Analysis

  • max time kernel
    148s
  • max time network
    148s
  • platform
    windows7_x64
  • resource
    win7-20240221-en
  • resource tags

    arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
  • submitted
    09/03/2024, 17:00

General

  • Target

    bc54f449dddb5d15b7a88925f553aaca.exe

  • Size

    191KB

  • MD5

    bc54f449dddb5d15b7a88925f553aaca

  • SHA1

    e98d1a38767acc69224c3ff32a6d7c641600d633

  • SHA256

    8f0492ae01287477199227a50bb93edbece08aa065a0dfbcbaff95a898ac0799

  • SHA512

    23e727eee3c5c52aa83c297ae7a0e08c628ac39e73536bb17c487b155b94f610b3027e5f648046b8c7d93bae3cda88868785d22a34fb1d2e63e6f96df7e7ffb5

  • SSDEEP

    3072:FdTejYQcRkBtZy/kqtcGxekIQ8bqJLSjDexH0THKLW15Y5dyO5SDLm9qJV8Vd1vt:PWfUkBPyrtBxgQTMK0TKpxS3H8j0bm

Score
7/10

Malware Config

Signatures

  • UPX packed file 2 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

  • Checks whether UAC is enabled 1 TTPs 1 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Modifies Internet Explorer settings 1 TTPs 35 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 9 IoCs
  • Suspicious use of WriteProcessMemory 8 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\bc54f449dddb5d15b7a88925f553aaca.exe
    "C:\Users\Admin\AppData\Local\Temp\bc54f449dddb5d15b7a88925f553aaca.exe"
    1⤵
    • Checks whether UAC is enabled
    • Modifies Internet Explorer settings
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:1652
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" http://d0.fenomen-games.com/files/MyTribeDEMO.exe
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:2592
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2592 CREDAT:275457 /prefetch:2
        3⤵
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:2860

Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015

          Filesize

          67KB

          MD5

          753df6889fd7410a2e9fe333da83a429

          SHA1

          3c425f16e8267186061dd48ac1c77c122962456e

          SHA256

          b42dc237e44cbc9a43400e7d3f9cbd406dbdefd62bfe87328f8663897d69df78

          SHA512

          9d56f79410ad0cf852c74c3ef9454e7ae86e80bdd6ff67773994b48ccac71142bcf5c90635da6a056e1406e81e64674db9584928e867c55b77b59e2851cf6444

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          344B

          MD5

          0927d4adcf6b4c1e78dfffa5558ef658

          SHA1

          ae36982aac6e59946ce96199671570ee0fe8736c

          SHA256

          1173e0460a175041dda7cc3cd80c81c3b5d3191d4589a7dad55e3d6c6f839fba

          SHA512

          d22e44868e679f2190d3c5d80cd44a84d6ab6ffd76e0527949d13135313a8d39a8ca144b4104166c3adea8ef17e443e0ed8dc1b6e515dca476e8ed3ffa0ea4f5

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          344B

          MD5

          8b4723aa91920cacc68d0896a820b4dd

          SHA1

          1cd057ba1d5fe79de8c8455985a5585a939b6a4e

          SHA256

          b4796406757c795e542c2f123d9fdb4288d8e23ec5ba6f5105d0d6d757071e24

          SHA512

          b82553c3bd730b8606533d4f6f4e402ff4da90157671100deef4ab81afc8b0987c307a7edaacbee8a9786566613c31aaa7ce88e0b353cd4e23179f27c3ac77ee

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          344B

          MD5

          7440506a8040ddb6ef7e958f9b3e2fd9

          SHA1

          d5dee2970dd4bb5ede2f1aa7827c7d170402aa52

          SHA256

          efc96cf0e7cc5c799e5a0674794b2e5e4ed235c21cfc3e314c4d1b5b4485de26

          SHA512

          dab954aca850bb3ae23cbcc18479fc9b57ff46832c083f053a2fd5b672cf2b7553c86e1ffdabb6b17b032760dc81e9aba9f9151f1668e3fc0730340e18e58a0e

