Overview

overview

7

Static

static

3

cc9cf39adb...dd.exe

windows7-x64

6

cc9cf39adb...dd.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    141s
  • max time network
    141s
  • platform
    windows7_x64
  • resource
    win7-20240221-en
  • resource tags

    arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
  • submitted
    16-03-2024 00:14

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    cc9cf39adb79c76d1f5f35915391bfdd.exe

  • Size

    276KB

  • MD5

    cc9cf39adb79c76d1f5f35915391bfdd

  • SHA1

    8f244cfee950b846a0a915d396cd5b7fbcd8d691

  • SHA256

    bc5fb25fa401e86ce6f6a91d594c5f4fa19829ae5a08a4c725fd48df9fcceb91

  • SHA512

    26b98c9ede7d2989e1998d3e3cedc8f78f91854d5b9cfea6e11030f5f3d425c0c7abf5c9e341d8922bb2cd361d805b9b72a70141b0e1ce5d48505518ebccc276

  • SSDEEP

    6144:XZABbWqsE/Ao+mv8Qv0LVmwq4FU0fNoy69zCfRbvys3G8QZ:pANwRo+mv8QD4+0V16xOZ9E

Score
6/10
discovery

Malware Config

Signatures

  • Checks installed software on the system 1 TTPs

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  • Legitimate hosting services abused for malware hosting/C2 1 TTPs 3 IoCs
  • Drops file in Program Files directory 7 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Modifies Internet Explorer settings 1 TTPs 44 IoCs
    adwarespyware
  • Runs .reg file with regedit 2 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 23 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\cc9cf39adb79c76d1f5f35915391bfdd.exe
    "C:\Users\Admin\AppData\Local\Temp\cc9cf39adb79c76d1f5f35915391bfdd.exe"
    1⤵
    • Drops file in Program Files directory
    • Suspicious use of WriteProcessMemory
    PID:2160
    • C:\Windows\SysWOW64\cmd.exe
      cmd /c ""C:\Program Files (x86)\EverestSoftrade\TonerRecover\log.bat" "
      2⤵
      • Suspicious use of WriteProcessMemory
      PID:2740
      • C:\Windows\SysWOW64\explorer.exe
        explorer https://iplogger.org/2z2qb6
        3⤵
          PID:2912
        • C:\Windows\SysWOW64\regedit.exe
          regedit /s adj.reg
          3⤵
          • Runs .reg file with regedit
          PID:2412
        • C:\Windows\SysWOW64\regedit.exe
          regedit /s adj2.reg
          3⤵
          • Runs .reg file with regedit
          PID:2380
    • C:\Windows\explorer.exe
      C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding
      1⤵
      • Suspicious use of WriteProcessMemory
      PID:2456
      • C:\Program Files\Internet Explorer\iexplore.exe
        "C:\Program Files\Internet Explorer\iexplore.exe" https://iplogger.org/2z2qb6
        2⤵
        • Modifies Internet Explorer settings
        • Suspicious use of FindShellTrayWindow
        • Suspicious use of SetWindowsHookEx
        • Suspicious use of WriteProcessMemory
        PID:2504
        • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
          "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2504 CREDAT:275457 /prefetch:2
          3⤵
          • Modifies Internet Explorer settings
          • Suspicious use of SetWindowsHookEx
          PID:2488

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Program Files (x86)\EverestSoftrade\TonerRecover\adj.reg
      Filesize

      143B

      MD5

      d47d2f19c6485d61826df03b0b6efd7d

      SHA1

      a3285ea2c8072a5c9b7b2ff0e255343baab2d81e

      SHA256

      f702cbfc518787caec26189a065e1dfd92c62597d8cd22c58e889151e45a635f

      SHA512

      17fa33c12395da633deb03181bf383e56cb3f40ef0f2fcc4802d0f46829dbce0e65528f4b6b5dfdd88d28aa40502df8a826894ff21a12e18558cd0cc4fe7bf94

      Download Submit

    • C:\Program Files (x86)\EverestSoftrade\TonerRecover\adj2.reg
      Filesize

      114B

      MD5

      81b371bfb7d48f53e6dce6a3b05f76ba

      SHA1

      a073408555dfd110183313e2b1d41c3a8dfdd4ee

      SHA256

      0fd594d185676181e86c3fb81be116069acb86b6c5839a73b9d5fb197924fd94

      SHA512

      34bf59556bf238e0d15d6f934c8caf28c3313bbadad984370e1f912d2a1e4a1ce6b3e06f7bc5af01df28a2e321b43bfc100f61330c89ec4270dbb4120e5764cc

