Overview

overview

7

Static

static

1

bf013f1858...fc.exe

windows7-x64

7

bf013f1858...fc.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    117s
  • max time network
    149s
  • platform
    windows7_x64
  • resource
    win7-20240221-en
  • resource tags

    arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
  • submitted
    10/03/2024, 15:53

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    bf013f18586f8835a8862d9a64c504fc.exe

  • Size

    385KB

  • MD5

    bf013f18586f8835a8862d9a64c504fc

  • SHA1

    364d098e449fa9c757bbe356f22dd6728e08855a

  • SHA256

    115d0395234e901270f5399d1fc0a6b42bb5e7c8edf7972d9a64b0afb5c736a4

  • SHA512

    4d4835c1f6db418bd9e6d409e9272b0c49f393b84eda089d5d4ec655db45e17980296fb0c7bdba520ae1e6934681833fde03d6dfffa165de756c32819b465fda

  • SSDEEP

    12288:SQiGNCL8+iDNdR2+MBTlPadSfXioRcpMXVJoD:SQici8DdXMBTlP0QjcpMXVJoD

Score
7/10

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 4 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Modifies Internet Explorer settings 1 TTPs 34 IoCs
    adwarespyware
  • Script User-Agent 8 IoCs

    Uses user-agent string associated with script host/environment.

  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 15 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\bf013f18586f8835a8862d9a64c504fc.exe
    "C:\Users\Admin\AppData\Local\Temp\bf013f18586f8835a8862d9a64c504fc.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious use of WriteProcessMemory
    PID:2016
    • C:\Users\Admin\AppData\Local\Temp\is-L2LNS.tmp\bf013f18586f8835a8862d9a64c504fc.tmp
      "C:\Users\Admin\AppData\Local\Temp\is-L2LNS.tmp\bf013f18586f8835a8862d9a64c504fc.tmp" /SL5="$7014E,138429,56832,C:\Users\Admin\AppData\Local\Temp\bf013f18586f8835a8862d9a64c504fc.exe"
      2⤵
      • Executes dropped EXE
      • Loads dropped DLL
      • Suspicious use of WriteProcessMemory
      PID:2924
      • C:\Program Files\Internet Explorer\iexplore.exe
        "C:\Program Files\Internet Explorer\iexplore.exe" http://spreadsoftandgivefun.com/cgi-bin/demo_thankyou.cgi?token=28339898911436527796&subid=358457&ptf=23
        3⤵
        • Modifies Internet Explorer settings
        • Suspicious use of FindShellTrayWindow
        • Suspicious use of SetWindowsHookEx
        • Suspicious use of WriteProcessMemory
        PID:2656
        • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
          "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2656 CREDAT:275457 /prefetch:2
          4⤵
          • Modifies Internet Explorer settings
          • Suspicious use of SetWindowsHookEx
          PID:2464

Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          344B

          MD5

          aa2b00f3b6eace684f05da0e1330de98

          SHA1

          913228a6e5e260d3a4307ee8294551b239ce9f97

          SHA256

          0c3d60382e8b6a3f40280d4407cb0c2181e7ebdd3c0acf0711c1a85bf05735a2

          SHA512

          50028017896d855e7aa7dbad76804bf15501a353fabe0a58bb57e8a69cf433888453e61ff8465e07a88167ccd37f3034ec5f5cb5fd8e95ecae018ae25646fde8

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          344B

          MD5

          3aed39e597f3e2abf26a17234dc5625e

          SHA1

          ba3cb96e157dbbcfd92fe4f1ae755066664e6f1c

          SHA256

          3700a19e011aff529a2f063d62c6accbecbf25f9e6cc3b9b75670b670c600356

          SHA512

          f765a6b7eb48429f71f73b50ad32cd600abb086cb651bc4c0d5217043f08f79b6f4d70b210fc3e55d2b8aeda823e18ed09ea7ca5a7ee359ac479c2461f97d8a5

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          344B

          MD5

          d608014fa518151d6c9858eb9db967a8

          SHA1

          81dbb16d56693848c04528bfaa88633f08e88595

          SHA256

          1e09db6570add7985cc3ffba5fcddf50bc34319070885d81be188e711bfce430

          SHA512

          1fd4797856ac4c07375cc64ebc6f906f10d70e1d4aaed02728391b6d64beb57f413e4ad606b1fa9105cf52ed2393dffe672a21f2c4500f7f580a324686460dd6

