Overview

overview

10

Static

static

3

eeeeeeeeee...00.exe

windows7-x64

eeeeeeeeee...00.exe

windows10-2004-x64

eeeeeeeeee...um.exe

windows7-x64

10

eeeeeeeeee...um.exe

windows10-2004-x64

10

eeeeeeeeee...ug.exe

windows7-x64

6

eeeeeeeeee...ug.exe

windows10-2004-x64

6

eeeeeeeeee...le.exe

windows7-x64

1

eeeeeeeeee...le.exe

windows10-2004-x64

1

eeeeeeeeee...er.exe

windows7-x64

7

eeeeeeeeee...er.exe

windows10-2004-x64

7

eeeeeeeeee...us.exe

windows7-x64

1

eeeeeeeeee...us.exe

windows10-2004-x64

1

MEMZ 3.0/MEMZ.bat

windows7-x64

7

MEMZ 3.0/MEMZ.bat

windows10-2004-x64

7

MEMZ 3.0/MEMZ.exe

windows7-x64

6

MEMZ 3.0/MEMZ.exe

windows10-2004-x64

7

eeeeeeeeee...MZ.bat

windows7-x64

7

eeeeeeeeee...MZ.bat

windows10-2004-x64

7

eeeeeeeeee...MZ.exe

windows7-x64

6

eeeeeeeeee...MZ.exe

windows10-2004-x64

7

eeeeeeeeee...ld.exe

windows7-x64

3

eeeeeeeeee...ld.exe

windows10-2004-x64

7

eeeeeeeeee....A.exe

windows7-x64

6

eeeeeeeeee....A.exe

windows10-2004-x64

6

eeeeeeeeee...al.exe

windows7-x64

7

eeeeeeeeee...al.exe

windows10-2004-x64

8

eeeeeeeeee...15.exe

windows7-x64

3

eeeeeeeeee...15.exe

windows10-2004-x64

3

eeeeeeeeee...al.exe

windows7-x64

7

eeeeeeeeee...al.exe

windows10-2004-x64

8

eeeeeeeeee...0r.exe

windows7-x64

10

eeeeeeeeee...0r.exe

windows10-2004-x64

10

Resubmissions

15-09-2024 23:12

240915-27aqvsxhjq 8

15-09-2024 23:02

240915-21efgaxake 8

15-09-2024 22:58

240915-2xypyaxdkj 3

15-09-2024 22:56

240915-2wn44sxcpk 3

15-09-2024 22:43

240915-2np2fawhpr 3

15-09-2024 22:42

240915-2m3k5swhmk 10

15-09-2024 22:33

240915-2gqdmawbja 8

15-09-2024 22:27

240915-2de4gswekk 7

15-09-2024 22:15

240915-16esravenh 10

Analysis

  • max time kernel
    149s
  • max time network
    158s
  • platform
    windows7_x64
  • resource
    win7-20240221-en
  • resource tags

    arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
  • submitted
    11-03-2024 01:14

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    eeeeeeeeeeeeee/Malware_pack_2/Malware_pack_2/Antivirus Platinum/[email protected]

  • Size

    739KB

  • MD5

    382430dd7eae8945921b7feab37ed36b

  • SHA1

    c95ddaebe2ae8fbcb361f3bf080d95a7bb5bf128

  • SHA256

    70e5e902d0ac7534838b743c899f484fe10766aefacc6df697219387a8e3d06b

  • SHA512

    26abc02bde77f0b94613edc32e0843ac71a0a8f3d8ba01cb94a42c047d0be7befef52a81984e9a0fa867400082a8905e7a63aaaf85fa32a03d27f7bc6a548c3b

  • SSDEEP

    12288:kUWA3AheuswygKEOKlC0DaWL8ldxj1UT1fzosC2kyINJATi1v2yUQpf84i:kUWqistgKErL8P6VzosCfE6TNpf8D

