Analysis

  • max time kernel
    142s
  • max time network
    125s
  • platform
    windows7_x64
  • resource
    win7-20240221-en
  • resource tags

    arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
  • submitted
    13-03-2024 03:05

General

  • Target

    c1ae7a64cf7cfe601080a2c2e7038007.exe

  • Size

    2.4MB

  • MD5

    c1ae7a64cf7cfe601080a2c2e7038007

  • SHA1

    8a58668ac3bb71e62a9d76a39d907458b469cf32

  • SHA256

    e039894f87af2776b5d1217fb92f50dd9bd35b1eed2f858e4b8735f7066929ed

  • SHA512

    8b759701017032d64d06d5cfe6ca29238dd178c0f95504a6c3271cf9275d3bcf05bef86dd58cf5129e220f7a0bbd426e462e7d24ba99388fbae6a5bdaa21efbb

  • SSDEEP

    6144:MjkP7Rm1e/xISCnrDAZxZCyEXmF4DFxEVNHhtlyFNJN2AFFqVHt7G0cR+iVIpOmS:MgTR0eptCrDAxE7D4VNH8f/9cNvpXS

Score
7/10

Malware Config

Signatures

  • Executes dropped EXE 2 IoCs
  • Loads dropped DLL 10 IoCs
  • Drops file in System32 directory 1 IoCs
  • Program crash 1 IoCs
  • Modifies Internet Explorer settings 1 TTPs 33 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 4 IoCs
  • Suspicious use of WriteProcessMemory 32 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\c1ae7a64cf7cfe601080a2c2e7038007.exe
    "C:\Users\Admin\AppData\Local\Temp\c1ae7a64cf7cfe601080a2c2e7038007.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious use of WriteProcessMemory
    PID:2736
    • C:\Users\Admin\AppData\Local\Temp\keygen.exe
      "C:\Users\Admin\AppData\Local\Temp\keygen.exe"
      2⤵
      • Executes dropped EXE
      PID:2112
    • C:\Users\Admin\AppData\Local\Temp\Installer.exe
      "C:\Users\Admin\AppData\Local\Temp\Installer.exe"
      2⤵
      • Executes dropped EXE
      • Loads dropped DLL
      • Drops file in System32 directory
      • Suspicious use of WriteProcessMemory
      PID:1156
      • C:\Windows\SysWOW64\RunDll32.exe
        RunDll32.exe "C:\Windows\system32\dialvcs.dll",DNSetup
        3⤵
        • Loads dropped DLL
        • Suspicious use of WriteProcessMemory
        PID:1960
        • C:\Windows\SysWOW64\WerFault.exe
          C:\Windows\SysWOW64\WerFault.exe -u -p 1960 -s 284
          4⤵
          • Program crash
          PID:2240
  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" -Embedding
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:2632
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2632 CREDAT:275457 /prefetch:2
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      PID:2748

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    f89dc0a4fc6e19c039ea285e34dd586f

    SHA1

    4f2f31aa4b5826709baa93aff5bec5034aee30e8

    SHA256

    8a3cbcff23d9439d9fcb1544327ad34fe6fcc5bfd3360902f99ed96d94489fff

    SHA512

    0418fa2ab40261877c57dd49f7d0418e741ecbb127085a5b0205433312bc30da90325d73a46d717d73fcc62e3be0b9273f52038393e7821c65c5ea71fc1a0cf3

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    1d4b94a6757a23d741fdc48156c47d65

    SHA1

    41718c2bde64aa2a93e92a475fdb6ea115315772

    SHA256

    d4b04a3010c4ab6381290c10dc354121acfaddd49354628630fbf5a057c4dfbd

    SHA512

    b52f8f1cb6411db5fb097273191e1442f63873be0d333432f7454d6f2b8e05946d1c5a82e8b7cd35fde72e2ee3001e46fd867d03420505214a11ca8bd6486fbf

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    b49d7bc522bcdb1fb07e3d6019d12341

    SHA1

    a8aa211f107d69a33b2c39b05064d10c3efc0703

    SHA256

    05206bb6ba30576fdd9295eb605721456660795a2e906bf191eafff3be9ea9e4

    SHA512

    54214878e1bd98f7457254ffbad31348358de1f30ac9ef6c3bccce71f21d199fbac297365444dff10a6ad75c66239b83574916b967d71b9d0448581e6febd865