      Download Submit

    • C:\Program Files (x86)\EverestSoftrade\TonerRecover\log.bat
      Filesize

      77B

      MD5

      7b56202dcc8e327bd43d512dd600bf3b

      SHA1

      c2b949792b0fa4236eb31f7e7a67484a62bb2419

      SHA256

      368c4e6b9a76e9d3490e8ad292e66d61e097af7dd414710879227cd38ce96015

      SHA512

      4448fefbb473d8b161ebd0485d2690def8078ebac3debba962d36b2ed73fefa3cb126d3cacecd82091c35d95af380566bd67b5eef316594bf3602f4fa70a6bf1

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
      Filesize

      67KB

      MD5

      753df6889fd7410a2e9fe333da83a429

      SHA1

      3c425f16e8267186061dd48ac1c77c122962456e

      SHA256

      b42dc237e44cbc9a43400e7d3f9cbd406dbdefd62bfe87328f8663897d69df78

      SHA512

      9d56f79410ad0cf852c74c3ef9454e7ae86e80bdd6ff67773994b48ccac71142bcf5c90635da6a056e1406e81e64674db9584928e867c55b77b59e2851cf6444

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      f5a608cfd38eafc08e1543a211f4e4cf

      SHA1

      253104b155cf9046a0caeb546e67b0e687bbc4d1

      SHA256

      f862d26f531635386342ff3366c06a0b42ee6c0c1252f960f820a704f77c4ca4

      SHA512

      ca9d90925259d9263cef17da4a784650a2297f47b2b9890c989aaae8cef223334a3bd5269df21ca5b6b6e6eccd6df683f725823a2f69a32a2bafe0a840f784b5

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      596aaa15ed9738b045fa915e2f2e5ec2

      SHA1

      393c099a4b74cc44d7f209435e5a373f46f0b9e1

      SHA256

      cbd36dc524f865a953bf792bf4f2437bf7e63fccd9dff43be946381eb381bb8e

      SHA512

      2c089196efed3c21bc277eb09ea28e7f9b48f1f97439d206a04835eaa331428ac60bd486b44d7aea6d9b450fce9894c66eaa697cc922f61ade27aa531fa8de7f

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      55ab931f87040b58ea9315dc449d3342

      SHA1

      a127215ab4d566e45cc17954ad9a043ebfd04b11

      SHA256

      94d9cad14c05a25341f53c888c2f8a643a04624c9c9c1386553e8a6ed27a1561

      SHA512

      6a908cdb6858c5758caaeca8f548a96c9317582f125d6c925d420125135b53cd8f4e50dc4218c5afc88a6e67de611c3f90f71680aaa9784b05b92da2ea20950f

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      3a37e7f3a1b56b4aae01820ea25f0090

      SHA1

      e1a8395e35a01f46bbc7f52307c347b86f1714f0

      SHA256

      e3fb32f3ee97f6635874ed39edd3e37e7cc70dad7f8bc5ee02c6f9a6eefe9c0a

      SHA512

      af600cdb5974ad7736abfb9ad883f17ca7a76f227b88d6243381b9ebf2cbebc559c03113544ebcd727660b384e483c1bbdc27745b2ad4a814ae58ddcb1dd6520

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      921cab93a8cb7fb2a285aaaceb006c7d

      SHA1

      a3988fef257cefe3802c4f8eb77288e81e221ffd

      SHA256

      3534875b896b250858a0d36f0f1010a8b8a97f2cdea9003d36a41452e61f58e0

      SHA512

      ebd2a921428dc3219ac4e2f4f1ab59ee642f2d8c7d12e1e35719cccd7c731703ab6c9f47ce70cb044acee79b34fc8a0d289cc8e5c74c8540403156adb3eda75c

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      495bdde1a20fa0b4d68b6dbb914bca03

      SHA1

      81506d7dd25324c76859b19627adef1825a2634b

      SHA256

      f18f174634ebaf940e12781a0d3e2ebd4497ba74785fe7ae62387a28a2a7e953

      SHA512

      44e7a1587ca68114b7884dc96684664e2b5cfa244572f9ae3be491a904ad245fe4f552ad525ddb0e40c2bda6db8aa7c5929e56e756572213699ee7d534854395

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      d2d71c8df787c8eb294aa883422ab36d

      SHA1

      499d54162b48a67a390af0592667c086709bad54

      SHA256

      6b85eb984ba15f057017df1d01e989b2d52c1fa070da4768350c8361d8461d4c

      SHA512

      6ca98461415c54764288ee650cf8e27d63457f0b9fd0c0d07b54f5a41753b8f3b1c770991790b433365bb8b0eb29299c4eadd64eb288b18b93863ecb817ade0c

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      a3be74e550941b3fc8cdc21be3936dde

      SHA1

      38d5c58c71eb480cb57351f73664befaafe41695

      SHA256

      905ae5c07fe8320a71d8f1fb6ffec3dcfc7c8d7106bb788ee0e9824c9169abe4

      SHA512

      84be156564b17f1db93a846f7a9e6dc78260db1581637556bf0232816040b1a036987a0c8ab60f701704d5dbf6784b380169e3bcc3f9d229a5678224c6fde465

