Overview

overview

7

Static

static

3

4c7eff4f52...18.exe

windows7-x64

7

4c7eff4f52...18.exe

windows10-2004-x64

7

$PLUGINSDI...ns.dll

windows7-x64

3

$PLUGINSDI...ns.dll

windows10-2004-x64

3

$PLUGINSDI...nu.dll

windows7-x64

3

$PLUGINSDI...nu.dll

windows10-2004-x64

3

$PLUGINSDI...em.dll

windows7-x64

1

$PLUGINSDI...em.dll

windows10-2004-x64

3

7zxa.dll

windows7-x64

3

7zxa.dll

windows10-2004-x64

3

DLL/libeay32.dll

windows7-x64

1

DLL/libeay32.dll

windows10-2004-x64

1

DLL/libhunspell.dll

windows7-x64

3

DLL/libhunspell.dll

windows10-2004-x64

3

DLL/ssleay32.dll

windows7-x64

1

DLL/ssleay32.dll

windows10-2004-x64

1

Html/Edit-...nt.htm

windows7-x64

1

Html/Edit-...nt.htm

windows10-2004-x64

1

Html/Edit-Default.htm

windows7-x64

1

Html/Edit-Default.htm

windows10-2004-x64

1

Html/Edit-...nt.htm

windows7-x64

1

Html/Edit-...nt.htm

windows10-2004-x64

1

Html/Edit-Minimal.htm

windows7-x64

1

Html/Edit-Minimal.htm

windows10-2004-x64

1

Html/Edit-MsgOnly.htm

windows7-x64

1

Html/Edit-MsgOnly.htm

windows10-2004-x64

1

Html/Edit-...nt.htm

windows7-x64

1

Html/Edit-...nt.htm

windows10-2004-x64

1

Html/Edit-Old.htm

windows7-x64

1

Html/Edit-Old.htm

windows10-2004-x64

OECRestart.exe

windows7-x64

3

OECRestart.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    148s
  • max time network
    157s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240508-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
  • submitted
    16-05-2024 18:38

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    OECRestart.exe

  • Size

    61KB

  • MD5

    c89ae23f58aeb5bbf982f3807ad48eee

  • SHA1

    27919c3782353f8f7c8b1ffa14327aae9fcf0691

  • SHA256

    621bee663613ca4d67ad887657ab3c467ec3a56c88e43b679d767cb7e34c9b57

  • SHA512

    23a524332ffe36168c20e7434647940947e040a43d394c242ced07a0d88ca6d5cd8c8993e40038174f2a096cc26703a849833f1edb7974c7a6055f0cfc5b81df

  • SSDEEP

    1536:y58zms4OfftCs8qRe42X/S5FjKrEiG8GbD6Qu:yazms4OfFVT2PAwrQ

Score
7/10

Malware Config

Signatures

  • Checks computer location settings 2 TTPs 1 IoCs

    Looks up country code configured in the registry, likely geofence.

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Modifies Internet Explorer settings 1 TTPs 4 IoCs
    adwarespyware
  • Suspicious use of SetWindowsHookEx 4 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\OECRestart.exe
    "C:\Users\Admin\AppData\Local\Temp\OECRestart.exe"
    1⤵
    • Checks computer location settings
    • Suspicious use of WriteProcessMemory
    PID:4644
    • C:\Users\Admin\AppData\Local\Temp\OEClassic.exe
      "C:\Users\Admin\AppData\Local\Temp\OEClassic.exe"
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      PID:4632

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\OEClassic\Prg\T\1-1\_HTML-src.html
    Filesize

    201B

    MD5

    34e0c57a7f84355651e4d7168bb4564f

    SHA1

    276956054436c15699c3ab71785da1b4b42a5057

    SHA256

    73ff4b7dddf129327caed5df03e89d19f610756286939b9699bad39df1ab2f64

    SHA512

    18f8b4a4e3888bbb413a0476fc43476943cca307cb8d64b1eb461f383b6455f4f12122c202c4cd044d31f50d6b1b163f66f927e236f2785ca958974d2ef7bbb3