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    01d67bb735cca3da42eec04c5a4c7de0

    SHA1

    96ed32e11400170a08255bd81bbac6fd1f9c5eca

    SHA256

    9626991ad1d7c4faad749d7bb8955781a00305690b3f35c6f923573b34b8105f

    SHA512

    bc51951cc256fac90da01fc342d0b5726fbebff098b82132d01ef879a526820ae2582844c1f6ce800e2b18fb585a449977b7ac949ba2a7f4e0267c26756926b0

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    3a657b975720fa3133aed7a28ae8923f

    SHA1

    5786601fd3503c24f46fa78602f5abb4ef988bd8

    SHA256

    affcb0618210f9e5e58df9ab50dbb7c9ca0e2c93088c2995f91023fd4d3fcb4e

    SHA512

    e2714f96b6d9d64a23fbc814a07896b2749460c8628ce682956f9ab84585414ead29435893e2419644e7bc3071eca0e8f4b169eb21c2ea16462d362874bfec85

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    00b5e3dd0eab9baaa9d33b925330a82f

    SHA1

    6b84595cea4f5b0e7e929624ccd2c9fa8d8191dc

    SHA256

    8fb85e201d8400a062c24ec71a69723f55a420f97de596f6542be9dcbca78499

    SHA512

    936e5bd29ac019601fc629f934e11ae363256902f251283c2744259cbfa95d3a090a6217c1d773eae5fbb4aa13608900fe4c3215638a3dca6c36ae4637774162

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    b06ced036cbb818ead366c8fb87828c0

    SHA1

    65586ff82e0d50d2a843c871421cd6c8fc14aa91

    SHA256

    e3bb8ceffe76afd527aeec7a97b93d0db33ced71df238eb2294876085b23da3b

    SHA512

    82eeb24b61e5b340a4c0b0a2f0f42d5a3ec93736d96b63d8a5efd8f2829a7b96b16ade8e68058ab7018beb5e3cc695ada05b1c699020751b6a0e66259d1ff176

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    2215cc25ec1e6ba266dcfa0aa5109f39

    SHA1

    53fb9a32af240c7c98403f91d02f6a823557d648

    SHA256

    c2019bd6f6454c5394d3fdd75b6db317ef708a77c9291cbe4a614001d776c334

    SHA512

    ece570bd979846dca7e484c82d1b14e14d9cd104ba42634540a8d0a7dfcc4a7a0343ad6b9ff71d796d0bbb13d25c05b3ac88b34d2930f2160402499c8e2a0b82

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    dfd32460d35c38602d948bc19dbca0db

    SHA1

    5b59fa1e4579bc9a43941edbc4c1f4791ef8f4fd

    SHA256

    0347102d02ffaba70ac398f2e31a449d63f628ede95cb1acf971466facbea349

    SHA512

    c7a055e52371f8c1a2f69206c8d78037666d9c964b9958fcda341484eb61818b6f879705e0c3a546fffb226f11f497a5c219c1ce8d92512b1ea6aae757dc643d

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    3afbb73c719a65b716cad56cccc056f3

    SHA1

    429b6b6e74570c402e1ba6ac2ea29cd5bf7d0704

    SHA256

    765fab2b2c6802f99c085a353aef5b1e8e36fafddfa4f66ce197e44d03f3859c

    SHA512

    e5d9b1b7e26feb62594b6e4e6c3a5ca6f925218afb176d974e34fd873e22a2b39b4ce084fb0f213ca7113a4c1edf580f5689d8666f690bfc2149c8fe3386e9f3

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    798377dc8253c0a58b32d4a4977765b2

    SHA1

    3d53fb09f46dcc63045aa68e055776cf91903766

    SHA256

    dd290200bec485a2dcf1c94661f6762c415a58dac659c97e7d4acc01e63132a7

    SHA512

    1061eb01d1d220f6f87ecc5f5ae4a883bc85ad62bebb370b1a56a9fb6dcccb6e9d4488c3c73f45a198a72fea5619e235b5dd7b435a8fa398856167ca0893058a

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    8c47a65f5d1509d85380861a5dc27b18

    SHA1

    e685510982216ae6eba6ec9544010cbe8dd84e11

    SHA256

    b13326a1d75f3187262af8593290a66a435314a242f23357ce5a2f4166f13e19

    SHA512

    ef704719db93b62eb92173cb32445a6eee7b995e5729641aa2c85b3269361460d5a34db69e155bab3a938915a9d8015e5cc277c2389b639247fda788ba11bd17

