Analysis

  • max time kernel
    122s
  • max time network
    128s
  • platform
    windows7_x64
  • resource
    win7-20240221-en
  • resource tags

    arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
  • submitted
    21-03-2024 15:37

General

  • Target

    dbfc4cc4faf88548b3b1499ba78a324d.exe

  • Size

    5KB

  • MD5

    dbfc4cc4faf88548b3b1499ba78a324d

  • SHA1

    ab4b4ebf19e75b8d6281797175a8ba976fc05207

  • SHA256

    1f135eeca52d2f7094f4caeada87fdf09e66227f0afc04a53ffb5ac498ed0e63

  • SHA512

    c8af9c5c7923040ed1b5b7049b3710d6039a6635949e21aa4457b7b308ef2cd3fcd6b3f7bf83606846b640f26b6a507a3aafa4c35c1c3a15e4e71b4988217262

  • SSDEEP

    48:ZvtH9UKeRob1+HDlIzIZNRJmFCKB/x8HHAH7dhNAMoBAX:Z1deRoIHq8nRJmFCKB+n47hcK

Score
7/10

Malware Config

Signatures

  • Deletes itself 1 IoCs
  • Installs/modifies Browser Helper Object 2 TTPs 2 IoCs

    BHOs are DLL modules which act as plugins for Internet Explorer.

  • Modifies Internet Explorer settings 1 TTPs 28 IoCs
  • Modifies registry class 5 IoCs
  • Runs .reg file with regedit 2 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 24 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\dbfc4cc4faf88548b3b1499ba78a324d.exe
    "C:\Users\Admin\AppData\Local\Temp\dbfc4cc4faf88548b3b1499ba78a324d.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2528
    • C:\Windows\SysWOW64\regedit.exe
      regedit -S c:\temp1.reg
      2⤵
      • Installs/modifies Browser Helper Object
      • Modifies registry class
      • Runs .reg file with regedit
      PID:544
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" %1
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:1948
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1948 CREDAT:275457 /prefetch:2
        3⤵
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:2968
    • C:\Windows\SysWOW64\regedit.exe
      regedit -S c:\temp2.reg
      2⤵
      • Modifies registry class
      • Runs .reg file with regedit
      PID:2452
    • C:\Windows\SysWOW64\cmd.exe
      cmd /c c:\temp2.bat
      2⤵
        PID:2752
      • C:\Windows\SysWOW64\cmd.exe
        cmd /c c:\temp1.bat
        2⤵
        • Deletes itself
        PID:2616

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015

      Filesize

      67KB

      MD5

      753df6889fd7410a2e9fe333da83a429

      SHA1

      3c425f16e8267186061dd48ac1c77c122962456e

      SHA256

      b42dc237e44cbc9a43400e7d3f9cbd406dbdefd62bfe87328f8663897d69df78

      SHA512

      9d56f79410ad0cf852c74c3ef9454e7ae86e80bdd6ff67773994b48ccac71142bcf5c90635da6a056e1406e81e64674db9584928e867c55b77b59e2851cf6444

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      344B

      MD5

      60374d562a16f8d5812168604fd12e75

      SHA1

      281a9000a90d7eeebcb6e4aec16668ca6247207d

      SHA256

      dc357924ddc494794ad72e54570bd3611693e2d21b1a30e6f4fdf5873be566f9

      SHA512

      310bbbf71ba373d7d3a6ba79d9b43833e61edda8b456e66d2de3ee89c0a7cb3b6a9b37f17432fbd80840633e9119a84163d01f30605b15655825851eab2fbc71

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      344B

      MD5

      17c17e8f749c8dea56131422a8b02f0b

      SHA1

      85e273b6d949b31bf36a378c0e627c016f9c3b50

      SHA256

      c0e5ffa7c8704166a5bbd5785034c65634646305ffda4bc728a69ce6c66009ca

      SHA512

      a07ff4fa2217f2a47ca9ce4d6742160b07aedde35cd30795700434e4d1ab8032c98f92de733f906453810cebcf28ffaa2624feb3dfee141023cb479a65159905

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      344B

      MD5

      b5ff14b380e57ce662e27e431b761430

      SHA1

      dc5a796453d7ac57249231085419d8aae521d902

      SHA256

      9f08f5f83cebefa2bb4d876c2c9d0205a9d74134ece14860bec2be164fed60b5

      SHA512

      84de5dde0dbfe249430d8175385d1486b0232b76ece1ff1e88c83ba42fc586b39558fd8d16c626703a3dbfa0962193a886c87d4d64c59d30929c3b792d9cccea

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      344B

      MD5

      8909653820ca8b5598af545d60f2117c

      SHA1

      c6af8067ba34973398b2e984afda55aab6febfd1

      SHA256

      e56ef4421d1b7e27564b15291e59aa2f47f691a4650b6a4cdd54d865e0614d61

      SHA512

      65c24bcee78c2faaea54b5fe29ce69301c703bc3d87d9780df0c5991e4ebe538275d9ec5198becf7e288be0def395bb96ad22fe1ec2482b61f0261f57bb30d0e

