arch:x64arch:x86image:win7-20240215-enlocale:en-usos:windows7-x64system
  • submitted
    05/03/2024, 18:21

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    b55cadedd3bdd4bf56ec4069b607e1cb.exe

  • Size

    62KB

  • MD5

    b55cadedd3bdd4bf56ec4069b607e1cb

  • SHA1

    34027a7dec7a059973a4b5328c1daa5b9ae904e6

  • SHA256

    dd453adfb44dabc2acb72e544c044202b31925d19c58e9cc4f04412e68c32f2b

  • SHA512

    1441c2fde57708ed326392de73a94c5d751ea7131e59feb8036f18e4a2154903d1125010c3e137cd3e4c52f30d84d63ff6377a25684178db95a5d0863df6bedf

  • SSDEEP

    1536:XPcVo6r7S/rabbz1RkdOwyJdEWyxFcP/+Jnouy80QzS4nHnLvSO:47cWbbzvkdoJd+LcP/Sout0UF

Score
7/10
upx

Malware Config

Signatures

  • UPX packed file 2 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Modifies Internet Explorer settings 1 TTPs 34 IoCs
    adwarespyware
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 12 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\b55cadedd3bdd4bf56ec4069b607e1cb.exe
    "C:\Users\Admin\AppData\Local\Temp\b55cadedd3bdd4bf56ec4069b607e1cb.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2416
    • C:\Windows\SysWOW64\cmd.exe
      cmd /c ""C:\Users\Admin\AppData\Local\Temp\1536.tmp\×èò äëÿ Ôàðìàíäèÿ.bat" "
      2⤵
      • Suspicious use of WriteProcessMemory
      PID:2480
      • C:\Program Files\Internet Explorer\iexplore.exe
        "C:\Program Files\Internet Explorer\iexplore.exe" http://bagiformandia.in/ts.php?p_id=1601
        3⤵
        • Modifies Internet Explorer settings
        • Suspicious use of FindShellTrayWindow
        • Suspicious use of SetWindowsHookEx
        • Suspicious use of WriteProcessMemory
        PID:3004
        • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
          "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:3004 CREDAT:275457 /prefetch:2
          4⤵
          • Modifies Internet Explorer settings
          • Suspicious use of SetWindowsHookEx
          PID:2840

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
    Filesize

    67KB

    MD5

    753df6889fd7410a2e9fe333da83a429

    SHA1

    3c425f16e8267186061dd48ac1c77c122962456e

    SHA256

    b42dc237e44cbc9a43400e7d3f9cbd406dbdefd62bfe87328f8663897d69df78

    SHA512

    9d56f79410ad0cf852c74c3ef9454e7ae86e80bdd6ff67773994b48ccac71142bcf5c90635da6a056e1406e81e64674db9584928e867c55b77b59e2851cf6444

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    bf7a3c7bfb2562c1faf80c0f63d5370b

    SHA1

    24fdc15a5dd6a7cfbe26ab0bc88528ce601b0e67

    SHA256

    cd51313a35277ecd3c1cd2504c6b9262ba75cb6d2c67bfa6044d0db3fa994fd5

    SHA512

    36ee81107dca53a6d4335c6e83d3cab08c5c2239bdaf4df7c919d23d34c60be7709cd5af8d27d4ae8bac2cb112117d17075bfbb6cbbeef8019f690eef4b87df7

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    1ea659e6b430c8e25d9dedfdf3595241

    SHA1

    a30fe46f8c210246d4a2001970efaca3f9c9f9cb

    SHA256

    be44a06b2b0be467793e0eaa3fd82cf23bceee4a3d9773bd20a0866a7c8b3348

    SHA512

    caaae2b76c282e4b0f9531ea0293e81f3678afe15a56d7f2fa9c76305dac00105439460c5ec600798614a6901074ac108a2879ed3bafd4fb145cd185d0570056

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    644c93760422070ff46bd809b35ada71

    SHA1

    e2afa2f475789c580f6515a572c5fd788106bbc1

    SHA256

    908417e71b47e8fae33cff2323bd1dc35b3ddf4e5c34a4dcf03c6231ded82bc4

    SHA512

    a62294e8e5448661cc84b47f02580fe0e7b8811a8f4ecada0bc5992a0247d6b97bedf54a9987af47860c1359d68771060a905697d0539491e7e2996f9cad6000

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    8089d0ca174e802cc97e0bfd020d10fd

    SHA1

    a3bf4a5cabaca5a0c4e18f674ad6d05eae3456e7

    SHA256

    982b7cbbea2b286c5d061a55b9449ce01448a580b2a5025ca000631bd2d44558

    SHA512

    93393ca9de4ea3c0f7fc5bd914e94a35d2689527f05a79c26563f1f0cc18c4a2fa36a820f832a55035a2b0a705d2ff37cd8bcf5c902de3f6deaf41e8295485d7

