Overview

overview

7

Static

static

3

be19254ab2...e7.exe

windows7-x64

7

be19254ab2...e7.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    140s
  • max time network
    135s
  • platform
    windows7_x64
  • resource
    win7-20240508-en
  • resource tags

    arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system
  • submitted
    14-05-2024 01:50

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    be19254ab2868916380284a1b89373993e3d9110e569141f67017436d15a89e7.exe

  • Size

    3.2MB

  • MD5

    782834c20b3c2c393f4a913f2b5742e8

  • SHA1

    858cab6c4f353224345c033dcfba0b33950e1168

  • SHA256

    be19254ab2868916380284a1b89373993e3d9110e569141f67017436d15a89e7

  • SHA512

    f104a0fddd17bd30fc52b62376fe40b0cbb23beaab0746bb49c2bd2771cc0caf0e2eb5ef8ed5cff0d98b6708c898d3ca52bb856c0c6dc874b66c2cf2d586d83b

  • SSDEEP

    49152:nnyN1rnv/cGbfHlULG/zVkIbowR0cmd1vVjm8uOPdsFo:mhuWzSI0wR0cm/Fm81uo

Score
7/10
persistence

Malware Config

Signatures

  • Executes dropped EXE 4 IoCs
  • Loads dropped DLL 4 IoCs
  • Adds Run key to start application 2 TTPs 1 IoCs
    persistence
  • Drops file in Program Files directory 3 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Modifies Internet Explorer settings 1 TTPs 37 IoCs
    adwarespyware
  • Suspicious behavior: EnumeratesProcesses 34 IoCs
  • Suspicious use of AdjustPrivilegeToken 6 IoCs
  • Suspicious use of FindShellTrayWindow 3 IoCs
  • Suspicious use of SetWindowsHookEx 12 IoCs
  • Suspicious use of WriteProcessMemory 28 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\be19254ab2868916380284a1b89373993e3d9110e569141f67017436d15a89e7.exe
    "C:\Users\Admin\AppData\Local\Temp\be19254ab2868916380284a1b89373993e3d9110e569141f67017436d15a89e7.exe"
    1⤵
    • Loads dropped DLL
    • Adds Run key to start application
    • Drops file in Program Files directory
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:2220
    • C:\Users\Admin\AppData\Local\Temp\be19254ab2868916380284a1b89373993e3d9110e569141f67017436d15a89e7.exe
      "C:\Users\Admin\AppData\Local\Temp\be19254ab2868916380284a1b89373993e3d9110e569141f67017436d15a89e7.exe" C:\Users\Admin\AppData\Local\Temp\be19254ab2868916380284a1b89373993e3d9110e569141f67017436d15a89e7.exe"
      2⤵
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of AdjustPrivilegeToken
      PID:1864
    • C:\Program Files (x86)\Adobe\acrotray.exe
      "C:\Program Files (x86)\Adobe\acrotray.exe" C:\Users\Admin\AppData\Local\Temp\be19254ab2868916380284a1b89373993e3d9110e569141f67017436d15a89e7.exe"
      2⤵
      • Executes dropped EXE
      • Loads dropped DLL
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of WriteProcessMemory
      PID:2112
      • C:\Program Files (x86)\Adobe\acrotray.exe
        "C:\Program Files (x86)\Adobe\acrotray.exe" C:\Program Files (x86)\Adobe\acrotray.exe" C:\Users\Admin\AppData\Local\Temp\be19254ab2868916380284a1b89373993e3d9110e569141f67017436d15a89e7.exe"
        3⤵
        • Executes dropped EXE
        • Suspicious behavior: EnumeratesProcesses
        • Suspicious use of AdjustPrivilegeToken
        PID:2536
      • C:\Program Files (x86)\Adobe\acrotray .exe
        "C:\Program Files (x86)\Adobe\acrotray .exe" C:\Program Files (x86)\Adobe\acrotray.exe" C:\Users\Admin\AppData\Local\Temp\be19254ab2868916380284a1b89373993e3d9110e569141f67017436d15a89e7.exe"
        3⤵
        • Executes dropped EXE
        • Suspicious behavior: EnumeratesProcesses
        • Suspicious use of AdjustPrivilegeToken
        • Suspicious use of WriteProcessMemory
        PID:2648
        • C:\Program Files (x86)\Adobe\acrotray .exe
          "C:\Program Files (x86)\Adobe\acrotray .exe" C:\Program Files (x86)\Adobe\acrotray .exe" C:\Program Files (x86)\Adobe\acrotray.exe" C:\Users\Admin\AppData\Local\Temp\be19254ab2868916380284a1b89373993e3d9110e569141f67017436d15a89e7.exe"
          4⤵
          • Executes dropped EXE
          • Suspicious behavior: EnumeratesProcesses
          • Suspicious use of AdjustPrivilegeToken
          PID:2100
  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" -Embedding
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:2656
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2656 CREDAT:275457 /prefetch:2
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      PID:2908
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2656 CREDAT:930825 /prefetch:2
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      PID:2140

