Overview

overview

7

Static

static

7

64f63f636d...c7.exe

windows7-x64

7

64f63f636d...c7.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    130s
  • max time network
    152s
  • platform
    windows7_x64
  • resource
    win7-20240221-en
  • resource tags

    arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
  • submitted
    17/04/2024, 09:28

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    64f63f636d94aae230bf7335fa16bda518c3139331608f5cf439c0b48368e7c7.exe

  • Size

    1.3MB

  • MD5

    12b6a8a6ef451c98df2a031e938a5607

  • SHA1

    dbed80b3aeddbc3b6cdebc30943ab00c5f3bdc37

  • SHA256

    64f63f636d94aae230bf7335fa16bda518c3139331608f5cf439c0b48368e7c7

  • SHA512

    386ac786bebe215c35650d67dac0df9330dc5f6a8d340ac35a028f6aa535470baf9eb836f9d4582123416efd8e912ac035aa4952d6746ea966fcd3a9871ec061

  • SSDEEP

    24576:0U9QklrLjwi131W+I9fW+isuu14NIB/y6FcQk3:BQk9PwizWL9fWnq1p4Mk

Score
7/10
upx

Malware Config

Signatures

  • UPX packed file 2 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Modifies Internet Explorer settings 1 TTPs 64 IoCs
    adwarespyware
  • Modifies Internet Explorer start page 1 TTPs 2 IoCs
    stealer
  • Suspicious behavior: EnumeratesProcesses 4 IoCs
  • Suspicious behavior: LoadsDriver 2 IoCs
  • Suspicious use of FindShellTrayWindow 2 IoCs
  • Suspicious use of SendNotifyMessage 1 IoCs
  • Suspicious use of SetWindowsHookEx 9 IoCs
  • Suspicious use of WriteProcessMemory 8 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\64f63f636d94aae230bf7335fa16bda518c3139331608f5cf439c0b48368e7c7.exe
    "C:\Users\Admin\AppData\Local\Temp\64f63f636d94aae230bf7335fa16bda518c3139331608f5cf439c0b48368e7c7.exe"
    1⤵
    • Modifies Internet Explorer settings
    • Modifies Internet Explorer start page
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:3012
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" https://www.baidu.com/s?wd=www.mtmdfz.org
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:2992
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2992 CREDAT:275457 /prefetch:2
        3⤵
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:2972

Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC
          Filesize

          914B

          MD5

          e4a68ac854ac5242460afd72481b2a44

          SHA1

          df3c24f9bfd666761b268073fe06d1cc8d4f82a4

          SHA256

          cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f

          SHA512

          5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
          Filesize

          68KB

          MD5

          29f65ba8e88c063813cc50a4ea544e93

          SHA1

          05a7040d5c127e68c25d81cc51271ffb8bef3568

          SHA256

          1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184

          SHA512

          e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357
          Filesize

          1KB

          MD5

          a266bb7dcc38a562631361bbf61dd11b

          SHA1

          3b1efd3a66ea28b16697394703a72ca340a05bd5

          SHA256

          df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e

          SHA512

          0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC
          Filesize

          252B

          MD5

          279864745ce2fb83a90c71ffa6b65592

          SHA1

          3d1a8dcfc0891be4dee2ebdbea93debb67eb3217

          SHA256

          2c46ba3d71aa53f4742af8c079fd9d1c6d2dc1ddd6361826e4128fd422162ac3

          SHA512

          b94d3dde3f96baf36f69b8b41f765fa0a280db4eade2a3dbd82b31c7d559e1e3f628f6158b5432cc584482274f489c827ae35ea0f285cdaca45678f2cf350583

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          304B

          MD5

          0f49dae5069fb2871773a14000294db5

          SHA1

          62090c3f4dddf5584f84c29ab35151303093a7aa

          SHA256

          7f2b00af7549c243383160ec1fb77544ccb955d505710b84b45f68d61a6d668d

          SHA512

          8e8867a2ed03c78e8ed53d1aa4a426ed28179a85889d0dd6ffb76ec65b3b01627c61dfeb3c5e8f72fc10d9063fa27236302bc217c30fbfe9011d92c7c2292b79

