Overview

overview

6

Static

static

3

02ac52d033...43.exe

windows7-x64

6

02ac52d033...43.exe

windows10-2004-x64

6

Analysis

  • max time kernel
    144s
  • max time network
    148s
  • platform
    windows7_x64
  • resource
    win7-20240508-en
  • resource tags

    arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system
  • submitted
    20/05/2024, 20:20

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    02ac52d033c08cf815270e9e01585b4a4b7f6fa07e269793e73d8a347b497843.exe

  • Size

    785KB

  • MD5

    87f484a6fe53f6dd9caa957789a98e40

  • SHA1

    423cb368351a68f7c70e005f7d65eb0c30120b30

  • SHA256

    02ac52d033c08cf815270e9e01585b4a4b7f6fa07e269793e73d8a347b497843

  • SHA512

    498124081472a22fe8e287738f79ce95cf6828ce26563f951691cc27e949396d064e301e0fcc25dadc58a9ba8ddacfcbf1cae5beffa3d090edc41bd11e15cdf9

  • SSDEEP

    12288:W91mpRoMKeYmpsczjaIkqAF4arMyIGBdYVj8PZNy15ya3gb5qVT8T:W9s8MBzsujaQaKWPZasa3g4Vy

Score
6/10

Malware Config

Signatures

  • Legitimate hosting services abused for malware hosting/C2 1 TTPs 7 IoCs
  • Program crash 1 IoCs
  • Modifies Internet Explorer settings 1 TTPs 39 IoCs
    adwarespyware
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 4 IoCs
  • Suspicious use of WriteProcessMemory 16 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\02ac52d033c08cf815270e9e01585b4a4b7f6fa07e269793e73d8a347b497843.exe
    "C:\Users\Admin\AppData\Local\Temp\02ac52d033c08cf815270e9e01585b4a4b7f6fa07e269793e73d8a347b497843.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2824
    • C:\Windows\SysWOW64\cmd.exe
      C:\Windows\system32\cmd.exe /c start https://discord.gg/hagRbDeDWJ
      2⤵
      • Suspicious use of WriteProcessMemory
      PID:1708
      • C:\Program Files\Internet Explorer\iexplore.exe
        "C:\Program Files\Internet Explorer\iexplore.exe" https://discord.gg/hagRbDeDWJ
        3⤵
        • Modifies Internet Explorer settings
        • Suspicious use of FindShellTrayWindow
        • Suspicious use of SetWindowsHookEx
        • Suspicious use of WriteProcessMemory
        PID:2232
        • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
          "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2232 CREDAT:275457 /prefetch:2
          4⤵
          • Modifies Internet Explorer settings
          • Suspicious use of SetWindowsHookEx
          PID:1148
    • C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 2824 -s 476
      2⤵
      • Program crash
      PID:2400

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    6a8351612cefa4dbcb478a8507b37531

    SHA1

    00322c51784aef261fdbb97923e506d613d0c12d

    SHA256

    159ec0e04f49236c4a0b256139bb49f301be61555eca13607a00f47883017f23

    SHA512

    d1541e532ef286f0a1b781c03e0ca7b8af410947de609a498b4829b6e0ca79f1611a89fa902173c21338abe1341da6c397304ed68d075a12ae92832103b5d419

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    a598664b51ac6db6d12fd108564b8899

    SHA1

    1ad4d4103836dcbecaf9e40d0a42f709cafc324c

    SHA256

    af8df484cb2e51ed9b9edec87ad2e0685ca917ef22628b069808628afde92459

    SHA512

    900483a16236363e3a332fe4d808d26ba86b9f174d9f6f35b5df41c755240d6212b731ddc7883ec7f323cd94959aa7e066ff906686891168752ee5c5315eaded

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    ad826cd104eb9a5926389a8ad2599a95

    SHA1

    f00ded16c95d5d948acc120e1399fa696657ec84

    SHA256

    17de6fe989ceca80812aa68a19d6565523b81fb8b63020a035a2771300c8ddaf

    SHA512

    cf10515baf9ea7059b4d4b42c8888c4b7d206726d5f166380e790f01c36cd988c9de3aec393d880f90f356c48ba932dec2bb75e29b9ff70e941ab9197a9b2aa0

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    e3c5fea385444da0542aa2643c85b66f

    SHA1

    882e1819179b5ba40cf86903c739f80c33e735cc

    SHA256

    a49fa8cb4df18a9c3b0b157225a4e95942a93e1c94c80b3a358df94bc23ccb85

    SHA512

    a63c68ad23a692acd0a108ccd74fd5686555b2f38f952f92b4e4b0437826cc97b32b1a71c60d1db5da4b9ca2227413656fc58e6bc1efcafb0391ae0aa7446bb4

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    e80ab311b6d31f18c942aa16e5bbcb74