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      344B

      MD5

      8060f1b7d4e2bbab30a1a182b7e2ba71

      SHA1

      65f3ce8b8fe1a2e19054e6f2acdc429464f57d45

      SHA256

      9c4a361a35dd6bdd36deed841b7d03c79df9ef708149d85e02c406f56368b8d0

      SHA512

      a86b508c0327b6ec4c39828597592329123f2871c3b1807629b26a6c779acc6dc69cbe2b04d16afe834d3e347bc37db7f925e80fc706d644b2e661d329622d2a

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      344B

      MD5

      c2574589d9e99d7655c000e46ca2f7b9

      SHA1

      514e73beeded71ca840097cef8bf564052e98224

      SHA256

      a0a3194c94c3acee79c771cf5563edc12bc4468c11788f57d406701123659697

      SHA512

      f77d8eb7ae26362c0dd199e9cb19b7bcaa110449285abc3d0e7eb6e3225f7e33d4a4a3f7ffaf680504e7e8999e1e82fd76aebd7730261aa1adf9645212568a83

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      344B

      MD5

      6f4fb96afdb439121bd6d676cb0f8056

      SHA1

      9ad243b005b6c601cacecfcf9c0c66bc3e272422

      SHA256

      fb21e9925a1ef65d26ffba6860040a1916f9fb169fcf7a977c7fdc74b69cef94

      SHA512

      a347a0b03646e2c26b6bd83a77bd04e8f328fda560ad85aef14998229b0f4d8c6f212262ab038650ca3b84ab91e52cbd2b0a0340f0a4af6e4c7496a3236b1a8e

    • C:\Users\Admin\AppData\Local\Temp\Cab346A.tmp

      Filesize

      65KB

      MD5

      ac05d27423a85adc1622c714f2cb6184

      SHA1

      b0fe2b1abddb97837ea0195be70ab2ff14d43198

      SHA256

      c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

      SHA512

      6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

    • C:\Users\Admin\AppData\Local\Temp\Tar3647.tmp

      Filesize

      175KB

      MD5

      dd73cead4b93366cf3465c8cd32e2796

      SHA1

      74546226dfe9ceb8184651e920d1dbfb432b314e

      SHA256

      a6752b7851b591550e4625b832a393aabcc428de18d83e8593cd540f7d7cae22

      SHA512

      ce1bdd595065c94fa528badf4a6a8777893807d6789267612755df818ba6ffe55e4df429710aea29526ee4aa8ef20e25f2f05341da53992157d21ae032c0fb63

    • C:\temp1.bat

      Filesize

      196B

      MD5

      8888fe593e69fe3f4c48f6e207c42d79

      SHA1

      fc12cef7cb590481c312387af3dcef3436cca234

      SHA256

      91805ee2ff3812326e4341b30676be14377442d65f5377fb14643a80b75ef264

      SHA512

      4cecf7657ba257c172238a5ca67c998d85f94b2fac439da83a21a41161363d7bdab6b024c4000e46661bdbb0a3f7e87bd5a75a6d696c66c7f53cac770677f7e8

    • C:\temp2.bat

      Filesize

      84B

      MD5

      b9975d30ddbd098a754312e16f744ec6

      SHA1

      9d41e8816bf8f8aa48356c99af46e64947a0d2ef

      SHA256

      6e4f3dd8bf9469f50bd04878da2bb005a9df85192a5c7428b4477cecbfd4747c

      SHA512

      5bdca7782ebe7a2d919c7c096d0b2e9927c68044a5ca802ce7a43e6d4d62fda7b5d7620a1154e640c9946def1b13539a948a58bf13697f897748dc66e3406c02

    • \??\c:\sysdump.dll

      Filesize

      4KB

      MD5

      f7982deb1be471edb1aef54b4bbaf109

      SHA1

      e44f8cedb550fe75510809c6181a609ad957c06b

      SHA256

      011ab7c538a7581b0c327fbb9ca5bf578f266fec317af2a9286b5733d50a8e1c

      SHA512

      a89cb5f9939b66d881893b1ad94467d88d4af71541c57ec8cbad46f7023bf3ae4243459545f37946810a96aa81e68d67851b48857523433163aecceadcb80eac

    • \??\c:\temp1.reg

      Filesize

      435B

      MD5

      492eb2c8ff983e87c95ca5a704c6f5b8

      SHA1

      8677a4e0d606a526b1c90f180116dea7a6bcb0de

      SHA256

      9f0388e16d77a4560acfe712ab8a8c6a171c5d369c4134cd3af9bec658bbd431

      SHA512

      ded2c5fa380fcfaa346dcb33a0775cc476ee7f152b0b54ed34b3e97958e200f1f9f01ed546adc2241d2462cfaf39e9e273eaba04cb2efcfbf7085ba9251acd6e

    • \??\c:\temp2.reg

      Filesize

      128B

      MD5

      6fdc273e79d8888a813c762aa55edc39

      SHA1

      a3e72c4eaf143697e3c1a29c8b1c223c121e1d58

      SHA256

      e0eb2406ae229d4df0d3ff5bb8f9bd907aa947b51fdbb6bed1a3238852849f6c

      SHA512

      370125ded5b43b67cfc8f28363086fc9b2c85c6fe53ab1e5e00281cf87292650b2abe7bf9420631ca405f4c7e213bed00c53432329cc5f7d6d1f615a02a1f253

    • memory/2528-2-0x0000000000400000-0x0000000000404000-memory.dmp

      Filesize

      16KB

    • memory/2528-20-0x0000000000400000-0x0000000000404000-memory.dmp

      Filesize

      16KB