Overview

overview

8

Static

static

3

c66ce24b69...e0.dll

windows7-x64

8

c66ce24b69...e0.dll

windows10-2004-x64

8

Analysis

  • max time kernel
    140s
  • max time network
    120s
  • platform
    windows7_x64
  • resource
    win7-20240220-en
  • resource tags

    arch:x64arch:x86image:win7-20240220-enlocale:en-usos:windows7-x64system
  • submitted
    13-03-2024 17:07

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    c66ce24b692fb5c566f5a15b49711ee0.dll

  • Size

    63KB

  • MD5

    c66ce24b692fb5c566f5a15b49711ee0

  • SHA1

    7a1d778c685fe5f4f50256f3539d6340ed052a1c

  • SHA256

    ec5306c1b6ee59026f26e14c270054f948d0b69e8e607935154d1157c2a2da3f

  • SHA512

    32497f149819f8982627786ebd96be4a743f1c9d052a7cdf099401a717658336e22bc41be3a5e11c6f787db90e2b9f1a8763caf6dae8256625e22b2463ff19fa

  • SSDEEP

    1536:plSuzaGMnbag25kW7ft/klN3OK5PbkGma:7TUbaglWz+POK5Tkx

Score
8/10

Malware Config

Signatures

  • Blocklisted process makes network request 2 IoCs
  • Modifies Internet Explorer settings 1 TTPs 37 IoCs
    adwarespyware
  • Suspicious behavior: EnumeratesProcesses 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 4 IoCs
  • Suspicious use of WriteProcessMemory 11 IoCs

Processes

  • C:\Windows\system32\rundll32.exe
    rundll32.exe C:\Users\Admin\AppData\Local\Temp\c66ce24b692fb5c566f5a15b49711ee0.dll,#1
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2960
    • C:\Windows\SysWOW64\rundll32.exe
      rundll32.exe C:\Users\Admin\AppData\Local\Temp\c66ce24b692fb5c566f5a15b49711ee0.dll,#1
      2⤵
      • Blocklisted process makes network request
      • Modifies Internet Explorer settings
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of AdjustPrivilegeToken
      PID:1788
  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" -Embedding
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:2468
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2468 CREDAT:275457 /prefetch:2
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      PID:760

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
    Filesize

    67KB

    MD5

    753df6889fd7410a2e9fe333da83a429

    SHA1

    3c425f16e8267186061dd48ac1c77c122962456e

    SHA256

    b42dc237e44cbc9a43400e7d3f9cbd406dbdefd62bfe87328f8663897d69df78

    SHA512

    9d56f79410ad0cf852c74c3ef9454e7ae86e80bdd6ff67773994b48ccac71142bcf5c90635da6a056e1406e81e64674db9584928e867c55b77b59e2851cf6444

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    9a320ce3e06c4b0190e5af3e51171827

    SHA1

    de03144430965527435dc20df038aaa170e97f56

    SHA256

    c0aeac9d8a376a1627254a6c38eb57e3815d13515a6de1fdedd30bdee01c6be7

    SHA512

    9ca383f33dfc42d65310da213076e374b3e92daf380b2dd93d1aa8fe8f565e97f193bad8e3e1580ee3261289401e595a2a13fc4a3fe085e3bbecc792141a280b

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    653a0fcaefc8dbe652889d2643d05cfc

    SHA1

    1749fdc6477f2bca5e52fe998ca3d39160c015d0

    SHA256

    cfff5056fc23d9c6794c7815f20d7f778f03a098c90eb718f1689ad94ed9336b

    SHA512

    5e5130c8cf13acfd69ff788d8c93e9220cfe60bdc52e6c8a0d159c052e5ef5f1208bada935739c73003de73c1a71aa62abd713805fb81504bcb90965b6fc7717

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    557fc70a42fe88ddd532172430e450e9

    SHA1

    506236ff154cd4e6f9ab8cf87cef03bc81f79767

    SHA256

    88d49a5a97d2a2b84a76ed300e745ea23feecfa15453e0a0ae30fce42df2f1e3

    SHA512

    0bf74d9c963c65cff5cfd4a6399817809c72427f0a331d10ef9894ac461ef96f075cb4a5214f6069cf0be21744fb280eeb32925d74946a53287213865dbaf62c

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    c9d11dd6698ddf4bb37ec67996369ee0

    SHA1

    1c717975c898d749bd3257c4a3e4910e9d41f0ef

    SHA256

    90f01af06905b1fd4b0ed4fbf2d22549f048b55abc88d9c0ff75363d81064b9f

    SHA512

    56db88faf51385f0e74c7827898a7aff81dde6eae57925f0e55c0a5efce1667b889bff3f2537601d1e2bcdb7c455ff254842fa0f8478ab390cdad010629800c8

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    5dd4882047b5b79a52003b99a07dc5e1

    SHA1

    51d97cca3c914db86f3929d140e6fbc9b07b36c9

    SHA256

    dd07c7c46ff3ea5f6393bc923e5e44d891899b8e9c078e1c35831c4f872738a2

    SHA512

    b23b16b73f91e038542dd17255f83586c92ede3377ed174ae2714bbc3f1ca728dce29618316e189405ce79a06318d20ba986c53a12a50fa3d4f18bf10eaca688

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    e91bc846588b211bda4ce97c0102d33c

