Overview

overview

7

Static

static

7

b918d7093e...c2.exe

windows7-x64

7

b918d7093e...c2.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    121s
  • max time network
    137s
  • platform
    windows7_x64
  • resource
    win7-20240221-en
  • resource tags

    arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
  • submitted
    07-03-2024 15:57

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    b918d7093e4e2999115fb121674a58c2.exe

  • Size

    22KB

  • MD5

    b918d7093e4e2999115fb121674a58c2

  • SHA1

    f164f2b996f1a14822b8631d2aa6602eed9293b1

  • SHA256

    cf3338703b70336cfa7df13bff202a3ae0d1c2c99d9bf82be4bce1345f917951

  • SHA512

    26ed154294fbe08119c8d95a51dd67069ffe6b8e6eddaaa1d5fd7ef79d5095ee28957df81cd212d222e3fd9f33601ca1bc6f52a699634fd5aed7f9e85fd1ef71

  • SSDEEP

    384:WIvM9+X3z7a/5SARyFhREujPS9rFtKmRUAj2NIgLguygq0y:W4t05SAYEujP6rfRTn6By

Score
7/10
upx

Malware Config

Signatures

  • UPX packed file 2 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Drops file in Program Files directory 2 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Modifies Internet Explorer settings 1 TTPs 34 IoCs
    adwarespyware
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 8 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\b918d7093e4e2999115fb121674a58c2.exe
    "C:\Users\Admin\AppData\Local\Temp\b918d7093e4e2999115fb121674a58c2.exe"
    1⤵
    • Drops file in Program Files directory
    • Suspicious use of WriteProcessMemory
    PID:272
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" http://www.dialeradmin.com/cgi-bin/err.cgi?ver=1.002&code=9&info=404&aid=111968&winver=Windows+NT+6.1;7601;9.11.9600.16428&ci=1-12
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:1868
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1868 CREDAT:275457 /prefetch:2
        3⤵
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:2064

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
    Filesize

    67KB

    MD5

    753df6889fd7410a2e9fe333da83a429

    SHA1

    3c425f16e8267186061dd48ac1c77c122962456e

    SHA256

    b42dc237e44cbc9a43400e7d3f9cbd406dbdefd62bfe87328f8663897d69df78

    SHA512

    9d56f79410ad0cf852c74c3ef9454e7ae86e80bdd6ff67773994b48ccac71142bcf5c90635da6a056e1406e81e64674db9584928e867c55b77b59e2851cf6444

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    a28758cb449a26b10fd07dbefb7f1801

    SHA1

    9be31971080c36e4db2fcf24ffccd83021488abc

    SHA256

    cedc6f23bfa4c79da49f087753dec712272d1c712c9aec145d359a40d8e06513

    SHA512

    9a69915586d15308b3548349132f5ee510c69940fc7e13a267121d38dbfde889d9a90c17eb89289d0b2bbe64b5bd711e0daa29615b3f328f92464c43c40029c1

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    b4ce52919b4a23e714aa98d83429845b

    SHA1

    01ce7c110b5cacba0aa0c93fcb9682b15c2f6fe3

    SHA256

    acd7e466b811c47b3f9c8491da85ee0a5f19b4af575e1e9032b74c818765858a

    SHA512

    6c17aaa3d05da68df22182c4278e4e5e44155cc88997a677066c52c7d80e94d08253c0f6e270f7c54cd773bbb4502be31dcc4ad71de23b1ae5b262b1cb0a62ff

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    14447b5c739f419118c16238f8d9d4da

    SHA1

    4194276bc3751d7facd56e4ef1a1871fa7b2050e

    SHA256

    81c2473bd2905056a4f7360819f322444c783f6906782c1756b394be5a7845f7

    SHA512

    757f0db1878c3578a79b3227585bf9c57262159ed84f08b95f1542b90bd93e0d1cf968df907a8885ec04b16090578f48af0731a976fd58b018c059a4c0a5fd20

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    ca81f74e965ef8b533c2fb9903d5aca6

    SHA1

    3dc97386fbb53a894999816713dce7032026b9f6

    SHA256

    afa1ea1d4337b41d66450195898e49e4cd8fc1db764dfebd19adbd37730fb631

    SHA512

    f019d65d57a47d8bff8be51537293222b0c0c1c21ec0a16cfc3d91d622e7df738f25c43b51f295634cf841b7abdb637893a7ad42106971f89fa84528cc7d734c

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    09754bd2347f5e5fec85dca0804feb5c