    SHA1

    9f3d728b7963b170507138e78a27566270a0b012

    SHA256

    4ec5d4dba33cf58ece62b5adc4383a4bc42c438aed8473fe27e57e211fb0618a

    SHA512

    648dd407ca04465ad8aaa975968742e5bb4ca9861ec90facc9d0496b72ddb363b05455024492b3b62d9dedbcf76eb69e0c7715992347cbeb9d935402cd83f2f7

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    371912d4cee2a2b197dec728d48e73d1

    SHA1

    740d1d27e80d057c90c86c46f729784839cd12dc

    SHA256

    ba679d85d37523bf8d4953bf288521ce8d47aac2c0071f73d6703e9075a816fe

    SHA512

    d85af2cb48f091c8e751ed76fa3925b6a8138fc095a0cb69a13c2da2ed97bde0830cdd0b82431a53f3973c3eb10131c81388f66e317c8180da9a2b4795c1fd2b

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    d43610683550522736f2c8c832f5451b

    SHA1

    cf25834e0d2bc0eb2a22aced5039419871c0e2a5

    SHA256

    940c0d1f121ea212ca5ba08e776bbd79294e4f275639ec9ed403ff7d81bab496

    SHA512

    3eefa5bf907b35abfccefabc0785af1541fbb5d967fb3ff7870ef176d71f402f2a2b652c7d142cb333c9870045f75b76c5b4f47a1ba11575dc5439b733ed8e1e

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    32a0a0f6ba97c959efd19a9a4c6741e0

    SHA1

    3d25905d11eed79e35b6fc39714f45dcea3a6440

    SHA256

    a6eb4e7aa5af8cf0a4cca375d5bb186b67f77c49cf196211d5114a8d132436f0

    SHA512

    a06d346f6737ac97901898b43dfcd77662f101d80df89b3379ad1cc73bc8d7d95816df0f68fb4cbc235f46eab7f9e9f8aa08f089549d24f28da4ea167f3074f6

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    18d51b150dcd0ec4bd9ecdf7746c4feb

    SHA1

    844eae9aeee1d3cbe40cd4429ae20e5e12f2e4d0

    SHA256

    d9486a37f70def82671c01479d829b7a384ff62e1c7190077c28a1536f6e75f3

    SHA512

    a22ab8974a64bcac091386c49c7948f28904b474aafcf5f0f67ef896e6f520e9cc16ceb38b082a78eebdaa2568fc533a71089ec51d3e2af7221b276039800b3b

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    136e9a06fef0834b0871703715502eaa

    SHA1

    77c69785354c378530ba827113f91981381fba89

    SHA256

    762c0b382cb3ae26de1478f37cd01efc2c09b917aa5089056aed7bc8dac6df07

    SHA512

    05d69ad5dedfb183cce88e7b59862864b91d1c798817720d3204253de3da68f35cd5e7eb52b2dfe56d0d41074bd608043aec81e9fbc07d9569d8fa459e524884

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\imagestore\q7my5tn\imagestore.dat
    Filesize

    24KB

    MD5

    772e68d1de035263770b206d4e1e45e6

    SHA1

    80ea2abed973906303976e9f307528a02c8c75f4

    SHA256

    013751decbff6f8520edfeece6fd9b8569e4011d708073ce4ad4828f99b2346b

    SHA512

    ec0a6cd7e9cfa18f609ac0f44cf6122e6f5907acdbcea4a311ff2ce6bf5927e4d715ade2222fd1899805f119a4a9fc77e4c83c26827a28c32f9097dedc5f3750

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\MEFTDE7Q\favicon[2].ico
    Filesize

    23KB

    MD5

    ec2c34cadd4b5f4594415127380a85e6

    SHA1

    e7e129270da0153510ef04a148d08702b980b679

    SHA256

    128e20b3b15c65dd470cb9d0dc8fe10e2ff9f72fac99ee621b01a391ef6b81c7

    SHA512

    c1997779ff5d0f74a7fbb359606dab83439c143fbdb52025495bdc3a7cb87188085eaf12cc434cbf63b3f8da5417c8a03f2e64f751c0a63508e4412ea4e7425c

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Cab26E4.tmp
    Filesize

    68KB

    MD5

    29f65ba8e88c063813cc50a4ea544e93

    SHA1

    05a7040d5c127e68c25d81cc51271ffb8bef3568

    SHA256

    1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184

    SHA512

    e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Tar2763.tmp
    Filesize

    177KB

    MD5

    435a9ac180383f9fa094131b173a2f7b

    SHA1

    76944ea657a9db94f9a4bef38f88c46ed4166983

    SHA256

    67dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34

    SHA512

    1a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a

    Download Submit

  • memory/1708-20-0x00000000022E0000-0x00000000023E0000-memory.dmp

    Filesize

    1024KB

    Download