Analysis

  • max time kernel
    119s
  • max time network
    131s
  • platform
    windows7_x64
  • resource
    win7-20240508-en
  • resource tags

    arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system
  • submitted
    16-05-2024 00:48

General

  • Target

    9169899925e2c9261b763fdac66394e83139ae9045a96b23e9d71fe6494d5f32.exe

  • Size

    709KB

  • MD5

    a391f1f00a2af292b42fce03d1637df5

  • SHA1

    50a53f8816144b053b981ba71cf9ec5b738e2780

  • SHA256

    9169899925e2c9261b763fdac66394e83139ae9045a96b23e9d71fe6494d5f32

  • SHA512

    afcf541b3c7d9c9d6b35a3ddec18b3739598ecb7c8b4e88b49f608f1061bbeed6f87d0a1d21f1c18c1f9134cc1e963bfd3c813cab0d39003af31a46ce13a8ef2

  • SSDEEP

    3072:kdOOADr3Qrl7QuasnziQji+h3vd3ryHb+BK/Dv:zOE3QtQuasnEnH4

Score
7/10

Malware Config

Signatures

  • ASPack v2.12-2.42 1 IoCs

    Detects executables packed with ASPack v2.12-2.42

  • Adds Run key to start application 2 TTPs 1 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Modifies Internet Explorer settings 1 TTPs 39 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 7 IoCs
  • Suspicious use of WriteProcessMemory 8 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\9169899925e2c9261b763fdac66394e83139ae9045a96b23e9d71fe6494d5f32.exe
    "C:\Users\Admin\AppData\Local\Temp\9169899925e2c9261b763fdac66394e83139ae9045a96b23e9d71fe6494d5f32.exe"
    1⤵
    • Adds Run key to start application
    • Modifies Internet Explorer settings
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:2140
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" http://www.youtube.com/watch?v=tkFQS92d6gw
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:2612
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2612 CREDAT:275457 /prefetch:2
        3⤵
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:2576

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    34c713dfb68e5ef65651d2349059a59d

    SHA1

    ddae004541468ae0ce2ddae6359c3b8ab2c0cb62

    SHA256

    d437e30b3b7953f423b13348deacb8529fee1f800ffe5a788557c5225e460739

    SHA512

    72531277003e8efd3b137bdda71ec1d59ecd9efce9cfeaace13376dcd542adc7d0f3463651d909c99743a8a12ab577946d3c6557b545b257f693ccf174483130

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    08bfa1f659563c068bd890a55deffd12

    SHA1

    348b77ef7e8a21e02669263a4563a53ea0e92e85

    SHA256

    4de6affaa6d2cb6f499f6abfa104b71e0a28611019dc90345eb816ba2c8546f2

    SHA512

    eb11f31f4800a3c4395c04b23e71c27c5f6185ddff9d61514ec0856faee03810c1ea79dc2be4fb247445586d3af8637ad049e38d603309ec9ad59f86525123bc

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    fdadcfafcf56c0907a2457781f062a4a

    SHA1

    2a72fdaf7bf380d944343bf5924ca89bc30545d0

    SHA256

    5ef1059a9dd5673eb4c7c25fd41f1821570ac90d675b31a533e017f15f01e5db

    SHA512

    e826545b5490e037f25da77dab297be21ec09fe2b5646bfebfe1faeed4e59f4d7cead067472184dfe7a957a8ea130fd00d91b26d2d615c6becbc7a6845b68072

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    575771b9e0621b520428036c5107d556

    SHA1

    b9d27ac1927a5e2ecc102de37c6c4874a98048e9

    SHA256

    55ee418a6aa39b77c109a82d1e1038b7026dcac2bd723733168c49118e3766f3

    SHA512

    cc5ff1b18a2f986a5dce9e9c0442ef563aa462ff28893df8be4f6dd3f8bbe58f17923d7a9c6cc0504ea062f7325eef29f8539b044c6543b411e79f0a16830aee

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    2d921df6c572585e5360143d866f1915

    SHA1

    ad214517e96021bb985fd71a9d479261a04c983f

    SHA256

    0c7d8a88b9f4fa7b5d217e8f21c613a689c0d01a5d3d59ba052d4cf47f9dd672

    SHA512

    35d038aca3d4a59853651808e73e87a6e22334c6f9dcc2b6b680391818ebaeaae425366e62479333ad502f8645163b6639034d8c3022bef6876794c31c331837

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    b7f9fb449b826917ec3d989e34788cd7