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          344B

          MD5

          a4864fe49de98fb69c918a3153a2ff91

          SHA1

          1832cd56fb491cd062fb8b906f202e7486c174de

          SHA256

          262d39d02420d77d40728b9c544d22d03dd4703167ce2d4b7b32cb670e7e60ef

          SHA512

          d3ab6996a0d67115dbb40ffebaa55acf1da01ff2f920b6540e0477f7bbf5b2f87d8c573b0fbf6dfab1932346eea4dee31c6171cebf52a2e267e66b500dddb50a

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          344B

          MD5

          659c709f916a24725f3057612b9d4a34

          SHA1

          7b16a1b9cef8d67fb11a5fd7780b4df25536e6da

          SHA256

          afb7c3e6acea2a0e77c53ab1c6a78517964231174a4a6119fd955f474f6b8c59

          SHA512

          d70da61211897e627c60094865a6d0c332bbb889910c514cc5667a7e891859c7da17d08327e1f77942b229662126aa1466750473a99ec0e4487ea4d2d0ebc19a

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          344B

          MD5

          7d539640c5290073e58d9bedec494b74

          SHA1

          0017f2ca92b45ddd05bb1fa02f62222aa992c6e9

          SHA256

          5aa7a54d91fa34ee1d684449aca5a758ecedcb9aa8e90fb0b17cbf7c37f7f38b

          SHA512

          34efc3c9fef3a7842eb98e53dd3cd0d0c04f5edcc5a849f94d71f08533b76bb0b5bb89071c79d231d02a938167dbe241043aa3d843a2be05ddea6a0fe8214a9f

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          344B

          MD5

          76396c89bfcecc32c7d44e22fd972924

          SHA1

          3a77d3a9ffd5f40dca489dee9ffe42cef115a980

          SHA256

          5f15cccf8f170f2efeed818ee6e1302f690b15baf0efea807b4aa45a74950cf8

          SHA512

          eb5cd52716a18afe47574690a0b807e0160e8530d14faa0b24415d31eae5dd6743b4f25e2664a461e68dfb27274e4cfcbe425827613439e1a3963f20828cd8ce

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          344B

          MD5

          89c95fd4fbe4f22c006a46378349fd74

          SHA1

          72d178b80748f146e54d1d3a7e1b1483d4ddeac2

          SHA256

          ee5678a8439250440edaf80efa4f412b62fe2e11edf6637ebc957ddb8372d969

          SHA512

          64fafac2307052a7c71bc37c9d02cc600ba4c3586af5d07d73e9b8fc61a96b835eec969f656b3eabe7d9303cac93bf6d9674dba533f251cce1828885e5a2e291

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          344B

          MD5

          184b91b5443e7350b29e116868217bcf

          SHA1

          611df47660a5cd71c84c93b147f10d013b2a0b9b

          SHA256

          bce71cfead69844cccbd31a2a194de6d3eb195645e0863533175a2cc2e5c7ae3

          SHA512

          e321667a0916dbf57fa32d6cd28c650284fe1da01dc7e9271c704ce617eb5b05df19b6af795570a77c9ef3cb33917742101bc0594a4bfa7419560b1906deffbb

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          344B

          MD5

          8bed36303679a9b82b38631e2011ee68

          SHA1

          ced661ef4da7960e7031854058afb1b0a1535393

          SHA256

          d4a18815e08949344569299d8dd04ebe43a4324bc723b679f2f2ff77ab508711

          SHA512

          9497764be61961d3815419ea44f37580c47b272809b9ec1ff8f23ae34640e4534b31d90d0dd1758280848c3531f7b2cf0e7936f87c909556b03fce796edfc480

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          344B

          MD5

          bfa2e3f12c13603abe11efbff9061ef7

          SHA1

          4172fafde9977b9d2c8626be0792699d17f6fb2d

          SHA256

          d20b7eda731941374454205e5798ae789e53da1b41d6859e18308c90bc2c7dc5

          SHA512

          474b17799fa0318a51da2fd891999930b72a28558e5139b503f9b44e3b6d197ba5fd3ee9002d57861d1a6cc5bff424a9a99cbe4699f18abcc876da68b17e3f45

