Overview

overview

7

Static

static

7

SkinH_EL.dll

windows7-x64

7

SkinH_EL.dll

windows10-2004-x64

7

蓝梦穿�...��.exe

windows7-x64

7

蓝梦穿�...��.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    150s
  • max time network
    141s
  • platform
    windows7_x64
  • resource
    win7-20240508-en
  • resource tags

    arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system
  • submitted
    23-05-2024 01:48

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    蓝梦穿越火线CDK生成器.exe

  • Size

    2.1MB

  • MD5

    a3d4bb44d098194b155791a4a14699ba

  • SHA1

    3537714b4efb98c3e6bbefc4f879f534b8aff7e3

  • SHA256

    6b8ae82a19b3daf9fa725660f86c64832003c507e79a714ee3051e8628dd74a6

  • SHA512

    77c602df63e519911b09462131ec2a27ec7434098157907df7f8ed53cd7dc81341cf1c4ddca8459eb6a788eefaf0bd1b58a78efdd9ef6f2aae465ed1665a102e

  • SSDEEP

    49152:HG5L4MC1RK/BdzTZaqdwk0c05HGiFbjXliJaEuQ1q:0LfC1RKPzYqdwkLcHHNXcJB

Score
7/10
upx

Malware Config

Signatures

  • UPX packed file 4 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Modifies Internet Explorer settings 1 TTPs 49 IoCs
    adwarespyware
  • Modifies Internet Explorer start page 1 TTPs 1 IoCs
    stealer
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 10 IoCs
  • Suspicious use of WriteProcessMemory 8 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\蓝梦穿越火线CDK生成器.exe
    "C:\Users\Admin\AppData\Local\Temp\蓝梦穿越火线CDK生成器.exe"
    1⤵
    • Modifies Internet Explorer start page
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:2236
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" http://www.2345.com/?k729599963
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:2216
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2216 CREDAT:275457 /prefetch:2
        3⤵
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:1920

Network

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

2
T1112

Credential Access

Discovery

System Information Discovery

1
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    f8e1d1170859d54fe865a88213f9622f

    SHA1

    e53632e673c9e5def1c3907c04daab79faf69896

    SHA256

    b6a6ceab95d178c4c506150e346c87f02beaba71798903b1daf194258b4c6d23

    SHA512

    8669c2f06bcfdd0d5ebf9fed5cfffc071a3313a9bc7a229f6ee906945f2a1298a7b5d0ecacf57644eb71bbdd0aa106175ea7bfd99c837e687c73d683aaad9c90

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    4a1d72b7dd2775ce492ad34e95652e0a

    SHA1

    645f26384b4d245bacb8fca8637da80e08e689ca

    SHA256

    352409216459499a80cbd2511e25a2b54afd21127ec621b5ccf33dc53eb612e2

    SHA512

    6f4ce09d5f023f048055924a8f4335613d8787d85845dadbb2429150170ebbbc763e15e964434bc1ed48dd29215989e9fea0575601993c52d1ba8f17c7e9ef73

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    aaa7f327f735886d48a80ca88acbd912

    SHA1

    6b1f6243218b26b73093b84c8e59e958c31fc091

    SHA256

    ab7d7f149fed9a6f46d9d03b81c07ef4a101bc20033b0fa7148e06f3c98fa558

    SHA512

    6503716c7abbd27b61e74b70d538cd463611764413328dcce1157fd5994fde0c1e8e950e36688efaadd88dc6c586576459df73387a34a820adf764cd7f705231

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    eeb2b357d4f5405f13ef949c21a545c7

    SHA1

    4b624bfa528a8ac9aeb669bf69fe751256f78acb

    SHA256

    7fcb2d0848a15671c14c2b79944dd02cad71a406ed68c3cabfb0fb4865a5fc3a

    SHA512

    baaeadb69632d45e7e020c53370d67a4ca11142fbab38a54a061cabf4b459442ac8c552bcec2ec8f606a3dfed4eaad20184e2385770cf77d99ab30f5a2a316c7

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    b7b4903f6d28746284bb9077df8450a5

