Analysis

  • max time kernel
    137s
  • max time network
    135s
  • platform
    windows7_x64
  • resource
    win7-20240221-en
  • resource tags

    arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
  • submitted
    21-03-2024 17:18

General

  • Target

    dc2f1aa97d98d83b66f0d5253bb41165.exe

  • Size

    480KB

  • MD5

    dc2f1aa97d98d83b66f0d5253bb41165

  • SHA1

    50b29cb8c0d3bbcdc95f4681557a886ae4efdd62

  • SHA256

    ebf662eb519aa12b8a23b9088490eaf8a45101314faf5496898f2c327e705e72

  • SHA512

    8467b665f696280835e49ec625a71e0944d5f1f54ff7ef42fc729c24ba8e93fc3bde9bb352b3a026b710bb76441b5d64bd332a994385c05dd4ecfce5a6bd3228

  • SSDEEP

    3072:zBm/NmZbzsAsEJORf8R3yM5UG/LMFlfXztiU1PQM5UG/LMFlfXpmZb:dmFmZHwzaCM//wJP1oM//w5mZ

Score
7/10

Malware Config

Signatures

  • Executes dropped EXE 2 IoCs
  • Loads dropped DLL 7 IoCs
  • Installs/modifies Browser Helper Object 2 TTPs 1 IoCs

    BHOs are DLL modules which act as plugins for Internet Explorer.

  • Drops file in System32 directory 5 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Modifies Internet Explorer settings 1 TTPs 36 IoCs
  • Modifies registry class 46 IoCs
  • Suspicious use of FindShellTrayWindow 2 IoCs
  • Suspicious use of SetWindowsHookEx 18 IoCs
  • Suspicious use of WriteProcessMemory 34 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\dc2f1aa97d98d83b66f0d5253bb41165.exe
    "C:\Users\Admin\AppData\Local\Temp\dc2f1aa97d98d83b66f0d5253bb41165.exe"
    1⤵
    • Loads dropped DLL
    • Drops file in System32 directory
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:2768
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" http://up1.adlay.net/App/Pro/rialtom_cnt.php?mac=52-c7-b7-c5-b0-73&key=kmj&pid=rain
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:2968
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2968 CREDAT:275457 /prefetch:2
        3⤵
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:2064
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2968 CREDAT:603142 /prefetch:2
        3⤵
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:840
    • C:\Windows\SysWOW64\regsvr32.exe
      C:\Windows\system32\regsvr32.exe /s psjm.dll
      2⤵
      • Loads dropped DLL
      • Installs/modifies Browser Helper Object
      • Modifies registry class
      PID:2580
    • C:\WINDOWS\SysWOW64\4875\Winupdate.exe
      Winupdate.exe
      2⤵
      • Executes dropped EXE
      • Loads dropped DLL
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:2484
      • C:\Program Files\Internet Explorer\iexplore.exe
        "C:\Program Files\Internet Explorer\iexplore.exe" http://up1.adlay.net/App/Pro/rialtom_pro.php?mac=52-c7-b7-c5-b0-73&key=kmj
        3⤵
          PID:1664
      • C:\WINDOWS\SysWOW64\4875\Winspss.exe
        Winspss.exe
        2⤵
        • Executes dropped EXE
        • Suspicious use of SetWindowsHookEx
        PID:2664

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015

      Filesize

      67KB

      MD5

      753df6889fd7410a2e9fe333da83a429

      SHA1

      3c425f16e8267186061dd48ac1c77c122962456e

      SHA256

      b42dc237e44cbc9a43400e7d3f9cbd406dbdefd62bfe87328f8663897d69df78

      SHA512

      9d56f79410ad0cf852c74c3ef9454e7ae86e80bdd6ff67773994b48ccac71142bcf5c90635da6a056e1406e81e64674db9584928e867c55b77b59e2851cf6444

