Overview

overview

7

Static

static

3

5d17e53bda...cd.exe

windows7-x64

7

5d17e53bda...cd.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    141s
  • max time network
    128s
  • platform
    windows7_x64
  • resource
    win7-20240221-en
  • resource tags

    arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
  • submitted
    02/05/2024, 22:22

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    5d17e53bdac7d7fc965298bc860102489366e14383dfeb6796a7bcd03e3ab3cd.exe

  • Size

    1004KB

  • MD5

    6d20f3a0059c1f85d7d08cdba07212df

  • SHA1

    24cc80b1efa1b7d122e3513ae614630f521c627c

  • SHA256

    5d17e53bdac7d7fc965298bc860102489366e14383dfeb6796a7bcd03e3ab3cd

  • SHA512

    7d94f35c55a7ebff372b37c8be01e2976442d09a6d5469b8b360bba027021e37b845d042525e9695a022db3e80b3656b67d0a2853cfae463a50872e9fd86952c

  • SSDEEP

    12288:Wh3ZukLF5fRY5a/6GX4D1DwhHd1zre/9CL7zf0RhQ2K2cgicWPTMTi/m:WhMkxlRSaiPDi3qs3m/rIcWrDe

Score
7/10
persistence

Malware Config

Signatures

  • Executes dropped EXE 4 IoCs
  • Loads dropped DLL 4 IoCs
  • Adds Run key to start application 2 TTPs 1 IoCs
    persistence
  • Drops file in Program Files directory 3 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Modifies Internet Explorer settings 1 TTPs 38 IoCs
    adwarespyware
  • Suspicious behavior: EnumeratesProcesses 34 IoCs
  • Suspicious use of AdjustPrivilegeToken 6 IoCs
  • Suspicious use of FindShellTrayWindow 3 IoCs
  • Suspicious use of SetWindowsHookEx 12 IoCs
  • Suspicious use of WriteProcessMemory 28 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\5d17e53bdac7d7fc965298bc860102489366e14383dfeb6796a7bcd03e3ab3cd.exe
    "C:\Users\Admin\AppData\Local\Temp\5d17e53bdac7d7fc965298bc860102489366e14383dfeb6796a7bcd03e3ab3cd.exe"
    1⤵
    • Loads dropped DLL
    • Adds Run key to start application
    • Drops file in Program Files directory
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:2148
    • C:\Users\Admin\AppData\Local\Temp\5d17e53bdac7d7fc965298bc860102489366e14383dfeb6796a7bcd03e3ab3cd.exe
      "C:\Users\Admin\AppData\Local\Temp\5d17e53bdac7d7fc965298bc860102489366e14383dfeb6796a7bcd03e3ab3cd.exe" C:\Users\Admin\AppData\Local\Temp\5d17e53bdac7d7fc965298bc860102489366e14383dfeb6796a7bcd03e3ab3cd.exe"
      2⤵
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of AdjustPrivilegeToken
      PID:592
    • C:\Program Files (x86)\Adobe\acrotray.exe
      "C:\Program Files (x86)\Adobe\acrotray.exe" C:\Users\Admin\AppData\Local\Temp\5d17e53bdac7d7fc965298bc860102489366e14383dfeb6796a7bcd03e3ab3cd.exe"
      2⤵
      • Executes dropped EXE
      • Loads dropped DLL
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of WriteProcessMemory
      PID:2088
      • C:\Program Files (x86)\Adobe\acrotray.exe
        "C:\Program Files (x86)\Adobe\acrotray.exe" C:\Program Files (x86)\Adobe\acrotray.exe" C:\Users\Admin\AppData\Local\Temp\5d17e53bdac7d7fc965298bc860102489366e14383dfeb6796a7bcd03e3ab3cd.exe"
        3⤵
        • Executes dropped EXE
        • Suspicious behavior: EnumeratesProcesses
        • Suspicious use of AdjustPrivilegeToken
        PID:2628
      • C:\Program Files (x86)\Adobe\acrotray .exe
        "C:\Program Files (x86)\Adobe\acrotray .exe" C:\Program Files (x86)\Adobe\acrotray.exe" C:\Users\Admin\AppData\Local\Temp\5d17e53bdac7d7fc965298bc860102489366e14383dfeb6796a7bcd03e3ab3cd.exe"
        3⤵
        • Executes dropped EXE
        • Suspicious behavior: EnumeratesProcesses
        • Suspicious use of AdjustPrivilegeToken
        • Suspicious use of WriteProcessMemory
        PID:2440
        • C:\Program Files (x86)\Adobe\acrotray .exe
          "C:\Program Files (x86)\Adobe\acrotray .exe" C:\Program Files (x86)\Adobe\acrotray .exe" C:\Program Files (x86)\Adobe\acrotray.exe" C:\Users\Admin\AppData\Local\Temp\5d17e53bdac7d7fc965298bc860102489366e14383dfeb6796a7bcd03e3ab3cd.exe"
          4⤵
          • Executes dropped EXE
          • Suspicious behavior: EnumeratesProcesses
          • Suspicious use of AdjustPrivilegeToken
          PID:2476
  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" -Embedding
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:1360
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1360 CREDAT:275457 /prefetch:2
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      PID:2648
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1360 CREDAT:537612 /prefetch:2
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      PID:2072

Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          344B

          MD5

          78926d9167f8a1fc1c36f4ff64aba1fb

          SHA1

          22e730691dfd80bc5cb1014206bf24d68382109a

          SHA256

          7331ca21efc91fec0207bf764be7260d4c6977ca7fdeaa7738af35176b0460f5

          SHA512

          0d7ae45bcbf2c87310bcae510b85d75e3da46cee7d3a3d2284c1e5b6613499172464042be7ceb20e7e11d6b4bb7948d677b2174ce6f1ea43dea3c74d7b354ce7

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          344B

          MD5

          01b61623df06bb78d55db180e6853792

          SHA1

          390d4f2d58e84637a72071585af4c49fd154961b

          SHA256

          c77e835831a42584f331108f2474e26ac6f66b8eb9a915a10058f35557dbfe47

          SHA512

          98d595484acbba3227756cc942a05a8d9bf6678f4a253c7eaa1d4a89fa4d7168aa6aa6406a9fc9d3e4d006783a190840b26c1a200fb2808dff36d9fc3bdfdeb8

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          344B

          MD5

          0c958cebd16df908864332de98739cdc

          SHA1

          83715a821139a3eedc015a5c8e5fb2c7388a106e

          SHA256

          12d88a47994cb8f754fdd9e9cb611b5a5e36e4fb870c9a417f07d73a5d57539a

          SHA512

          cd2179e5cd5f4ba1ebdda82635ac3c2d94e17b5928b278810566b82b6089eecc8115aa9cbf9a7ef6ff63144b06a2f67ba31ce41f22b23539cc3e7f84f869ba68

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          344B

          MD5

          3391aef3c308305101037f08d9b4682e

          SHA1

          d67248def1cc746c59963c6a9b5f86d9485406f6

          SHA256

          97cafd5cc07d10d879f9417a975521dd9d35abb2a635744c6b1237c3bfedf2ca

          SHA512

          6cc61a24e4e5fd0aa55be890b9e9cc56bd45ff08dc04865fa0b92c7ce622fdb52dc4deb3af9030c38a5c5782dd17e85a97deef3788235a8112daf3909e6b771b

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          344B

          MD5

          044815d9b88e2bc19e86bad16cb13f28

          SHA1

          b514500ccc0891e720f5dfe4a410f4d850e3ff04

          SHA256

          481d373125bfbd0b68d22c790f369287d89b2a05e8296bc373469fbe64457eac

          SHA512

          3c00c668ff1d4b34135ad51bd64b63743aa6a4247d24b8d7301e0bab29f709d5767c29a7f8856a40e029532438d644c1b1fffa4b7e08fd3ac156e33aaeed83ae

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          344B

          MD5

          a19139e57ea006082414338c64c967af

          SHA1

          a86a84cccaa4951c8a008b38040e3e3861727cbb

          SHA256

          0b32d54d665ceb3a2b8c6e65629be387eba66cd2843b80c6b3afc98285900871

          SHA512

          3474d54fee35eab05ba8fe55fc2166efa9584a2543e4b01bf0e57206797526238bdc62130b51458bb95175dc7c20867ed8deeada998deef38ba93aa8c3710e54

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          344B

          MD5

          e66ca5637b1092805f5776bf6d2321f1

          SHA1

          75d1ed91229e711ac4f8c7d891bff1a745fdb1b9

          SHA256

          03e140123cb3eb319900bbeadfb8c843c25776335370b9bdb44bbe444319f7e5

          SHA512

          b629da39b3837247f8baafc4d68d5cd8d703b250520e46ef05279ff77bc209dbac91dede4978d413046e51d73d9556062789775137dbaa8916dbd3d43e07acd1

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          344B

          MD5

          ab66ae4c90a80dc8797bc8c49517936e

          SHA1

          e3aa649421c1efedea5399c9561704f14ac93582

          SHA256

          4426e7f05b913ede50f566ca3c5943bc566aed59d2081e68c7e1758edfe787e3

          SHA512

          c0063d90c18e8e518a646398c310c186f92dd9776a168357d6e8e3bc4bd09d14f785ac5c6deee80a68a0f7c26f6f066338aa840349eaab45c410ffd7a6daf283

