Overview

overview

8

Static

static

7

e08a4506e5...b6.dll

windows7-x64

8

e08a4506e5...b6.dll

windows10-2004-x64

7

Analysis

  • max time kernel
    149s
  • max time network
    131s
  • platform
    windows7_x64
  • resource
    win7-20240215-en
  • resource tags

    arch:x64arch:x86image:win7-20240215-enlocale:en-usos:windows7-x64system
  • submitted
    27-03-2024 02:22

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    e08a4506e52b15b2622e2460c69ee4b6.dll

  • Size

    160KB

  • MD5

    e08a4506e52b15b2622e2460c69ee4b6

  • SHA1

    5aac8cc3a4444a84d9ca13ae9ef45a984d5021e3

  • SHA256

    fcb9ce64dc0753a2659076769173de9459c1ac4761a60b001d37716dea2324fa

  • SHA512

    89dc668b4068defc220d6a144fa955f5c65f01fb2adcf208c0557d4b48cb025fa18354da770e76bace1b522affa3787b2d72ed03318615781b9a6211345c34ba

  • SSDEEP

    3072:3KSlmFjZTtbULRRmnAiHNbm6B8iUyqOw5nAPvuKQWJYbEbhZVmqRCByy4mo8outu:I3bMfiHNa6B8iUd5nAeTUyChTmq4BbWI

Score
8/10
evasionupx

Malware Config

Signatures

  • Disables Task Manager via registry modification
    evasion
  • UPX packed file 3 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Modifies Internet Explorer Protected Mode 1 TTPs 15 IoCs
  • Modifies Internet Explorer Protected Mode Banner 1 TTPs 3 IoCs
  • Modifies Internet Explorer settings 1 TTPs 40 IoCs
    adwarespyware
  • Modifies registry class 5 IoCs
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of FindShellTrayWindow 12 IoCs
  • Suspicious use of SetWindowsHookEx 4 IoCs
  • Suspicious use of WriteProcessMemory 29 IoCs

Processes

  • C:\Windows\system32\rundll32.exe
    rundll32.exe C:\Users\Admin\AppData\Local\Temp\e08a4506e52b15b2622e2460c69ee4b6.dll,#1
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2416
    • C:\Windows\SysWOW64\rundll32.exe
      rundll32.exe C:\Users\Admin\AppData\Local\Temp\e08a4506e52b15b2622e2460c69ee4b6.dll,#1
      2⤵
      • Modifies Internet Explorer Protected Mode
      • Modifies Internet Explorer Protected Mode Banner
      • Modifies Internet Explorer settings
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of WriteProcessMemory
      PID:764
      • C:\Windows\SysWOW64\explorer.exe
        explorer.exe
        3⤵
          PID:2204
        • C:\Windows\SysWOW64\notepad.exe
          notepad.exe
          3⤵
          • Modifies Internet Explorer Protected Mode
          • Modifies Internet Explorer Protected Mode Banner
          • Modifies Internet Explorer settings
          • Suspicious behavior: EnumeratesProcesses
          PID:2372
        • C:\Windows\SysWOW64\notepad.exe
          notepad.exe
          3⤵
          • Modifies Internet Explorer Protected Mode
          • Modifies Internet Explorer Protected Mode Banner
          • Modifies Internet Explorer settings
          • Suspicious behavior: EnumeratesProcesses
          PID:3004
    • C:\Windows\explorer.exe
      C:\Windows\explorer.exe /factory,{682159d9-c321-47ca-b3f1-30e36b2ec8b9} -Embedding
      1⤵
      • Modifies Internet Explorer settings
      • Modifies registry class
      • Suspicious use of WriteProcessMemory
      PID:1756
      • C:\Windows\system32\ctfmon.exe
        ctfmon.exe
        2⤵
        • Suspicious use of FindShellTrayWindow
        PID:2592
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" -Embedding
      1⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:2644
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2644 CREDAT:275457 /prefetch:2
        2⤵
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:2452

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      29e89e844c60e149d9253075b7cfd4f9

      SHA1

      d4d98f51de56e5bcdb27d7a15cf59ffd5ef0e7c8

      SHA256

      036c92d7b8a63110d59742ce915f80a8cee508d500d463a1ac5cf7befe2e607c

      SHA512

      59cfaaf51c95f920cffb8440208234240e0f116feef764ae3aea96bdb161541d0bc87ea6477c18590b16ae2c6574019751d862708719312dc5538871d90ed460

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      7a7b275f174044a128af4629385f38ce

      SHA1

      642f397c31e13f0b8e86b8a2f8e1191638c22e9d

      SHA256

      e32ca65fb8f077c3579495cbfb4d2085c426e27c4060fb21baf3011f71bb2e0c

      SHA512

      c8b39748d0c6c97298210a7d493370ed5b84cd9d553bf5dace2d40972dfd56c214c197236de3a7c55ff898938fd59d48160c0703b4047bb59e15e936b426335d

