Overview

overview

7

Static

static

7

e023e00c9b...54.exe

windows7-x64

7

e023e00c9b...54.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    157s
  • max time network
    164s
  • platform
    windows7_x64
  • resource
    win7-20240221-en
  • resource tags

    arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
  • submitted
    26/03/2024, 21:31

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    e023e00c9bb388ef2c01c8262259d154.exe

  • Size

    191KB

  • MD5

    e023e00c9bb388ef2c01c8262259d154

  • SHA1

    8e18752288938b7edb5cfcf5d7c9ba1586df6404

  • SHA256

    7867e79587cb2d91d4d5afad20068e7f2efa5e47ac4343ff11ad8d107ec7531f

  • SHA512

    45e8a9c2b1ddfd791d8df865964dcb76db11332f305dbacc9951e1e639e176f7abab678f48c7c984d0a6cd684b1619e7537b444bdc5dc56b4e157186aec95896

  • SSDEEP

    3072:FdTejYQcRkBtZy/kqtcGxekIQ8bqJLSjDexH0THKLW15Y5dyO5SDLm9qJV8Vd1v/:PWfUkBPyrtBxgQTMK0TKpxS3H8j0b2

Score
7/10
evasiontrojanupx

Malware Config

Signatures

  • UPX packed file 4 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Checks whether UAC is enabled 1 TTPs 1 IoCs
    evasiontrojan
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Modifies Internet Explorer settings 1 TTPs 35 IoCs
    adwarespyware
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 9 IoCs
  • Suspicious use of WriteProcessMemory 8 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\e023e00c9bb388ef2c01c8262259d154.exe
    "C:\Users\Admin\AppData\Local\Temp\e023e00c9bb388ef2c01c8262259d154.exe"
    1⤵
    • Checks whether UAC is enabled
    • Modifies Internet Explorer settings
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:2148
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" http://www.gamecentersolution.com/downloadgame.aspx?CID=21157&AID=387
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:2780
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2780 CREDAT:275457 /prefetch:2
        3⤵
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:2816

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
    Filesize

    68KB

    MD5

    29f65ba8e88c063813cc50a4ea544e93

    SHA1

    05a7040d5c127e68c25d81cc51271ffb8bef3568

    SHA256

    1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184

    SHA512

    e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    7d56a94b215a37f92097e9615e0c3497

    SHA1

    8ad131252f6e2b2e6f9df8712e310ad68b6b5098

    SHA256

    5d1f28697302c63eda3055706d1f91a2204bfdd49173f7798b0f00aae460ae35

    SHA512

    d936aca223c0ff328c3604cfa22cfc94918e4268cb4a0f7c2e7f15dc89d1665905197a4fe6c634e6ba293438e3df233a10915e30af23c074588cd077e30a4ce4

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    e2409333d4e99e2d5cd52a3dba80d593

    SHA1

    ae922785314a5adf56b5ea56b3d91529ccdd63b3

    SHA256

    dd5d6990e76808ad5caa144e54c400185c36f7d091912d402f92bffa652a10d0

    SHA512

    92a8f78c620e019727a51506ec7d415544eb863113d1ef0897f1c592f8ce11a7f4131d6bf91c9db5fd6e269c0d5f555693757206791e11979c6b8bfbc5a5d291

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    badb8fe67e1b4a32d95b1b70174453df

    SHA1

    cacfcdbccb8891b23605eb7437ad731b14776dc9

    SHA256

    a0b9c3411d78235a5e88f4b1ca16568ed8bca5daf6ef6349646b5ea35a4047b9

    SHA512

    c532240840e245bb6cbe9d87c584b5d2b2d7e108db5917e43b304bd9d85dea3ec699f6f1712ae2fd08e4bf529decc2d0b27104e8167400a015773c22c3a88644

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    a7f487921976e78153e0bcdc86c6fc4e

    SHA1

    4089f64440b4cd55085aedce5a0716cdf9418a0c

    SHA256

    37eb6758020481ac9779176c356da604095d3a4543e9db29586698ec78f5ef0d

    SHA512

    7339971685aa410dfe10364ea034c9cde81c13a21745f0ad78885dd331f3069ecf7cda8be0f46f48ec9f7b1d175332d3f8002494e9dbd7a3879d1f25bc3421a1

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    84a8d16d73bb77b0edccc61d9945e16f

    SHA1

    882bf3f983f50d56c6e9157109fbb3b448ae934e

    SHA256

    245f20d505f2d90c4f4453a1d81ffe941c3cdaaf73e1136cb115a54d140b66a4

    SHA512

    d50c9a318bdb3e4ade7ae3f7412dceddc433d20a84d01b0e9a38741f12b638f7a877b32fecb848a2316b56219e5fba18296317811b6881acb6f0677352a14bfb