    SHA1

    cdedbe49e44d0feffeafb67d4c6924d7cdf394a1

    SHA256

    184eebf9fd0dc85471ef2f71932c7347554adca9711779fac91bd31974069f6f

    SHA512

    6df4f05962fa0c7c5a22a7759736641541276daea73e64d3cd8ed7f7c97323c7bd3cc6960c4cc3330523c24b1279ab801ec0dc1fbd7bbd5076d7d89c6888610e

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    22b37942c7be3e0e8661a86e7523fa9f

    SHA1

    3669e15cdb7704b86dd928ded730e968d9eaf38a

    SHA256

    5b9fc2fcb3b4c60336953882ca9f8886f4559be074fbd9014a8d5ba2397d4f74

    SHA512

    e5e0cad16c715e4073db4d35d11fcb35bffdbb72e84095f9b2f2727bd183aaba98528f36c0e7f5cb2bd3635a782d48093e766dd22ab493bfecd91c1f0af90ea1

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    6e8a3f8b783c178931871522f9504d65

    SHA1

    925ab587eabcc2459c2c43d95220c60a795fdb9d

    SHA256

    e1dd8974e2f2e5221385ad03ca786db853ac5f7bc9405efa13026ad4c73ea85e

    SHA512

    8b6afe82012f8de3d5584c88c86256c5c03fdfbc7ec351dfeec2bdfe17e5c68387f34e6dd092acd5898db829e05749fd28422ac49e34de89fc414d0df983d3be

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    8663d9b24954eb9a5cc91f1a075b9d4c

    SHA1

    bf656b3214b79222fd6e15ab57f6a97088f6efc5

    SHA256

    44d6b92fe93f1c2be041d69c2052a30184b12237019072254856e11786adb1f9

    SHA512

    09e49d255d1bbcf0f03a4b7db4573453f015a2b0bdc1381093a9658be3b8d73943602d3a83569959f9d4d8a69699c589dbfc34001ae73429301a49acfe425411

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    4a82bf4135ee80aaf678a56dfd9449b6

    SHA1

    4c707dafff5021c3dddd2b24caac3df1c62987aa

    SHA256

    b1b75687a6f4452b4e92eca846da997666bd71b3ba3684ae83264cac4e1c5f80

    SHA512

    c7c8535dc66583af49c4fe49a950bf96ff1e5add97d40680332b1e584cf26397f9b1fa6e75b505f4d641b7e5935467f7f59773db14733a2caabeb64f15d39933

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    a8926183029c41c1a515136e25ea95e0

    SHA1

    b66a3283aff767a0424c749009f85946049e2b60

    SHA256

    f7744f7460b71d1000f2d4adcaa0ba1c1a949ed73fba6568a203157f7584f0d6

    SHA512

    f93c2154c9c8b3343e578a21cba4d2f4d9535a5b3352fcfedcee62711e2fdcd9a46f4845c6c0f01763d20b96b2bdf9830dbba4b9155cec86c3a42e7f66407eee

    Download Submit
  • C:\Users\Admin\AppData\Local\Temp\Cab36BC.tmp
    Filesize

    68KB

    MD5

    29f65ba8e88c063813cc50a4ea544e93

    SHA1

    05a7040d5c127e68c25d81cc51271ffb8bef3568

    SHA256

    1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184

    SHA512

    e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa

    Download Submit
  • C:\Users\Admin\AppData\Local\Temp\Tar36ED.tmp
    Filesize

    177KB

    MD5

    435a9ac180383f9fa094131b173a2f7b

    SHA1

    76944ea657a9db94f9a4bef38f88c46ed4166983

    SHA256

    67dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34

    SHA512

    1a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a

    Download Submit
  • memory/2236-0-0x0000000010000000-0x000000001003D000-memory.dmp
    Filesize

    244KB

    Download
  • memory/2236-4-0x0000000010000000-0x000000001003D000-memory.dmp
    Filesize

    244KB

    Download
  • memory/2236-1-0x0000000010009000-0x000000001000A000-memory.dmp
    Filesize

    4KB

    Download
  • memory/2236-3-0x0000000010000000-0x000000001003D000-memory.dmp
    Filesize

    244KB

    Download
  • memory/2236-2-0x0000000010000000-0x000000001003D000-memory.dmp
    Filesize

    244KB

    Download