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      344B

      MD5

      8df00f33e4c169844aa4b57e3354b3dc

      SHA1

      c08cca631cbee8f25db2f6652ceaa454f2e0c644

      SHA256

      c533b5e3b544ff6f948fa773c81b34bd3d5b75ecad28712c33830d3d426e2eaa

      SHA512

      b7700c8f6a4650adbff4f4b819f624c91b024f8ccb663125f38a2b209827ced3a9db97d9a5cd83f12ecec0e9d7723601f4b247a3addb5c65ddd2b38657d25062

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      344B

      MD5

      affc4a2b17a2a95c19c7dc7d09158a65

      SHA1

      7bd639b169127e0a77aae6f7a3bd5839211a805a

      SHA256

      61a650ba31a77fb73e3ab303c17fe99441b2a0d52a4e05effac4ce8643db5e58

      SHA512

      53f03a291ab07d5bbf31fad9217a9c9b8a8384f9ca5ec8a63ec728a8885bea764364fb869d15f0ddb75677c5a9eabf31c3ec4be93c429a0753876e325b5cd4b6

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      344B

      MD5

      f1da51153bacc38dc1fe1709f8b4b0a9

      SHA1

      b3484f2c328b8a9ec1b4a83fc8d72969693ba279

      SHA256

      704fb55a8a884d97992602862286b0511b6dd83830461ee4daa4bddacf4ffcc5

      SHA512

      806b5c0ac61bcd4bd989a9e25b0c244545a0bb709c78923d47e4afac6159c9575fe1cc8ffbda027ad3daee56e9320f0a108f8e0a9fec2c7af19cadd4fbbd1eb0

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      344B

      MD5

      56158f3b2d7294a0f3be86391cc64cb1

      SHA1

      216c8f660500bbf6ff38cccf905b52e403c9dd47

      SHA256

      3e50f1f7f6d26722bcea53324d78c6a36d02a1a6ab17604d31197761fa304c0b

      SHA512

      c4f1e21133a2bdc59bbac6a0c521a6a9102ad5abbca6a2e0499e1ec125092f281d9d634b9fda7a0b6b5a2c4a60a5ea1720c98cdf1c76a2aa5fc708bd15f67e84

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      344B

      MD5

      749d7a32da84a13be906d553f2466375

      SHA1

      18cfb7aeebac2df675f682f9fb358d83683a5bb6

      SHA256

      72ce61e6943586691577f25b5766048ba6df3d42f45213bc4a0b1a29944a5a7c

      SHA512

      1db5d328ea5076cda90fcd321f6c12be757aff048ae99ae1fd2268f5b66d31b097a4d80f728f82a9a27418c4c9e2ef9dbf50d9f18d448d643fb899a35d10f489

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      344B

      MD5

      6e0175d98f0b8083f4dead5c9b44844b

      SHA1

      fb3b8f6f7ce17db0d8771caa01d5dcb3ed2b46e0

      SHA256

      93c5abc98d76daa51aca6b7520f77b8fb821aed5744b6a67df2f804ef6fa49cf

      SHA512

      e70fefcc8d65978e9264b7be74fee6e8fe652a604d5db17fe34a129127c372a97f47e27479aae514566a0393c1b5c16160333d113d9cf527bebdf4b6b38b7933

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      344B

      MD5

      f66c445693656d2cd4a5130fa552a759

      SHA1

      7654eebab0f31546f1f1b8d027936574dc546c0a

      SHA256

      829ec9059a0a99bd289742b12cd5ed656e05299744ecba56c55d1d38d9633984

      SHA512

      474a7b3fed8754710b54f00cc6c24c50b12cb3ada8ce7269ea710d87fc3ecb283717675ed1ad2985d440dc065a4b448fc35e764a5409e37e560d0483de09d680

