Overview

overview

7

Static

static

3

d21970e8d5...d0.exe

windows7-x64

1

d21970e8d5...d0.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    118s
  • max time network
    126s
  • platform
    windows7_x64
  • resource
    win7-20240419-en
  • resource tags

    arch:x64arch:x86image:win7-20240419-enlocale:en-usos:windows7-x64system
  • submitted
    15/05/2024, 03:26

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    d21970e8d5fee4508ffa444a8703a379636c583778fef0431d54e296dba87cd0.exe

  • Size

    461KB

  • MD5

    ba84d8546e7fea8c452bc45f14a8a123

  • SHA1

    bd90396af8973bf3ff34ce7e37a6a37f558fd050

  • SHA256

    d21970e8d5fee4508ffa444a8703a379636c583778fef0431d54e296dba87cd0

  • SHA512

    b104a1f7280023258c9359f5849b83bb85b1ca2f701a92d64e9f3c8cb08f75f399c95be6b512298b0be7f31d7e3f93c5eb531e43b3d74b92ba3148c6a38fec66

  • SSDEEP

    12288:dLHULTl4x2z6DmGWT6U3ce/lR9YtDuST:dTr2ODUhMJC

Score
1/10

Malware Config

Signatures

  • Modifies Internet Explorer settings 1 TTPs 34 IoCs
    adwarespyware
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 8 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\d21970e8d5fee4508ffa444a8703a379636c583778fef0431d54e296dba87cd0.exe
    "C:\Users\Admin\AppData\Local\Temp\d21970e8d5fee4508ffa444a8703a379636c583778fef0431d54e296dba87cd0.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:1936
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" http://cbl.toolbar4free.com/cgi-bin/s.exe?type=1&h_t=1&c_d=1&id=Q0FTVEFTUEVMTE==
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:1740
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1740 CREDAT:275457 /prefetch:2
        3⤵
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:2864

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    7529acdec85cc2eb73db4f5fd4ad686c

    SHA1

    635d2e6786b8714efff03e98421b970b40147b29

    SHA256

    708f145596142f8a811cb3acaf111d5ee7295c3a6d4fafad57e2942ab21987ec

    SHA512

    c77839a284f35e5ad77cd30d49c75c841d689b095fba503291a0b53dbf6614b42c4b0ef96d02134a74b218cf80f7fc275be70037a1f59d809bbf0125400dab1b

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    19e23bce01993d257ee7cc43cc7d9080

    SHA1

    88ea89aedde2ca2e7ea69fd3e6fbf74c881ce69e

    SHA256

    30599d47de4130a8c5fb229b52c1510591c86d0ff42ee6037b39f9d7f3fc46b4

    SHA512

    945e01841b2583aeeb86d7193eaeb607abe7ed577c8d724e3353760a9b640c5dc058cd1decbbc2404fb06bd5ea5a67d192185de876ddc79c491cfa21c3867632

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    9dd1811bab5254ed2c8458b3dfaa0147

    SHA1

    ca16c1e8400e7bc07477a95f79e186e85cc7ada6

    SHA256

    56e6894b4d37d68b1ae045733baef3f1b3152b90f9037bf32e766112172e918e

    SHA512

    c5f7a8f935881d39985e4e058abc518e78b4c2fad5c2d858d15327f4ec0001b072e0b7b31de86ba09621bba3c9b470df4b7de92b234656c928d4d29aea053b06

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    225d0f563c9728528a589f4392720cf0

    SHA1

    f15138d87b7f3caa99893ecd7d38a772c83d7a14

    SHA256

    ffb55758467f083fdbeeef9596d2f9012f9f5487171c1c4b881847c4dde05d6f

    SHA512

    c9a2c4c37870458d6110f17c0d1b4a6e6df55cbf2af806f6f1c5cf37f6ff2fb82802a2b56b452206effb54f2bc4f2f97f830abef9945d52c1cfb7f3baf71c041

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    fdafe4183bdd7e9ffa71561b53869f8c

    SHA1

    8544409bfe2e9bec97369f7e938e4a7c94031f0d

    SHA256

    febcee96f545bca80f6707b7d9bc45ef2e3056e9721893aa395fd7cf63c7f9c9

    SHA512

    887f82323464b2171e5de15be5fb9f92f1631cba33c64963a70f037820e6c81b2e08ad6b0fe4ba4deb8547bf251f1cac3b4a13c64f7d05a387c38bb124f5671e