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    1e80735308737956cdad393676d8785e

    SHA1

    37481ca7ee95684969fd1bf9c717503f26cce868

    SHA256

    a9f6246336c14e1b38bd0d1c49b20c81f4a5635d07243182a67ae2df2034f841

    SHA512

    1feef48ad46946e5679de0dc9eff0fe413175bbbab0738f8bfa1068b7febdcab7cc16591b7eab5211acd9a80383a0e1ec52518ad248bb18d0e7fe52452e8193a

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    3e35a451078b24174611b97c92ef2df6

    SHA1

    2687902091d32e789ecc15c1f7c07d90de8a34ec

    SHA256

    9ba0e963ad77db842d0b5a56e30f49c1b6866269f0b5ab00224acb9e66133ea1

    SHA512

    e5831225f521e5120eee2a139bae5694b53387732469b51c4fb351d27db53595b732ba4916db7fe0fe594e94396f1c1ee5810961ac0ad8e1b95cb741f3934690

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    cf850636b328d2c53d4cae1cd6c02d8b

    SHA1

    60c5fe0b4ba80788c04d7622338fb561ab7b9c4d

    SHA256

    b575f31e1b56db9c7f15893d6fb9274f1884bf8fcba6513a4c52f71b37f0f17a

    SHA512

    84633ccb357cd51e218fa57ab221c86dbc44101e404fcb27b4c8433e0833761bdc0de55d492b78b5f5300b4696282e38d26e2c94976166382f619a8b378f5b4d

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    912944cfac8ce39bd639bda8adb6170b

    SHA1

    f9c0c0cfec42ea62900b6590359b708c8fb2e767

    SHA256

    078c362bd8b7a3f8827b3510eb113c50dc4a868d1d34e8aff987efa828cc9037

    SHA512

    57837cbedac06e62515101cc392918f43f80f9073cb9a5b6f042be3defb2fdee5cd13e9462caf99e418b6235567a133867909ed1b4682ff75cbef606bf3bcff0

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    d581c35b987b86628a1f692a72000d93

    SHA1

    0b265364769b770d6d1a3d8b01737ae1be25ca16

    SHA256

    144e300553b5e7355453ec3387c861ad4cab96c45c763cf8cd67f530ead4f009

    SHA512

    feba31b77f3be813f81ad71c976d79084c6d32b19b85ebe3c95c3e8d2b8388487293fffead113cee1fe2ddadf17abb2c8252358038747db642ed5d89009eb99e

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    f64f399499b838d99dd757aa7ecce8e6

    SHA1

    573766fa6fb5cb7c501083953e5142e958ce15d6

    SHA256

    3839cc00a384be758ee72fa4998644f3e9cc42ae71835b8f1c7f957298364142

    SHA512

    732ac4d562b378268fd2f6a10003239607e8d2164fdee79bb43b2e32a6132c14854980ce055de64490710442c592ae4da11cb4b8e3e23c9b8a3cf14fcc4fa482

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    477be8cbc5b2da5ecf405d52fe0a96ae

    SHA1

    61021668eb1a8d777beb76bba3dcf4457f039d65

    SHA256

    6ab1249a757dfafa4710827fbe3067f21364c30dc3ada382141e39bf6c22f4e7

    SHA512

    e4bb144532f2c90652e064874b5a926c099a69ec5a18da2cfbe7987995afc03d054a91f0c16e0b93cd321a5e7c721eacde9ddd630667412e76ea1ccedc49204c

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    e414c4a2e3ced1314497bfe0425b11b4

    SHA1

    9f09990e7dd7c228cbe6bba0701814a70e622bee

    SHA256

    2b85a437ad402f58a16d24d2ab45ef88ec6bfc6f8599213191cd516fe020f325

    SHA512

    88efbe20d3bd3fe3d003e4b5817e6c8a9a2d5b7ff7f266bcf9a42a98685d57cef7b54cc908e64fdb0504db8fa6dc88538e011c903e955902bedb9349ad992199

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    03e6756ae161a3da574d5493ca1b3759

    SHA1

    febd50ca682334ccdd786ad195d1481791d008bd

    SHA256

    3dcc24faadb0b6f3b45bbc198b38fcbde468422d5dc8524ab4fbaef031a34db4

    SHA512

    0bdbd15bb81436a8f12f34632f9346cbac659013bbd1ab87e38ec3a8be174c1e42a1a9d5847b2a12e3d7bfe3b9445d44aff8db914fc6de30daa2d9a69957e51e