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          344B

          MD5

          022575682d44a2dafeefd68a72188b1b

          SHA1

          cff19476d6a7dcbc7346cd517d1bb36c99f36a66

          SHA256

          485f35d5a4a24da1283e41e12ca0e2a33cf13ea4028119505d27047ed3079275

          SHA512

          c1f073e1f0519a572818626911ccc5a45b48896a10fd6291338cfebf3147c145d4103fc99da13608426c9e9997229cedb3d522c3b7e178bbd0f93a49b190aca5

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          344B

          MD5

          3e6dc76c8e7b6239a01cfe509343c7e6

          SHA1

          2ea9382b521624660fb365c5a55d646239b5e1a8

          SHA256

          6c4a98fcb20b3f6b4afd020aea1475eee9df59c50774d502869425092583bddd

          SHA512

          df50ac9bc0bf160958f64169bcc1a68646a2069dc92e052cd5fc28eb8b4ea24fa9fb92001c5c1e6ba9d9181d87f7eeb31bfc7b1e8fdb73053f896616527f7337

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          344B

          MD5

          20853b53e1f8da36725dc5461872a2c3

          SHA1

          731e6f9caafd4a182413c43c1e18958e42d28d59

          SHA256

          2289db5829fe7b93c13fd6a657980232b8e840a4a043206ba130d8559b1b357f

          SHA512

          a95f3b6c6f9b0924a2c929a05cdd0aaa555b8b9a13fade0522300c6fa347e4f793ec32e7e37430f254faf5963d04f3ce59f8624e24bc27ad498e0b428587f032

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          344B

          MD5

          22d837198875c52af230587316af0639

          SHA1

          67b1f316403e1f15012d96388837be31b54b8bc4

          SHA256

          0b1507fe4e2f796ef88a055051099f303ad36d89a0014f9e9fbc1679ed85b6a5

          SHA512

          ae94b4f487d926051aa9be6167d16a7fbb67ad845bdb3ceef25ce08cf14f098876a0c055448b048c6977b036194fc4595fea19e3dce8057652d95131801849fe

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          344B

          MD5

          74f4ba06843a36d5d6096d5dafbffc78

          SHA1

          34fb6cefdf2b1075aa25b6db3ddb672e2611a792

          SHA256

          051bb1ed8f957a646bc3b3ba6befcf7bfddc9cf92fa4d38e262cd72f5c6203c3

          SHA512

          23a092fdd49306b01ccd98241fc36fd23dbf0375470a62a1cd0dadf1b808f21e24f5bdecf561c309f9e33966f544df7e91620a4e6974e9c342e34bbe5b911533

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          344B

          MD5

          0f422b0baed2b98f7aa279ae225b531d

          SHA1

          4bc0b7786b703f5961514e77b1eca26a486fdc55

          SHA256

          2a4182798a99d51b404a55dc53757cc8df811e1f1b82fa7d2fafc33e9bd80bd8

          SHA512

          1753897f6c5c3faba64185bc3f8f6c82eae4a0f8fcf248962f3f1fde04e02c3e0f725d7d7db8d30ff60d92594c035f8362aed7fcb45c16dd0ef588e792e3baa0

        • C:\Users\Admin\AppData\Local\Temp\Cab38EE.tmp

          Filesize

          65KB

          MD5

          ac05d27423a85adc1622c714f2cb6184

          SHA1

          b0fe2b1abddb97837ea0195be70ab2ff14d43198

          SHA256

          c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

          SHA512

          6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

        • C:\Users\Admin\AppData\Local\Temp\Tar3C40.tmp

          Filesize

          175KB

          MD5

          dd73cead4b93366cf3465c8cd32e2796

          SHA1

          74546226dfe9ceb8184651e920d1dbfb432b314e

          SHA256

          a6752b7851b591550e4625b832a393aabcc428de18d83e8593cd540f7d7cae22

          SHA512

          ce1bdd595065c94fa528badf4a6a8777893807d6789267612755df818ba6ffe55e4df429710aea29526ee4aa8ef20e25f2f05341da53992157d21ae032c0fb63

        • memory/1652-493-0x0000000000400000-0x000000000056B000-memory.dmp

          Filesize

          1.4MB

        • memory/1652-0-0x0000000000400000-0x000000000056B000-memory.dmp

          Filesize

          1.4MB