Overview

overview

7

Static

static

3

69fda1567a...01.exe

windows7-x64

7

69fda1567a...01.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    143s
  • max time network
    132s
  • platform
    windows7_x64
  • resource
    win7-20240221-en
  • resource tags

    arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
  • submitted
    09/03/2024, 22:52

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    69fda1567a6ab9547beb1cdab0b81b73be2f71b67ebdcc99bd11beba31770d01.exe

  • Size

    194KB

  • MD5

    8033e136b5c3fa32736bf9a1d7c0022f

  • SHA1

    528781a83dbe0b4482dc8f3e5dd5b297ec8363cb

  • SHA256

    69fda1567a6ab9547beb1cdab0b81b73be2f71b67ebdcc99bd11beba31770d01

  • SHA512

    b82590eebcefb431b0fb40aa4753e7297c390e286a6dd24e834afa226a472856c97895c6498ef2b17ae004206da5c536f1e807381e389c44722c4caca9a3aab8

  • SSDEEP

    6144:r3Tfgh+JXi/Yoy5s8Or2QGG/oawYCDS3OjUsuEaP:rjfoMXGYWlGG/nCGBDd

Score
7/10
persistence

Malware Config

Signatures

  • Executes dropped EXE 4 IoCs
  • Loads dropped DLL 4 IoCs
  • Adds Run key to start application 2 TTPs 1 IoCs
    persistence
  • Drops file in Program Files directory 3 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Modifies Internet Explorer settings 1 TTPs 38 IoCs
    adwarespyware
  • Suspicious behavior: EnumeratesProcesses 34 IoCs
  • Suspicious use of AdjustPrivilegeToken 6 IoCs
  • Suspicious use of FindShellTrayWindow 3 IoCs
  • Suspicious use of SetWindowsHookEx 12 IoCs
  • Suspicious use of WriteProcessMemory 28 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\69fda1567a6ab9547beb1cdab0b81b73be2f71b67ebdcc99bd11beba31770d01.exe
    "C:\Users\Admin\AppData\Local\Temp\69fda1567a6ab9547beb1cdab0b81b73be2f71b67ebdcc99bd11beba31770d01.exe"
    1⤵
    • Loads dropped DLL
    • Adds Run key to start application
    • Drops file in Program Files directory
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:1988
    • C:\Users\Admin\AppData\Local\Temp\69fda1567a6ab9547beb1cdab0b81b73be2f71b67ebdcc99bd11beba31770d01.exe
      "C:\Users\Admin\AppData\Local\Temp\69fda1567a6ab9547beb1cdab0b81b73be2f71b67ebdcc99bd11beba31770d01.exe" C:\Users\Admin\AppData\Local\Temp\69fda1567a6ab9547beb1cdab0b81b73be2f71b67ebdcc99bd11beba31770d01.exe"
      2⤵
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of AdjustPrivilegeToken
      PID:2888
    • C:\Program Files (x86)\Adobe\acrotray.exe
      "C:\Program Files (x86)\Adobe\acrotray.exe" C:\Users\Admin\AppData\Local\Temp\69fda1567a6ab9547beb1cdab0b81b73be2f71b67ebdcc99bd11beba31770d01.exe"
      2⤵
      • Executes dropped EXE
      • Loads dropped DLL
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of WriteProcessMemory
      PID:2404
      • C:\Program Files (x86)\Adobe\acrotray.exe
        "C:\Program Files (x86)\Adobe\acrotray.exe" C:\Program Files (x86)\Adobe\acrotray.exe" C:\Users\Admin\AppData\Local\Temp\69fda1567a6ab9547beb1cdab0b81b73be2f71b67ebdcc99bd11beba31770d01.exe"
        3⤵
        • Executes dropped EXE
        • Suspicious behavior: EnumeratesProcesses
        • Suspicious use of AdjustPrivilegeToken
        PID:2444
      • C:\Program Files (x86)\Adobe\acrotray .exe
        "C:\Program Files (x86)\Adobe\acrotray .exe" C:\Program Files (x86)\Adobe\acrotray.exe" C:\Users\Admin\AppData\Local\Temp\69fda1567a6ab9547beb1cdab0b81b73be2f71b67ebdcc99bd11beba31770d01.exe"
        3⤵
        • Executes dropped EXE
        • Suspicious behavior: EnumeratesProcesses
        • Suspicious use of AdjustPrivilegeToken
        • Suspicious use of WriteProcessMemory
        PID:2392
        • C:\Program Files (x86)\Adobe\acrotray .exe
          "C:\Program Files (x86)\Adobe\acrotray .exe" C:\Program Files (x86)\Adobe\acrotray .exe" C:\Program Files (x86)\Adobe\acrotray.exe" C:\Users\Admin\AppData\Local\Temp\69fda1567a6ab9547beb1cdab0b81b73be2f71b67ebdcc99bd11beba31770d01.exe"
          4⤵
          • Executes dropped EXE
          • Suspicious behavior: EnumeratesProcesses
          • Suspicious use of AdjustPrivilegeToken
          PID:2376
  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" -Embedding
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:2532
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2532 CREDAT:275457 /prefetch:2
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      PID:564
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2532 CREDAT:406540 /prefetch:2
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      PID:2488

Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
          Filesize

          67KB

          MD5

          753df6889fd7410a2e9fe333da83a429

          SHA1

          3c425f16e8267186061dd48ac1c77c122962456e

          SHA256

          b42dc237e44cbc9a43400e7d3f9cbd406dbdefd62bfe87328f8663897d69df78

          SHA512

          9d56f79410ad0cf852c74c3ef9454e7ae86e80bdd6ff67773994b48ccac71142bcf5c90635da6a056e1406e81e64674db9584928e867c55b77b59e2851cf6444

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          344B

          MD5

          6261c3657f5ed3ed1b4d1dbc1a504fb1

          SHA1

          3ca48ff30e7327425edd03cc86ee91e78aac0bf2

          SHA256

          0d3f5af22378db7b97cf7bfe65b0b754e3bc6a300eed9fd39fc59858d16eb52f

          SHA512

          16d7e70ad7eea459380aa598fa3ac42bd3dc0620f192a653225a706eb9f77fb573b6c56eada8b32c2991466d0c784bf0b386bdbc3db1fd2e4856622def374ec6

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          344B

          MD5

          6cb3ff7d75db8989ba9f2622e9c0b6ff

          SHA1

          da2a254a351978877e16205ab1c04b6021b2ddd9

          SHA256

          9b79da29e6b10ef8a5c4036d455a37efbfc73735ff2fd83b34dcec4697fbe509

          SHA512

          faba700f53d089827493b53820aeea0f40b739cb55a902c5429c3c31f022cdf4e29635dad64ac8b3701bd1a74f112fdebee3a00c93a87a627dcbf272a94113e6

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          344B

          MD5

          c8777072b3ddbaf5a6c57dcb637f228e

          SHA1

          aae520e2839e5a93e7e6ca6fffbe634a166f20a2

          SHA256

          c5d1fa9182f176c59fd2387b3725cbb11face004cdc209f70490f9d77343a893

          SHA512

          f20606e30f9ab8049e78f61870b218027a18c3b871090b68f696deb2138750ffa63b90bc5612fe6b7daec0fd20639a19ad6bef3f2823422f4b6ed7befadb4d37

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          344B

          MD5

          6a3be8d51b890ad232560b7b8d909870

          SHA1

          d2e499086c955496087f0d9461385f0263d4b167

          SHA256

          813d9054e00cb820f09bb4c8978646c477eed9224db96d259ffa0606614b1b1c

          SHA512

          806eb5074225eec8504012d70b47ca17c1fc039ef68e7c2f64bbdbb35f30c650514c17ccafc6cde8ba4078783057b3f99ee4429a823e6a8ee0d305528b2f530c

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          344B

          MD5

          8832359370bf4e3a8108f6351b310b44

          SHA1

          f0a8e9fc2b15cf92742eaedc3f9aae46274deeb7

          SHA256

          f4d716856427af01b932f98f23287e2a64d361e48816a6aa2333c734f757d527

          SHA512

          ce9d0fd95716e64f9d772673ec4cd46cb1585e207b36222a8962c58c3bf6b913d2f01e6535540c856b577b6c045ae126c326dedbd22545e09d179adf2d33952a

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          344B

          MD5

          417b9ef87f13d4cc915c08e9d0216b25

          SHA1

          07439a3574bbdc2b2157f64e695df4913ed0f990

          SHA256

          eadd81f07f0d838a7f916609efe4e0cf96b86196456b82dd18d0bdde41e15926

          SHA512

          a30294d898ac5258be6983893aeb5bd5c48dd299159bfb0be1102f912e8166232893f582aa81525fb784f0ee591a661ca3c02573f1511a37311d6ce966322aff

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          344B

          MD5

          6daf73efd7c1946d119451a485113515

          SHA1

          cdca28d6b27b0aa4d79b6d39f77f0569ebd209b7

          SHA256

          6bd807c24cfb053d876f5eac978d2ca8b728852b0e508d4e382f63f3d07db40f

          SHA512

          4772d84b8bab1874163856c8f09acd5cd684fe9d465441f8b33cfb831e7c4363e85b3083f2c00a9df8578137b2d54fd4a4dfcb1680fbf2ef2fe63b8514a2ab44

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          344B

          MD5

          d012757b364b34bd16884163e9e1363f

          SHA1

          4c5d1c38fd4d9e5ac7079fa37ab1f054b5ce97d3

          SHA256

          c366204e77968a492b26a02967d2cedd7728649ccbd45a6356ffc283f55755ce

          SHA512

          653aa4a76cf83a6a5f5468e37b3d7f982a7dab2d1af6a4fb785d74b2fde754457ed51840510c22fae78ec78e57a7cce23ebe2932b85745f8c7522b4aa02bd00e