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    339fb5bbac55448aceed997308a04bb2

    SHA1

    7efdf991d688cb46a0b034eb9ef05cc6b1a1163a

    SHA256

    00c2726725867896f716128e56b64d9d43de44bceec8f0994d7f8fd91ef7fe14

    SHA512

    c6f4480a821612f35917dbd83fbf2df640694e8cd8871dfaf6f627cd002918f2aebefe27c48dd0faaba06864ff5715286a10f46f38bd18480f395db4f2d89791

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    ae9f8144ff341f84ff6ab5210daf2546

    SHA1

    a4d0b11f42f1b03b43e73b5ca41a50286463c801

    SHA256

    e441ad9852b0d6e973a2a41344599c0743e8585462969dd0b46ff34cd483aca0

    SHA512

    0152460a248504caa463e237f4115b4505c51dd0309d709f688037bee2a3bc7e69278686f639ce4b303e47e4471954e6c880b4e9e498ba39bb79e23f49b90b7e

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    25e1c3968f01de0e4426e32f5b1df210

    SHA1

    0cd9535964fa14328521607c4c82c10c1097de82

    SHA256

    9fcd60f35b623c67ed0cfcbb706c472a090fcfffb5966a23435fef25a39a318f

    SHA512

    1af3af6870dd8575659c91b3b6f1ace07cda9b17469435b4b2429475b63c0ecddaf3e2a363078158721752ef5215ade42cb99d6254e8217ac59143e5b1c44249

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    7dd8e7a5de008b62294dc98cefcffd5e

    SHA1

    4b3ea48cd25236fc2e7d2d7f2b95176886edc3a8

    SHA256

    5c626b06c1ebbb8bf88424d2250c0f6dd11db7b2065a3b6bb89ef16fdb515142

    SHA512

    cf4c350b511d16b7b8195e12778a7e7da7cb055f1db091307e492efb3d95a35103caaa939b768a35536280ab2ffa63c13b034bae7c1c5d698382e38c7e298016

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    34e5a0bfd34b0ba6687695561b352a4f

    SHA1

    4d876dec66ebd2b676bf048bec8b60f386841da4

    SHA256

    f2f4ee05e144df0ac7a1e66287fbf8ac5817112c2e54d3ac8e544da334b10391

    SHA512

    133454b2ffd74fac6d6e2af29840af0cd1a2158b78978638ce008808647d62db04a4aaf0653019aefb63926146ad8f7c9d4133b3a3dc231e5fa46d9cf6ed30d0

  • C:\Users\Admin\AppData\Local\Temp\CabD720.tmp

    Filesize

    65KB

    MD5

    ac05d27423a85adc1622c714f2cb6184

    SHA1

    b0fe2b1abddb97837ea0195be70ab2ff14d43198

    SHA256

    c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

    SHA512

    6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

  • C:\Users\Admin\AppData\Local\Temp\CabD80E.tmp

    Filesize

    67KB

    MD5

    753df6889fd7410a2e9fe333da83a429

    SHA1

    3c425f16e8267186061dd48ac1c77c122962456e

    SHA256

    b42dc237e44cbc9a43400e7d3f9cbd406dbdefd62bfe87328f8663897d69df78

    SHA512

    9d56f79410ad0cf852c74c3ef9454e7ae86e80bdd6ff67773994b48ccac71142bcf5c90635da6a056e1406e81e64674db9584928e867c55b77b59e2851cf6444

  • C:\Users\Admin\AppData\Local\Temp\TarD811.tmp

    Filesize

    175KB

    MD5

    dd73cead4b93366cf3465c8cd32e2796

    SHA1

    74546226dfe9ceb8184651e920d1dbfb432b314e

    SHA256

    a6752b7851b591550e4625b832a393aabcc428de18d83e8593cd540f7d7cae22

    SHA512

    ce1bdd595065c94fa528badf4a6a8777893807d6789267612755df818ba6ffe55e4df429710aea29526ee4aa8ef20e25f2f05341da53992157d21ae032c0fb63