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          344B

          MD5

          133ee6c25f3d8c88ecd8d5ea127faa09

          SHA1

          cd81c68bb33b7400d5f4df745eacfdc02c3ef1c6

          SHA256

          1a71e773bf732a39bf5e6fbba2dc6f5f91391bf08e3880ddb40fc6725ef1e3d7

          SHA512

          ad26d94cc78ddab8147c1e56138f877ba444686d85e83ebb18f3f2acff5da0b1cf60e3393a5996271a28a06aead1ab33a92f60262d3a2f710be1c09debc89288

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          344B

          MD5

          eb7fcbdfdbafbd9eeb6d17f519559100

          SHA1

          ddc511685fc4b883f514d36049436c53a5eea238

          SHA256

          7316e9ea91dac083c9c215b373ff9f6525086612925372cf09430b7ce7afb070

          SHA512

          d9aa32399088c41cdbff50212f730f7700d067f66567cb2b93475fa18864068bcf95c454a34b00c1d01d8c11cfa0bff15da9ec3d0c570f6423298928d6b4ea54

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          344B

          MD5

          393d576d32731344986fc37964b8f4cb

          SHA1

          e4f3b026556ebc13804cc6d5b49a1a8ca48bfc5a

          SHA256

          283b3d91d7f12bcb1bfcee802e255f6fc2bc7b1104ac0a07921b48cc48f2b25c

          SHA512

          e3cc4da3481a9aa46a6325dcf5d40d0d933987cfcf0890762d36cc0abf53412802367d56b906a050303768281788881b3711a56f1e13c8248cfa2a6643611569

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          344B

          MD5

          32b62a9178319db9adcb97edf343773b

          SHA1

          8a41c397c8c4ee17c3c7e0c07ed1525bdd43dea2

          SHA256

          9fe9e351bb53cfc97f138c52aff998d8c2ec148231d5575763c74f90f0afd090

          SHA512

          5fb7d26d0920ff418f0c4ca157ff0f0ca3a1c94c73dd6e4152a4d46d8b5e40935c0b397e15c7af7c228d69321a3930d4b53688a9cec57eae0e8a1feef219e66f

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          344B

          MD5

          f7dcdb59a20917074c5cf69306d3b67b

          SHA1

          c307c05e9ba45c840b270470f7580e2669c81df7

          SHA256

          bcb70a09d7c061a89e192d4f73a57b665a4c5a319643cf4f43c8210ddec477a6

          SHA512

          faf5625e3d7a56ffe38fb5e54ee0faacd3ed9d64df431fe2c0e5b4ed2b1ba7ad145ebc97fcc114fb2ea68735cdfd637fbaae1f2a62e3ce5c04cb775b3e4ad50e

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          344B

          MD5

          70488dcaf31e163b4f3a67be687fc6d1

          SHA1

          33de6ed36fd809b950a5e8450d870a0f0022eb5a

          SHA256

          9b0a88fae2763236e6318aae64fc56d56a6c0a385b29124a6456fdd1c01a77dc

          SHA512

          c0cfed2b56a8ac8ea211753e5b47097db20bad82fc945c79bfcb80e7bc8c441be6de03aece2af66d8dc96ecf7ca0add9c85f1fa16d5b04e01c65e27ab1c66700

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          344B

          MD5

          00bb570fcf8405ac017d177c7371d982

          SHA1

          1a335a7f14fbe495d2da4fc2bda436d262766e9a

          SHA256

          192c6ca2112f71f8f10e5f7fa98f601ae0dc7767519ef47113fcc0df96bd67a3

          SHA512

          a5af468e9b1a797e69904a547410f15f375fec681f7ff5ce684f92afafc5d9e495478ede5c1d4c8d2dc239544f14cad9b9bf9d4dfba1c54b13276ba6b521d33a

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          344B

          MD5

          cb92aee5f504f5fe365a705b40795235

          SHA1

          354f56a2173942e8cf029163fc524988538a309b

          SHA256

          4a080039effccfe19cea3f1f2109c25bc7450f93a6cd2ad5b12745ced6c50a44

          SHA512

          919ee89c196609c33ba3d9ce22148150892146c1afcf0668b6ed0d7237ca67ea97e34cc20bb5d8faa74f284922d5cdd128f0f8e68d90d2a6f81404bfe038265a