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      c5f25597d5bb2e7d2633f11e28a83719

      SHA1

      bb43b2706cfd84733f34f3fbedebda1c4ff31fb2

      SHA256

      7b056c838fa105f7d4ebac86d8ece59d2a7d91687047748325276ef69ccc4517

      SHA512

      f4c76014decb3f6813c221f4433d215f5a4f90b05020b98631b770d71d67801b4e247632e8364a4c32055938c4f2116603fd5598205018c8629e94b8d2c2074b

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      a1587947def3a2b1e1f05db50e5c9f0f

      SHA1

      484082842fd54075668849ecca62b9484c42e192

      SHA256

      938064b42677a8f778a8c13f7842ea5d0839b2b7ba3f3c02563c85c1e2f93569

      SHA512

      66d0528c73eb199b085ce7ea9a9702a840782a2eae64a9c14af701dae93a48eb9175b8aef7c3326fb14efe1d7e96bfd2c98ad61fa0c10fd7f41a0822c612465e

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      bfcb9e9c85a2b29c031654b11cefc21c

      SHA1

      16b49e815f5dd5ef55243690bb5dd2c452b44753

      SHA256

      dca39252c7feb27a501e0a39fbdc536335b1b2a6530c2b970f72c9046365683b

      SHA512

      38daa88b02bdf8326ec19d0ea0ab86f025706fb4f139b4fbf87166ea15d8e7ec7df490ae03922f05394a3d28e19ec1c820b4bf3c992cb8ed1b425c7e9113a126

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      3c9658fe6b68b542d6bc718ee1378a87

      SHA1

      466b2ad4b485b0242721527d84f12c50c7995d9e

      SHA256

      dd7978720385414b8e1f30f74e009a782774814d322cab52b5ff042043ab6412

      SHA512

      9ca05f454853151654f3ff5ec5ff700a43fccdcc558d1955589c9621a4330132f93369ba21f09ad56787ae5c53dead077186c0cd5048cff7ed4e1aa4f586b72b

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      e67e7a19de50dd0841525c5578a95bad

      SHA1

      6cbb4c33b72ebead741fd9648f9214a2baac2531

      SHA256

      727b4432fae4a6c93e757947bd7f9ec97da398d0c396a6858313557a8bf2ab05

      SHA512

      0409c8beba1237c387609f9bcf50db84165f724d0b81344e71e7a81cb5c0279a4a3612fd059f9cfcfc5c40d6e25b97f7ce55ca8ce7f9d1b8b6cdc2c24112206c

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      4e9c6f59414f6fb975060ad924128fe6

      SHA1

      802de24d5036f4b2f38e2fc0dbac9177084d8697

      SHA256

      5d4bf473b8a6ab06a899b20cad8f7ff7bf288baff9998cd2a6f9ee70be003b74

      SHA512

      df3f36d98a46cb5bf820911a714e10238160266fe1dce1515f17fef83cd1248ef4c414fa8482431267ba98f26683fd8a52033a724158cc738eea8afe3a141f0f

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      a590f5f35693de16d9445924225c4386

      SHA1

      2cb388e895402b0ca496976fa5b5db3a4c5de707

      SHA256

      26afbb5038d03fb1ac0acd1de93e955a65ca299e205d3151b66b5b2881226cd8

      SHA512

      ab2edafaeb87740e598923c4abd2b05772eff8bf6efa14ea2534de95e005854b14b5b34a10b03dbc42166dec1bd67848ec2734d98859b697c947416fbd0e37a1

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      a5f87da30ffc798917e1c39d502fb58a

      SHA1

      7aa2af4b8e708f5128df4344780e0982d31a5a91

      SHA256

      bb47275d6c594eee727d314076c122024d18afdcc3b17ad4795db929940aaf35

      SHA512

      794bbfd5ab3e7ec2d369eaa228c311e27be163302ebbdf2c4ac137dfbe4b520fc40b9db3531eaf6685d60b8e3c52ce8f829a83e68ea4aeb16356f1b6a30553ab

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      ce8bee144f8119e25b8fdc0e0e158aff

      SHA1

      1ccc19ceb36f9d5267d3972cc1a83bffda48cdda

      SHA256

      cbfba9f50d3543c8a15ac2cd3726c56e51c50b284ecf023c6f04c0ada3b8916a

      SHA512

      0f17b4316854f9797143a406148ebfc44b87c53d11dab1a9199aea2a86b11d20428a7fbd8776ec0e2c0ea0bb3a3bf1cb1a326a28e0ce737e4a5ffd45983e5909

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      eb3b060c32ad67ca8ce3898c88c23a68

