Overview

overview

8

Static

static

3

55902f61d3...43.exe

windows7-x64

7

55902f61d3...43.exe

windows10-2004-x64

8

Analysis

  • max time kernel
    117s
  • max time network
    136s
  • platform
    windows7_x64
  • resource
    win7-20240508-en
  • resource tags

    arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system
  • submitted
    16/05/2024, 03:18

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    55902f61d32a655a5e27a336bd6efced4dad485e6dbd65e96d4836fc565cbd43.exe

  • Size

    6.3MB

  • MD5

    c981672af16f890e6ff080b71905a940

  • SHA1

    089e55ea97390b3da6a8853aa7bff471598da66b

  • SHA256

    55902f61d32a655a5e27a336bd6efced4dad485e6dbd65e96d4836fc565cbd43

  • SHA512

    a2ead9c260d1721cd9d696c66159ba7cd54233637715adde1a9825a776d6c5367e6d3d0669b292d81568fd1616dfdb4d337cc5df733272e612bac1fe1e1a62ca

  • SSDEEP

    98304:2/oz/g3xbrKsTS343sWk1bYcNFC+VU1JtknAx3JhBz10TkiXbmoXGg+UgCC46PyG:2/e25/cjCtkiloTW7UhCtn7JjFewv

Score
7/10

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 4 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Modifies Internet Explorer settings 1 TTPs 34 IoCs
    adwarespyware
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 12 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\55902f61d32a655a5e27a336bd6efced4dad485e6dbd65e96d4836fc565cbd43.exe
    "C:\Users\Admin\AppData\Local\Temp\55902f61d32a655a5e27a336bd6efced4dad485e6dbd65e96d4836fc565cbd43.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious use of WriteProcessMemory
    PID:1704
    • C:\Users\Admin\AppData\Local\Temp\RarSFX0\FoQa.exe
      "C:\Users\Admin\AppData\Local\Temp\RarSFX0\FoQa.exe"
      2⤵
      • Executes dropped EXE
      • Suspicious use of WriteProcessMemory
      PID:2916
      • C:\Program Files\Internet Explorer\iexplore.exe
        "C:\Program Files\Internet Explorer\iexplore.exe" https://aka.ms/dotnet-core-applaunch?missing_runtime=true&arch=x86&rid=win7-x86&apphost_version=6.0.10&gui=true
        3⤵
        • Modifies Internet Explorer settings
        • Suspicious use of FindShellTrayWindow
        • Suspicious use of SetWindowsHookEx
        • Suspicious use of WriteProcessMemory
        PID:2556
        • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
          "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2556 CREDAT:275457 /prefetch:2
          4⤵
          • Modifies Internet Explorer settings
          • Suspicious use of SetWindowsHookEx
          PID:2432

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    87a3a295f52e8b4387afaba754b06c1d

    SHA1

    3b475d226bdfe2d9e7b1b48eb967eec5f1f12df2

    SHA256

    97a9bc6b67fbc7911f11799f2f8955ff6ea8d1da9e239361f7734f7b0e386b4b

    SHA512

    4f493223eab3aa246b5feec57cf0008a03b71b016e6850f2b68dd8be686525d46193d7f4b1da158dc00de35a05d28c1756ac5473631ee556af3aff5ea74733dc

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    c884f3f35280b9f63c99b0dc20f3349c

    SHA1

    e25791890ff1f96b57cf689a6c9c28226077bb16

    SHA256

    3216150358448a56d505794e20329b12a194c5fe99ce28a8bc1944ede882f8db

    SHA512

    c127c488099ce92a1e88451bff3cbd447c0a041d83a2b56a6685610241e8bfdbe7fec44eda9c0d56f9b7bddd79328a2ec9f3b93cec2c878ee12ef10f1156b170

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    75c27dfc73975f239e03b5eae6a88a6e

    SHA1

    fd3205d696ad8592ecb3b82bea7a3d93faa4a090

    SHA256

    eea08d39b61a8cbeab9d00240a8516225198a806b0bda9719d62b32e876636c7

    SHA512

    d85f08418bdd3387461c91b806d152b6d17538b4add8af4604bfd34ecb55d87be17fc5d383ba5d690f50af8f16413e7fc370ef287575d3ca666b8bfdc2791202

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    f94da4c8244a4d836e77801391e2affc

    SHA1

    cca9f380f1938e0c7b9f3031815bd5c8d0919e0c

    SHA256

    8b6d53aea731eb23c207747307a94ab69093734de354a3a4b9a3765899b22ee2

    SHA512

    8cfbca4785cc87d51063d86f64e29a87645d078e1b9a8c10b81c37ddecaab91cd4c37b4f7760ac99ee4b5dd2ddb6c9960dbc37daa112f4472c7cd464388fd77c

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    0a0cf1aa988dbe7983901e5b3c31656d

    SHA1

    7cf7244e44c377766af8d9b4085919cfe6f7492c

    SHA256

    6934b9d7e9b47ed65c4965d9178d0f5e0452a93787418152195067ad49e15f22

    SHA512

    042ef31817fbb750002cb3121ace60b2110ed31e5341df6a1c458f99a3fd3ffa7a2ece7309f4895dfe9908744f8e429957957098e06cd65757251f848d0064de

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    e90fa015e8b5be1674925798b8f63c5e

    SHA1

    7bd9632ffcb3f4eb9a0e5be95a3c8406a65cf166

    SHA256

    b9ee888c23cade4bc605936725806f2ad175fe8dcaae941edc60db818540032b

    SHA512

    f7d23b22320559ca1c131a2ed34d9b69fecc772bf8175e098372d73bcfe026b1173fba0004c221f65fd4787f146b08308f36493dcce5a6b77fb93c3a1194f03f