    Download Submit

  • C:\Users\Admin\AppData\Local\OEClassic\User\Main Identity\Drafts.db
    Filesize

    12KB

    MD5

    61c9da00cf9affe0b1ac32aef6da3395

    SHA1

    366f332e9b79a678c65f26dab87e1db2a0a6ea17

    SHA256

    c505ed26274fe2509807f37b071601f95cfd043de05a26631ca72d45b283f643

    SHA512

    89826f1dcc0dd79216137c7e5fc091195442c2b7d9c40df2ac956c663bc410d711d7e937aeb8245a0abf35f5180baf8cdf64c957671793e11205054d8169f374

    Download Submit

  • C:\Users\Admin\AppData\Local\OEClassic\User\Main Identity\Drafts.mbx
    Filesize

    42B

    MD5

    2d7b1c073844defcdf2c9d38431f598f

    SHA1

    19613826efe36975e9650f3960e405c49505552c

    SHA256

    8d9c88c8e29d3d1321c7463ed91f0c429d34476e6274b360673a2e035361f3b4

    SHA512

    13f596bc0c12e74c3e24c400c5ffbf4b5e74cea22eb933566b888305102f0ee07d52644e252779111d278b113d6fb66f19c14adcef83572b92bd38d1d610276a

    Download Submit

  • C:\Users\Admin\AppData\Local\OEClassic\User\Main Identity\_Folders.db
    Filesize

    36KB

    MD5

    abd42c28245fd5bc5ebe109e18c1c53a

    SHA1

    4940db65c7f8604396ccf22fb3a9fd3eb4f8b34a

    SHA256

    5eb2dee9176343e8fbfe1e29b2e89e1136f87ab6ff699c2405dfdb9a80c397e1

    SHA512

    adb55af68d3dbdf58dbc65499729208fbb86938484f73216758609e70db83f38040e26c9ba402680bc12c299a23f674d8de28dedfd7ab2ae07038083e707154f

    Download Submit

  • C:\Users\Admin\AppData\Local\OEClassic\User\_Identity.db
    Filesize

    16KB

    MD5

    dfc5b1c6d1600e13ed97542c39407387

    SHA1

    ca69821e525b865df34fb5b250f81394923fc6a7

    SHA256

    f2db3e3f335f0ff45270e2a6eecf93285cde1a97a0657ed959be3ea8a22d5ff7

    SHA512

    df608c303223bb14e816ca51556e6f931d4940a7b31c41ba807579986d7cb0173ccfa320ecd0de7f5aa70f4c97f0be4e6167eefbd2f175441908ac0ed551d0a3

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Indy0E575B4F.tmp
    Filesize

    29KB

    MD5

    d0fc3ee5cc0fa160ea720a154e1b243a

    SHA1

    762a74b8b00bd03d61f1a43d1f32ff852d09a606

    SHA256

    1e3dd1ed493705c6bd0a6bbb54458d37ad73217247bf7de2adb14f8521c100a5

    SHA512

    1f9d53e9786e1d6adbd1eff4b27e333ba5d930bb95d366b720e62bde67858871d15a83f6b9dbb2a0e82cc96292c4d5076c4af7ddbc5d9a9152a6cfbe9235bfb8

    Download Submit

  • memory/4632-2-0x0000000003880000-0x0000000003881000-memory.dmp

    Filesize

    4KB

    Download

  • memory/4632-1-0x0000000000400000-0x00000000014EF000-memory.dmp

    Filesize

    16.9MB

    Download

  • memory/4632-84-0x00000000038C0000-0x00000000038C1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/4632-110-0x0000000000400000-0x00000000014EF000-memory.dmp

    Filesize

    16.9MB

    Download

  • memory/4632-112-0x0000000003880000-0x0000000003881000-memory.dmp

    Filesize

    4KB

    Download

  • memory/4644-0-0x0000000000400000-0x0000000000418000-memory.dmp

    Filesize

    96KB

    Download