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          304B

          MD5

          686a7f8357acdf56d3937dd0ebca55db

          SHA1

          1a76a18b2dbf1f31f014e3450396dd9c563593ee

          SHA256

          63bf05f11c5410d5068e07dd58430ffa9b2bcdf3b7033c29f661d3fc4ef2d1a1

          SHA512

          3b3002e54e7d5875c5235e8b4823ce5b97f29311df25b2cdc7fdf62f0270eafee946e6d5a9fb3b1abda56bfd85cf3205311c1ed2ef5f33a17eb92e943e5bc868

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          304B

          MD5

          c272fc122372efbb457ccea2af9a285b

          SHA1

          59d3611b1a4b6b0febfee92f05a2dd5d255e10b4

          SHA256

          76907a77e1cae1523a077eb8c1ee2e86e75b099e9115e9d9fdb3810884972623

          SHA512

          5df768bc1b0d9cb3fe83a1eeb7bc295a70d1fa1cd25d77874b58c875122a0c08172bf69fdfd7bb3697b7e9f6589b1b157f72340a4754bdf31f0525c9d4f15cd0

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          304B

          MD5

          d9a55aa2265b9ebcbb1e26c8b07eed7c

          SHA1

          0403f04e3cb838872089206ec2de9de8f1b41c0d

          SHA256

          e497bce3acab235ae3f3217d13e6e52442b25b08052a3f5077bbb76d28be2e01

          SHA512

          05fe7885e6a2d43f81c1a842a92c888e88a3470150b9369016838290b2204052ef57ca8de4e9f75435ad0fc3e2f88562a6b6c0293e10a2ae416aaebf321777a0

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          304B

          MD5

          efb2822053ea57038361674bd7e33587

          SHA1

          6f500e9fb7bc481b232eb4494452272bb37ceac4

          SHA256

          86fc2b6ab2d1cdf0755233486c56509c837ec35b37eb57208fdb37362522aeed

          SHA512

          98968e0e8babb134c27fb4f1125c90386a386e53c3546f1e18ef566b6435a129333ef8649377518903ffea74e1d507dec318d422c248c7791e839cef37787f04

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          304B

          MD5

          ef26c31c605fbaa43119312aba3c3f2e

          SHA1

          1fa58debf703d430570dd359c5d19e4b34fb4b5f

          SHA256

          fc7e9c8083dd8b6858896cd442428c0f2093dbb1929706b337075d92104da2bb

          SHA512

          038df761a87a56678dff226eaf97da94f85b0093feb7f43ffb3a9906b1a0608c9aa179da6e8dbfa757a157956d9c072fdd6f725078a6eb79392ccd58b98f9111

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          344B

          MD5

          c7feec1ca75022a595da301d098a27f3

          SHA1

          58ce0e83dcced319621a380a5bc357aaa23125cc

          SHA256

          2aaf09cac428eedec6b515e7b3e3c25db9468752299260e993748262c2d0e1bf

          SHA512

          9f148cd6bbcf215fb7f0ad9ebdc757df73074c7507b4690db4d089725a5221517f9b78b7ab219396cd9689ab0bf50fdf92cdf8c63738ead58405bdd9b718dd55

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          304B

          MD5

          abdcab491b88b5e5471fa25689b72c2d

          SHA1

          b6f2e5bf68700be2d1f3341be970fe531359b893

          SHA256

          6046a8df59761342fe73489a713b55d6c0ba9cde69d0dcfd6a270dae00ebc14e

          SHA512

          f86d0d359eacc8785b2a233bc7ac69f66aad5cdbfce60fc488c985acd7c8812fa1727df0369862b43a99a4af7db6f794fd89c3eb7978955e8f9b23c3c401a089

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          304B

          MD5

          2fb3632711a53c93288b941eca121d99

          SHA1

          aebedeaaf1c77a8cb2d213fb67bba9326091f119

          SHA256

          6cafcbc6162e078050f491b943dccd4c6d4d8dcb07290c2550c60c267b193808

          SHA512

          cdb086d68c678cf41c6dd8dd04f751f6a115f900b5fe3a66fee876d0dd06b847d7507dfdcef6b79565cb61616a8ac973dfd0c242b2f909005651a55bc35aebd3

