Analysis

  • max time kernel
    120s
  • max time network
    140s
  • platform
    windows7_x64
  • resource
    win7-20240221-en
  • resource tags

    arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
  • submitted
    27-05-2024 01:03

General

  • Target

    e204efd97c0d7b5068c1ff775673f1825c44bda7891bfa671ad72d9e54f2d807.exe

  • Size

    164KB

  • MD5

    73ba40dee5f61c229947c73328a2dc32

  • SHA1

    83a168919004f2c6cea8a15d4ed974056b6ea9b7

  • SHA256

    e204efd97c0d7b5068c1ff775673f1825c44bda7891bfa671ad72d9e54f2d807

  • SHA512

    dfd39c08b695acf07d6043bf1086f52e251d1c575d381ab41c3c40527501f929b0aa2c85125fd4411f7c235706e8f4764f8522a50c18cd748a8ea2bb1dee8280

  • SSDEEP

    3072:FOEh7xgFtuukVi+l4jp5d3P/Lx+FvDyY7qab7HzU2tcB90JnvM25:FOEh7xgFtuNIO6p5Rj4vtmAM22B0nv

Score
1/10

Malware Config

Signatures

  • Modifies Internet Explorer settings 1 TTPs 34 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 8 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\e204efd97c0d7b5068c1ff775673f1825c44bda7891bfa671ad72d9e54f2d807.exe
    "C:\Users\Admin\AppData\Local\Temp\e204efd97c0d7b5068c1ff775673f1825c44bda7891bfa671ad72d9e54f2d807.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2856
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" http://go.microsoft.com/fwlink/?prd=11324&pver=4.5&sbp=AppLaunch2&plcid=0x409&o1=SHIM_NOVERSION_FOUND&version=(null)&processName=e204efd97c0d7b5068c1ff775673f1825c44bda7891bfa671ad72d9e54f2d807.exe&platform=0009&osver=5&isServer=0&shimver=4.0.30319.0
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:2096
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2096 CREDAT:275457 /prefetch:2
        3⤵
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:2644

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\6B2043001D270792DFFD725518EAFE2C

    Filesize

    579B

    MD5

    f55da450a5fb287e1e0f0dcc965756ca

    SHA1

    7e04de896a3e666d00e687d33ffad93be83d349e

    SHA256

    31ad6648f8104138c738f39ea4320133393e3a18cc02296ef97c2ac9ef6731d0

    SHA512

    19bd9a319dfdaad7c13a6b085e51c67c0f9cb1eb4babc4c2b5cdf921c13002ca324e62dfa05f344e340d0d100aa4d6fac0683552162ccc7c0321a8d146da0630

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015

    Filesize

    68KB

    MD5

    29f65ba8e88c063813cc50a4ea544e93

    SHA1

    05a7040d5c127e68c25d81cc51271ffb8bef3568

    SHA256

    1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184

    SHA512

    e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\6B2043001D270792DFFD725518EAFE2C

    Filesize

    252B

    MD5

    be53fa1d57b39a76ea24ee19eda6223e

    SHA1

    15d00af55caf0468f05c334214966e6c00290172

    SHA256

    b01294714c9e91afa8939162e9d070330f7ac7c61fd7182cb6634f83de85ff2a

    SHA512

    6d90b49f44f1f207ef32c98026a2b3609501cc9960cff36787576fb31ca24876bd9fbf8360102375216ae1b5d6f1fa6b506fcc0226f49eb6020eaf16cf43638b

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    97793c98a8a07c72fa780db45987382b

    SHA1

    93055c1f8f9b358b4026a1351997639136125743

    SHA256

    12d582fdd1b9d46038f72aa25ff3c7487ea555b932f50949336723415972dce5

    SHA512

    70d916625bc5dddfa8811d02e18dee7630a6a8a7f9f06561a0c7e5326fc2ab496b5fdd4ebdb420b5db2043e279472d6919a9ec82ecd914fb275a2e3acffe98d9

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    cfab0155f5b615064146ae432f6ed890

    SHA1

    760387b550f5369c38ae7ffeaf3728ae6c3eeb72

    SHA256

    90c9ba0aa53191c1a0b948a9a5461560e5cda1c42ca3ea7eeb97edb958fcf160

    SHA512

    e208fa87ed54f1f94a2e72193d142c42f64384961dce38f56a37d1a4ab54db75625696d9f3aa7bf24f5603765f406f8cf7816926714005643b88984960ef93e9

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    0e68154fd4b2a3d2bbfbdca4f60f5305