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    c2395cf4d3aa8aa1cc7d58edbc9f6a21

    SHA1

    f90a24077758e71dd9f9166a52c0b1e958b3c61d

    SHA256

    a6ce07daa6f6acafbd1ab6bc0aad2b3671d5b870c326d7908bab2d665972e503

    SHA512

    0a36b7493fedb0f7ac1414d683908f14be80c6302a15367061ca15633ef6ecda50cf03dd24a8ad44faeb3c590a145e2c9b12df214f88fa39e3a2a0449167b3b3

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    2c058ba68145d1ceeb6fb4f3cf6e0069

    SHA1

    a6ab8e5fd48c1de4e0780c60da89bc2e9703ae37

    SHA256

    a0828154e60b952555662298536b92c2bc27abfa89a8a7cbef3f5e14a1a9f5b2

    SHA512

    b16beb673369c7ff8892f0c651f05559fa1a0ec3fdd04496e0c660f137fa998b42925fb4f7019505f8688fa9f9f04440f690cd24e970222b3401ffc918b21670

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    86742aa07e968852a830ac51ac865e2a

    SHA1

    322530e9ef830fdd1bc16f4e080cffa5ee56911e

    SHA256

    295162f9800f1346768351af787d20cf687363d60c6373de19310b5e1dfd3e71

    SHA512

    d2573019e77b600e448d1413506f0d2463e53ba1c5452a4374d6612dbfa6b0ecb2a8bb87b04f24f6400dfc8efc4244023d0b064ee04a0ec9ab415fcb36ac06c3

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    8c7882f643b2a1927faf56e0dccaeded

    SHA1

    bc316cc38a2b8b294dbf5b4b913ce097641312c5

    SHA256

    cb0b422eb37aa6bf5061c44492b6c7ac045a374d20e0cf301a76f472ea9dea8b

    SHA512

    435fb44fa70bf679d634daded3a5ffbf77dec15435181e2e43c6b6f6736de72289bc6e35cc9cbed4aa6fee1074041d4baae76fc2b804547d2498ad0c8aa79774

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    c018df3217580be329b6ab11fd5f4c5c

    SHA1

    da7538f35a1072c1732503c7bbc401c42c9731c7

    SHA256

    2e9e6bec4773c63ecfb4b7bc90ab5aac8a2bc9a0906573830cff212e6f75311f

    SHA512

    7372db66f98be4a1e1a638b270d671b2e01028bce6a3c5c5a12d2abcd580bc0b2bc1e0760483d6e772c6cb73bfbf71ad74b2d766007cb71c4799e01227c58c80

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    fc010f1226c436dfaa6078b33aff71d0

    SHA1

    cc5b5434dcdec848abd3e8adfc78ec18faffda19

    SHA256

    62e027b48ef1d9b6ce25c7fb892e8efb65c51ff6e58a1032abe17a6d70413f1c

    SHA512

    a76854a871e39b2208fc2189239e3bfead4b6fe3581a432d6efe1dd085a3cc9f1ca741cbb380b12754b2770e495637e6d5c4e5daec1a19d1a6b7887d34a69e1e

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    69425dcc2c28ad7da14399a548ab239d

    SHA1

    45e4e374f7a1737ef49c27a21272f60a2bcf5a2c

    SHA256

    72eac2ccaaa6419e4fc5b30686b7c0fda926241f9b9e07359da2fd7391c871cb

    SHA512

    0ed6a1dfa8e9edc67420eb07ffa423beaef17d7ff0ed340f630cd7f96d011fa9fcaedb2b3d139b9656e0b189429499833711830ec1c1ead94b2d1412b2d1ab90

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Cab2FF9.tmp
    Filesize

    68KB

    MD5

    29f65ba8e88c063813cc50a4ea544e93

    SHA1

    05a7040d5c127e68c25d81cc51271ffb8bef3568

    SHA256

    1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184

    SHA512

    e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Tar304A.tmp
    Filesize

    177KB

    MD5

    435a9ac180383f9fa094131b173a2f7b

    SHA1

    76944ea657a9db94f9a4bef38f88c46ed4166983

    SHA256

    67dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34

    SHA512

    1a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a

    Download Submit

  • memory/1936-1-0x0000000000400000-0x0000000000479000-memory.dmp

    Filesize

    484KB

    Download

  • memory/1936-0-0x0000000000220000-0x0000000000221000-memory.dmp

    Filesize

    4KB

    Download