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          304B

          MD5

          8c0609a4bf53d23e0e1cca91a00a5712

          SHA1

          6dac655faa6bdc2f2b7e4c5cfbbe5e1736da97c1

          SHA256

          46d3f6db6b7f2cef6cbb32daefeb4f2d0de57073ed02c2bc59cad77277e7b2dc

          SHA512

          0df1e24572e5dbb3b501c0eab2d6a7334001ec27686beb2cbdcbf8f013bcd55a3b9fc703610eecddb54ba435a59e2aa32e31ba1819e363906422c766955a7a03

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          304B

          MD5

          b1a8244df442a73a651d97a842fae279

          SHA1

          a4472b8fbadaac363b2c05de2ad8a3889e81eb82

          SHA256

          30c4b00f28ef0b17c335a564f0b9caa8cbd0af6dcbfd0b460cea554410cb92e2

          SHA512

          fa51220525ff0af536b511af91e7cdb4d3794840a6548b7a335922b7eddeb5d410561d1bc7000792089b7a7524a9abe5bb7513d8d862bb0c272962fed6faf328

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          304B

          MD5

          2e793edc6056561577285f3f5daa7262

          SHA1

          ab3052db82f228911579728b5c72244921021099

          SHA256

          2d4eb318138a5e4de17d679196705c60b0aa834497c2df4c551cddf9381f0feb

          SHA512

          a00b5b859d3dcd036989902e3774d7615863027cce7747af0b11dd8a17be991d8f87bb131e245fb1e5cc8f6d7fd28280c4e602c9f867284d4ba560c8dbb8394a

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          304B

          MD5

          4ba10d3b9b7822463aafbcf79cd9ff7b

          SHA1

          e63f4c0d0ef9190a54b3a8ca57ae99b40b44ddec

          SHA256

          533f40d10aee4a58bd7ebbabc56b60709b57f9d9078ac73eb21d73a2d00245bd

          SHA512

          5cec94d7318fe6d0cc0668e42fe352a48fc0ee733af606ed6d7ff8c3a3b54eb2d07bb6d8e3fb58cbb877caff7beed8d961db79d2bbe61d25b3329ced8604efec

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357
          Filesize

          242B

          MD5

          ded46c63a5ed69192b5051642fb6c2e3

          SHA1

          5f3531c40088111bfbaf60214b1cd10a58ed27c3

          SHA256

          7eaab246850d89e82d034c31cbeb75395e8f0ab8fbb0d64278e31a6d1d4a9a04

          SHA512

          1336375dc755b0956ef65555c4725dda31b5627a9ae686f3c1e729de2c5c8aa4cbd0c51f888873c8fd11c7a19310e7ce845c6eb8d5c47ebfedd4353ba0914ab3

          Download Submit

        • C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\VPMJOWEJ\www.baidu[1].xml
          Filesize

          1KB

          MD5

          007e7520f64272c26ab5531f6202dca3

          SHA1

          d6102c908e8173413f212bfeb0a7b98d789c36ed

          SHA256

          0fbdc8e0c4be89de3759c3b42feb069b704e3c7d4b1d53698f5bddb382036365

          SHA512

          53c5496d256d90877f8870eca4bc6127907eeb2f941015b503cfc8142d66e8452cf23eea0a35310b68e349326086c6468155e9c6cccc5f742eb45241df469de6

          Download Submit

        • C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\VPMJOWEJ\www.baidu[1].xml
          Filesize

          1KB

          MD5

          9197cef362dc92d74fded199ddf5a4c0

          SHA1

          09e432e4df0da7fbc5fa1bc77425f306e33c50c4

          SHA256

          8dd7141f46631b30461ff50bd546a55742b2d618e41d29a3a6bd3554bdbbfcf5

          SHA512

          9aa000e7a9be4a73fe46b9fbd99a41a5fac5156b2c8c24f7f865f58ee4a0fd2b1baffd4baf175114b1c3f79745efe6304216f22fa45713b935a1a6bc993c7e27

          Download Submit

        • C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\VPMJOWEJ\www.baidu[1].xml
          Filesize

          4KB

          MD5

          b39b42e8dc885637492fe17a80a35862

          SHA1

          471e13893381563d65fdd118ae9b252c646404f1

          SHA256

          3a5e49ca2869591fdf5013cda77059fd09b1dbbd5c0ea6e0662a78a6c2270603

          SHA512

          b155405606f03a2a268e28749288202766588c2f7e8603fe7429af4b97ecbd151ac73abd63f9f27bca5dbf8464b18853e801d177051a422721171caa8a75590c