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          344B

          MD5

          f3b9cb47491ba15750569fd070acedb5

          SHA1

          a54746773fc275423df801d58d6a50474a1077c4

          SHA256

          63b41cad9f72584be78435cfbdf910e251825abf562e4ba3cc8c20ce752cffe2

          SHA512

          fbfaf605c6c37012c4b828fb53f18f3533fe296eca94be020ea8930b55da35369c9d384a3517dc13dc7dd1abd8e7b3c001dda12fc6d9dea69d6b6cb2865f8168

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          344B

          MD5

          365b0805b41c808ff97020f08bf84d55

          SHA1

          4d1f9ca052adb8c7cf85fae44b66ea527c781924

          SHA256

          7516762d06ae753f3486cb85c561454a9b864bc2101b613c37a750428b4b6df0

          SHA512

          f3da40bb37afb61da162a58776613a9bd76cae7588f6cec0b02f1287419d345d09237b10753e600450681d5d1782c9bacb76e33ca1b584264b112a2382870a28

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          344B

          MD5

          c3b08439627f77c259831f677ba41889

          SHA1

          4eea89d94efd537be748048bacea21d44a577e70

          SHA256

          429a730b42991776386e741eda16c17001d0ce104fa968c0ce485ed199316bbd

          SHA512

          528681a0f2fe71c415f407a55f974cb9617b82c41bf43f48f3dabb990a781127617a716caaa03193c317cf94df09f095fc2589d62bce1f07adb2bc6d217924d8

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          344B

          MD5

          b3ea828650021c5c5e1d41ac39efdfa5

          SHA1

          7f7b7228222fc0133b78306400f9c213ef2ec233

          SHA256

          d92d3cac11a4f9fe4e323d88008f5af16fc72a89daa9afbcaca3deca08295b50

          SHA512

          8aca161e1a6eb6501bb5723f87bf5f82bc354c814b59bd917b83dbdb6bb337764a2fca3ced65940287a356b2df6c5a7cf3ed0a33eac49eead37637a15d796afa

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          344B

          MD5

          9e8f83fe4d138cd834b1f2f46e9db2b0

          SHA1

          9230482591fa781195dbef5390a684f0340c12ea

          SHA256

          86b8e23b17e81301e2fe267930e5711f284c350e577adea9e8e747301344f0bf

          SHA512

          1ea8c41b594209269441487a4db07dcbab97d38998b60d50e797921810a90ae0fd3e730ebfb833c026120b7365c7f8bc8f2e4bd7be84ae5dd25db7870f7cd2af

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          344B

          MD5

          4e7d8e520957aefce4f02bfbfb08dce5

          SHA1

          b2695fda1cc2c5f93dcd88983c1006372776f55a

          SHA256

          4214dfcdd2e6a8dfd64cd34d3d6854680800d4632194df8710ab56fb503369c7

          SHA512

          1bde83f89c82c72bcbe3ed84382dbb2621c500925967d91e5331fcd97638db970b7600645927eeffee9becd0e2207d5d080055334f8ffeb0cf69653463a97948

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          344B

          MD5

          f4d0bbd51bc0b1a16e497a73304b8c24

          SHA1

          86b3ae5fa5aba0a8fc7ff8654c3ea769833efdd2

          SHA256

          1226ead3c7a575fff6891e6383dc651fe065263d5d96e3aaf26cfeefac4f9b74

          SHA512

          2e4e33a9e670878bbc08c8689cb2b1a28f99f3b7e8702b57f3d2552881e92ad8f159aede1d959b7fb7e6d2d9345fcc704c887e7b8725278fd7565c0d8f8454e6

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          344B

          MD5

          ee2790430ccc451068918776d5431ebf

          SHA1

          ec5a608ca957278861f108bc172553957376f19d

          SHA256

          4e1f0f82151430a54cd6eb14bfa6b11da2688874d680cd068ccf8d82a43ea993

          SHA512

          258698fbe07bd1554abe373449b01a513683e1687f8e3ce524a0be51c19b680c5ec855225939643b6f8e3a95e9fb5ee58dfafe98b9eeab3a65b8096cbcaf421b