  • C:\Users\Admin\AppData\Local\Temp\keygen.exe

    Filesize

    205KB

    MD5

    11ce7ea3ed860d80bbcfcb2ea4f64dbc

    SHA1

    cf1d06559064baf05fa564961314ed48b59fb3b6

    SHA256

    f8f1095d4f4e100fdb16dd37372f674fd94148591f9e404a6956c0b8b48611c3

    SHA512

    6addfceedffe634b98fc626f887d262174bd5b3b2f4c1bd33e483158a8d606dae3f3e4af0618c535f7de7eaeccdfbe42d3fedbe828cde1bb6882d7eb4ce79493

  • \Users\Admin\AppData\Local\Temp\Installer.exe

    Filesize

    104KB

    MD5

    bc457ea42343424a007c0f6461e723f0

    SHA1

    08db7bd69e151fedfc7eab478526bb0bff864546

    SHA256

    0f0be347d6257eb2040f7002fba114538fef277c37fb192699540f81ada91c8b

    SHA512

    d213addeefc60588a22ad3d14dd11862af5aa9aaf26ffcf9edd24772669b6582eb155d463ff97575dc122b3ec615cf39461e8f7a816bc0bdb60e7eebc962a714

  • \Windows\SysWOW64\dialvcs.dll

    Filesize

    76KB

    MD5

    297a7d2e968eef68ca1fe5c5ad21a648

    SHA1

    9f06ea9814ec82585efa23a401ce97d1d139000f

    SHA256

    c7998599bd29e96a919d713accd0b2b17c5966c0f9fcfac5582bed0fd61a4ed1

    SHA512

    b1d5212c4ad6e0eb233c9d2b0e908be101f6cb1a3008a8593488fcb7f9b5eb3e699bc564c9f9123827034f5b4046b3f931471e3c1fd167188c5f7af6a8ce8a56

  • memory/1156-29-0x0000000000420000-0x0000000000422000-memory.dmp

    Filesize

    8KB

  • memory/2112-25-0x0000000000230000-0x0000000000231000-memory.dmp

    Filesize

    4KB

  • memory/2112-22-0x0000000000400000-0x00000000004D9000-memory.dmp

    Filesize

    868KB

  • memory/2112-37-0x0000000000400000-0x00000000004D9000-memory.dmp

    Filesize

    868KB

  • memory/2112-38-0x0000000000400000-0x00000000004D9000-memory.dmp

    Filesize

    868KB

  • memory/2112-28-0x0000000000400000-0x00000000004D9000-memory.dmp

    Filesize

    868KB

  • memory/2112-519-0x0000000000400000-0x00000000004D9000-memory.dmp

    Filesize

    868KB

  • memory/2112-27-0x0000000000400000-0x00000000004D9000-memory.dmp

    Filesize

    868KB

  • memory/2112-26-0x0000000000400000-0x00000000004D9000-memory.dmp

    Filesize

    868KB

  • memory/2112-44-0x0000000000400000-0x00000000004D9000-memory.dmp

    Filesize

    868KB

  • memory/2112-24-0x0000000000220000-0x0000000000222000-memory.dmp

    Filesize

    8KB

  • memory/2112-23-0x0000000000400000-0x00000000004D9000-memory.dmp

    Filesize

    868KB

  • memory/2112-36-0x0000000000400000-0x00000000004D9000-memory.dmp

    Filesize

    868KB

  • memory/2112-18-0x0000000000230000-0x0000000000231000-memory.dmp

    Filesize

    4KB

  • memory/2112-17-0x0000000000220000-0x0000000000222000-memory.dmp

    Filesize

    8KB

  • memory/2112-1003-0x0000000000400000-0x00000000004D9000-memory.dmp

    Filesize

    868KB

  • memory/2112-16-0x0000000000400000-0x00000000004D9000-memory.dmp

    Filesize

    868KB

  • memory/2112-39-0x0000000000400000-0x00000000004D9000-memory.dmp

    Filesize

    868KB

  • memory/2112-1000-0x0000000000400000-0x00000000004D9000-memory.dmp

    Filesize

    868KB

  • memory/2112-1001-0x0000000000400000-0x00000000004D9000-memory.dmp

    Filesize

    868KB

  • memory/2112-1002-0x0000000000400000-0x00000000004D9000-memory.dmp

    Filesize

    868KB

  • memory/2736-10-0x00000000002E0000-0x00000000003B9000-memory.dmp

    Filesize

    868KB