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      344B

      MD5

      e6ee25fb2f07aa6503b659d9962ed721

      SHA1

      b35bc835425192974b0867cca27accd56787e8c7

      SHA256

      c60d9b98d407c2d633a1f5489333452a34cda8f306b67cc3edc59eb6889704c1

      SHA512

      7abcaff9a29d0ca87aa3aaac35b2d32993e9a497f561df16d03530f0448d2bc76f5323aca4109ec8f66ae0689beddc7bb17999ca09488ec17910c0a3cc3e08c3

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      344B

      MD5

      64e9d184b730f43e56686d635d3a5d56

      SHA1

      e797fe62bf7bbb338682c64c5c076813bbb02918

      SHA256

      a94a5f035ce253f4a27fc85ecd1d35eb3319fbcafc1407cbd6fbc81c258ab671

      SHA512

      764ac022d03017222577d126be7bff53f8b18af868cbc19863da47c681617d5a2935e27efa2726089e237bd2fb434d8d484eac44ffa481ad8a16ace910271e61

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      344B

      MD5

      347d53118157913966fca607a689d494

      SHA1

      8676a5de2dbfb910cde99af860255dff024077a8

      SHA256

      f031bb3e024399117c029f670a01ca2c893957d426568f14afd5101d166b0fcf

      SHA512

      e4f98aec823e84de049222a50a5a686a7b9013c95c734bb0f11da755aeb864bef87a4eff28a8eeb58877e15a23cbf39e9115f67a1fd899123139c5ffa6ae5386

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      344B

      MD5

      2057d319aaea8dffdd6538f65f046213

      SHA1

      2f3347f969acc40329146f6eb65d9f7f1dfd0f1f

      SHA256

      d6ac44486a630b434cc2c983a9bfc1405b286258acdeb685dcb630f18bc2856b

      SHA512

      d34c839a4f25e2f8af5c88eb083ebdda93b33c6fa5ad03bb35709aaddb51ea0a83bfb1cfe22e7b7d6260181f4027f4e08a5f04c7f8e1a6ceee1b68e98198c10f

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      344B

      MD5

      396075906327654fe2a3473eaedcd27b

      SHA1

      37ef3b084ce4af7b98f8b469ae43f458458a7e92

      SHA256

      9e0a197f9536a31c0093b5f8788d079adec742fdd04cace3c85d9d9a53b3464e

      SHA512

      11b56adddcb2bc25fcfe1d2d9c028e4494d3666ac89db308ead3c38311a04e87c196c4cfe60a434121f6d84e31d28477f1a51da6254c16154edfd6b02cab2542

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      344B

      MD5

      a209a570c3b9c0b7ed521be9a3b6af36

      SHA1

      1860df1ff9a840a182b3e1a7112ea736d35248cc

      SHA256

      42a04cceb8bca30a3d270a5543e8910b9ff84fd1dff2d3833c2d970d0fe3fecd

      SHA512

      427b61ce50968194fbee4bad5d6d67fb5a11cc9347eba28c174c11b08ae91ea714d1b499cedfce7cb094079cb45415c1808a046d31a7cedf676a9b8299732597

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      344B

      MD5

      ad793f51c86fd125cd72b7ca45208e0d

      SHA1

      1d3cbf1158c36212f79a1d138acb0744225c10d9

      SHA256

      81a891114d26168e18a67cbbe04edf4277c361a612a2ce6ecad3738a02069c66

      SHA512

      c0c0054369cd43dc78d0033e3cd845997a7968efbe9e7c81f8d179f5eb5f73d3e7fa99b9d1c7853ad42797a467fd0deae706a2e3f80ded352d03d3f751bb203f

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      344B

      MD5

      6834d1db00de053bb604d2a7dd411d74

      SHA1

      ad441f034be69de57285d9f995090ff17c302bcd

      SHA256

      5c0dcf31f6000e74e69fdd324a9fd710ab9406108a197a450ebabb71aa8740e1

      SHA512

      4ae2845a40bda48a497826c881e0d0ba771e6d7e95d32c5e67484f2a7427ac1f18355d1294d2ca78264def54d0f9a90f4fda1483a9b0e96b0a45d46a7be20128