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      0268794a13032737ca816ed3848d945b

      SHA1

      3e033652947ddbcb6e0c3cc1e337208e44d99aa2

      SHA256

      dfa5d746c134ab0ce8facc551e7d9413c2fe7fc18fa19bb517e42f9c23eb4709

      SHA512

      f30bc2aca5edef5fe2541e6546c1a5351341ae4935994417726f65c8a3cdcb637f39e79b10f99b355639a9b89b755cf01e641ce9b15e663e26789b03e0257a23

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      8f6f799cb71209eb2369d820b5cf6d49

      SHA1

      54b73aadcb53f68e05ac153efec2be3d068dbacf

      SHA256

      c73b7e94409b9de6b407dbe3c53bd85cf6536d189c681d4459f2e336e9021713

      SHA512

      6731c9dbe63089104ee44e86201f4ac732ff06819f2ba60941807acbb9ca5a265ec7dfc0539b2555b5b2e0af85bf9a6e12dd012fcb3acd93eabe35d8250f43f1

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      334e3f91130f3fdbce5b708dcf21de6a

      SHA1

      e16bcb953cc6dfadf030a9b2e844980be2a0f708

      SHA256

      cd9f55c82430d050756af04bad8f735ddd1c9ae1b85917bdae14f74846559df0

      SHA512

      8d0c3b375f5aaf5f0fdac097446d4e15cdd8a93d7e756a7457c82bff3c0d38e9013f079f03d0763dda653d5057c1868dfc8ea39cc7ef92f8948332d02925ead6

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      fc71ff1f9103a8cd54e336a42867e05c

      SHA1

      d71baa91c17db8a33ec6841c7132733f2628a648

      SHA256

      1f83b3989d234754e1aea0d5ada4806c2c30d7a4c78f79c2c7f03348050542d2

      SHA512

      2db8a110a28e754b9219bafaafa31dd91048c9875e3723ad1ca2ac35ed0b032ba22c9e5fdd34a27ccd8d797e31ea43ea76176fe8b12e7734b893df4a36d38701

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      ada9101c4a9764f4d64f563a22f78579

      SHA1

      1e163101c4a1f5f9efc5eeebbc30a292778071ac

      SHA256

      75ca54213f3dc5cb09c67792a64b9590c4fd0d6e911dcc984d66419f3435281b

      SHA512

      e13e27fab1368ee34ef1cadf3d4513e2a32499a261da3de9f80bdd3be104aa957289eb3abb13267134af3897372486ed30135b6cc8faeace77ab05520d3467d2

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      dc559715071539c67436db72047f4ef0

      SHA1

      c1d7eb73e931098224509459e0ebb530ea659437

      SHA256

      8aa0a23cac821883f7575d709df3493d42234edd4e661c9a3a08035982d77b0a

      SHA512

      cda5ec271499758f9af0c1c399411b869ffaa797a87472b46c04c0bd1b53080fab7a0cf26bcbab2407d081b150fbec3366abda4595acad536aa7ae2112a94e40

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      f2cbaa5ac0ddbfc63d0961f0e71d196d

      SHA1

      d85493ffd5ccac55ac2f41a6cb18275b906792a5

      SHA256

      0ae174ae78593a7a0f04da9a0efbe840a12ae86b9c172bb4fd5c33a77b1e4296

      SHA512

      58b503751d55856eef86c6b98ff0500b2de89dc9eb6f85ebb5360615dd86812bb1d0af5725f0dfc12777d571500e95af9a4bfcbee2e4fac42f9be11462c93840

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      ff95d2a6222daf9580b5d64da3c09739

      SHA1

      3c616e7e3a645143227b319f75f6a616b2c6305e

      SHA256

      54cfc514681b714ce8695b73fb943d7f10884ad7d773309fdccfcfeea92feddd

      SHA512

      f00083c0f134d1d10c75f86e597c898f95d0bf01026e712f3d0a6c25453137c6decb4a3efc95352044af7ff3e9426043f0fa863b1cff4881f02725521b954726

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      4e2504f2650b9e32c4b12ac0771d48f6

      SHA1

      708e2e76ee1aa66b7e39357200809e5350108e91

      SHA256

      fee1163489f31de73b5a0c014cd43c0e92f2a881ff7f257b5929eec4670db07e

      SHA512

      288319359dfa9b46ced9334575bb7debed70ba95d334bd9f988886aa9c3c0e8490b5d1022843ccf36137357e55f26239d1351bb498df3ed227c8b834d7f9680e

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      7100a8e21480e9f589f51c7aa5ded52b