          Download Submit

        • C:\Users\Admin\AppData\Local\Temp\CabAB6F.tmp
          Filesize

          65KB

          MD5

          ac05d27423a85adc1622c714f2cb6184

          SHA1

          b0fe2b1abddb97837ea0195be70ab2ff14d43198

          SHA256

          c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

          SHA512

          6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

          Download Submit

        • C:\Users\Admin\AppData\Local\Temp\CabAC5B.tmp
          Filesize

          67KB

          MD5

          753df6889fd7410a2e9fe333da83a429

          SHA1

          3c425f16e8267186061dd48ac1c77c122962456e

          SHA256

          b42dc237e44cbc9a43400e7d3f9cbd406dbdefd62bfe87328f8663897d69df78

          SHA512

          9d56f79410ad0cf852c74c3ef9454e7ae86e80bdd6ff67773994b48ccac71142bcf5c90635da6a056e1406e81e64674db9584928e867c55b77b59e2851cf6444

          Download Submit

        • C:\Users\Admin\AppData\Local\Temp\TarAC7F.tmp
          Filesize

          175KB

          MD5

          dd73cead4b93366cf3465c8cd32e2796

          SHA1

          74546226dfe9ceb8184651e920d1dbfb432b314e

          SHA256

          a6752b7851b591550e4625b832a393aabcc428de18d83e8593cd540f7d7cae22

          SHA512

          ce1bdd595065c94fa528badf4a6a8777893807d6789267612755df818ba6ffe55e4df429710aea29526ee4aa8ef20e25f2f05341da53992157d21ae032c0fb63

          Download Submit

        • \Users\Admin\AppData\Local\Temp\is-5F841.tmp\_isetup\_shfoldr.dll
          Filesize

          22KB

          MD5

          92dc6ef532fbb4a5c3201469a5b5eb63

          SHA1

          3e89ff837147c16b4e41c30d6c796374e0b8e62c

          SHA256

          9884e9d1b4f8a873ccbd81f8ad0ae257776d2348d027d811a56475e028360d87

          SHA512

          9908e573921d5dbc3454a1c0a6c969ab8a81cc2e8b5385391d46b1a738fb06a76aa3282e0e58d0d2ffa6f27c85668cd5178e1500b8a39b1bbae04366ae6a86d3

          Download Submit

        • \Users\Admin\AppData\Local\Temp\is-5F841.tmp\itdownload.dll
          Filesize

          200KB

          MD5

          d82a429efd885ca0f324dd92afb6b7b8

          SHA1

          86bbdaa15e6fc5c7779ac69c84e53c43c9eb20ea

          SHA256

          b258c4d7d2113dee2168ed7e35568c8e03341e24e3eafc7a22a0d62e32122ef3

          SHA512

          5bf0c3b8fa5db63205a263c4fa5337188173248bef609ba4d03508c50db1fd1e336f3041ce96d78cc97659357a83e6e422f5b079d893a20a683270e05f5438df

          Download Submit

        • \Users\Admin\AppData\Local\Temp\is-L2LNS.tmp\bf013f18586f8835a8862d9a64c504fc.tmp
          Filesize

          691KB

          MD5

          9303156631ee2436db23827e27337be4

          SHA1

          018e0d5b6ccf7000e36af30cebeb8adc5667e5fa

          SHA256

          bae22f27c12bce1faeb64b6eb733302aff5867baa8eed832397a7ce284a86ff4

          SHA512

          9fe100fafb1c74728109667b5a2261a31e49c45723de748adaa1d9cb9f8daa389b871056c70066fa3a05be82a5017c8dd590ae149a56d824a9e250d31091a40f

          Download Submit

        • memory/2016-18-0x0000000000400000-0x0000000000414000-memory.dmp

          Filesize

          80KB

          Download

        • memory/2016-26-0x0000000000400000-0x0000000000414000-memory.dmp

          Filesize

          80KB

          Download

        • memory/2016-0-0x0000000000400000-0x0000000000414000-memory.dmp

          Filesize

          80KB

          Download

        • memory/2924-24-0x0000000000400000-0x00000000004BD000-memory.dmp

          Filesize

          756KB

          Download

        • memory/2924-7-0x0000000000240000-0x0000000000241000-memory.dmp

          Filesize

          4KB

          Download

        • memory/2924-16-0x0000000003460000-0x000000000349C000-memory.dmp

          Filesize

          240KB

          Download

        • memory/2924-20-0x0000000003460000-0x000000000349C000-memory.dmp

          Filesize

          240KB

          Download

        • memory/2924-19-0x0000000000400000-0x00000000004BD000-memory.dmp

          Filesize

          756KB

          Download