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Program Files (x86)\Adobe\acrotray.exe
    Filesize

    3.2MB

    MD5

    f0c0822312ce9a99e43c19484032bd9f

    SHA1

    8f84ca238f257455c52a0d73e198435cbdd870c2

    SHA256

    912358e4d2109c018d439b1cdb100575d9bcddbe5e2c88f608a6a2cf019f9669

    SHA512

    d4a9001af1770ca447386463882e33d569f43050dd41762a206b12c38d981ff618f8a76f9ed0d82ce9dd41560c79d11817dcf0320f43e3be3caf952f245aa380

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    91a99120da66678f0e6133b9261bb4b0

    SHA1

    569e4bd9dda0f9249c8b3bb83c3577ba22c9db8c

    SHA256

    5d5784c745c6f912fd9a3623055ec7b55d8042db4d3d1535d689031d74918647

    SHA512

    212dcd64de5686a0ecda4de360db4e73741ec679cef8f89c3b2cb64fd106325f87a0f0e34312b93eab5522e15b1b4295a05db86bc225081c56263595cf70d023

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    d6480eff996e6bc53ad3b4de7408417e

    SHA1

    c35296674f01162d67ce2ea582846018ba0747cb

    SHA256

    4bb4fe921ac51ec6a7de731125a12aa825d541270d232f098a4eec8567eca8f7

    SHA512

    87775ef9610084e6ff1aafd2178c03fb7f5f117fb4256a01861c494058d193f4e7ccd5640a68ab2ab0da42d7f6ccb92b82fe65371793cb9f70ca41936f44c80d

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    5c9ec9054792b8d2bf424fa6062459c8

    SHA1

    5861cabb25f58484f20746e373fb8f4f3580a2f3

    SHA256

    c04b18ca1e80b8fdb41b1d6fe4a8ab79245d31c668f770674fb705065e5bb78a

    SHA512

    9014038c05d2848ae4fe91d0abed2f447285ef91430cff41af92830b3441941f2c7c4820d528b26f00586c656b973b3f93855df11d308c3e405cacedbc6ac890

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    93a10b15ed15384b132544051bfdeaf2

    SHA1

    f0abedb8e70b92984a90e7d5d762234356e7ecbc

    SHA256

    0b01503e42f14b33b316fac5617104bb20e9554dc680881fb743cd3b08cd2734

    SHA512

    9996d35da880ee059df73dff7f93f96b19a8981402ab4c760a8338a5be61876488f4e8a943c74d5c24320560eaaea8602648a6e3dd4ce1c589a75c9a6a2629e0

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    2f88a9e37714b553f4178644ef428c7c

    SHA1

    8917939c1b5ac84bf70a1da2cc028ec4200e69c2

    SHA256

    a61fa73c0a8ca1ee9408e97c306d8176c5886a1f1ec306690debe3e483e6f85e

    SHA512

    004c321d6511b17acdd2482483860d94169406bc078f71765f61719404f07b36ee38b75e97f8476727ed354208884f20effb897e0ec53dab8d260bff7ff3eaaf

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    cb8be12081178f911b95fa8482f04eca

    SHA1

    5f342aadc978877478d9c8bececbbbcb7f557d9e

    SHA256

    53e05d845024b7977bb1a4a215501760c1627856aeef269fae9fa9e2891c460f

    SHA512

    ac29827a307b269984d2cb4ddc24298e5c1703dbd1de08094736f3155e6ef76cf839ec7b3f5d9b42ef5a3d05319d74c1cb22a121d8ecb155bdc6c2d56e4b12b1

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    cef0ce3baff45c3e6c7e9950469cff61

    SHA1

    6f4878952b6effd9f1a7993137d4c045b21b5f11

    SHA256

    9d57d1d84095f104651ede2702c87673a6ca7592c22093bd4d3f4f6eb36b4c8a

    SHA512

    9046be948847e44f064c6dd7c88ac5752b4be0a4073d4ee692d8f7e869b0cc5d17bd8b9f8ae26e90dd8985a5472bc110e86255ffcc91f33a944d458f82847b23