    SHA1

    40a89065ee0df7a36a62a261b928c5458be6b5f4

    SHA256

    800dfd5ed6f471f58f75d8cf9c767c78d11c59e818ddc975ef874e8489657d38

    SHA512

    23f7897e5e7cbeb218427293162928e7f5f118ae470319f9f1f12767ba43a7c2ef383f7f2cdc100529111209b2e22174d432ff794c41f35eb9ea4401939c6d93

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    bb2fc46c670f0dd310831b853e7dba72

    SHA1

    cb4a9bea6d51fd070263be4c996f3d80df9b858d

    SHA256

    afebac0483fa9c2779349cc309c9ef220bece3ec21c94603c3d6ed0e4ca9558c

    SHA512

    dcb49b539025c8c8317d168b32e3bf1a2d92e2fa2e31fbe1b5f1943ecd40d8bf496c523e10cac00dea33b74d53256e3c11ed925849de02c67d8b1a39d24ac9f8

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    3d8f8ad39afcb018b7c2c18f9593a868

    SHA1

    a03a1342ea93ed07140c5973c708fe0e058612f2

    SHA256

    2c88adae42c810a7911f08ac12f45598a31ae6c59ac51b3ff7a1df4032d1092b

    SHA512

    314c84713baba97a3b18343124574db7d0a240d01d0ee76b9590e2f4b27dd97f55bc831c132f103b6507e8bfc6a7ab314dabfe2c3a5d8506c163b2b9403a42aa

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    acbd4393627d92aab20473f7ddd006d4

    SHA1

    043fdad16b741b7ed7e35ad5252b95d8cd5217d2

    SHA256

    b109db6aca595c92bd4dc71d90473c19587c018001dc1bdcc8b538529e14032b

    SHA512

    459ad40cc72da6fbf083c0141abd31b72712fc9611018f1beda1d777226c5ffb59e6157caa6070013787ae719e796cc7fce2ae49182f75ae7931be164e900b9b

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    b1c685cd50cf4653e9354e030eb951af

    SHA1

    4f943b6a3dd6fd3f277bcdc02a67393fda36d55e

    SHA256

    4473c01716809998ed8ea721f0c7a36efd01882261eff8f931cc62513152f427

    SHA512

    c67c2ac7b1fcab238097e32c10735789549f329736967071d8af7f5b33903239b4060315ce27785e20bc8ba16fb21991c25a3d06a52e5a21f2c8758fb3fa7209

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    bec7b68e43a1bc6f15aaac65ede58ff4

    SHA1

    746f3e84050a70eb24e560a9b051012dc7987b8b

    SHA256

    5a246273b685357ab97242306ff3e51f1dae70148d512ec0a2c27099881a9f8e

    SHA512

    428febd4e19576019bf7546aa0d2c3dfca6ff90b9813e5b662e6d64d0d33bf99da0fd24c7635e0c9b327ca80ed89e37b7d6c028d6d4a7c6a2b413b92d231ca42

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    e7b925379b18c0c11ef87645ade9d983

    SHA1

    da91b796c97c00784ee7f65148acfacfe48ca368

    SHA256

    b0ed2973f4c45c0565c36c95d49a5f38ebde198890c3ae7b705af0e56526ea63

    SHA512

    dcc85ab5c9d9bd01dd8aa1cc047620e79d3bd5720ab5c6c8b51bd2ea87da9e9b780fe5c576810a5da7a55f6cedbddfe237fc0e7bc183b7c647ab8029f02636f2

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    12c53cbae03aee22b1090b46a5ba3f38

    SHA1

    a9c51693f59474d602713e49ef18202262687deb

    SHA256

    871220b9c563df5407ebc228fc4e8677280693933650ad242f866fc63f4b49af

    SHA512

    10c7965f4ae9ead4e5d73fba26f3482044c9e30bee7ea5e454c9049b53810401d5e31848db62700968708d64dd7c022ed5d3383056ac35e7b15528917ecd55e4

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    5d1ea4ecd6e38ea408f4a73296c2797f

    SHA1

    256f978922211fe9e32b0b796a5ce655aab27d07

    SHA256

    aba0be83e4c04b788b0f5bcb13df6fa817a8016850209b9458babf11ffd1b769

    SHA512

    6052d6f57d365054bfadad37f433fdffb8195e743f076d3152278fa3baeacea93ea0b1b2eb18746f89660644bfaba55c5286f20d81503ef60511c02670ac2463

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    db3c12ba497ef5b433e99ac0573a4599

