Overview

overview

7

Static

static

3

1262780267...ac.exe

windows7-x64

7

1262780267...ac.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    122s
  • max time network
    126s
  • platform
    windows7_x64
  • resource
    win7-20240221-en
  • resource tags

    arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
  • submitted
    20/04/2024, 18:50

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    12627802672a21988bd5dbf6878b6af463d1b795ccabdcf6eee672114eb883ac.exe

  • Size

    469KB

  • MD5

    a03de9b039dc6c75c07901e582e994dd

  • SHA1

    5759d2d4b96908c246fac71104f160cb923db01f

  • SHA256

    12627802672a21988bd5dbf6878b6af463d1b795ccabdcf6eee672114eb883ac

  • SHA512

    8c1cb7323a865d7453b6e159f03eee60f5e3dd8e862303a82639c969f6c819038b3eb2ef24ee0f2f8070b5097e44e6e24b2348600d17699b0ce63feab2b2659f

  • SSDEEP

    6144:nm6UslCPvZVSOpsk9KUpgqyXoeeuILMl9KqvmUKjjBSAzco5RbaucCNNeABSYk9c:nmDsl6ZVVppDruIUapsRpSJ

Score
7/10
persistence

Malware Config

Signatures

  • Executes dropped EXE 4 IoCs
  • Loads dropped DLL 6 IoCs
  • Adds Run key to start application 2 TTPs 2 IoCs
    persistence
  • Drops file in Program Files directory 9 IoCs
  • Modifies Internet Explorer settings 1 TTPs 38 IoCs
    adwarespyware
  • Suspicious behavior: EnumeratesProcesses 7 IoCs
  • Suspicious use of AdjustPrivilegeToken 5 IoCs
  • Suspicious use of FindShellTrayWindow 4 IoCs
  • Suspicious use of SetWindowsHookEx 16 IoCs
  • Suspicious use of WriteProcessMemory 24 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\12627802672a21988bd5dbf6878b6af463d1b795ccabdcf6eee672114eb883ac.exe
    "C:\Users\Admin\AppData\Local\Temp\12627802672a21988bd5dbf6878b6af463d1b795ccabdcf6eee672114eb883ac.exe"
    1⤵
    • Loads dropped DLL
    • Adds Run key to start application
    • Drops file in Program Files directory
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:2188
    • \??\c:\users\admin\appdata\local\temp\wmpscfgs.exe
      c:\users\admin\appdata\local\temp\\wmpscfgs.exe
      2⤵
      • Executes dropped EXE
      • Drops file in Program Files directory
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of AdjustPrivilegeToken
      PID:2560
    • C:\Program Files (x86)\Internet Explorer\wmpscfgs.exe
      C:\Program Files (x86)\Internet Explorer\wmpscfgs.exe
      2⤵
      • Executes dropped EXE
      • Loads dropped DLL
      • Adds Run key to start application
      • Drops file in Program Files directory
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of WriteProcessMemory
      PID:2740
      • \??\c:\users\admin\appdata\local\temp\wmpscfgs.exe
        c:\users\admin\appdata\local\temp\\wmpscfgs.exe
        3⤵
        • Executes dropped EXE
        • Suspicious behavior: EnumeratesProcesses
        • Suspicious use of AdjustPrivilegeToken
        PID:1876
      • C:\Program Files (x86)\Internet Explorer\wmpscfgs.exe
        C:\Program Files (x86)\Internet Explorer\wmpscfgs.exe
        3⤵
        • Executes dropped EXE
        • Suspicious behavior: EnumeratesProcesses
        • Suspicious use of AdjustPrivilegeToken
        PID:320
  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" -Embedding
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:2504
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2504 CREDAT:275457 /prefetch:2
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      PID:2272
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2504 CREDAT:275468 /prefetch:2
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      PID:1124

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Program Files (x86)\259417853.dat
    Filesize