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    3d82cbf189450c2cf3915101ba36fec1

    SHA1

    3bc72681476cf2bdf2c9b7e0e6f850d95c3bfb92

    SHA256

    aa29fa54e1334d920650c290b6c52bba0f47009532d2664d931ea811a2fe926b

    SHA512

    ab7fab5135d1c0bcb97cb51daa29b4d86f31a2b97a12058f35d50e5203850d49934b0ee4d76eb94cdefdbee027ee63a99054e3698033a0d64e58c8608455f4e2

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    42ad93005dded0a69e395df8170d4b67

    SHA1

    87de83688017503530753cd6de7f244f78bf3ef2

    SHA256

    bd46842fe9c2fe716533008db2fd012b3732784bf10f688fbc4dbeb1d5469b28

    SHA512

    54ef441a3e45c583ae3007b90fb3e72e167001d679a700e5c1207c707dd9a65dc0a42c95d1bd0f5443a7ad2a0d34587e8add2eeffc2743c805bcb28f6911e87d

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    c11fc8efff8f1706c98a0066b9514860

    SHA1

    c84997338a477f8845053ce490e744906efb50d3

    SHA256

    7939c7ef32a83dce4ee2c59c7ba3540a169f677d32ddce5a8712aa9a40d3adc6

    SHA512

    4f80601732559e456d70a6923f85e40782675ce244f6555772578ea28da523118588ea47a50705ce92d48040d2df5a4a9eeb918afdaa6be94e56c331cf8b97bf

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    989cd7e59665c041aa6ac5efad6c62ef

    SHA1

    7de096b0491b38ed4f6ca8a5ab652e17be3d4f30

    SHA256

    598ddbeb78f6593d3d7e404a076298c7329779adc8213b9c6470474654b75233

    SHA512

    ca3939043267c48d9e87c31c3313d4f7a2df8fd9b552bb814fdedfee74a22ac029be4a2258e0ca6f43f9ee1b7b79ad4249f8e87589170539b5892f114508d63c

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    f4d900d37c8f1113e3540bc219d3110f

    SHA1

    bf2384a1f9e12f593631e1d897cb56f81e3f7b4f

    SHA256

    64b8a09f081290b0c70e93a7bd0973840f9d6fc8ce616a34e7d746d228b8a083

    SHA512

    f779e29d6cb0f29b4926026f3b68ec9d237f21f2e51df7534a036fb8cf2e9fede557ca22b1323d1e1825990ff5e38a550e1f6aebc5f60ab0199502c880c54249

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\1536.tmp\×èò äëÿ Ôàðìàíäèÿ.bat
    Filesize

    57B

    MD5

    af97ab24c5b97d1e6f9b409674b11542

    SHA1

    2eefbb37b475678aef97ebb75eab66fc4ee28ca6

    SHA256

    38821b4c5a1659107133bbcaeefc71b2933475ccea6822b9f4fc7aeab08dc688

    SHA512

    48298fe78524de03cf4226950a70ef081e0857416763250d00e657dacc8b93f195c0c494be10138fffed567a71d8687515038675e59acd76bde47df96ee7f5fd

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Cab3066.tmp
    Filesize

    65KB

    MD5

    ac05d27423a85adc1622c714f2cb6184

    SHA1

    b0fe2b1abddb97837ea0195be70ab2ff14d43198

    SHA256

    c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

    SHA512

    6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\News_32751_4 - êîïèÿ - êîïèÿ (3).jpg
    Filesize

    26KB

    MD5

    04533cfaca19269aa0e1bbd6b4603dc7

    SHA1

    91fc52fc0ded3a8bc27ab2d6c9269621b4ba693c

    SHA256

    f4eeb56f33c05d07de6512bb1bb8078e5034004d045521cb84161710499b93e9

    SHA512

    a7e386054e483670004301934a7f90d4c065ce1f965f83f9592cca5a7779feb436e28a1815bcb1a3c971b95f7fcb3472f31dec7393ffeed314cb8f0d7dcaac95

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Tar32ED.tmp
    Filesize

    175KB

    MD5

    dd73cead4b93366cf3465c8cd32e2796

    SHA1

    74546226dfe9ceb8184651e920d1dbfb432b314e

    SHA256

    a6752b7851b591550e4625b832a393aabcc428de18d83e8593cd540f7d7cae22

    SHA512

    ce1bdd595065c94fa528badf4a6a8777893807d6789267612755df818ba6ffe55e4df429710aea29526ee4aa8ef20e25f2f05341da53992157d21ae032c0fb63

    Download Submit

  • memory/2416-148-0x0000000000400000-0x00000000004D5000-memory.dmp

    Filesize

    852KB

    Download

  • memory/2416-13-0x0000000000400000-0x00000000004D5000-memory.dmp

    Filesize

    852KB

    Download