    SHA1

    ae3d802d5b8a65fafc6d3633a04ffd09012583dc

    SHA256

    5b09d752f0e8682287c9f3e260f2cf2decf73cb7213e79f8ed47176401bee1bf

    SHA512

    44d5a17c81a253ef447be7b7b4beafebfd8eceb1acdbe7128115577e55dcaf5f397e45fa88d6fa93fcfc193f6983227d3ce5b4bb321e34c4091c1c816da2c8e6

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    739685684cda1f7086e4f6ee20404709

    SHA1

    5e570d250042f0dfee24d0c96b0e200e3b7d6967

    SHA256

    f14fc50b32b1cdfd2facc51a1e3c76988f2555b0c5853c84ca340dfb037a4356

    SHA512

    0cdbf524cf4696c94a4566ac4e36b9cae8146ea14fefd44279777526618de6bef1378cd8aee25887207c2c9b9be2ec53f959903946ae6b165ca96a79dabc506f

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    ea70afa5ea4d1cdd8997b2218f58d010

    SHA1

    a6b6c74437cafc87eaec558834fea0695f4da4a4

    SHA256

    0f9fa6f5bc977e1bdade074f635eccc4e1fb535dad7d296cf0f4b7ed4dab2cec

    SHA512

    5bc6fbf13b809aba0b1f38841201ef19dc17e2b773b756e761df098e8d8a7f8ba0d30534bd79ff0208c703f29b04eaa2edfcfbdc1b0aa8ff24fe69e24add2d8b

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    35f1f69484b505965f5d351d9e2c9467

    SHA1

    0bc0f99d0376560059e12401ce46c1f55db02f50

    SHA256

    a501c75030cdd28f4fa00c22220c3e1f89eabb04711fffacd9b7c4a4b7dfeed6

    SHA512

    11979f847ae57dea0d63cef4f393ebb02ed8d2896d87ad837574dbd6c22e0da4951056a78ad1d117fc14d6144cdb947c6da513f0ad97e4be59b2c1625474b520

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    be45ef98278934fd25f27792dd43a62e

    SHA1

    03473b17d192819e8291e1ec5cdbb9f921982906

    SHA256

    2cb2573f7955b3c0cd57a999d4ff973b4e087254c745c0ed548e74c57a2d32d6

    SHA512

    7fd27c51d66540e4b522ef692ed78092a7b5aa7fb1a2ec03be007bdc794a45dbe8d980481f8b8dec7ac1fd0cd67f4fe91200970d2fa59dcc5a636eee3da36975

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    d51d7fad2d851e05dd6cbf6c93480b1d

    SHA1

    5f6fbaef41f88241d5d6cea3dc0c64b2aa254a68

    SHA256

    3aae97f57ddd8504e8f2e0f395dc668dcceb1c63fb7e438377231e42b954b0e2

    SHA512

    5b1afa4987ed75df9777b8ed31e1bff1e1ec2e9645d10b79f6f7f1f500c54b9a878bc087ef0df432f73c0d66392f8b36ac3a7caa400115e237fa2e632825102a

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    9261b8da38e247e795920f43506a9e71

    SHA1

    8f9ebf0393b2f7df6deca617c089324f1827ebc2

    SHA256

    389038df890b6b225fe819c78c4ed170572a380f13fc8e238c7183e0fac62310

    SHA512

    a773c90355beac300bd79955e814b104d177fe7edb25105b9bbed8fffec57bd48886f3907187950a4d64411c8744159406292783adc3c76d82574e1ac2f31ef7

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    49f5dd68d2459fbca7d746ee296f8402

    SHA1

    72c663456f1b123cbfbd9e3766ce293399a93b0e

    SHA256

    393ccd2b635afe8a638267a591bbf6bd4436d8a34a46349c3d779ff3de9bc807

    SHA512

    f3ab1df3ec2bc16e2d9267105e3478bb6bab25153621b4f5a3138f555ab27f2f11b4eb6a7781f0269cf1ac51917b8da8d1129251c66e7cb36f6e7225fdd6cd53

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    16875a33137adac304b633bd2d68270e

    SHA1

    8545e900a18d1d838ec9e938e8f1cbfe08927175

    SHA256

    df1b3886360ef18c2a4aba291a2e0eee7778bec254ee3314e756642f6407187a

    SHA512

    60427363a7ba11921b06b16813969eff43f3e3a2951f5175285d9adad2172c22c035a9f10018365dd2ba011f1e7bdeb12e4b63a13e4cf1b79aacbc9d876583e7

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    9c327d85d2ee6624e75943d7dcd7758f

    SHA1

    b5acc13b4367640ca7427b4c43d76c3579325d9f

    SHA256

    156e0f68599d7e8caccde42153c24607dd7fb0dc48dcd25ffa3d4ccfe2d07b71

    SHA512

    4ddb8064068cf08073b66f9a0d06749cca158264779e99070b418be6156402d4fab9fb75ba68adb0303dd48d167c3d5c2dee585f7be96e37bd69f41d0d3075e1