    4B

    MD5

    4352d88a78aa39750bf70cd6f27bcaa5

    SHA1

    3c585604e87f855973731fea83e21fab9392d2fc

    SHA256

    67abdd721024f0ff4e0b3f4c2fc13bc5bad42d0b7851d456d88d203d15aaa450

    SHA512

    edf92e3d4f80fc47d948ea2f17b9bfc742d34e2e785a7a4927f3e261e8bd9d400b648bff2123b8396d24fb28f5869979e08d58b4b5d156e640344a2c0a54675d

    Download Submit

  • C:\Program Files (x86)\Internet Explorer\wmpscfgs.exe
    Filesize

    473KB

    MD5

    11c5cf1957670750f0267c0e50dbaa9d

    SHA1

    d36f4e5578cf98aabf21ece9550f2e99252ccd92

    SHA256

    64e334083ba3b1dad03c42f386ef2be61b82e01705cbb510e04ccaff98778465

    SHA512

    3d492184f451da65c4bfd0561b4b7478b7e5a0afc5d36e03c515a21b09b16ffb4a4d8f5d02e4fdd649fa6f57f8261ca0af193e874afc13675008a1bcdec940b9

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
    Filesize

    68KB

    MD5

    29f65ba8e88c063813cc50a4ea544e93

    SHA1

    05a7040d5c127e68c25d81cc51271ffb8bef3568

    SHA256

    1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184

    SHA512

    e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    8256de5aa6db89206fe21d9424b1c780

    SHA1

    72377faee43e2af821eb1bed9e87f7c668a5c474

    SHA256

    65a0f20eba6a2c6befbab3f5b061af3fdd260424a818a8e0e3ced8c1b6b23dbb

    SHA512

    3f8f6a380bf2326634c16c14556040ef9314009cdc960e45537fc4244162f28553f7db570bb03cedac8351e03c2e30659b1c5a5324cb89fdc58292d4e9db57e1

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    572f30f2bea3d73cf25a18bd219563de

    SHA1

    33c292bfff5d52523ca7c6f077baeed7f284f65e

    SHA256

    8ceb21b3ebe18ba70f458abed4b7c77889dca434baf26f747b547c0a3654a8d7

    SHA512

    d0eafdf47bc3711b64fc1e6c4eabd42992e2c9cce29ce6e3969cd2d236cdb297e3f2a7ceb7aed456c189f2d66ed6d019c283d332d04887c8b2bc35b94131a73c

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    4a22efdeca4c0659b163a27f35cef996

    SHA1

    25a887debc7abc6f8d0956bd43306f748aa47486

    SHA256

    05de72e7abd8c664498ca9cf2184d36a8a7f2e454a49b9df6ebe24c25e367615

    SHA512

    af9970dd7416af7fb6157de4c169db73f296bdcd067d2d565be551a97c20208659b4edb49ce777912f270aef556b8ab61f5abbb1093b83713b817995da059fcf

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    4c90a859251f0f7ea6caa85227689bb8

    SHA1

    db6fe50f9cfb3c8a1642bdbae07b9a508b1862b4

    SHA256

    27158b5303e854c91fd85f5d74af51a35d6b299eb1d4aba4698baf36ca3ce486

    SHA512

    9971d9c91f18c79686fe707fb2440440fff680b6194b018f021af90b9a874f507d510db074b700d8ab42fbc231d9170ed45279562f3c81d5c2e634d29f382565

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    62c0aae301cb3dfb71072e254e244ab5

    SHA1

    b82161923e11e77ac94b8a35b3a7bebc9d0d6577

    SHA256

    096f6d735599bd2aa4f70dea29a6120575c721cfb9ba787f0f8f5a95b60b3a19

    SHA512

    04f468f6c137ee46378732e5aecf21365eb096d5929dd4672367dd5a597361c92d064f56f4aae49eedf93f440e5fb2459104dbc643451cc69d70e99c2a03c208

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    f4a8ff062f85fd55a6699d3483cfc7b7