Score
10/10
evasiontrojanupx

Malware Config

Signatures

  • Windows security bypass 2 TTPs 3 IoCs
    evasiontrojan
  • Disables RegEdit via registry modification 1 IoCs
    evasion
  • Executes dropped EXE 2 IoCs
  • UPX packed file 7 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Windows security modification 2 TTPs 3 IoCs
    evasiontrojan
  • Drops file in Windows directory 10 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Modifies Internet Explorer settings 1 TTPs 37 IoCs
    adwarespyware
  • Modifies Internet Explorer start page 1 TTPs 2 IoCs
    stealer
  • Modifies registry class 64 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 7 IoCs
  • Suspicious use of WriteProcessMemory 41 IoCs
  • System policy modification 1 TTPs 4 IoCs
    evasion
  • Views/modifies file attributes 1 TTPs 1 IoCs
    evasion

Processes

  • C:\Users\Admin\AppData\Local\Temp\eeeeeeeeeeeeee\Malware_pack_2\Malware_pack_2\Antivirus Platinum\[email protected]
    "C:\Users\Admin\AppData\Local\Temp\eeeeeeeeeeeeee\Malware_pack_2\Malware_pack_2\Antivirus Platinum\[email protected]"
    1⤵
    • Drops file in Windows directory
    • Suspicious use of WriteProcessMemory
    PID:2508
    • C:\WINDOWS\302746537.exe
      "C:\WINDOWS\302746537.exe"
      2⤵
      • Executes dropped EXE
      • Suspicious use of WriteProcessMemory
      PID:2568
      • C:\Windows\SysWOW64\cmd.exe
        cmd /c ""C:\Users\Admin\AppData\Local\Temp\C062.tmp\302746537.bat" "
        3⤵
        • Suspicious use of WriteProcessMemory
        PID:2548
        • C:\Windows\SysWOW64\regsvr32.exe
          regsvr32 /s c:\windows\comctl32.ocx
          4⤵
          • Modifies registry class
          PID:2600
        • C:\Windows\SysWOW64\regsvr32.exe
          regsvr32 /s c:\windows\mscomctl.ocx
          4⤵
          • Modifies registry class
          PID:2456
        • \??\c:\windows\antivirus-platinum.exe
          c:\windows\antivirus-platinum.exe
          4⤵
          • Windows security bypass
          • Disables RegEdit via registry modification
          • Executes dropped EXE
          • Windows security modification
          • Modifies Internet Explorer settings
          • Modifies Internet Explorer start page
          • Suspicious use of SetWindowsHookEx
          • Suspicious use of WriteProcessMemory
          • System policy modification
          PID:2488
          • C:\Program Files\Internet Explorer\iexplore.exe
            "C:\Program Files\Internet Explorer\iexplore.exe" http://secureservices2010.webs.com/update/update.txt
            5⤵
            • Modifies Internet Explorer settings
            • Suspicious use of FindShellTrayWindow
            • Suspicious use of SetWindowsHookEx
            • Suspicious use of WriteProcessMemory
            PID:1920
            • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
              "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1920 CREDAT:275457 /prefetch:2
              6⤵
              • Modifies Internet Explorer settings
              • Suspicious use of SetWindowsHookEx
              PID:1848
        • C:\Windows\SysWOW64\attrib.exe
          attrib +h c:\windows\antivirus-platinum.exe
          4⤵
          • Drops file in Windows directory
          • Views/modifies file attributes
          PID:2844

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
    Filesize

    67KB

    MD5

    753df6889fd7410a2e9fe333da83a429

    SHA1

    3c425f16e8267186061dd48ac1c77c122962456e

    SHA256

    b42dc237e44cbc9a43400e7d3f9cbd406dbdefd62bfe87328f8663897d69df78

    SHA512

    9d56f79410ad0cf852c74c3ef9454e7ae86e80bdd6ff67773994b48ccac71142bcf5c90635da6a056e1406e81e64674db9584928e867c55b77b59e2851cf6444

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    a0d6055802faeb0e50ebfbab3e8dfff9

