5080ed67e57475e333697442dc91ad803ed179fa5760ed69bec0114cee67c282

Analysis

max time kernel
141s
max time network
121s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
15/03/2024, 02:21

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

ca3d730a970c8976017c04f58c92af52.exe
Size

7.0MB
MD5

ca3d730a970c8976017c04f58c92af52
SHA1

e53b7cddd5a2d96b775cd6f247c046ed24a02b1e
SHA256

5080ed67e57475e333697442dc91ad803ed179fa5760ed69bec0114cee67c282
SHA512

1e74a70f761b4f0df39240c37451b043f020011e9c3d0ab3783b0665370d205fe1b72fa98d864b0f7edbdad92169e5d66e621af6ea9836fd3d05e23288f7bd84
SSDEEP

49152:EQFRHrmQG+yrjQG+yrmQ8QG+EQG+yrwQG+yromQG+yrtQG+EQG+yrwQG+yrP+yrE:EcKXipzM1JzMsipbsjN

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
2736	zj.exe

Loads dropped DLL 2 IoCs

pid	Process
2020	ca3d730a970c8976017c04f58c92af52.exe
2020	ca3d730a970c8976017c04f58c92af52.exe

Modifies Internet Explorer settings 1 TTPs 1 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Internet Explorer\Main	zj.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
2736	zj.exe

Suspicious use of SendNotifyMessage 1 IoCs

pid	Process
2736	zj.exe

Suspicious use of SetWindowsHookEx 2 IoCs

pid	Process
2736	zj.exe
2736	zj.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2020 wrote to memory of 2736	2020	ca3d730a970c8976017c04f58c92af52.exe	28
PID 2020 wrote to memory of 2736	2020	ca3d730a970c8976017c04f58c92af52.exe	28
PID 2020 wrote to memory of 2736	2020	ca3d730a970c8976017c04f58c92af52.exe	28
PID 2020 wrote to memory of 2736	2020	ca3d730a970c8976017c04f58c92af52.exe	28

C:\Users\Admin\AppData\Local\Temp\ca3d730a970c8976017c04f58c92af52.exe
"C:\Users\Admin\AppData\Local\Temp\ca3d730a970c8976017c04f58c92af52.exe"
1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:2020
- C:\Users\Admin\AppData\Local\Temp\zj.exe
  C:\Users\Admin\AppData\Local\Temp\zj.exe -run C:\Users\Admin\AppData\Local\Temp\ca3d730a970c8976017c04f58c92af52.exe
  2⤵
  - Executes dropped EXE
  - Modifies Internet Explorer settings
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  - Suspicious use of SetWindowsHookEx
  PID:2736

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\zj.exe

Filesize
8.4MB

MD5
81cdbfc2fea046067f196870bb106a18

SHA1
de68ded2c4b75a52b9307f384530559a5e986069

SHA256
95cef7f43492faa3f0af08c6770aeabc69e6e39816744680d09024a115e16e97

SHA512
993a10934b43d76e82e687cacdddad82260c2e5e5334343517aa93d72a807d279fad36eef01c45d3f69c1c974b8fd5a77ea40fcb5ca3ccb43d32e4641df48875

Download Submit
\Users\Admin\AppData\Local\Temp\zj.exe

Filesize
7.9MB

MD5
f5ebb93409fac2eaee948746f469c755

SHA1
b2e60e53c795dcec27dd3837b4b4d2afdf4d7afd

SHA256
26741fa0818d5688dfa53b2d5117330b0004515d131f9538a49a33e2e495041b

SHA512
05c3520ea8256b3e3dc483ae967eb75c52272e4c54a01bce0b4e2a5ef1e9b9f957102559671a751a33f8569d7cdb50fb190f622498f4b06d638dd0a2d820894e

Download Submit
\Users\Admin\AppData\Local\Temp\zj.exe

Filesize
5.7MB

MD5
9971c2bee9b594c5fc327583af4684c4

SHA1
098bce0ab68c5262761c3f1c5367da528ca9256d

SHA256
0769631b6ea5beacc2f51c52a20d1fb67b7cc818d6e935aef0b6840b155e1b1b

SHA512
45cba30008c8a0d64cc3d517d2b0901159b0e23b69780e1f8193ebd1c085173763a1ae21c96664c62075056e7c1e8dc23ff56e5a2ba17dfcc4e80f835c8b67f4