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    3ea4ca90fd20123a19ee0575daeb489b

    SHA1

    e48cef6f3da9a393782c28355dc54475f7be0f0c

    SHA256

    91139335d0bdfa1071412a0e7be1d0d16b2a16304361b8321e8443a97ceb85a8

    SHA512

    caac6118b2fcd20303970d2ba986a7655dd17e7fe61d28958245f6b902ff1b3422d01b80a9dee9f0ad0a65e476747373f2e8184c277c864e6fec497cbaa543d3

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    8724022ad7a5a0af13bd4f683f8cf314

    SHA1

    cb31ac8cd89be84e6bddf717ed97a31fe68496f1

    SHA256

    2e907671fc20f2bbada7567fa940e707991f6be0fcc9f72f4cf578031ef9a1cd

    SHA512

    0f01a4c8887eab6986f575eb487ba0b2752d33d4f43654d2fc6e73dd229227dcb098072851beaab3092f5b824045f736d26542c4fdb04723f395824bf6f764fe

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    6e8d5339af0e51175e2ac14f48eec032

    SHA1

    453610ae25cfd0977e95a8f7ae3faaff6497d689

    SHA256

    5bac4c6dbbf3bfbf48174d84cbefe724f290a3e86192276bbdb98b03f031b500

    SHA512

    0674c8f13e2f03722480a2a25b2830294f566c82f7934c88e7193ccb762cdc77f3345b2bdccac7fb760799e10193dea4e94b922c8256b4d5a0abd724b3d7ee16

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    59c5348077025e8cb6415090c5d0b7c5

    SHA1

    203313971e295f27171adbef810c738eefb3a670

    SHA256

    cd9fe34be810c372ba08a7a77ae77a6e2cd202be488ca9ff9d0d6abbbdc41436

    SHA512

    bb9c2d0797de4c8949a3af20ade3b67e5d80ae87a4b71ddb7b4bda2fee907107ab46ff873b3e21e7af5350820f8c4d6cd702f0e731b26b150ae3367c4afb403b

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    9eb08091d573c998095a77b895b7f8c7

    SHA1

    5026012cc96c8a169bfab4cfb14065068813512e

    SHA256

    5e6aad17fc175dff4492476858bbd087b4f4d513d328d2b56a6013ca68b05857

    SHA512

    5f9f4c2eb63bebf30bd763f41f8dc89d000226d53c22f08bad8c0cc73254dafd3c4449416c9e2e6e77fa37925d2a165640422e279047baea7410ee3be4482231

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    e1f9478734d7d8610d548a2ebc00fe04

    SHA1

    67aa7678d4ddfff0c151c4f0f01ec6af3b77e176

    SHA256

    05949a208c04e85867881c543c7fd04fb1eaf1d2f4f96b58ff0bdba7dd97b1a9

    SHA512

    24a75f622b8e26d1b1f9c9aca2ca78ec1c556b041ca97a59243f5b605ad3b63d35f098b2bb94384f1728603fc9742cca318af46a232dd417198937025d8dd867

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    94eca9937d74b94e770ec9cedd6c93d0

    SHA1

    552386cfceb59ca3b65af870cede8170e4cca99c

    SHA256

    5f3b497fd4b220e2165abfb59fe995bca0d659711d1e8784f17fec1c976b695d

    SHA512

    c3013ff8ba35fe80a40cadc35011d7a42bfad7f10e3add1c6434cee85b0e4befaee69027117dcd1b141c79eb1cd5784bfd67f9df6f514087d7e083589d2a3325

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    2a12b36d5939755159e18347b2b2a028

    SHA1

    3533870484344ddb17f356879c90efcc3b7ef6f4

    SHA256

    168eb04f0051ec4bd480372d5304d5e1d006dfb32c44188a2d64486b5554eaeb

    SHA512

    545f877b45899ab5970e4a1994cb43edcf16a468d56f0b3f3fa1e33a4c2ad939b23c356e5184fcd5672688b656fbe44b406414308375bf55a131d9c3fde9a0f7

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    4e95a0be25f8f65067d37cda84ac4557

    SHA1

    cbcf0fc7f60788a26811fbad8b8a5d428f1e86ae

    SHA256

    11ae63d14bb139cae0d8cbc72887e26440955b99c1656617e53f4d436e88b4e8

    SHA512

    43532b589ddbb1215bdbfa70b8dd5bb9179f7c9f0eabc283d68571246b1e52d6fb305e004c0a0dee8dde8950caf9d5a5a1b73b948bcc5a6e315ca0bf6086881b

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Cab394B.tmp
    Filesize

    68KB

    MD5

    29f65ba8e88c063813cc50a4ea544e93

    SHA1

    05a7040d5c127e68c25d81cc51271ffb8bef3568

    SHA256

    1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184

    SHA512

    e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Tar39CD.tmp
    Filesize

    177KB

    MD5

    435a9ac180383f9fa094131b173a2f7b

    SHA1

    76944ea657a9db94f9a4bef38f88c46ed4166983

    SHA256

    67dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34

    SHA512

    1a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a

    Download Submit

  • \Users\Admin\AppData\Local\Temp\RarSFX0\FoQa.exe
    Filesize

    178KB

    MD5

    1bc97d36bfb5b3af6deef85448454605

    SHA1

    8f0902f8afbc37a11b4f36d43011119ef1d973bd

    SHA256

    f02a49b4c374303b75e4dda5b89a13e3221a214791bc3b96a7dd766b306cd2f5

    SHA512

    e04b623a254051191cee6f1451693168c3200cb32491a71abb82d514af4fb86485ab4c549dd2555e141797c721eaa02cd984df67f6c7f0de3481f4af77b0d02d

    Download Submit