    SHA1

    6520e91a4aa477a147e3d1559eac5df5ddd0fd4c

    SHA256

    5453e1b7d3c23d79a3c50e157b5ae781e41bc9c88bb747e26460dc4cb6c724b3

    SHA512

    d2d31089487ff800770a4c752fe7a5c1c3499a6ea3104bec37ffbdc09696378d5c3dde2d388c89cf1eb80284448b13faa7fbae5e1fea62896185f6b915b0a920

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    a43de5b920fa188fe62252b01f2f4845

    SHA1

    830bde3d97db11f71b6e9724dc0e5f52fcc82d8c

    SHA256

    2c998015386ef9e782df0b92d099ab378be9ca70d99605d39a6afc0e173f1fa1

    SHA512

    09d0b5961fb8571b71db8db7aa87a75d24e826ff88667e93b22682945d1b13347bcf6f8ac7c73697d2abdec025cb6488f8f953e1db37cfe0f2ee44d390472984

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    b5dbc04bc5ac147a0fc7c318dea0b9c4

    SHA1

    ed4a841884fb6c2cde2f55911990b8d64fc5b7af

    SHA256

    5ead354d936938c935d22a36582001a2a0cc4c3a91e9b948b1883eabf8178dc8

    SHA512

    b74f7155142eab6466da3ad389a045611e16ba8674d81719f1bc83fa7b67d8470e0f30d0585ec13a18635d480b195b7258d07433ff838cdc0ca35aad603f901f

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    9090b37b93edb4cfea3296d065460787

    SHA1

    63ebf7771b3bee3f7937dd2e73cd96fe50a97ea7

    SHA256

    6f8c2f8fc6008b8fe8e3e6d8385365442ff6739a404304811b22e69ada39a921

    SHA512

    ac7e24f3a80000be66041bd8b2eb92fead5f832e78d7a5a60d5d731fdbbcb0da1719a1af111e91b5b307847251088678aa04a7008d3af15fddfeb538ca396d88

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    ce1f485b626fdec1d70249a8fa0355e3

    SHA1

    1c5e9bbb2c8cd05521c134bf6253049378797fc6

    SHA256

    8131313a98eb5ec08ba7aa9c3399a9391b0d30f80d3fbba1146e1e5d1fe0eab9

    SHA512

    a027c9d6382262be109fda7ed409d23b5af825d49de8421855b1c1a760764f619b8a906f5241d969f38327f0f59cb0e61e39470fa146726de9020f59f2569a11

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    bb74bfc93a18da47511008e5d57c4550

    SHA1

    9067badefdf247023a28e7d955478e744203be97

    SHA256

    7b38ffa4b33dcac6c9966b35dd78305592f663b0037c484c9c51ebf5bf1bdccc

    SHA512

    a1b5d108d1c18c9846d72e7ef3b0c2c83ccf6b64671ef0e0afdb20f71ef24663bf5a144db8b63eb9f99c56323a51f7afe818a0aaf2d03d9b817b9c628217222b

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    0c9d243e2930a9f1cd37f95480dfb911

    SHA1

    bcddcab65dd2b2eff0f748419bb3638d45fca6c5

    SHA256

    fd8bcb81fba7ea67faaa118d8b059df2ba3530f90440654a7a849b21ee75cb73

    SHA512

    e32904de0169bc2ff0d6328c0ca395c6503422054d47c12a2fa7729e297b1d4fd83a05c68ece4c85e9fb3332b617574ce29ac572c1b98a170c40a2bd572ad3a7

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Cab67CB.tmp
    Filesize

    65KB

    MD5

    ac05d27423a85adc1622c714f2cb6184

    SHA1

    b0fe2b1abddb97837ea0195be70ab2ff14d43198

    SHA256

    c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

    SHA512

    6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Tar6ADE.tmp
    Filesize

    175KB

    MD5

    dd73cead4b93366cf3465c8cd32e2796

    SHA1

    74546226dfe9ceb8184651e920d1dbfb432b314e

    SHA256

    a6752b7851b591550e4625b832a393aabcc428de18d83e8593cd540f7d7cae22

    SHA512

    ce1bdd595065c94fa528badf4a6a8777893807d6789267612755df818ba6ffe55e4df429710aea29526ee4aa8ef20e25f2f05341da53992157d21ae032c0fb63

    Download Submit

  • memory/272-7-0x0000000000400000-0x000000000040D000-memory.dmp

    Filesize

    52KB

    Download

  • memory/272-0-0x0000000000400000-0x000000000040D000-memory.dmp

    Filesize

    52KB

    Download