Overview

overview

7

Static

static

7

d5e66ed8d1...4e.exe

windows7-x64

7

d5e66ed8d1...4e.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    118s
  • max time network
    131s
  • platform
    windows7_x64
  • resource
    win7-20240221-en
  • resource tags

    arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
  • submitted
    19-03-2024 10:38

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    d5e66ed8d1e5ab6e46b883e75b769f4e.exe

  • Size

    17KB

  • MD5

    d5e66ed8d1e5ab6e46b883e75b769f4e

  • SHA1

    8113d6b6954de05742a8135cdc345ac89ddae3e7

  • SHA256

    cf2a7b0c95ce92b52d2285dc85f9db0a473b6dc5cd7dfee38ce640ef3522b13e

  • SHA512

    bf32c10b218fb09200ceb3eecc58007ed6afd99d9c8b79c9ce51c0d36b08eaf8ac84ccb0272073d0b5a901b0eca7af57d333e4f78d4f71ce9dadc589fcccda32

  • SSDEEP

    192:L68xrsKGIpLFqUQCKAzpZTPR60hNhbfaJLi8Aoguzqr9ZCspE+TMwrRmK+vhOrS:LnxRhxeCdC+bfaJLisgcDeM4mP

Score
7/10
upx

Malware Config

Signatures

  • UPX packed file 2 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Modifies Internet Explorer settings 1 TTPs 36 IoCs
    adwarespyware
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 7 IoCs
  • Suspicious use of WriteProcessMemory 8 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\d5e66ed8d1e5ab6e46b883e75b769f4e.exe
    "C:\Users\Admin\AppData\Local\Temp\d5e66ed8d1e5ab6e46b883e75b769f4e.exe"
    1⤵
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:1584
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" http://ads.eorezo.com/cgi-bin/advert/getads?did=433
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:2088
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2088 CREDAT:275457 /prefetch:2
        3⤵
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:1728

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
    Filesize

    67KB

    MD5

    753df6889fd7410a2e9fe333da83a429

    SHA1

    3c425f16e8267186061dd48ac1c77c122962456e

    SHA256

    b42dc237e44cbc9a43400e7d3f9cbd406dbdefd62bfe87328f8663897d69df78

    SHA512

    9d56f79410ad0cf852c74c3ef9454e7ae86e80bdd6ff67773994b48ccac71142bcf5c90635da6a056e1406e81e64674db9584928e867c55b77b59e2851cf6444

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    7957c3c5c3a77432ffada706ade62dbf

    SHA1

    6b8f0440469f51b0444dc07b6a5e8db9d8c6f3f3

    SHA256

    5640759c7d4508eddaa5a22c882b016e8c1d1861153982a871345c0c93c1a421

    SHA512

    c2ef8c094ab84a25bb811a4179277129c53cb7f41644d4dedd2c9eac47e826164f8479f33f62774d7c8513b0e9cf21717161bec15d9fc31a2d7ea5ce8dfd9ff9

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    08650c69e64346daf59464f7d0afb3ff

    SHA1

    48b088627ade339e5b32f282ebe3449d16ff7718

    SHA256

    2589b3b482c405be8f77b3bc2171dcab87176e6b4e70a0115203c83017286b3d

    SHA512

    fbeaf013946a6be0be2231074125204c1abc8d8017fbb9a13b12ca2dd28532843b759a1c4f9480c31a20de61edfe01fb0f7bfb873281e71eb0a1a33745b6a31e

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    13f0c12c071a764b58dd7503b9a17eb9

    SHA1

    83aad8400d7069cd9104f0959249f8995cc43d71

    SHA256

    d746fbf983fbdba6ce0dba4db112a0fccd91dc4c1616af17ebe14b055cf5cf02

    SHA512

    112a632eac05ce1ba6c1da2ca360a4b677a8ec91f29fe26675fb81e9c7422628290eccaadc3fe8877bef2005e9765bed541f531ef67c623cf0365fd4893d2425

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    502a8a0650b88f7c6e8624f9a621de74

    SHA1

    78eb09d0bb8b77cbcb58fc4d9199af1c9246e5c8

    SHA256

    f104acdf1f048209b8e43bfbec881f60ba3aed218cbcbf166335ca962be2e210

    SHA512

    8d47e80e8aa0ef87e600d83f1c63fd76fbc060fee0f3b6aca23a6b5471e4e6f9bcd3a57d6cbf58e1a52989be232b872d9b0e79804a40319b019393695f86af34

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    425190f424925bef14078959f202b981