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    ff6ac1414e9c762257aff61876d867cd

    SHA1

    bd9c4bf23c2b30938fa2bab546bc875be7c22bc8

    SHA256

    d846dcb0fa962f2749f9f6b432cb8307ab0476a70a0573e19495f85bdd0f02c3

    SHA512

    297d985f6c5db13fc6b92c3ab86cea991233d5af8ac2630df9269df380382b47d35445b5758a33ef1868473aa7de870bea0cfb894bdebb9190a88e4b3c5e75b3

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    639df6b21e1d73d7cf015dd0b70ee1f3

    SHA1

    dd1838f28d841ccde46074b4eec9c9dcafd36df9

    SHA256

    5ca3e33ba7e7ad4c4d271aa7ea1910f3b4caea69701fa1605b2e4cba5c655794

    SHA512

    3521fbb9a6f20af66cd07886a6df42b01853982bff4ae3d7f0bb92f1be3b4d3b4422810130b55c4598065bd1b72cc83f04dee001b37fd7962a47feadfd39d145

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    c00e1f0a88645d20dcf007356e2c92ee

    SHA1

    d9b58c835f783373e148cad338f09abd45088890

    SHA256

    150f78d205403ebcff1fb0297efe6ad1a8e217c920873014994a0d7a9657fb85

    SHA512

    0ec06f4b3084ea848746d97254f125dd312f426dde8523f763ffb5e652caa16838497c4597efbc9471032d5f6e2db872d0d785fd0e4342d7afe7bdcc87b3aa12

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    7b49cd91e8faa904760262ad9d46c360

    SHA1

    5b59f3a1d1f43a93b50833b29fe026e8aa0bb0bd

    SHA256

    b999f67885413fff41ac29852e513caf8cdaa15fcb15d9d172145988a7f2c39b

    SHA512

    feac771005b5a409d0e06695b446a0b3b1a187ef3378a04222027b9e005df0aa1c74bfeab3a14863dc2c9fd3c004c7e740363c055d9417a5574272b679a26b52

  • C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\imagestore\q7my5tn\imagestore.dat

    Filesize

    1KB

    MD5

    1d475c9ed28cfab721e1845c9f4b8cd7

    SHA1

    d5058073e16cc47d09475bf2d032adda0a522e44

    SHA256

    220cf2782f2194bd85d1a8543f7f4397eaf491cb5fd0e9dff6dced679d3bedee

    SHA512

    650105e0ec8389465327989ffd62c3937a999ef23d9d8e9fdda8de12a551af183a3e4235aedec514293a6627d8304da0f99c4a5637bc887cca4e46610d093e88

  • C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\MEFTDE7Q\favicon[2].ico

    Filesize

    1KB

    MD5

    f2a495d85735b9a0ac65deb19c129985

    SHA1

    f2e22853e5da3e1017d5e1e319eeefe4f622e8c8

    SHA256

    8bb1d0fa43a17436d59dd546f6f74c76dc44735def7522c22d8031166db8911d

    SHA512

    6ca6a89de3fa98ca1efcf0b19b8a80420e023f38ed00f4496dc0f821cea23d24fb0992cee58c6d089f093fdefca42b60bb3a0a0b16c97b9862d75b269ae8463b

  • C:\Users\Admin\AppData\Local\Temp\Cab42FA.tmp

    Filesize

    68KB

    MD5

    29f65ba8e88c063813cc50a4ea544e93

    SHA1

    05a7040d5c127e68c25d81cc51271ffb8bef3568

    SHA256

    1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184

    SHA512

    e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa

  • C:\Users\Admin\AppData\Local\Temp\Tar42FD.tmp

    Filesize

    177KB

    MD5

    435a9ac180383f9fa094131b173a2f7b

    SHA1

    76944ea657a9db94f9a4bef38f88c46ed4166983

    SHA256

    67dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34

    SHA512

    1a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a

  • memory/2140-1-0x0000000000400000-0x0000000000510000-memory.dmp

    Filesize

    1.1MB

  • memory/2140-2-0x0000000000560000-0x00000000005A6000-memory.dmp

    Filesize

    280KB

  • memory/2140-3-0x0000000000400000-0x0000000000510000-memory.dmp

    Filesize

    1.1MB

  • memory/2140-7-0x0000000000400000-0x0000000000510000-memory.dmp

    Filesize

    1.1MB

  • memory/2140-8-0x0000000000560000-0x00000000005A6000-memory.dmp

    Filesize

    280KB