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          344B

          MD5

          06fa035b96d06869a0254ff522727727

          SHA1

          1ebaef97a521e65584e84359d4a041d51a5efb65

          SHA256

          86b0fdf80fe5a5fd7d4bd4215a24d4f32ba7a2f4b50c9f70d2a237aefb3995ec

          SHA512

          0d785ee5f09283d3516c236bcb3b8b9bc1cb7339dbc6447e8b07846d3325bc3b36cf24e8d780f6861b2c1d50dcaa3d1f089f5916f04f14455c17d85ffaa8c2c2

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          344B

          MD5

          1e9d8483f02081643570c14f9397d61d

          SHA1

          d58e2e55dec7926c4c42937c2fc81536aaea3fa8

          SHA256

          f1b7064bc4d1dd05f076d63b6e72535a8d29b7e5e6d3713094c8a6167a89ace0

          SHA512

          0e475db1c2dad2fd2b798acec5d71a5d8cf7377ecf224341e72be01869526a05c348024ed935cf1e3b24d5b1259eeb28d00f5fd35d9ba4cdcf5a7b5d09acc6e6

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          344B

          MD5

          00ebca08db26980b6d4c52d3d953f024

          SHA1

          bfabf935f3f9517003b3459f0acbe144829a364c

          SHA256

          ff143e813622314a90373dd0d615b709b954165042320fba3f164f3e813e32bd

          SHA512

          cf8d0a8dfe346c4aafe9658718c20ce3691c7053b55223043a64d4ae115fc78176b79c2710f8df4d207ba4d3459be2230dd84338a9311d8b6fa3f132a3931101

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          344B

          MD5

          2b58f7568192757173b5fb1ceb5d8f43

          SHA1

          b5bec7908c0a860e129286e3f4c7fd0560b58056

          SHA256

          bce001bec74eaff36373a52b011e0f307d5bf37f62c2346bdaf3904023536992

          SHA512

          7a5ef057d2773bb6905924505ee8c037fdb92ca47faceab3d1cfd64c7f51ab5eb0f7650ca0899c55b5abebe1ff152565f1cb6e44484ea26c9b26d9c72b9ae69c

          Download Submit

        • C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\OFFQJ7AH\bJgjTaMBZ[1].js
          Filesize

          32KB

          MD5

          e4e6d0b84ba6d1d021052eea6e166f76

          SHA1

          0f3f720f0c3f63f798530d6163ccc1498a1f5a5f

          SHA256

          85cb962521f7df02b28d4274e550c92f0ec13ca2fbf5623c24660979ec47e9ee

          SHA512

          ef93a2cb91f6f2fbef5ae4c20fac3bff59054fad2a5cb63efdfb419e31ebfd17d054da0cd594c0f06c263bb4b7a738869a2ede2b432392c7dd00876c7215d806

          Download Submit

        • C:\Users\Admin\AppData\Local\Temp\CabC34.tmp
          Filesize

          65KB

          MD5

          ac05d27423a85adc1622c714f2cb6184

          SHA1

          b0fe2b1abddb97837ea0195be70ab2ff14d43198

          SHA256

          c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

          SHA512

          6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

          Download Submit

        • C:\Users\Admin\AppData\Local\Temp\TarD54.tmp
          Filesize

          175KB

          MD5

          dd73cead4b93366cf3465c8cd32e2796

          SHA1

          74546226dfe9ceb8184651e920d1dbfb432b314e

          SHA256

          a6752b7851b591550e4625b832a393aabcc428de18d83e8593cd540f7d7cae22

          SHA512

          ce1bdd595065c94fa528badf4a6a8777893807d6789267612755df818ba6ffe55e4df429710aea29526ee4aa8ef20e25f2f05341da53992157d21ae032c0fb63

          Download Submit

        • \Program Files (x86)\Adobe\acrotray .exe
          Filesize

          199KB

          MD5

          94e6d5be2b3bcfaacbbb9bfa82e02c49

          SHA1

          deee744a420bb4dd99968372b25a5eb34eef655d

          SHA256

          c84ddaad68cf6ebeccdb1eb9c0babc44370796cd65df923293f904c748ff1863

          SHA512

          57f24c2511e5e96f15010792bcf2e6a7460262b597a5e6d204d41d0437eb4d5813d84c5cd35c91699cf91ae15f3645faecfcb6cac7fc4fc1b0544e4ee699e56f

          Download Submit

        • \Program Files (x86)\Adobe\acrotray.exe
          Filesize

          201KB

          MD5

          6f19c36ee962c0fc3a508bc69e5f3a9e

          SHA1

          a954575f504dcd7e6f096b5a32ab08598f9582a5

          SHA256

          318e7cfd011933c03cdc19f3562bceb9b7bfa8e4f820332cb0ac6a87f79f245c

          SHA512

          2715159ae8e4bf5711cddf03ad41774674181a22f6ea52cd3bbc3451d1df6922af24dbd39ef684ddc6bccf9c5ffd47e93dddf87f1c1ff7ea48c742654b23cd5e

          Download Submit

        • memory/1988-0-0x0000000010000000-0x0000000010010000-memory.dmp

          Filesize

          64KB

          Download

        • memory/1988-38-0x0000000002A50000-0x0000000002A52000-memory.dmp

          Filesize

          8KB

          Download