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    3802f22c52144680743d9b812d1a75d3

    SHA1

    61713573e471c2fd5a1f4c4df82f93896dc69969

    SHA256

    7fa76e9211f6bb96e05da4e9810dea6ee56a4201278082be63444c8e08b0744d

    SHA512

    2e5d9924c5bbbce5df2fa280e4a5687a5e05d5212a61ffee6708961915516e05b021f5604b2a0d45ad850ca41d5ca8bdafe17d13af71c1863e81c242946c1420

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    73b80c8d3c3379a5c36c93fb0ca9c7ce

    SHA1

    b44aed1b80f5a5ad5c508572a7568d22c16e33b8

    SHA256

    6e0f928bf75ad63b623e1f2cdf679e81af09d007ffa5464efe6beb5315dc2362

    SHA512

    6f2824d5f78742145c242cff7cc7509f8c0716b94b6e29f472d9693168701bca846cdfd8da71b57a722a072118fb6dce51bd6bb6d1f2bff3944804a1d11ff1ae

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    e0dafc030e6f2a8161614920c0efb042

    SHA1

    158bbe7c85bf2bc59c93e018deb5172883442d56

    SHA256

    d2b17cc02d5557e8a44ff84e5a8045dac60e8a9715efa6af0108954c486d25d5

    SHA512

    84ef2ae55b827d49157d16390284bfc6c8cb442cff7d551e0bb47c729a567e409152206146173c5402e2e7ddab831e357f1603b1477fc78335687cbaadc539fe

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    b1a5ac9ed43559fa6b0e71d8a3250d2a

    SHA1

    5a41dafd7d0ae305b421c7966c8978c35a8109fb

    SHA256

    de8bf34c0e07492ea8a3e3e3c63c922a78de323138dfa2203c2469f3fb7dbb92

    SHA512

    d3a71fa353a79c779748311f2c494ae84da6540f570719f4570d796d7ee3c38daff33808f361fe1fef5c983bc7d5c69b1f05247e49e8660d7b980d77db8d441f

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    e4ae31286e13215e201d7a41e9e07faf

    SHA1

    808fc6631118ebe981fe83cf62ea07c6a6b67b1a

    SHA256

    80362f2c8af1f7efd6933ec626aa95729cc29ced67b99785dd9baf15bf4d6adf

    SHA512

    2632f4da5fe72ddde9fcba823d2aa7d2f603a21dbaf87c7d7a50176fab4669cca7b7d2fe6c989231090f1bb8c26f8c3cfc4862a9a34232b212dd843b085f261f

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    219988e045a3c684b75ceccbc4cc6263

    SHA1

    8037c18fd1ccfcebdcdb7da90f4c8432cfe6ec1e

    SHA256

    6d6e316674f2cd53141491fb6855ccf1fa48804317c161db18f05613ebc3b8be

    SHA512

    9becdc56228e404e1dd874259333b50e4cb92f52c7e33e7f99b556c168a83e324aaf56eee86d904000e11ff77c04b30fa77f3a05b98cdbcef61bab5c35fb0f51

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\CabDF8.tmp
    Filesize

    65KB

    MD5

    ac05d27423a85adc1622c714f2cb6184

    SHA1

    b0fe2b1abddb97837ea0195be70ab2ff14d43198

    SHA256

    c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

    SHA512

    6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\FG.url
    Filesize

    192B

    MD5

    0fcf82b5a915470e8a79d3516f582a36

    SHA1

    75f81b41607905b231521243129aff3554a58db0

    SHA256

    076264d4f165cef82f0cb07f6795f1d5ffa74741a943fca42cdeac65823bcae4

    SHA512

    adf69ec56756fe672677b039cb44bb13fc3adfac569f5ea4eda4e7b35de5ebe0229c5825ca8337aa2c623a773bdf775ddd3689e9fae03a7af1f694576d954293

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Tar1021.tmp
    Filesize

    177KB

    MD5

    435a9ac180383f9fa094131b173a2f7b

    SHA1

    76944ea657a9db94f9a4bef38f88c46ed4166983

    SHA256

    67dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34

    SHA512

    1a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a

    Download Submit

  • memory/2148-25-0x0000000000400000-0x000000000056B000-memory.dmp

    Filesize

    1.4MB

    Download

  • memory/2148-0-0x0000000000400000-0x000000000056B000-memory.dmp

    Filesize

    1.4MB

    Download

  • memory/2148-24-0x0000000000400000-0x000000000056B000-memory.dmp

    Filesize

    1.4MB

    Download

  • memory/2148-26-0x0000000000400000-0x000000000056B000-memory.dmp

    Filesize

    1.4MB

    Download