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    338194101ce31296c58e7f7a58b33068

    SHA1

    ad9b2adaf31e3b04cb59e86f3941dcd79df2b1cf

    SHA256

    f3843286d8c2c1f4447b94a74a6ef3692a7842c60b1c8f370c10dcfbd6e3b634

    SHA512

    af3e14d756eb21c22414d72d3fdf7f18c6a3afd8274a74da75061ef554bf5020797966de1d7d3610de8a5a96244ed69573e8886596871fb417744badca39f675

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    95095e155ff9d2f609b599faf9ef59e1

    SHA1

    69672c9d32a9e5b95d637815e87ec067e43a8cef

    SHA256

    2c6836a73439b29488bd9d8b0f88f68b9a8e9f65aaa2e26ba85ccbd044ca2fc4

    SHA512

    13cfbc943ac149acc52d9b701d41ad5da50f138bfb001f7682151248891090f226b1e6ba698d3249b169d0ad69c06e7d2e35b583eefb48eeeefbcb80a7d6fd9a

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    eb670a68d77b1cbd3e6f3caa4040264d

    SHA1

    70eae682a54977b68b1f86039fd4c558e7b597b1

    SHA256

    4f9717fe8b91911d0e3a3b47cc5b800bbd70ed756282c909cd23b51ced5e368f

    SHA512

    2d4bad2e3867d92c4447d5e69a9bd213f6b5d0414b6adfa2b76a124dc35eacc7d23f888f0efd1b457a59d5b9dd0078a654e4617cfb0bbd10ecab6dd522f64ab5

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    249b3f6bbc141362748af5d1e463d480

    SHA1

    f6c0eee11c06047280231d66e5efe3f086a4fe2c

    SHA256

    840c98030f165478eb74c71a0062bee7be2afda7d313c56009bbb5a9e4b1c31a

    SHA512

    75a320009cd3707814d8c5e1d49dff77d588f7b2fd090ca2e231fb056c199632a98cbf7fcbc1f336687322a03e51bbc9918fbf8bd526d4b9324cc4e1b989259e

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    1799aff6bee422800b3bd5e23d7582ad

    SHA1

    dfb16d8dba33e333a454c1cb3892b47c5dcbe6f4

    SHA256

    9c374dd6677399b9f50c7940797d05c6620130c1928f8d0658355af08401a50f

    SHA512

    a3e983e95cfd80f91720015b1586698460f60a3dada8df0d56027b124841f235910e4ff68921728a204ad4cab10f10dc1c21332c0fa8924162bbd4edee045da7

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    9f0ddc3815f78f801d9db913f6dc1b0b

    SHA1

    5e281f964855f750cd866701fcab5f9c7d2c6a8b

    SHA256

    26b3869d77bb0dbb0eb5b643f412eec3d1b5bf75b1ad1f410425d542c905b273

    SHA512

    0b3c5503db5cb0ff498cc82c79229035ee4d39ed74e168301b238cf10e8d3d8f88f878abd196a4f4145785f8d5a897d346e1e844178b7b646e3162a70f653dcb

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    d6cb1f02e8996053763a4d663f71bad4

    SHA1

    4c60dfc533233b1c67aaf331a350ff9732643759

    SHA256

    cd5ec97fa4aadf2f2c6a5ec43e65d7e4303702124b80995da7362cdab1b4e668

    SHA512

    fe061c17c49fddde3a169055b5a29609b19fd54d384ec133473be144585f195ee5fb3437c3420cd4e631b52ebea74d144e06508dccce0b41de7c35e87d33a84c

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    0770955cff9f20837724bf5f3484b9a0

    SHA1

    e3495f158d640a662197ae8f313531cb107f4d3e

    SHA256

    c0cc678e146174147c29cbd6f6693374b6197a2c72240b30e4c8b679ba90eedd

    SHA512

    a0983c8bad66cf685293275ee4a8af3c8702eea871aac3e2e1ac265050619acf4b392d7b72b9c0e10b9c5e46fceccd53807492859a2cd9e5206b183f9248c03d

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    400ca8aa0717ad3968423c9ec7864f30

    SHA1

    4b27797cfc1d4d74526e97a6d261790b312c2542

    SHA256

    667f7d7ef5ec9a31a126836496b73441b66d6d6d87f7257642270fe456994580

    SHA512

    ae97523b2d3bdbfb7964e29fc111605ff539db3777ee3f93e775edcf3b43637fbf82877efba3d5aad6696f02ec52da19efc69953272ed65e75836d8dda84304f

