Overview

overview

6

Static

static

3

be84f72784...f9.exe

windows7-x64

6

be84f72784...f9.exe

windows10-2004-x64

6

Analysis

  • max time kernel
    121s
  • max time network
    138s
  • platform
    windows7_x64
  • resource
    win7-20240221-en
  • resource tags

    arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
  • submitted
    10-03-2024 11:40

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    be84f72784835f2cdf7bf3220bb099f9.exe

  • Size

    504KB

  • MD5

    be84f72784835f2cdf7bf3220bb099f9

  • SHA1

    a5f078e8d290aea9806cf0b5676f1f2c082569cc

  • SHA256

    485e6f5396a334643f637fddd7d33713311d1cb71d0ff14f9433a84e741ef344

  • SHA512

    745cc54ede7fefc4e3e71f3b95360e195c15a0123b01ef0a789b41f41ec46a653948e944875f189ea515191a8cbbd8854127e5915872a88db1948881b4fadfe2

  • SSDEEP

    6144:B0OR4Vji+xwxxhRldcYQU2dWWA1S0RxRz4IoNu232sX:B/KQrIP3

Score
6/10
persistence

Malware Config

Signatures

  • Adds Run key to start application 2 TTPs 1 IoCs
    persistence
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Modifies Internet Explorer settings 1 TTPs 39 IoCs
    adwarespyware
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 7 IoCs
  • Suspicious use of WriteProcessMemory 8 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\be84f72784835f2cdf7bf3220bb099f9.exe
    "C:\Users\Admin\AppData\Local\Temp\be84f72784835f2cdf7bf3220bb099f9.exe"
    1⤵
    • Adds Run key to start application
    • Modifies Internet Explorer settings
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:2512
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" http://www.youtube.com/watch?v=gOO_UqzEc5Y
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:3068
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:3068 CREDAT:275457 /prefetch:2
        3⤵
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:2688

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    05c105fb4a277d85a6e849598dae5562

    SHA1

    e1776f5f57d20e7b576bae4b81254d15fa3650a0

    SHA256

    3f632f4ecdbceafae9f68ff9fe13a80a9ddec8786b0f7e448a8bd2bb5fa22aef

    SHA512

    9b37409b08dd20b95c44dc6171c99cffb5f912c67990315e5fc8260e16eaacf8c188ef00310527b8707b8efa26c0940515c9f97be7954bd4a1f6978349e4b291

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    436f1dcb4a5adf01561ef022e918b97e

    SHA1

    c4f21c45cc86f995ddcc973aa180c85c70aa7e8b

    SHA256

    4e84fff5f57484f815a134effda1b9ec7abc55537f9b0bf3ab145a64919ade10

    SHA512

    837e6160bbf90ce2dbcc5386dde270d217ec3c95dd67b26e828a563cd81c0bff84d59e5515a9e566e378fb0199ff5bb4191f40c31b2254fe95251d4b37b93606

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    b55c7124a303a7d2f8c31047a050c317

    SHA1

    b8b83f4b21172a67d8077964c8d09e8c22dfc34b

    SHA256

    5de5ef8056116423b39743370536c2b54dae07a641850cadf9d36e8d584cb3da

    SHA512

    6135d09face0df0ed49da11c25e13239030b19c1ad9b3bace4ee2dc6f0551342b405243b0a5d75853912d2f8c3154884b6ba756a427b1c97ba7eca055b2efd83

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    d046961927dcfb3412fe2e2a86b5cd73

    SHA1

    61fa14f8bdf98e5d271fc0ba91ba87bdcbe08e76

    SHA256

    13c8e53688b82285ab744182f7df3fae779af7bf7642b05f6bf8f8b7a683f6b4

    SHA512

    bc101d89c2487cee60948374093a4417c7275ceb7624c02e7c2b7aba6de1afe75ac886c4ce76036bb878695166f909997063960fd9a875d9e79afc89a2d32aba

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    d8cb6eaea40c93627af922c0bb14de88

    SHA1

    cd54a3e2af9f0a1a6341bf21659745d189a2e81c

    SHA256

    b9ebbaa1301cf5e5ff969522998b1edfab932055c4a7e5fd3bdeb836901e8796

    SHA512

    06c43261307d110491792350df7e063d5ba8bddb8cbe56178deeb6b929078ba2d0924526355d6d0020c299e230f0e6eceacb6e117b653041f718aa895ff06777

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    2fe1b8fdd5e6e175be6fb64acb7bcd48

    SHA1

    cdd173d3c90027b016bffaeb7c3e7e88095ce0ca

    SHA256

    78021cf1062c78b79807383b2db9e8343abd3225f027435e67db326a64d16f54

    SHA512

    76acc41e9f37ebb1bf9ab4451d0658795cd78f128ae051bb3382428308e63fc9c386ddd93cad83c05b97070503c12880c5f7fc5bf168f8efafb025da90c7ec9e

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    b5026ab89b2bc9080642b7e118cb1f6d

