Overview

overview

7

Static

static

7

e0241c06a5...f6.exe

windows7-x64

7

e0241c06a5...f6.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    91s
  • max time network
    142s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231215-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
  • submitted
    28/03/2024, 02:44

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    e0241c06a5fa94ae04091a6056b1a0f6.exe

  • Size

    22KB

  • MD5

    e0241c06a5fa94ae04091a6056b1a0f6

  • SHA1

    6d77a26563fc68da2bc3ceea06e509b4267a12f3

  • SHA256

    2c612d3697404e6cfdbf9b05a4c7f59df4ae958384d122bdfefbe3416464a4cc

  • SHA512

    90ffc22b3a6ff2a8dfc0018a89cdd8240013da49b8ae8185a0e153391cf5d76f9cd6eb954d9681b02c702ba54e7a784cfd370f2a19e9d4cec37c13c0d3413cd1

  • SSDEEP

    384:todW6cDBBc77IUcism46ssaROnGQXmJWExL7fLW21CA0hogRuGxl4zXDKBTTcHOY:QWDBVUc3mR1GQa7jW2gzogEElwOiHO

Score
7/10
persistenceupx

Malware Config

Signatures

  • UPX packed file 2 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Adds Run key to start application 2 TTPs 1 IoCs
    persistence
  • Drops file in System32 directory 3 IoCs
  • Modifies Internet Explorer settings 1 TTPs 30 IoCs
    adwarespyware
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 9 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\e0241c06a5fa94ae04091a6056b1a0f6.exe
    "C:\Users\Admin\AppData\Local\Temp\e0241c06a5fa94ae04091a6056b1a0f6.exe"
    1⤵
    • Adds Run key to start application
    • Drops file in System32 directory
    • Suspicious use of WriteProcessMemory
    PID:940
    • C:\Program Files\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files\Internet Explorer\IEXPLORE.EXE"
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:3892
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:3892 CREDAT:17410 /prefetch:2
        3⤵
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:4440
    • C:\Windows\SysWOW64\cmd.exe
      C:\Windows\system32\cmd.exe /c C:\Windows\system32\Deleteme.bat
      2⤵
        PID:4368

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776
      Filesize

      471B

      MD5

      89d9c1832bb0bf6c0ac4f4f1a8aa8e34

      SHA1

      ffbf146c95ab397221ab64bf86ea7860215bd2bc

      SHA256

      ea77392b236dadd980941d2ef3e421760bb459df2101b1f066babab767d8a187

      SHA512

      9d8cf975d521daf51acf97b13c20e0bf6f8c0c35ce39c6d2a075fd8009709be58d0c065e184a6df0a790035ed3ab239bbfad7cf0003e6c25153086a37b13250d

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776
      Filesize

      404B

      MD5

      8b1d3b5eb35eaafa33d51f366fcbdf1f

      SHA1

      17f473b4e8bd43efb81da327e124b3e84abb4de6

      SHA256

      6e433b9fff2aea49b443bfdb3334679ace35082cd161dd57eef2d179259f6a0c

      SHA512

      6b4833399cf7cabc762ce6da15a38b3ca510f9fcaa6b2fe08ba794b03618e8219f8814be2e55e20ffdd628cd4b190cdd729b32d705b094973fbf9e8ef440063d

      Download Submit

    • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\UG0DPB4T\suggestions[1].en-US
      Filesize

      17KB

      MD5

      5a34cb996293fde2cb7a4ac89587393a

      SHA1

      3c96c993500690d1a77873cd62bc639b3a10653f

      SHA256

      c6a5377cbc07eece33790cfc70572e12c7a48ad8296be25c0cc805a1f384dbad

      SHA512

      e1b7d0107733f81937415104e70f68b1be6fd0ca65dccf4ff72637943d44278d3a77f704aedff59d2dbc0d56a609b2590c8ec0dd6bc48ab30f1dad0c07a0a3ee

      Download Submit

    • C:\Windows\SysWOW64\Deleteme.bat
      Filesize

      184B

      MD5

      a84843109de70c08c1aba4cb0311513d

      SHA1

      139e749a94cfee2a111b690bec87c716afbb9540

      SHA256

      a28e91e0db9adcef332131e1c2f379637ace36f2b81f414195c75f71cdf8fc4b

      SHA512

      dc0f12bbd1885ba90440d8b3383534fd4f02b2fe6c440f55c96fd3aa9b389e1f740544cb265044aa7d9d4f0a2b133ff7109e978edc0bbf0a0e45715a8b9f4e6f

      Download Submit

    • memory/940-0-0x0000000013140000-0x0000000013155000-memory.dmp

      Filesize

      84KB

      Download

    • memory/940-4-0x0000000013140000-0x0000000013155000-memory.dmp

      Filesize

      84KB

      Download