          Download Submit

        • C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\VPMJOWEJ\www.baidu[1].xml
          Filesize

          13B

          MD5

          c1ddea3ef6bbef3e7060a1a9ad89e4c5

          SHA1

          35e3224fcbd3e1af306f2b6a2c6bbea9b0867966

          SHA256

          b71e4d17274636b97179ba2d97c742735b6510eb54f22893d3a2daff2ceb28db

          SHA512

          6be8cec7c862afae5b37aa32dc5bb45912881a3276606da41bf808a4ef92c318b355e616bf45a257b995520d72b7c08752c0be445dceade5cf79f73480910fed

          Download Submit

        • C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\VPMJOWEJ\www.baidu[1].xml
          Filesize

          364B

          MD5

          aae2383bfb8a314e9558eb5260413da0

          SHA1

          0cdf2fbf907eac811a0ebc2bc1e7c69d9035c076

          SHA256

          2c4fa46c2462e9973e327cf6bd919aeb78f9f2828f9cb5f602efa0a6a6a79a11

          SHA512

          3ad8288b3595f5e4c82a99b5485543266694995ed150f3ec2e04f6715c952c9991ed2d4b6936a34b5ba9c3a456b3f27dc78d25cb4894662677057affedb2cd04

          Download Submit

        • C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\imagestore\q905y6j\imagestore.dat
          Filesize

          16KB

          MD5

          763436124107ca4344368552612d763c

          SHA1

          e14ca2ba848efbe85586e10dd98e34fbae2be854

          SHA256

          9dcf4e17e96561508d629699d9e15bffb4456fe77506465e0c9c04bdcb3281cf

          SHA512

          5edb9d54a33a3fc62408d63d34c74ac6817cb1d6f4822d6c236ccda39632b95b60ad7f923d9f1d035168d5c9382a3d2c4e0bc4c35eaacce820109d5ce3c4ca59

          Download Submit

        • C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\U8A9A2DI\favicon[1].ico
          Filesize

          16KB

          MD5

          717b138033a41361b32b60fc5062ab2a

          SHA1

          af9841b6f0923f890f41feec52c94a0cd68f01d8

          SHA256

          c70088079fe9441a726c66ce0e73ae38315ec80051d3dd542c41b82fa0a1993a

          SHA512

          1985bf59c3ee8289bbe55fbe572371d1f401949e6a0179b35ca89e292173780956161feb257303fe9ff5fd2898ca7fd6105eb1796841ade0e1124eeb89aa70ac

          Download Submit

        • C:\Users\Admin\AppData\Local\Temp\Cab6C6B.tmp
          Filesize

          65KB

          MD5

          ac05d27423a85adc1622c714f2cb6184

          SHA1

          b0fe2b1abddb97837ea0195be70ab2ff14d43198

          SHA256

          c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

          SHA512

          6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

          Download Submit

        • C:\Users\Admin\AppData\Local\Temp\Tar6C6C.tmp
          Filesize

          171KB

          MD5

          9c0c641c06238516f27941aa1166d427

          SHA1

          64cd549fb8cf014fcd9312aa7a5b023847b6c977

          SHA256

          4276af3669a141a59388bc56a87f6614d9a9bdddf560636c264219a7eb11256f

          SHA512

          936ed0c0b0a7ff8e606b1cc4175a1f9b3699748ccbba1c3aff96203033d2e9edabf090e5148370df42fbfc4e31d7229493706ff24f19ff42ff7bef74a6baad06

          Download Submit

        • C:\Users\Admin\AppData\Local\Temp\Tar6E66.tmp
          Filesize

          177KB

          MD5

          435a9ac180383f9fa094131b173a2f7b

          SHA1

          76944ea657a9db94f9a4bef38f88c46ed4166983

          SHA256

          67dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34

          SHA512

          1a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a

          Download Submit

        • memory/3012-189-0x0000000000400000-0x0000000000735000-memory.dmp

          Filesize

          3.2MB

          Download

        • memory/3012-0-0x0000000000400000-0x0000000000735000-memory.dmp

          Filesize

          3.2MB

          Download