    SHA1

    44259a94d7e94eb759bf11624c897394e3d48972

    SHA256

    dd2c7770404b52a6a85aaae5cb1341cfedcc16eb015f1f979cb764bff70040fa

    SHA512

    71879067007ccb40c365c36059a4379747f2a80e44f0caf2dda4051084d5dd7d27d8bc0d5da4de163423c1d8874d535e8a00d02a3bc4e3789034d881f0ac8f55

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    d06f38521b51b691608730be1f5d5a8e

    SHA1

    429e7d49bcf09454a6cb2889b20890a49cf1a948

    SHA256

    aed8e58f99d977e75a8f2ebe3bdf51ac4fe2bd0a7c4c3b9ff5790f37ac1bdad6

    SHA512

    45aa7b124d8a4c5bba95d7d184646f1070e591193da56467bfb05f152ec6d2040f8b47eca4ef30dedb7f32e42f19f69776452891c7a477702aaad723ddf06187

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    4f58e184fcdb256be98a380fc1df2788

    SHA1

    acb5db8d53a78ebcee32abaaa2d1d3e1cf386815

    SHA256

    952bfb80b18e9c89b8180b9932c4a2238680ff41707239e0864cb7e8f769ec90

    SHA512

    79b0792becb283f38c826bb3c8646af18ca41e103edc6cc66b862790c1716f8c7109423a88749938dc6bf65998e199e0fb89fb708cc31cdab00033ddc1a4e4d8

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    44682cdbf570651c9dbae5019c1a1bc0

    SHA1

    5b15073604496f5a663e238e005c40962864aa38

    SHA256

    ede759e4df1f5a215ee772a18564d21fb6fdf639e7d843dff7360b6f724a3f02

    SHA512

    bdda49d7a4313184363bcdbdd1084ca20f623495a50ea16172dbd60b0c4522b65df71c76bce3bd0d1350dde04d70485f1f8e34ed911deffb0237985335f02753

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    228bc24c32092c75dcf299998246e37a

    SHA1

    44745b174d33b0e49d446d4dc8abc88d61aec053

    SHA256

    637e9007f897a5ee3a1ad220ae665987e729e390fbb74ddcf669ffd1248e4731

    SHA512

    bbd2bc0bf7abaaac68a3151e69f58da0d495db5000d5326f32ff94753ad3683cbca50781a582105eb9646a090d076952ff7d5dfba00f40f56d37e0ab8cf2769c

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    f22b65b890bc7302ddba262c0f5c9418

    SHA1

    ca5c08b0aa879ff68cc9b5a20e8f4c648c6efac9

    SHA256

    81e9ac55b6c4b868c9938c87928f32126bb387de6b8d238712a02acd5bbc0040

    SHA512

    62632923241974235aa6160932ab16540e1c5b4a611cb86b6d0783dd3ded8cd5ae17da078a79d28ed951d20af4b32b3ca3d3e07c596866e69c910dde9a103550

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    a19ef6d7a75f0487c000491dd82d18de

    SHA1

    3a195f1496da379d09029db3a5ce214430ca8ac2

    SHA256

    d2e7ba55491c0b96b5211ad529876245b0303bf9124677efa3976f282c58352b

    SHA512

    3823591356cb984cba5429966670837bd6049dd0a5fb97cee3ba35ac38270e0c8fa36b6f7afd3d90b118b0eeb9eb0b57ec3a448c739f0842677c6687e52b0453

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    17d6d2068ececa5c9e133109095a7568

    SHA1

    3f3b51b96938e92689cebec55763bb7807c51448

    SHA256

    b1fa1643d9c757038c678baa897d8871ad725993f48cf566fddd9cd5e4749f42

    SHA512

    9009f0c095cbfe12374eb2594c0ea005fc8b3cfd0cab215a6d7fc9080d5260e6533fb1e78cfd0a76f200b95e8c9b840f7c1cefb4092c8dd1e6b9a6c76982a767