      SHA1

      6ae9a52d27f08d393a531e82a8e7acfbc26fdf70

      SHA256

      fe06d54c1d9eeaf9f8c0af5b59adfffbbfe188a35cc8e613987c5be641adde18

      SHA512

      a2d61e3950157d0d48ca3360aaddda8cf2374677a571fb8c5b1c88dd1bd6e02276c5c8299ae3063334ef976e10e532efe3a145f6e44fb0babfac68fc86feb309

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      a289fa438b0d2293d3804fe958fd86f9

      SHA1

      ac3176145a74f2c877f31abaf32411b8a85acf11

      SHA256

      b9e952c652052a3defb3bda806a0bd5feff6429136240f23a12ed38e7a841ea9

      SHA512

      03468cbad05fd5bcdfbd11446509d7b01abcb7e30198021e36f37f2fdd98d88e765a6f6b8596dcb1f3686119e31525b43209771b26ee4dcf8daa7b2d1ceabd67

      Download Submit

    • C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\imagestore\sxsuh4u\imagestore.dat
      Filesize

      5KB

      MD5

      1a008a8918d1e941514903ed60905cbc

      SHA1

      c21111ca5b9b4264512ae2880448527f90c38e0c

      SHA256

      80e37d173c2068acd4ab57dbbd227932105c9fe3e05439ad6b43ccc52db8b3ff

      SHA512

      07748415f62eb658f8da6131963aff2c8925e5d05d714846126f9a2e01c3c910ab89d773f2fd5c31f151002c8d3a1ec3beaf0c1565b0431e0c66734a96102ee1

      Download Submit

    • C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3NPBB818\recaptcha__en[1].js
      Filesize

      501KB

      MD5

      5a8547555d71e5846135a48dcc7ec3dc

      SHA1

      bdf99d0037d631ca1d24efa343781f55a11afb05

      SHA256

      7a01932abc324cbdf143534bd8dc0e665e045a2ae8a0d234d24f2d3ad9ebc619

      SHA512

      863d425b41d6b439618ccd38d5ea46d5ad6cf3c145a476e0a8596903cfaac4a2d04d40f5cd4f92ac74bdd73dfaaec9f4661c6a71116dfc78b6a41f7d3bd801e6

      Download Submit

    • C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\5OCCPTL4\styles__ltr[1].css
      Filesize

      55KB

      MD5

      eb4bc511f79f7a1573b45f5775b3a99b

      SHA1

      d910fb51ad7316aa54f055079374574698e74b35

      SHA256

      7859a62e04b0acb06516eb12454de6673883ecfaeaed6c254659bca7cd59c050

      SHA512

      ec9bdf1c91b6262b183fd23f640eac22016d1f42db631380676ed34b962e01badda91f9cbdfa189b42fe3182a992f1b95a7353af41e41b2d6e1dab17e87637a0

      Download Submit

    • C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\B1014REI\favicon[1].ico
      Filesize

      5KB

      MD5

      f3418a443e7d841097c714d69ec4bcb8

      SHA1

      49263695f6b0cdd72f45cf1b775e660fdc36c606

      SHA256

      6da5620880159634213e197fafca1dde0272153be3e4590818533fab8d040770

      SHA512

      82d017c4b7ec8e0c46e8b75da0ca6a52fd8bce7fcf4e556cbdf16b49fc81be9953fe7e25a05f63ecd41c7272e8bb0a9fd9aedf0ac06cb6032330b096b3702563

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\Cab1316.tmp
      Filesize

      65KB

      MD5

      ac05d27423a85adc1622c714f2cb6184

      SHA1

      b0fe2b1abddb97837ea0195be70ab2ff14d43198

      SHA256

      c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

      SHA512

      6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\Tar1328.tmp
      Filesize

      171KB

      MD5

      9c0c641c06238516f27941aa1166d427

      SHA1

      64cd549fb8cf014fcd9312aa7a5b023847b6c977

      SHA256

      4276af3669a141a59388bc56a87f6614d9a9bdddf560636c264219a7eb11256f

      SHA512

      936ed0c0b0a7ff8e606b1cc4175a1f9b3699748ccbba1c3aff96203033d2e9edabf090e5148370df42fbfc4e31d7229493706ff24f19ff42ff7bef74a6baad06

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\Tar1487.tmp
      Filesize

      175KB

      MD5

      dd73cead4b93366cf3465c8cd32e2796

      SHA1

      74546226dfe9ceb8184651e920d1dbfb432b314e

      SHA256

      a6752b7851b591550e4625b832a393aabcc428de18d83e8593cd540f7d7cae22

      SHA512

      ce1bdd595065c94fa528badf4a6a8777893807d6789267612755df818ba6ffe55e4df429710aea29526ee4aa8ef20e25f2f05341da53992157d21ae032c0fb63

      Download Submit

    • memory/2160-32-0x0000000000400000-0x0000000000433000-memory.dmp

      Filesize

      204KB

      Download