    SHA1

    e19382ee77c2b66f4c9fcbb3e89e2a1cea18a2a6

    SHA256

    239fc5f9b87f361c1dfa8ba437befeb546b3885dd53328659789da3a2546c4f0

    SHA512

    01a58ea5ee915a7ddc44a87fa798634448457da4500483940a680fd31bb1180c63ed120262196dc335270f9f035cec8c5f8e7a52bc7b949cefe6a41c97f8d319

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    f54011516c709634466ca7fbd6b3740c

    SHA1

    3ed9edbbbc3beb584ae26029911513560761b1d1

    SHA256

    ac23710b75c28cf095bbcb9a96621550f6f37d85db60d17e573131cffa04fdf2

    SHA512

    fc82e8eee30cc4a4b3ef5ad4455c3f5bce009309c8c68dd34285641bca2c43d9b5c40a2787dd42f479fcd9ed6343d8e8a16226acb733e5c05c48cc7cd1d785e5

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    eb3bf77a97e3f0ac8c42999cca2ca26b

    SHA1

    d7555f8caf3fc8750518c60e19e3b2f5a8780313

    SHA256

    487c9c6bedc4e422397284185905e5def82ad6edeaca2c5d79386a4f4c2d41dd

    SHA512

    092357cf138faad4743e8032ca05875428ad8d62306fb94b194ed72c86e4f1a7c2d167617d4d1329fad57cff210de877e69a57252cb796c0f147369dabace66b

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\5OCCPTL4\butSCFbnX[1].js
    Filesize

    32KB

    MD5

    4c0f57c52b87f02f9d2ed1ae3859243a

    SHA1

    8942e2891e8e847934a601d561f4683d169c3b88

    SHA256

    999eda15b8baaf116b1df2c02cca93e903773d939229ea3bf6a8a981815136e5

    SHA512

    2e471e9bf4d2cc8f81f1ffe0e969a54d5d4e1776507ba82a9e9a138b4bc249c0a7875e31c3fa22faf0546841bafe436038cb12f04b3490a13babef99b0c82b5d

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Cab846E.tmp
    Filesize

    65KB

    MD5

    ac05d27423a85adc1622c714f2cb6184

    SHA1

    b0fe2b1abddb97837ea0195be70ab2ff14d43198

    SHA256

    c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

    SHA512

    6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Tar8B39.tmp
    Filesize

    177KB

    MD5

    435a9ac180383f9fa094131b173a2f7b

    SHA1

    76944ea657a9db94f9a4bef38f88c46ed4166983

    SHA256

    67dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34

    SHA512

    1a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\wmpscfgs.exe
    Filesize

    499KB

    MD5

    0334e40cecd28c62007e313f4eaeee0f

    SHA1

    106d5df73556c22a739ac744ea80b9b289d4229e

    SHA256

    9234da7657b5783b5e0a5e57bfb678c2232462fa7bfa10f9559d437627720598

    SHA512

    45eba23b8015741eb896bdba6d4fa0b82537a4336e8d543fef15dc329833961df273db700f12fdf8e33fcd82d77b30c9c54a93c983e0425a5269f6d5cbbc0abc

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\wmpscfgs.exe
    Filesize

    489KB

    MD5

    66664dc45fc0c546b2c5976d6082f2a4

    SHA1

    dedb2ccd8752cdcff8a4815d6eba761c7ba7457f

    SHA256

    a0b310f452155ce75c1564b85b3cd522fcd2416765052b86bec91c8b2d90db22

    SHA512

    23698c2a3097b4b029776e6135248cf29beb3b11b074669a601ff56c3ac744420ed186003d886b19a7cc10acd32cb33e9bb0c82b89190713841cd4fc9703b995

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\~DF0D992913B1D7CF8E.TMP
    Filesize