    SHA1

    cb8f75eaede39295db7cbc93a1bf4665e29da899

    SHA256

    0f4675bda704e73796f9f17feb59d71368210e8bfb794556dfb359cd00d88b15

    SHA512

    9bea0fd8c136b89436eea98d4df5e6b6020b8170651861bc21feca17aed8fb50b952200dba062f34c3623a275a4790eb7935444d41d9ca5b91a8c6416221b457

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    0c2b0eb69d74287d97be37dafe893418

    SHA1

    25d9bef14ce5f6c81072072c07b023215cf6c8de

    SHA256

    5be9b2d831dcd55e25f39a3fcb1d02ee9d079b416e04392d934be588263dbdac

    SHA512

    e605fb57c0c8e7d8523559e68a36e8dd04f7c94fc6c688198a72d5af933113c72dfe3c5700ab6ff527c477d211ad848477ebb5cbe2e2a95156a688eb7c222b9a

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    2d3de766fa24732b9d68d6aef3d06b89

    SHA1

    1075a4d7ad48e904bb99bad394aaaad6d35cf540

    SHA256

    48c21ae64b7b676fee168da6583fb283c72a47b0b751e093b538ac544c4da38f

    SHA512

    ed9e4bff12272bb6f457c38d027845bd56d70511c5ce58bbdc90994a9f8ecacff6aa7e29b75ef19a7d9d99e7d54f9365557a53f9f900bc64b12159ad3870c1d6

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    87e57da386fce07ac931017f7337f5ba

    SHA1

    41ccecb85f9573a228e738fb341d8e4d58ccedf3

    SHA256

    524a59c88166ede7b3bdd54d8918aeb4679a53bf1d6c0e02b3a41cd322a40537

    SHA512

    8d32fc6439da2c22b6e87c4e654b644a357fb40cea6b2cb2f1cc650a7b5a101ec365bd41731b80e42d93c336afaba5092d2844d776268f09c4524a9c2ecb7dd7

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    7859efe28e64c29e5ae753854814d3cb

    SHA1

    8ac4a55cad54fabdc28232c7912b37e1b74113ac

    SHA256

    ff020bc8d23ac5d763bfb46bd431fb7a342c1f8a77561d0e0ff9a648a08cea65

    SHA512

    a95c7b2a83890e3752732d9a6bc9b5a0289372fddf5cae87d4de372f9b129e5f420ff28ad946a0e85f29c4312e7a438f21d2baf0128e50fb5915cc02e8deda8d

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    680f864e9ac686865cbfc025a6b6d7ff

    SHA1

    4959851d58ebb187aa6f7c1df7f51998b2f23c48

    SHA256

    92178797811e3cbbc45f0b24b43dd132a134f2f499839afd471ffb5380c650f7

    SHA512

    36eb0361c298433d7880923544b6139bd6e94a30bf145ec561e8b1de7671c9dfce7cd09b198df46a33459420c8f3cd7d46f61be714197886d79df64c5c5c8acc

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    ea36179be495b70acdd0a1f92bad4883

    SHA1

    e9f9ea59b4a9127da3456039ca234663d83b9b1f

    SHA256

    b3d5dfa439fc7d0882a6784bb4e6cb415a78a42b88dfb8e4abd2044ae8aee7e8

    SHA512

    dac0de553486980162f936587f1875f93d0d740ad23c2976adf3e1b4b43b82e5b244e9b4b0b44c99bef34b91c704d57e2f94d0ec6618c9486b3a88befecf11c8

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    21b4c413dfc456f75c2163187ad3f4ed

    SHA1

    0482c3e3c980b8f81cf064a128e0ed7db7a95d31

    SHA256

    127756af70c470500f6eac8e6ec850d7075e2b01670466b38210ae16a4aa8468

    SHA512

    b29ed57e64d917a623c876272ae6353f4d5ae12a3212c45352d46826e57eb372f330b6e0e0838f263329fe38825fe737852c33a8efe1a48b8b375301220ff2ed

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    244b1a7b8adfc4f5f8010fb4cf8cca2b

    SHA1

    f1b8401b318ddaf995a5ecd10db9f899c34edbd0

    SHA256

    192415e372d14aa5a6f14144819179571243ceb052998e0d35eea0f9ae23e18c

    SHA512

    a4ffe83999987256354ddf15970b9cb1a03082ff880825a0fa06ec5b5e248b36acd931e9c49c45bea4a949db86dab5fbda94df12a902d7564a87c425ef2c1326

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    468ad75090dc08651876a28694e91615

    SHA1

    d732cf54a140291ca18f8ddca849588715e25c9d

    SHA256

    0afdb1fa1c9ce759bd5a115683f0ee554d7e0fc2c66214e7a52d2004b007ad29

    SHA512

    dc21a977104753604d3a452543cfc242549ddfac99c9ca2d7145db537e2e96433ab232af42a672671a1b0c9fc1173a7dad1344fae4fa9065be450652010e3ec4

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    4974cb7bf7baa9fcc1f10c6acc67edd6