      SHA1

      b5239e0e741fee23ea0dca62b32b18d762f0d9e0

      SHA256

      1aca51839abc8e94660f4b7bd0fae695c7dbaef7f0d370c158cbcb3b387d6134

      SHA512

      48a2ef28802cc3bb8d77425676c484ce5f5f48ebedef5be0548002bca923725293e4743c42992492059e0d85fa14b4043730e430b4826e04040a64e89a277964

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      2f6112d13ac97dd8591c8863730d7cbb

      SHA1

      fd2e1ee6f0fb39bc6aae08b0d6c377ab1c925201

      SHA256

      52113dc65a407926c77d5547581640f924b93f721ebf2da8d48ff5af0b522642

      SHA512

      72ef4a9f9962ee13ac49489c8a63725d629a09e9d2c7505b0f7b9ea1e375680849ae5062dfdab3031a9bbd6361343738e92a47ddde9c1ecb73b94ed8b1e1a916

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      6ff9119c588cae297c37384992a95493

      SHA1

      6109f039a2e020a80407ab477dfd9844b71df657

      SHA256

      16c365b6ca044bb7277b52facdaf5003a55a8380dc8ec314fd03a4a2f851bc65

      SHA512

      010a87cb01f57eb9e5ad7472e23b42dc41822b2a757012b83698252155ef1cf85b6b5c5aa4131928219764d6d1fef140c5db68e265b7d7cf4e86a095d0327002

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      bfa0e39b2082998c25527ede9f8efc78

      SHA1

      1150d3619c338222f606dd8225cc18ec9378655b

      SHA256

      48ef5534b722706e36dc791dee52ef25b318067baf267eda2ea0008325c13909

      SHA512

      119d4191b6484bca6efc322fcabbb36b5293c34e22421f3bd26368f0bfad8a5061d3e647657bb48a60b18b152402c96a49ee33f4ea0771268895c733cb94ff10

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      25aedc86a3b347334b623de5b3bfd4e3

      SHA1

      fd440a4f3687a12d077717b9cd8f3e78fac1880e

      SHA256

      554f954a61261d51f50db97d6b66bd8fb380dc4cd690ea21da30239aa679ff11

      SHA512

      7574c8cee242e742837f50548b6cfe3ba48a33627320801e602e920f93706f36dc17ff6a03636d4c637018270dc3a592550ad3aa39964481eba4fb68bff1ff55

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\CabD7CB.tmp
      Filesize

      65KB

      MD5

      ac05d27423a85adc1622c714f2cb6184

      SHA1

      b0fe2b1abddb97837ea0195be70ab2ff14d43198

      SHA256

      c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

      SHA512

      6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\CabD8A8.tmp
      Filesize

      68KB

      MD5

      29f65ba8e88c063813cc50a4ea544e93

      SHA1

      05a7040d5c127e68c25d81cc51271ffb8bef3568

      SHA256

      1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184

      SHA512

      e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\TarD8CC.tmp
      Filesize

      177KB

      MD5

      435a9ac180383f9fa094131b173a2f7b

      SHA1

      76944ea657a9db94f9a4bef38f88c46ed4166983

      SHA256

      67dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34

      SHA512

      1a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a

      Download Submit

    • memory/764-1-0x00000000001D0000-0x00000000001E4000-memory.dmp

      Filesize

      80KB

      Download

    • memory/764-0-0x0000000000680000-0x00000000006C9000-memory.dmp

      Filesize

      292KB

      Download

    • memory/764-2-0x0000000000680000-0x00000000006C9000-memory.dmp

      Filesize

      292KB

      Download

    • memory/1756-5-0x0000000003AF0000-0x0000000003AF1000-memory.dmp

      Filesize

      4KB

      Download

    • memory/1756-4-0x0000000003B00000-0x0000000003B10000-memory.dmp

      Filesize

      64KB

      Download

    • memory/1756-16-0x0000000003AF0000-0x0000000003AF1000-memory.dmp

      Filesize

      4KB

      Download

    • memory/2372-6-0x00000000002A0000-0x00000000002A1000-memory.dmp

      Filesize

      4KB

      Download

    • memory/2372-8-0x0000000000390000-0x00000000003D9000-memory.dmp

      Filesize

      292KB

      Download

    • memory/2372-9-0x0000000000470000-0x0000000000472000-memory.dmp

      Filesize

      8KB

      Download

    • memory/2372-7-0x0000000000390000-0x00000000003D9000-memory.dmp

      Filesize

      292KB

      Download

    • memory/2372-13-0x0000000000390000-0x00000000003D9000-memory.dmp

      Filesize

      292KB

      Download

    • memory/3004-12-0x0000000000310000-0x0000000000359000-memory.dmp

      Filesize

      292KB

      Download

    • memory/3004-11-0x0000000000310000-0x0000000000359000-memory.dmp

      Filesize

      292KB

      Download

    • memory/3004-14-0x0000000000310000-0x0000000000359000-memory.dmp

      Filesize

      292KB

      Download