Overview

overview

7

Static

static

3

bfe1b4c3b2...4d.exe

windows7-x64

7

bfe1b4c3b2...4d.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    148s
  • max time network
    151s
  • platform
    windows7_x64
  • resource
    win7-20240221-en
  • resource tags

    arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
  • submitted
    11-03-2024 04:46

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    bfe1b4c3b2f7eb3bb3324e8357762e4d.exe

  • Size

    72KB

  • MD5

    bfe1b4c3b2f7eb3bb3324e8357762e4d

  • SHA1

    413b141b8a9c555f777b7c8fe30562d52a985f81

  • SHA256

    11de5164e05ed46d249ca3afcbc96d829a8ee47aa8ee5d87c75c617682b33a0b

  • SHA512

    9dab6b7b0b28a5b1c1b401995f07da90afc4eb520a0fcb8d2649a980d3f92aa1257dc0377821d5c5d54873922e264ac7b9bb4844b576e2df6d283dbfb889b56f

  • SSDEEP

    1536:Uv2QCWVCm9oDXIxBmqIDv1GOJgiP0UOv67NlS:F8VCmODXIxBmqIDv1GHiPyvQN8

Score
7/10
persistence

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 2 IoCs
  • Adds Run key to start application 2 TTPs 1 IoCs
    persistence
  • Drops file in System32 directory 2 IoCs
  • Drops file in Windows directory 7 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Modifies Internet Explorer settings 1 TTPs 36 IoCs
    adwarespyware
  • Modifies Internet Explorer start page 1 TTPs 1 IoCs
    stealer
  • Modifies registry class 1 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 8 IoCs
  • Suspicious use of WriteProcessMemory 12 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\bfe1b4c3b2f7eb3bb3324e8357762e4d.exe
    "C:\Users\Admin\AppData\Local\Temp\bfe1b4c3b2f7eb3bb3324e8357762e4d.exe"
    1⤵
    • Loads dropped DLL
    • Drops file in Windows directory
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:2280
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" http://www.35.ah.to/
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:1676
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1676 CREDAT:275457 /prefetch:2
        3⤵
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:2856
    • C:\Windows\system\taskmgr.exe
      "C:\Windows\system\taskmgr.exe"
      2⤵
      • Executes dropped EXE
      • Adds Run key to start application
      • Drops file in System32 directory
      • Drops file in Windows directory
      • Modifies Internet Explorer start page
      • Modifies registry class
      • Suspicious behavior: GetForegroundWindowSpam
      • Suspicious use of SetWindowsHookEx
      PID:2528

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
    Filesize

    67KB

    MD5

    753df6889fd7410a2e9fe333da83a429

    SHA1

    3c425f16e8267186061dd48ac1c77c122962456e

    SHA256

    b42dc237e44cbc9a43400e7d3f9cbd406dbdefd62bfe87328f8663897d69df78

    SHA512

    9d56f79410ad0cf852c74c3ef9454e7ae86e80bdd6ff67773994b48ccac71142bcf5c90635da6a056e1406e81e64674db9584928e867c55b77b59e2851cf6444

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    af8f53feadd541e72f63fadf5b9a5c1c

    SHA1

    27b51ef92ae7b10a4a3f3ada0bb92c17ff973976

    SHA256

    e35aca611adbc04aa8d47fa44143c8ed20901adea455b2fbb045a079e5f2d55f

    SHA512

    121e83dba1b4933903031b982916cf1337d1051dff18ef0374be7952e0dae6328d7cb7338c1a5952b2d914d5513e420eab5c9bd4dfd8090d6b246552fd8dcd41

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    8d956cc07c63ac5699ddf4d28957bfd2

    SHA1

    743201423b4069ff4596a15fe94bd916e63e8c90

    SHA256

    f602d901c3bce516f910f9fdb291810521ba5b2fa8b9dd8a16bc2c1d49135342

    SHA512

    6b15e6598437552ccc33684f162e795889d1faa9d0789f9fbc1a5cb5936804444de90eed5a131994583e00f740554143dd199231c3f5d4f6e3b38b387646f94a

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    0a57ab83998f52f55a9b0ada445f8a16

    SHA1

    d8b5b5997563b84cfb0e3a284a09b74dbcd92d2d

    SHA256

    f35af395db4a68acb140fc292d2aa463740fc8e2f38dcf57879cc377366d8598

    SHA512

    41ecab71742eadfbfa692f943f01660173139a2ec55721effabfed0400553dbde6946494626496dd2aa612b75104039eb54d6f5f3958d20e3e0c0c0c82a606a1

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    11a08e89215d73b30a66fa39af003018

    SHA1

    40ed5fcc3bb54694b765f761459af8ac24a40f6f

    SHA256

    ffd61373dc312acf6f1c2782b1f406965b8513e7e72d8eadae82c0b42a64cfac

    SHA512

    d9130e015221ff886cedc9940b359bfe6a15a73e994e1c7cd5bef37ea88b4c895efcc74b9a6132fc4ac296fef0ec9788d74ba83d9dedeea7761150bb5d718889