    SHA1

    57940edd5b2fb56bdf7995b3262f47058e76e652

    SHA256

    a76fa3bc7527ab40eb75c0a52c954d625881964bf4690467b71ef7e419aa054c

    SHA512

    a392ced966b67c1d710198d3f5f13369ed8a12c881bbf72bba8a8ab425bdd9227a015c6fd4cb8ddf9463b26dc05bdbdc3283bb8809e0307b8f8cd74c7033c496

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    565fb9843f5a69bba72ec552edb64792

    SHA1

    9609867f8fbf3b6b5911bd34489348b12096d50d

    SHA256

    c67dfabbe0ec2c4cc1e7262a42e80e01b8aef7f9803726c96198de9785194ddd

    SHA512

    e47349f5d21bdc6ff3241b74469436f9b67b20bf99d3895cfae010f55173f282cd05acb70734cfede8076fc53aff71dedb5e45462ed20061deb6289c13d071e4

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    bee9dd1ad2120068696b34207378bed8

    SHA1

    92d17a91b6330d7e540623e30212040903bc5820

    SHA256

    139de785eed896bfbafda9704d834c7c85dbc6570670bea10a28cfdd61e2c5d2

    SHA512

    78ddf6e5795e1ded974933d1f21c1fe4ae2e88a7676b1910305cff413ff2e612dafb925c0db19aa052e463eb7c04c97085f111a1ebc4aafb3a92c5dbf1bb5d0a

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    30d21c8fbf50836d83a49c1337789478

    SHA1

    b615cbf7bab8075cec793a3010ab1dc0e0ffc935

    SHA256

    193a0e46343c869e80ff1a9255f585380a692659ce8e3a16726d8523e8f38d2a

    SHA512

    4849d98e6f2d6e77370975eb864a6a15ffa94daa303d6548b13454164070f6476aee35aafbc4d687b1008f580b80e47b259908c475f563aa180df9d70702be98

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    35697ba379ec4229e71da5ab77fbcb59

    SHA1

    6ee9d64213bbeb6aab5800daba258ea29fc9890f

    SHA256

    d0ed6741c56544f3c48ef619dfea2d6b82d68a7f0368bf279ec8e02586d0b53e

    SHA512

    db871ae179b2107fcbe1396039fd264fb5378c55e2f2ef0f254259cb32de03109908a0a642aa19ae1b740e8866826055312a676609e2bec554cb67c8d2d2dc3f

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\imagestore\60nmxlj\imagestore.dat
    Filesize

    1KB

    MD5

    cc99fbf01c9546c93de89fba39849931

    SHA1

    23748dea2be54d7feb5fb68f5b26b3d35497790a

    SHA256

    bf13cbe3ef20968439f1e49c24af93f8c023c690b1d1c2b0bfca03defa47eda4

    SHA512

    f7066cdf5c292f9993765d7af7240ffb56c8a08c470ef99a97b29d5ed7c40c79ae01d364e28c8e9e363b941f3faea9257057b3b92b3c2407c44c368558b4a063

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XJ0RD6PK\favicon[1].ico
    Filesize

    1KB

    MD5

    f2a495d85735b9a0ac65deb19c129985

    SHA1

    f2e22853e5da3e1017d5e1e319eeefe4f622e8c8

    SHA256

    8bb1d0fa43a17436d59dd546f6f74c76dc44735def7522c22d8031166db8911d

    SHA512

    6ca6a89de3fa98ca1efcf0b19b8a80420e023f38ed00f4496dc0f821cea23d24fb0992cee58c6d089f093fdefca42b60bb3a0a0b16c97b9862d75b269ae8463b

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Cab737C.tmp
    Filesize

    65KB

    MD5

    ac05d27423a85adc1622c714f2cb6184

    SHA1

    b0fe2b1abddb97837ea0195be70ab2ff14d43198

    SHA256

    c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

    SHA512

    6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Cab74D5.tmp
    Filesize

    67KB

    MD5

    753df6889fd7410a2e9fe333da83a429

    SHA1

    3c425f16e8267186061dd48ac1c77c122962456e

    SHA256

    b42dc237e44cbc9a43400e7d3f9cbd406dbdefd62bfe87328f8663897d69df78

    SHA512

    9d56f79410ad0cf852c74c3ef9454e7ae86e80bdd6ff67773994b48ccac71142bcf5c90635da6a056e1406e81e64674db9584928e867c55b77b59e2851cf6444

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Tar7509.tmp
    Filesize

    175KB

    MD5

    dd73cead4b93366cf3465c8cd32e2796

    SHA1

    74546226dfe9ceb8184651e920d1dbfb432b314e

    SHA256

    a6752b7851b591550e4625b832a393aabcc428de18d83e8593cd540f7d7cae22

    SHA512

    ce1bdd595065c94fa528badf4a6a8777893807d6789267612755df818ba6ffe55e4df429710aea29526ee4aa8ef20e25f2f05341da53992157d21ae032c0fb63

    Download Submit

  • memory/2512-0-0x0000000000400000-0x000000000047E000-memory.dmp

    Filesize

    504KB

    Download

  • memory/2512-3-0x0000000000400000-0x000000000047E000-memory.dmp

    Filesize

    504KB

    Download