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      344B

      MD5

      cb61b62cdb4e34b22e40ce4de2f0af8f

      SHA1

      da324c56bbbc728e3d1aa4b66d9ac1cdbff915e1

      SHA256

      83e66633bb8417843168af332b1c4fb4cb122381e0bc26a748c80e2011b4f5f2

      SHA512

      13b0a27b78815447b8d622d6f383bd782afc8d4bc78dfdcc5064665e7eac6c8aae00d4cb43d5c6f53effe927ef3180eb1568b7d46e9700cb979d894b66a166fc

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      344B

      MD5

      186ecbcdf3264ca6a5b378c2c699ab29

      SHA1

      5964564aa8a7dac1e525e32c9d7e5df33771a0f7

      SHA256

      c14898591617ee67e9fb499c4263f86e5441f4fa28610112167863de286001bf

      SHA512

      e89b64a739ff8a40c559a9a4cd97dcb8b3d2df196a569a944dc77d82f15b12bba9b068a118a41fa2dc4083974b1f3ca6da4f69acb893dfce3e266115c11d95b3

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      344B

      MD5

      7645e3574b98ef622fbdd94953a00780

      SHA1

      b5163ae57a1e21553bc173e3e9af0d44137ee000

      SHA256

      9a6367165ccb9691333fd0de340c49c17c61f2a124aa3b9edd894bef51856f69

      SHA512

      38969e935ddf8586c4276f51e8e94e8efb8ae22c8be916e8aa5a7ee2b37d55d4af02b6bde93013467cf11730b0774e4012066d944e9ac8f8431bbd85106677a5

    • C:\Users\Admin\AppData\Local\Temp\CabC949.tmp

      Filesize

      65KB

      MD5

      ac05d27423a85adc1622c714f2cb6184

      SHA1

      b0fe2b1abddb97837ea0195be70ab2ff14d43198

      SHA256

      c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

      SHA512

      6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

    • C:\Users\Admin\AppData\Local\Temp\TarCB64.tmp

      Filesize

      175KB

      MD5

      dd73cead4b93366cf3465c8cd32e2796

      SHA1

      74546226dfe9ceb8184651e920d1dbfb432b314e

      SHA256

      a6752b7851b591550e4625b832a393aabcc428de18d83e8593cd540f7d7cae22

      SHA512

      ce1bdd595065c94fa528badf4a6a8777893807d6789267612755df818ba6ffe55e4df429710aea29526ee4aa8ef20e25f2f05341da53992157d21ae032c0fb63

    • C:\Windows\SysWOW64\psjm.dll

      Filesize

      212KB

      MD5

      8cea2d23c693ea6fa8e41ea6d9cc3432

      SHA1

      e965e000871a0b8e6b206256ddcf7657b13cc931

      SHA256

      7f486807cae14b4913ed33d7e3fe468d7fb97a4e8ae7b7e281a8226d6f5047a1

      SHA512

      63ff64ca8736b23f6b23466ddd35efb26dd0fdf1675926ef2c74e608384748b7f445c8711105b52dbfc859bdf67fe0e790f5d0365e0b6bcbb1ed90600b45ae99

    • \Windows\SysWOW64\4875\Winupdate.exe

      Filesize

      48KB

      MD5

      addc0dd99f694a8df3caac3fa7c3fda3

      SHA1

      44d3310c26fba0bab0c679966ca7e26f7333dbc7

      SHA256

      54203137d5f8dab7b9d47af23d46afd7f8f7a20205d734f30c622167f4a9ac8f

      SHA512

      8fba70f876e5dd420532335d960dcb9c1af2d056c771410b778b43ca7db898d70f406ef8f1866f8308e95bb63f9cbd4b4f4ebd2a89fa93dd9bb79948f0bd5451