    SHA1

    53cc765245f8edef8d842df2d39cfff7d2fb657b

    SHA256

    12a00769c990fe968d122187f8d5b9741b16b83352680c39f8cba7bdcd26785e

    SHA512

    92e408013bdabb00ed3951030506e992eacc547c38cf6d9c7e8caa44752ae9b109e3e4b3eb67cd745e911f03342493013764cec1d92386b287d5fd92c51af534

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    5ba72b1ad3522a917f32f50aa33b02fb

    SHA1

    ecd0132a6466ad58b18db0ac0921ae0e50d0c9ce

    SHA256

    80725125796be806211a5179469a247336db46df4a56879a52b5435fec372de7

    SHA512

    61162fabd2c8c3c2233b1e3943bcb7341801719cb9eb27df33869ca28be24c53db8940e5fd742168c5062afd7e75129e981a0f1b0732bbd54eb41512fbf3690c

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    d14dd5278589a67fa79a3eb97ae81644

    SHA1

    f7d3b96508a55a1b42a317e67c3d6f8157134d8e

    SHA256

    0e1a8efb1d0bdbd47413a165b7ce4dea862ec34e272d0fa5203d6a13ac98d2aa

    SHA512

    eeae5a247d96bf6238001da0aac1a83bdb2014716d1abc45bb79f3168e5235c2b985ffdd856500a33e9639fff64653b3fcb3c002fe465cf0736f13ceea1cbc25

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    42496b329e4f41dceca7a13780865617

    SHA1

    065cfd280d177ea9b9c427cc06f0a8b59e84f369

    SHA256

    7943f4ae25fbb623867d32fbc5d26a41632e016250adbc033c03f48a5789bdde

    SHA512

    2503255432171ff6533a81297fecc89c7feee5aef68041c02011ef0448a4d7b99b5538d641ad7de6b8d67d8fcc2776cf0f37f55301c0c73ba71afea62536e1b1

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    e78cb84473ce34990bbb085f0ac3d6be

    SHA1

    59b1ef3b2b1f4d547aac60ecc91e5817e67e516f

    SHA256

    4a410bfab39e1dba62eaea04677a085557ee93c5918062985f63dfd8c795cdba

    SHA512

    7ba5d6b8cd0b77c0ab75b6b14eaf38efe57dd3900eb405f3f50bfba95a6452e73e1b14eb9f291d7a0d23c7bf4edf2786ba5763baa77de96f8b2ce15c13a457b0

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    35eadaef7dba9a7317758c9380a630ee

    SHA1

    7fc78b4e35a464f9925fcea9ba21d5f01c9815e1

    SHA256

    fdfd749e120c182303077f13cefcc05a363c3998162d0ab4e4e36a0ff12bce5f

    SHA512

    0dc5578b6f1d431ac5e09ec386cf479bb7b4af6980161a0655f1bb7e10a573507760ec3ca0e9b5d8363c19da6fab279d437773f436381e76d453bacb363f00a8

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    a7b6a5bd38f4d53a7d45ba6334685434

    SHA1

    8f9a925844e99a4a9b7c43fe49e2a1d7bc85a75f

    SHA256

    cc7cdbdf64715c6627d36c97f15dd45ad72aab400d264d3a434b25dc36d7be81

    SHA512

    83d4e78a61e2c0a9a72adf3b002175d9fb7b39f98feb40daab9348e89485f925e488a57c7bf7a105744babeb2612a3b4443ee8b78f01d11c228f30b2d67a4911

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Cab31CD.tmp
    Filesize

    65KB

    MD5

    ac05d27423a85adc1622c714f2cb6184

    SHA1

    b0fe2b1abddb97837ea0195be70ab2ff14d43198

    SHA256

    c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

    SHA512

    6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Tar330C.tmp
    Filesize

    175KB

    MD5

    dd73cead4b93366cf3465c8cd32e2796

    SHA1

    74546226dfe9ceb8184651e920d1dbfb432b314e

    SHA256

    a6752b7851b591550e4625b832a393aabcc428de18d83e8593cd540f7d7cae22

    SHA512

    ce1bdd595065c94fa528badf4a6a8777893807d6789267612755df818ba6ffe55e4df429710aea29526ee4aa8ef20e25f2f05341da53992157d21ae032c0fb63

    Download Submit

  • memory/1584-1-0x0000000000400000-0x000000000040B000-memory.dmp

    Filesize

    44KB

    Download

  • memory/1584-0-0x0000000000400000-0x000000000040B000-memory.dmp

    Filesize

    44KB

    Download