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    d938a0c6685094f16e91a410bff3a782

    SHA1

    f7fcae1250cd1b206bae49833cbb9a8675dabc09

    SHA256

    8844fccfec195275642e654c2e36075cc7a9b8bd0fc637b6b31ef2388675fc97

    SHA512

    7fc18f0ef13b6837876615489d460da0a0413c9f63bca12b9866598dfe64afc673502e339805c1fb173970661c43973ba3f4c128fbb43dc0ba75b12d93727052

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    f7066a91edbbb673cbcd02b486985ae5

    SHA1

    0ad0ea3fbb7a77aa84fd7013d6980bd2c25bfe2d

    SHA256

    8d0ea5ca21491209de0fb5d037075a99ef26a2bae1eadf001417bb17d2ae2f7d

    SHA512

    e44743ec395c4f66ac44c991b8f3691dc08071c597d02ac39e21e7ec8f151d835c33304df1cb9b70a3fbc7f33fd861d821580289766fb732fa831a6c88f18661

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    1d4a6b64521400dfe128f1f31cd5ee3d

    SHA1

    0971cd7d51bb39c906f2d74ea1df1a3abe7046d9

    SHA256

    4b0d90dcbe46f8e19462bf62faba655f2db4f5f63b5a9c38f0d57931e9398054

    SHA512

    04eeeb22d9aec2c667defa40aaa7f36531cae8c71cde328cb1cef624386ed2e29152188dc9bcb3d983e1af55381241bcbe6035a3a0720aaef33ce747fdee6711

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    582a39666098612a122549d3483b15e3

    SHA1

    82a1f1b246ecc7bb7d1c18d8af0b2c30bf7e2e54

    SHA256

    396e86050172190e219099b10a160217920e0b9ce5aa6b7e41c9fda11e3d1833

    SHA512

    7c33f9a277038b993c066bd0cb3cb407b705d545d5cfca0eb5cf666aff8d55cc0cdbc1d8e6b4a044857cce001bcca440d2e18f7e1407c837902bbdd5e9b7b8bb

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    4181a1d8c8e682437b11da30a8a71d58

    SHA1

    ec333d8994131d7d48662fa82bc790936465f573

    SHA256

    a713b95e6f75717f439032af75d179264e90ce00bbf05b20c0cc5b4c14caca06

    SHA512

    841f2cbddf0ad25e0823d54f27c04e8a93ef02bfe21a2dfafdb4945ad3a8a612cca02aa31c6b7b7bab5a930329e3261efb1d4378155133feec2778f73ced03e4

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    432df26590f5e445efc6006f06bd2ede

    SHA1

    b4b5b3a4a28e9ed28bd3c2f2f6c955d376284fd8

    SHA256

    884790173280c8989314618dbf988ff1acce72ab0d8607dd3ca7f6f0ea5f5a69

    SHA512

    9f6844a03b523c049c20624aa189ecc2b319f604037c7788b3fdb787093dede55887a4d42e2bddef00aab014af7ec50c5b8e82a688e3e80da854826085419aba

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    e5437577027d8cdd0e3479d882a87937

    SHA1

    9b2e14fac2a3cf42db472fb2830a2fa141b1c416

    SHA256

    94f9e8442ce9453389d7ae43983500c60fb5cebefe814d7f31f02c280131c43d

    SHA512

    0e3314010ac8a88b06fd7f1296a7cdefb17abb5fdd531cc6a7a4ad5f6658b9a93d8eecbbb518fff7990eb88b70da839e4977a3eca454bc32056c9df910dbec2c

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    8a56fb24d8d4069f7ee603c6c0fc9dac

    SHA1

    3c176643e39d8a345c1cfbcd9898494130dbd22f

    SHA256

    fe9d2e8684170c5008f463328f68818b30462f237fbddd4778813081f7b89ca6

    SHA512

    75c6a4711c9b986655b08ff4ee2384d353c8d2721182f825117a61f6e38570212444cc78768201d683f2620d8de3909d7b01fb9cc6577812b47f65d8810f899e

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    df9f1a981f89c7feb54a9f4e95834add

    SHA1

    fdaaefa318ebbba37f1250140aad54482703ceca

    SHA256

    f79a872cc1fd5ab6e65c775078d7bdc76bac421bcef9cdecbace7cb197d473f6

    SHA512

    d72675bf8d2ac66ad547abfa0d0bb2c1b75fba37cf77d9d146daa937875ef502481b21d62e9852a9797ec1d619c350987a6e37bd49a5a3a4f2407852693d1dd4

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    76dc63fa0cccf47887b9eb20062eb9b6