    SHA1

    6c4202709b519c30813a9de5697a431bce6ba6bc

    SHA256

    08fb89bef712b4db67a26b4421130f36f21559435a1f15ea84f73d109632b0df

    SHA512

    09d16d865f223b92e5812b438fb6ce183451c6431b55b7c473a724d89d7027306d83da17e5a9122e6acba3e715fe1a23d9f47538cbfe2f6185f4661e0a2078ec

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    0297409b8f4e9894807e96a75424177a

    SHA1

    65470e9a4db2dab0129fbf9ed0dfd9a7b845628e

    SHA256

    cf22fc6ebb8a7af4f006156d7bacb5bdc70cf882a13b374515bbce0152e66a37

    SHA512

    d699631a51af34f8f1a8ee12d4b2d2042278fe8039c0e9651727e67efb4cfd3d32b793a43d821c69c7186ad823fed34d67b97bad5aac2a3a80acf8e2e4986151

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    7af2e9c8b337c9a40db029946319d12f

    SHA1

    c76849e2b4609e93fcede74f1e1f41afb96268ed

    SHA256

    25868abfdad04ee17494dfe859d51b29f4030836d0487099a918b1168aba0523

    SHA512

    5ea5c0679baffeee817c0eead87e73196e5bab657823aba71873e45c8b4c6cecbd7eaf5f2556ed7cfcf38d77ac8cb3cfefc610c03fae42dfb38a8f24bc98ebdf

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    0dde0dc5398c85ed664f22e535c5bff4

    SHA1

    77d22c55393e938c77e8e064f416a83f754dfe5e

    SHA256

    89cc6ee983bc78cf809eeca783d9082cec0fa9ad332a712e1886f8e8f7cc9df3

    SHA512

    432f982fb8263f52b5b494c30a8e558a1f557776c3dd2df19371dddc4327aebec23b23feeff4350943dd4fe3cfe9fbe8b7ee013214f1c16838f4fb9cc9844df3

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    fa45366f0754cd814f3f31550731b232

    SHA1

    4a7c9117ddc09074b1afc179096d799aad42c845

    SHA256

    bacb9c060e6e86514c29f274fc280b5937673785509ac7ea309bd55e38428744

    SHA512

    daeb7f6d66f8c4c290aa3c89943321504dde7589de2901025400760fc35560ced301c4dee28317ecf3454e716b23232eba9a48b98b4fd7ecf7d750119f7b25a0

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    29d5e09904974cff785fa22bfb8c8333

    SHA1

    078f6958e2afe9f7c69c044f874f57fb1fd01113

    SHA256

    7f01c63fc53edb447078a0a005c38687975950557b9eebd19b39b5bda5a847c0

    SHA512

    74b4100d2abd1beea1c0624805b2b85ac5b91c4238c2402ee49690c93665f0ce4e9a6edb8e2a1c6756ace6d21a5de3ae241940ab203f5a66e2c61cb287420055

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Cab74C5.tmp
    Filesize

    65KB

    MD5

    ac05d27423a85adc1622c714f2cb6184

    SHA1

    b0fe2b1abddb97837ea0195be70ab2ff14d43198

    SHA256

    c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

    SHA512

    6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Low\tmpB81A.dll
    Filesize

    1KB

    MD5

    73c70b34b5f8f158d38a94b9d7766515

    SHA1

    e9eaa065bd6585a1b176e13615fd7e6ef96230a9

    SHA256

    3ebd34328a4386b4eba1f3d5f1252e7bd13744a6918720735020b4689c13fcf4

    SHA512

    927dcd4a8cfdeb0f970cb4ee3f059168b37e1e4e04733ed3356f77ca0448d2145e1abdd4f7ce1c6ca23c1e3676056894625b17987cc56c84c78e73f60e08fc0d

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Tar7691.tmp
    Filesize

    175KB

    MD5

    dd73cead4b93366cf3465c8cd32e2796

    SHA1

    74546226dfe9ceb8184651e920d1dbfb432b314e

    SHA256

    a6752b7851b591550e4625b832a393aabcc428de18d83e8593cd540f7d7cae22

    SHA512

    ce1bdd595065c94fa528badf4a6a8777893807d6789267612755df818ba6ffe55e4df429710aea29526ee4aa8ef20e25f2f05341da53992157d21ae032c0fb63

    Download Submit

  • memory/1788-0-0x0000000010000000-0x000000001003A000-memory.dmp

    Filesize

    232KB

    Download

  • memory/1788-12-0x0000000010000000-0x000000001003A000-memory.dmp

    Filesize

    232KB

    Download

  • memory/1788-10-0x0000000010000000-0x000000001003A000-memory.dmp

    Filesize

    232KB

    Download

  • memory/1788-9-0x0000000000230000-0x0000000000232000-memory.dmp

    Filesize

    8KB

    Download

  • memory/1788-5-0x0000000010000000-0x000000001003A000-memory.dmp

    Filesize

    232KB

    Download

  • memory/1788-4-0x0000000010000000-0x000000001003A000-memory.dmp

    Filesize

    232KB

    Download

  • memory/1788-3-0x00000000000C0000-0x00000000000C6000-memory.dmp

    Filesize

    24KB

    Download

  • memory/1788-2-0x0000000010000000-0x000000001003A000-memory.dmp

    Filesize

    232KB

    Download

  • memory/1788-1-0x0000000010000000-0x000000001003A000-memory.dmp

    Filesize

    232KB

    Download

  • memory/1788-985-0x0000000010000000-0x000000001003A000-memory.dmp

    Filesize

    232KB

    Download