Download Submit
memory/2020-0-0x0000000000400000-0x0000000000536000-memory.dmp

Filesize
1.2MB

Download
memory/2020-1-0x0000000000300000-0x0000000000350000-memory.dmp

Filesize
320KB

Download
memory/2020-2-0x0000000000370000-0x0000000000371000-memory.dmp

Filesize
4KB

Download
memory/2020-11-0x0000000002B00000-0x0000000002B02000-memory.dmp

Filesize
8KB

Download
memory/2020-10-0x0000000000360000-0x0000000000361000-memory.dmp

Filesize
4KB

Download
memory/2020-9-0x0000000002B10000-0x0000000002B11000-memory.dmp

Filesize
4KB

Download
memory/2020-8-0x0000000000380000-0x0000000000381000-memory.dmp

Filesize
4KB

Download
memory/2020-7-0x0000000000270000-0x0000000000271000-memory.dmp

Filesize
4KB

Download
memory/2020-6-0x0000000000240000-0x0000000000241000-memory.dmp

Filesize
4KB

Download
memory/2020-5-0x0000000000350000-0x0000000000351000-memory.dmp

Filesize
4KB

Download
memory/2020-4-0x0000000000250000-0x0000000000251000-memory.dmp

Filesize
4KB

Download
memory/2020-3-0x0000000000260000-0x0000000000261000-memory.dmp

Filesize
4KB

Download
memory/2020-19-0x0000000000590000-0x0000000000591000-memory.dmp

Filesize
4KB

Download
memory/2020-18-0x0000000000580000-0x0000000000581000-memory.dmp

Filesize
4KB

Download
memory/2020-17-0x0000000000540000-0x0000000000541000-memory.dmp

Filesize
4KB

Download
memory/2020-16-0x00000000003D0000-0x00000000003D1000-memory.dmp

Filesize
4KB

Download
memory/2020-15-0x0000000000550000-0x0000000000551000-memory.dmp

Filesize
4KB

Download
memory/2020-14-0x00000000003E0000-0x00000000003E1000-memory.dmp

Filesize
4KB

Download
memory/2020-13-0x00000000003F0000-0x00000000003F1000-memory.dmp

Filesize
4KB

Download
memory/2020-12-0x0000000000570000-0x0000000000571000-memory.dmp

Filesize
4KB

Download
memory/2020-27-0x00000000008A0000-0x00000000008A1000-memory.dmp

Filesize
4KB

Download
memory/2020-26-0x00000000008C0000-0x00000000008C1000-memory.dmp

Filesize
4KB

Download
memory/2020-25-0x00000000005F0000-0x00000000005F1000-memory.dmp

Filesize
4KB

Download
memory/2020-24-0x00000000005C0000-0x00000000005C1000-memory.dmp

Filesize
4KB

Download
memory/2020-23-0x0000000000600000-0x0000000000601000-memory.dmp

Filesize
4KB

Download
memory/2020-22-0x00000000005D0000-0x00000000005D1000-memory.dmp

Filesize
4KB

Download
memory/2020-21-0x00000000005E0000-0x00000000005E1000-memory.dmp

Filesize
4KB

Download
memory/2020-20-0x00000000008B0000-0x00000000008B1000-memory.dmp

Filesize
4KB

Download
memory/2020-28-0x0000000002AF0000-0x0000000002AF6000-memory.dmp

Filesize
24KB

Download
memory/2020-30-0x0000000002BC0000-0x0000000002CC0000-memory.dmp

Filesize
1024KB

Download
memory/2020-31-0x0000000002BC0000-0x0000000002CC0000-memory.dmp

Filesize
1024KB

Download
memory/2020-33-0x0000000002BC0000-0x0000000002CC0000-memory.dmp

Filesize
1024KB

Download
memory/2020-35-0x0000000002BC0000-0x0000000002CC0000-memory.dmp

Filesize
1024KB

Download