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    5321bd61d333c3a0e119882919be6f6c

    SHA1

    7ada5710c62013952e01c952863089b6ce22cd19

    SHA256

    fb97d9d7d7acaeeb31d395ed71ff1a45571fa99a5e93fb67266636dbe843e33c

    SHA512

    991ed28ce84cc971d615856286068314a66ab85690bffd0a23c4192111a35d70f530dbe817e82a60d8da9c550e01d1988ca3fb33c228d9d67bd6f80ccbc0aaf2

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    d8f98ebe9c3d183ce753257ef02ff03c

    SHA1

    5344222074ad6d88636c446cdd07b9e74061c5b5

    SHA256

    6aef8f8f594fdd1236a9c01319291644c0eb4d6b0308a47f818c704387601ed6

    SHA512

    995d7befc978a2841f539c90950cb074c71456191951c0b95e27e4e8e32f3908ccf8eb7f8b009476d82cd1fc34a1ab74ff660d98328966c2567275f4bd572b80

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    57fb77dd309b8585a85923a5cfb7d1c1

    SHA1

    a5f5c5461750ded709ede8f13e19173b6bf1d387

    SHA256

    8676f6d659ae414717e4796e1fe27f7428913dfba923a8909dfc7e31814b2e6f

    SHA512

    0e7bd403e814d7a182c4e3184c177e4511537b86711e5fb7258a81da80b1d156e953837036e2665d5a36c7f69790d6153ac4bebc004ea33dc0f62c45135e3a04

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    23ef015d417ab20946cda1d7340575ff

    SHA1

    32a80b20e613a4309fda747de5632fd5cddc38af

    SHA256

    d96878480174101a7d41b0a4d08c470c56600c047ea226942793813bcd644de2

    SHA512

    e6226e5aa395fb94b17f7027027c0109be8cb138c033fbece8e60d8d359446e10278dc49bfdc3e4ee186b2dfbcee540d0e45b424a92449092b7027049ff7b71b

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    d86f2e3ceb0e1a3de492cc5622dd4f43

    SHA1

    a932ce2af9e09b24c73b66180b8f01b603effe75

    SHA256

    1357d305a0ee8cd507e78054fb56b1553b871b5c3601f7f3b701173fd91a0eea

    SHA512

    fa96aaa89e8097cabddec4ae1c49ce914b56a5af4c263030bd56ae2d94b6e4be14b384f838629ab3e18416bc2a825d007f57bb2ceb798f3dac6889ad49ee45be

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    844acfa52c17b0c9c45c1bd45b544833

    SHA1

    5b6e9ba5a64c13f2c5c93185791f51167c4de35b

    SHA256

    06d9a9e5532c4aa2da35daf20c4a5d654bb78ac31042980f3930e0fa409d5dcb

    SHA512

    1c4ed2aa7093a92b3058861872a191ad09f8e50c0c6c5cc082b3f827ce1ce3158903368528e7bfbe9549be0a06ec058a2f5fc6cbcdcdddbb98e86e4fc1b5cf5f

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    dcbd8b848c5398ddfdeeb0ccb530965d

    SHA1

    075aaad41a56729a8206f0ccc2811f0036b46691

    SHA256

    b6198bd1658f59e5bd01e6dd6768435e37d2a01cd6c9b015ab2ed987e2892408

    SHA512

    0192da7c7650df7162179205f0e3bb0ad73c942ae6204529a1d08f9f52b074e9da4c6af3513833a8e2647e9ed76ee34ce2d9d57ce8654f5e3f65a32fa939cd70

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\C062.tmp\302746537.bat
    Filesize

    348B

    MD5

    7d8beb22dfcfacbbc2609f88a41c1458

    SHA1

    52ec2b10489736b963d39a9f84b66bafbf15685f

    SHA256

    4aa9ed4b38514f117e6e4f326cb0a1be7f7b96199e21305e2bd6dce289d7baa2

    SHA512

    a26cf9168cf7450435a9fe8942445511f6fda1087db52bd73e335d6f5b544fc892999019d9291d9dcc60c3656de49688f6d63282c97706e2db286f988e44fd94