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          344B

          MD5

          9674a1c03ae82c7b799e9502576348d7

          SHA1

          31d7f6a5fbe7b71f2bcb745f0f20735b12fcf031

          SHA256

          63977b999417372a99d5f3ac314facc1ff0fa3508bb0e508acd0006a012786aa

          SHA512

          fb86d9701666c775a5b44d3f96615286e89b6a7feabd22595567500b030dc7d0835f3bf03f08ebb0a8330382a09ee61cec861d901c2418a014c56636ffd02ebe

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          344B

          MD5

          77b859f8f4d88fc5f990bf3967ad9c87

          SHA1

          dddfb5758113b7e6b33c4614b1dea344cb4ce27d

          SHA256

          5b2396253e499b0f53cfd8f3b8dcc6154dcc1af3657658ca566dbb8bd3f55f36

          SHA512

          240daca0fa0ffffad0e4ce8c15cb2ba9a4051cead6dc3d8f2d7f9e919c7c62eaad594ab93c55ff790566d8f852b5d0a145b96fec1aa26f68adbc21d50d015986

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          344B

          MD5

          f725b70ce95f4eb10d6af3f68f174627

          SHA1

          cdc9f08d099fd76c53de52850b9534a67e324662

          SHA256

          0e04c74a8dab5bdf53166b359958e3a689d476ab48c139819f5594668de8708c

          SHA512

          6806c6d851caab70f81c2f8d0395478e9062c38e6cacc7931b01ba8dab624e00cc8569c327389290646b2f4c962b7bb925ae78a1f8c7aa6ad5d810ec71136f43

          Download Submit

        • C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\5DKX8QD5\bFpFLEJIk[1].js
          Filesize

          32KB

          MD5

          f48baec69cc4dc0852d118259eff2d56

          SHA1

          e64c6e4423421da5b35700154810cb67160bc32b

          SHA256

          463d99ca5448f815a05b2d946ddae9eed3e21c335c0f4cfe7a16944e3512f76c

          SHA512

          06fdccb5d9536ab7c68355dbf49ac02ebccad5a4ea01cb62200fd67728a6d05c276403e588a5bdceacf5e671913fc65b63e8b92456ca5493dae5b5a70e4a8b37

          Download Submit

        • C:\Users\Admin\AppData\Local\Temp\Cab3AD0.tmp
          Filesize

          65KB

          MD5

          ac05d27423a85adc1622c714f2cb6184

          SHA1

          b0fe2b1abddb97837ea0195be70ab2ff14d43198

          SHA256

          c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

          SHA512

          6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

          Download Submit

        • C:\Users\Admin\AppData\Local\Temp\Cab3BA1.tmp
          Filesize

          68KB

          MD5

          29f65ba8e88c063813cc50a4ea544e93

          SHA1

          05a7040d5c127e68c25d81cc51271ffb8bef3568

          SHA256

          1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184

          SHA512

          e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa

          Download Submit

        • C:\Users\Admin\AppData\Local\Temp\Tar3BE3.tmp
          Filesize

          177KB

          MD5

          435a9ac180383f9fa094131b173a2f7b

          SHA1

          76944ea657a9db94f9a4bef38f88c46ed4166983

          SHA256

          67dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34

          SHA512

          1a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a

          Download Submit

        • \Program Files (x86)\Adobe\acrotray .exe
          Filesize

          1012KB

          MD5

          b45a1dbc914ffd9dcbbc660d369beeb2

          SHA1

          d5b6ead8135002649a58baf6aedf964e9f90d6a5

          SHA256

          050bc10c4d688a53e9efcebeac7501590b65cc801d12809f59efbbddf1b3a25e

          SHA512

          cf86d62db2b94a368e0ebf4b4fa0603ea9ca842e3b585f16847723cd238c28d94991d1e79502e684d85fdb4d6b47c9115114e3d5e6944624eac8d56166421e2f

          Download Submit

        • \Program Files (x86)\Adobe\acrotray.exe
          Filesize

          1006KB

          MD5

          3144730c300d4301638e414c9eb968e5

          SHA1

          e980156f2181a1ccdd9c9d227b6a2ed5fdd9036c

          SHA256

          ceb9ccc964df6d9efb97b47c5075bdf96f318bafd3131a06223b026fe23a823d

          SHA512

          9a495b81c4bc8a7a968d5d518831400d74a71a2aad5a0700eebdd28fa69e3055ab43d7a1b4f20280a661ece059820c93434e654811f847d17a6983b8f259c596

          Download Submit

        • memory/2148-23-0x0000000002C50000-0x0000000002C52000-memory.dmp

          Filesize

          8KB

          Download

        • memory/2148-0-0x0000000010000000-0x0000000010010000-memory.dmp

          Filesize

          64KB

          Download