memory/2020-37-0x0000000002BC0000-0x0000000002CC0000-memory.dmp

Filesize
1024KB

Download
memory/2020-38-0x0000000002BC0000-0x0000000002CC0000-memory.dmp

Filesize
1024KB

Download
memory/2020-40-0x0000000002BC0000-0x0000000002CC0000-memory.dmp

Filesize
1024KB

Download
memory/2020-41-0x0000000002BC0000-0x0000000002CC0000-memory.dmp

Filesize
1024KB

Download
memory/2020-43-0x0000000002BC0000-0x0000000002CC0000-memory.dmp

Filesize
1024KB

Download
memory/2020-45-0x0000000002BC0000-0x0000000002CC0000-memory.dmp

Filesize
1024KB

Download
memory/2020-47-0x0000000002BC0000-0x0000000002CC0000-memory.dmp

Filesize
1024KB

Download
memory/2020-48-0x0000000002BC0000-0x0000000002CC0000-memory.dmp

Filesize
1024KB

Download
memory/2020-50-0x0000000002BC0000-0x0000000002CC0000-memory.dmp

Filesize
1024KB

Download
memory/2020-52-0x0000000002BC0000-0x0000000002CC0000-memory.dmp

Filesize
1024KB

Download
memory/2020-51-0x0000000002BC0000-0x0000000002CC0000-memory.dmp

Filesize
1024KB

Download
memory/2020-49-0x0000000002BC0000-0x0000000002CC0000-memory.dmp

Filesize
1024KB

Download
memory/2020-53-0x00000000003B0000-0x00000000003B1000-memory.dmp

Filesize
4KB

Download
memory/2020-46-0x0000000002BC0000-0x0000000002CC0000-memory.dmp

Filesize
1024KB

Download
memory/2020-44-0x0000000002BC0000-0x0000000002CC0000-memory.dmp

Filesize
1024KB

Download
memory/2020-42-0x0000000002BC0000-0x0000000002CC0000-memory.dmp

Filesize
1024KB

Download
memory/2020-39-0x0000000002BC0000-0x0000000002CC0000-memory.dmp

Filesize
1024KB

Download
memory/2020-36-0x0000000002BC0000-0x0000000002CC0000-memory.dmp

Filesize
1024KB

Download
memory/2020-34-0x0000000002BC0000-0x0000000002CC0000-memory.dmp

Filesize
1024KB

Download
memory/2020-32-0x0000000002BC0000-0x0000000002CC0000-memory.dmp

Filesize
1024KB

Download
memory/2020-58-0x0000000002BA0000-0x0000000002BA1000-memory.dmp

Filesize
4KB

Download
memory/2020-61-0x0000000000400000-0x0000000000536000-memory.dmp

Filesize
1.2MB

Download
memory/2020-64-0x0000000000300000-0x0000000000350000-memory.dmp

Filesize
320KB

Download
memory/2020-65-0x0000000002BB0000-0x0000000002BB1000-memory.dmp

Filesize
4KB

Download
memory/2020-63-0x00000000003B0000-0x00000000003B1000-memory.dmp

Filesize
4KB

Download
memory/2736-67-0x0000000002B10000-0x0000000002B11000-memory.dmp

Filesize
4KB

Download
memory/2736-68-0x0000000002BC0000-0x0000000002CC0000-memory.dmp

Filesize
1024KB

Download
memory/2736-69-0x0000000002BC0000-0x0000000002CC0000-memory.dmp

Filesize
1024KB

Download
memory/2736-70-0x0000000002BC0000-0x0000000002CC0000-memory.dmp

Filesize
1024KB

Download
memory/2736-71-0x0000000002BC0000-0x0000000002CC0000-memory.dmp

Filesize
1024KB

Download
memory/2736-72-0x0000000002BC0000-0x0000000002CC0000-memory.dmp

Filesize
1024KB

Download
memory/2736-73-0x0000000002BC0000-0x0000000002CC0000-memory.dmp

Filesize
1024KB

Download
memory/2736-112-0x0000000000400000-0x0000000000536000-memory.dmp

Filesize
1.2MB

Download