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\TarDD9B.tmp
    Filesize

    175KB

    MD5

    dd73cead4b93366cf3465c8cd32e2796

    SHA1

    74546226dfe9ceb8184651e920d1dbfb432b314e

    SHA256

    a6752b7851b591550e4625b832a393aabcc428de18d83e8593cd540f7d7cae22

    SHA512

    ce1bdd595065c94fa528badf4a6a8777893807d6789267612755df818ba6ffe55e4df429710aea29526ee4aa8ef20e25f2f05341da53992157d21ae032c0fb63

    Download Submit

  • C:\Windows\302746537.exe
    Filesize

    22KB

    MD5

    8703ff2e53c6fd3bc91294ef9204baca

    SHA1

    3dbb8f7f5dfe6b235486ab867a2844b1c2143733

    SHA256

    3028a2b0e95143a4caa9bcd6ae794958e7469a20c6e673da067958cbf4310035

    SHA512

    d5eb8a07457a78f9acd0f81d2f58bbf64b52183318b87c353a590cd2a3ac3a6ec9c1452bd52306c7cf99f19b6a897b16ceb8289a7d008c5ce3b07eda9b871204

    Download Submit

  • C:\Windows\antivirus-platinum.exe
    Filesize

    9KB

    MD5

    cd1800322ccfc425014a8394b01a4b3d

    SHA1

    171073975effde1c712dfd86309457fd457aed33

    SHA256

    8115de4ad0b7e589852f521eb4260c127f8afeaa3b0021bfc98e4928a4929ac0

    SHA512

    92c22c025fd3a61979fa718bf2e89a86e51bf7e69c421a9534fbf9c2d5b23b7a9224d0e9f3e0501992038837015214d1ef73b532a68b7d19de559c9ab9c6e5f6

    Download Submit

  • \??\c:\windows\comctl32.ocx
    Filesize

    595KB

    MD5

    821511549e2aaf29889c7b812674d59b

    SHA1

    3b2fd80f634a3d62277e0508bedca9aae0c5a0d6

    SHA256

    f59cdf89f0f522ce3662e09fa847bca9b277b006c415dcc0029b416c347db9c4

    SHA512

    8b2e805b916e5fbfcccb0f4189372aea006789b3847b51018075187135e9b5db9098f704c1932623f356db0ee327e1539a9bf3729947e92844a26db46555e8cd

    Download Submit

  • \??\c:\windows\mscomctl.ocx
    Filesize

    1.0MB

    MD5

    714cf24fc19a20ae0dc701b48ded2cf6

    SHA1

    d904d2fa7639c38ffb6e69f1ef779ca1001b8c18

    SHA256

    09f126e65d90026c3f659ff41b1287671b8cc1aa16240fc75dae91079a6b9712

    SHA512

    d375fd9b509e58c43355263753634368fa711f02a2235f31f7fa420d1ff77504d9a29bb70ae31c87671d50bd75d6b459379a1550907fbe5c37c60da835c60bc1

    Download Submit

  • memory/2488-38-0x0000000000400000-0x000000000040D000-memory.dmp

    Filesize

    52KB

    Download

  • memory/2488-42-0x0000000000400000-0x000000000040D000-memory.dmp

    Filesize

    52KB

    Download

  • memory/2508-14-0x00000000006C0000-0x00000000006D0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/2508-10-0x0000000000480000-0x0000000000486000-memory.dmp

    Filesize

    24KB

    Download

  • memory/2548-36-0x0000000000130000-0x000000000013D000-memory.dmp

    Filesize

    52KB

    Download

  • memory/2568-17-0x0000000000400000-0x0000000000410000-memory.dmp

    Filesize

    64KB

    Download

  • memory/2568-40-0x0000000000400000-0x0000000000410000-memory.dmp

    Filesize

    64KB

    Download