    16KB

    MD5

    fe5849d4fce95e075b49aa5ce5954dc8

    SHA1

    76304b2c7c9549b3e9ebc45ba24e3f22c5a0b3c9

    SHA256

    892c125bfb014dff190623b4e3af39a168ed9ab1b28838091054529661d5ed18

    SHA512

    445f5fc9c1ab910c12223331c28c8f378ccee6c3d4542584deffd403b7a44043f45a5232d9c958d19f6115be8e9f09a26bd9a6cfd1d974561da66f05279272be

    Download Submit

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\1QPA29MA.txt
    Filesize

    107B

    MD5

    8d321b670dcc3eaa86a2bca4921265d1

    SHA1

    052bbe6c62dca237458196c2739f1d3851d199f2

    SHA256

    23f6c2b401bb3ac87cc2fc012df9ba76524a04f7fcac21394c5880831da96314

    SHA512

    81a2b4a39bfe05e5a7204d3689fdc688f8686968bf32a9dd74ae3633039648b9de9335fe00262a88bce78771c2a525ab2d108ecdb6954fe550a98107ff14fcaf

    Download Submit

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\56KCXPEP.txt
    Filesize

    123B

    MD5

    b1355cae3d23e0e0a6220a5fcdc6c933

    SHA1

    e1f0ef5a7f2e7a9758a9f39458ff9e25a9cfadea

    SHA256

    97ac9c4a5df68dbe47b7d9e7475cb00e26eefa13e3ef2f567d09942ce2c7b594

    SHA512

    06c5fea3fd4364fe138a0ccee38c80b448aef223f6be8dd15c8f938ba5a77e1fe70c142883470832b0db295066e4a46325e0d0bf91492a6528874853405f299f

    Download Submit

  • \??\c:\program files (x86)\adobe\acrotray .exe
    Filesize

    489KB

    MD5

    4d368a93455ca855632af8c089e81bdf

    SHA1

    c2d8cc24ea111b96a573a2ad12ba3157d1dcbc57

    SHA256

    da3201c3af8c7b65692c0bbb9cc0fa05579a94df13e81eaf74604dd133b93a3c

    SHA512

    43bc2a472fbb878021c635ff687810cadc9d3a2d836b3b8f835a7f4a42c0082fd50594880e82fa52343357171fcee56014398847efaff03d1f69ab5fc523794e

    Download Submit

  • \??\c:\program files (x86)\adobe\acrotray.exe
    Filesize

    491KB

    MD5

    5b73dc9dd65d61c13b010b52506897bc

    SHA1

    bb0f76060e5d95dd088bf3bb585b8903ccc29756

    SHA256

    ad8208e77329876f67efeb580fe08fbe76f83c96e5303ae1d8d50d4a86458a2f

    SHA512

    a5cff3bef619edd3f65e19a8b533e5a6a981cdf14c1f6babc945e3c0558c5d3078f447ba26fa512c836dfcb7cc156ceb51774700b1ea795065d198464423bcb7

    Download Submit

  • \??\c:\program files (x86)\microsoft office\office14\bcssync.exe
    Filesize

    492KB

    MD5

    22a7be470c865e8d0b10b361eaa63930

    SHA1

    ea4056c60acc7b5a480e87b4cc87cf23918d825f

    SHA256

    304ef67df8ff32dc6d68f93ae6c6d3293d1c703835bdb13015c0d7c0db4e3866

    SHA512

    8614f0cd9725abd25405f5ec2a49dfb04cb98acb275d3bcba14f14769e213478f345f60f626d71534502ed449eebfe833b7e5ac349e2b1ce1664717898bf5dbd

    Download Submit

  • memory/2188-0-0x0000000010000000-0x0000000010010000-memory.dmp

    Filesize

    64KB

    Download

  • memory/2560-32-0x0000000000290000-0x0000000000292000-memory.dmp

    Filesize

    8KB

    Download

  • memory/2560-22-0x0000000010000000-0x0000000010010000-memory.dmp

    Filesize

    64KB

    Download

  • memory/2740-63-0x0000000000280000-0x0000000000282000-memory.dmp

    Filesize

    8KB

    Download