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    9d48f6b3f4bb51c2b680b375720a1ead

    SHA1

    d0c3b4ada6e48673894dd4ad361bf2c102a4c3d6

    SHA256

    70c6a0003abb9c4a67406383383cc4b9ae959d89eb8580bc58d14b4bf7f4ff96

    SHA512

    9739043f6bada6dcab7bb880f6e2a0c752b1ce89d0c91fe222fe07a6b82201587856e0e7fadfd4f5530678ec57a7c207ece6b12485dac65d83ca0270bb84ffb5

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    ef2e92daaf9e617f89cc4121e067741a

    SHA1

    e4bef33ba0c2aa1ac278a759a0316544b4f6bbab

    SHA256

    256c6e18d4e06a0ecb5f77cb2a26f8f38799839d500ba178dcf27c1ac0aa8c01

    SHA512

    4daf66277c1eed6f3b0fde4ea590f2104d218621cc61f1ae808ed9640f97cee7163ee636d1a5b30f83c538769d8bc8931a52a9f957670aea056e964ea51e24d1

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    eab9fdc588983d721580b85890c16164

    SHA1

    7a544554ec371c735c8106de6e9051995d3bc8d2

    SHA256

    814b1915a4910828b0d0654d389ad4ab340fac7f39965389c6e8d28421199a5c

    SHA512

    a942cff9a567d9c121fe267dca20261e21cad4061bbb27cf2b23633a6195ee4517a51d4d9c84acf62b9bd58ca07d0503bf3f83b1fbeaa39efd15ec7d6591ba05

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    eb1521f64a3280094f253c162eec3388

    SHA1

    0d1c4d98f9e41136f50ee6e7ad2bed701dccd94f

    SHA256

    4868822d7812caa23954261901fd0adfba469ac34a05310c6931963bcdf487c7

    SHA512

    e3419a6ec8c3778f50b0d043e832ce745ca4d6aaa0937a67f3b557adffea68b273daba4eb267c3f12634ff2383a0a11339e57308cc1090732791d8aaa175f60f

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    64a5069871549eecd9bc647a21411cd1

    SHA1

    bb49f0a92665c78c60163b7792da99986f376a23

    SHA256

    c4456a6c2ef02c54ef777184cd72c3240f971bd8cdb9632050217db50a6fd694

    SHA512

    65e6635dfb7f48789155a59eed842b912ccc39a4b24f70e1cb917fd0989915876d10eed14a7be81afc3a8bb5d9ccf1d7ee77664b725230f840904e361044c977

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Cab6B70.tmp
    Filesize

    68KB

    MD5

    29f65ba8e88c063813cc50a4ea544e93

    SHA1

    05a7040d5c127e68c25d81cc51271ffb8bef3568

    SHA256

    1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184

    SHA512

    e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Tar6BD2.tmp
    Filesize

    177KB

    MD5

    435a9ac180383f9fa094131b173a2f7b

    SHA1

    76944ea657a9db94f9a4bef38f88c46ed4166983

    SHA256

    67dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34

    SHA512

    1a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a

    Download Submit

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\9J588DXOJCUJTWIM6CAJ.temp
    Filesize

    3KB

    MD5

    d233b71f7065182dd29b794772fb1655

    SHA1

    375b82e7c7c43af9614e744262965d4aa635f6b4

    SHA256

    8473bb02354fd609c4fd486a361a8bdbece8cf55fb9b22cf4b44b73eb18181e3

    SHA512

    e8b32813a45c6d71dae26b9e71336db95aba4fe576853c842e7eec309736090c21883ccf361b3dfb7f5a7ed34a8ea0b2d6130e8992cae043276ca84bfb95c484

    Download Submit

  • \Program Files (x86)\Adobe\acrotray .exe
    Filesize

    3.2MB

    MD5

    923c36cac7634c497df1f067678ffd88

    SHA1

    976138e17f0762f5e4dcaac81a8df3c3cd7a5aee

    SHA256

    dd33ed31efcd8b7e874bd26f6ac8540e9b2892cc33588a87b0a2576786dc1191

    SHA512

    6129604ada9461b6ee88f1c6c42581b052208047dd64672486a9c6397b2cd0c9dd50268b50282df9674f452c2c318dd962fea8d03042230408df989ef9321332

    Download Submit

  • memory/2220-0-0x0000000010000000-0x0000000010010000-memory.dmp

    Filesize

    64KB

    Download

  • memory/2220-38-0x0000000002F20000-0x0000000002F22000-memory.dmp

    Filesize

    8KB

    Download