    SHA1

    92565a77817df2009a60d2e0fcb6246d2877153d

    SHA256

    402bad9b3b2fbffc93cf0a4e7dc17030f90b51594fb88d54e07245f84d2d1d9c

    SHA512

    2f50471dab081ddff360beb0e5806e8c72498695bf334512dfe9e8b85b25916c0a09e7776481cdc1fd764730c02b95d33bb0a053e58003afb53a5bb8e7bbe7d0

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    91398c490637f0fed301f0f9a6678ae7

    SHA1

    739a10f3475b4658a5e7f47cfa356c6661f8a7f3

    SHA256

    6cf745e756c4113699faad3b4e6b68453deff9f701f484221e5fff8aebc9aa02

    SHA512

    e78db17dc7d244cf3f2d82bbab53aa56bbc5a8a0a90a3c35508b2ad375cc5621c855474040524b50dba702ada91db48ac134258d4f8b728a8c37fe4c4285322e

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    8b5be2f96879171d5e09949c2d8a6bd5

    SHA1

    2fb7942767922df7b657a25a6137c1730857471d

    SHA256

    87f8c574fd1ba432e943e04b8b3230db0e8fbb8bd8de1de690b8eb64d5acd85b

    SHA512

    a461af598efc512300752af07dd4e7b3ab7597f3708ead6ab834b348a278a78bf01bf96e5a8644b84328613d0f08fedcca22a899c7b981ae0a9d7261457d07b5

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\imagestore\5dcsbzd\imagestore.dat
    Filesize

    2KB

    MD5

    6818e8cf6bd49371c8a54846f3f14439

    SHA1

    d874f4c4c4206733d71ec0533b42056d61282309

    SHA256

    675c2491db334c20e44a6d4265550cb3324512a33ed69a689de2b166d8b817e9

    SHA512

    0f5f1fad7fb6a893d5aa92bbcb45a1b947108008f8b47b092e818a64ec1fa9315fb6fe2f3afe630b3d1eacd4a66f5830a0b131663a58022b7c119b0f722fa5a0

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8HPZEQOB\favicon[1].ico
    Filesize

    2KB

    MD5

    f2b560a9c898b429f6c5a9c3184972fa

    SHA1

    0e95de4f680c7fa0756080e6557a7fc2f6ab35c5

    SHA256

    3416f55ce995ca1dcf0ec8c5635645d2b96f6f23b8ef8e976f9e3373f37f9d1d

    SHA512

    04a2ee7309bb66c92c47d5d94e49fdc694316b960fb00e2599dfc936a097b3c038983baf2d402aa5d5d47138ae2b25a7918a04f521d5afaf112045adfddb9bda

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Cab7958.tmp
    Filesize

    65KB

    MD5

    ac05d27423a85adc1622c714f2cb6184

    SHA1

    b0fe2b1abddb97837ea0195be70ab2ff14d43198

    SHA256

    c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

    SHA512

    6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Tar8AAD.tmp
    Filesize

    175KB

    MD5

    dd73cead4b93366cf3465c8cd32e2796

    SHA1

    74546226dfe9ceb8184651e920d1dbfb432b314e

    SHA256

    a6752b7851b591550e4625b832a393aabcc428de18d83e8593cd540f7d7cae22

    SHA512

    ce1bdd595065c94fa528badf4a6a8777893807d6789267612755df818ba6ffe55e4df429710aea29526ee4aa8ef20e25f2f05341da53992157d21ae032c0fb63

    Download Submit

  • \Windows\system\taskmgr.exe
    Filesize

    72KB

    MD5

    bfe1b4c3b2f7eb3bb3324e8357762e4d

    SHA1

    413b141b8a9c555f777b7c8fe30562d52a985f81

    SHA256

    11de5164e05ed46d249ca3afcbc96d829a8ee47aa8ee5d87c75c617682b33a0b

    SHA512

    9dab6b7b0b28a5b1c1b401995f07da90afc4eb520a0fcb8d2649a980d3f92aa1257dc0377821d5c5d54873922e264ac7b9bb4844b576e2df6d283dbfb889b56f

    Download Submit

  • memory/2280-0-0x0000000000400000-0x0000000000412000-memory.dmp

    Filesize

    72KB

    Download

  • memory/2280-18-0x0000000004360000-0x0000000004372000-memory.dmp

    Filesize

    72KB

    Download

  • memory/2280-20-0x0000000000400000-0x0000000000412000-memory.dmp

    Filesize

    72KB

    Download

  • memory/2280-15-0x0000000004360000-0x0000000004372000-memory.dmp

    Filesize

    72KB

    Download

  • memory/2280-6-0x0000000003DA0000-0x0000000004018000-memory.dmp

    Filesize

    2.5MB

    Download

  • memory/2528-33-0x00000000001E0000-0x00000000001E2000-memory.dmp

    Filesize

    8KB

    Download

  • memory/2528-521-0x0000000000400000-0x0000000000412000-memory.dmp

    Filesize

    72KB

    Download

  • memory/2528-19-0x0000000000400000-0x0000000000412000-memory.dmp

    Filesize

    72KB

    Download