    SHA1

    ce369a58e0bd4412de803adc3a6d89d11b9576cc

    SHA256

    13d0b94e35f3a446a2cfc834881e46b48ae38e0df3c8fd77faeae68db6613741

    SHA512

    a8eb3a7d33e5a56c33ef7a9c88691dd8d8d81393f7ddb0a0cb42ecfd6e61d04289b26dcb6223431a823be29c43dd72b81f633cb7fea76b3c637fa7b97296df90

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    49f4f096562671e73eceadfd9ab235c1

    SHA1

    167d268d1875a63bcd712aeafb434db076f83fdf

    SHA256

    d67f5697692d7831b3428ffe091fed162175226dbe095cc65577f8cb09c1977c

    SHA512

    71ce2f4b2760baa60cfdb1cbb90a1b9b47edfea289e8328d6b8d718c4499ad36d38617959deeead4a73cf947c3ce9195cd8fc6758654df2bd35aedd361e134ef

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    b4fee093b20cb314fda1fbc8eac7a32c

    SHA1

    9735403f0d7b4d9a667a625e98d7474ca106a9c8

    SHA256

    270ec1048288cbbc7f5f7a2375425ea51ca3cab97e75cfccc37b3e9aabc2fd6d

    SHA512

    7caba4e34b0e7f88a76ab4a02156506ead62b8a1aab0d5ab01369bdee6aba33b409ecd6e2c5ca3bbada02b63b6e5e2b7c5e7574d3e98ab4a515521ec922b8fbb

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    0c135831b10b6386d9d024b8845ada91

    SHA1

    fb84dd5192232e35176d567f1bc3f2b47afab1db

    SHA256

    13f9031af6cf60a20888bcb84fc8789b6d47678e528c08d133a4bb814e41a670

    SHA512

    1e63459ae6c5415bc495d84c90ac8e5f173bf910428c86dc58b7deef6287ab236cafb830df748cdf06c07de8f532a7ff402ac54c1c5ce90d073517df41334e3e

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    93c52fd2a0915f5a525d85a667bdd135

    SHA1

    a48984de0216d40c24490b45857e253f70209d1b

    SHA256

    111640ca97f5c725852c68ad21c03d2de4fbf7e300706c1c0c1acff130b756ad

    SHA512

    b26bcf3bd9bbe1b48bffdc2a261f7022c19085278ee52e0def1d8255f02978a63dac609eb37f6b942f5f2e2bbb5a65086a3ddd517b942441b99dc6b8d360dd2e

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    3f02a16055c0fd05c844e9a792f63e31

    SHA1

    3ba1e98ad9a60d42c30624fb47450f8c573b5632

    SHA256

    95d7362d6d33094a06dcb12ab4d191bcfcafc22ddf24c2d460de9f4aebe32d0e

    SHA512

    81fa056d2307e50318487280455c8022b572a22ebb0bd6ac856e9a0a31ff360c116898fb2d88674a84a2ff17bc68b3140afbfbcfd4e13534441a0107891c7a7a

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    bc76bd9b05a8c45f9db3491690a5ed9a

    SHA1

    f2913793e560e8f002db21ba5334295005c70d1b

    SHA256

    f1b3a95d1c8819250ed62a5f2572216500f8231c9d67fbf802b7a665992b6893

    SHA512

    0fb1cb2dc29c5d7cbe108c7fe0e612753aaa9201d5c543632de30892b7e5d15e74fcb845425546bf479060a29857f21b55338e8ae6ee8fb0bb01db5e1899c1ea

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    c9c71ca3c30bb72bec06883c895f1588

    SHA1

    832eb5427485918aa7e962f493c7165fe3b060db

    SHA256

    2643489bdbb509b7d78cfa85519ddf5b092f1087cd5038a368629b7f6eea9ae7

    SHA512

    f1766140b7b9fbbaf2444a32f309601fcdba6fede31d9e8ab15b8984a1cb3ebe9c01d07fe45c0466438de433955dbedc3997c748f86688218381fe409369ce2f

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    57e72fd5d7d7a5c34020de14cb4c51cb

    SHA1

    376560c1d8f35108e0635e46bd6b5180845252c5

    SHA256

    ab51e11c02007bf4cb1ecff77757e72fbb450b788b10166c4dd2d5248cf4259d

    SHA512

    98d460f1e85430723eec63af3710ecb005ccb578d6917d7996c67198de945481c1e63e43b56ba0e93a474d0f64925501be6d6a0f87fe5dc0619f8027fc6b3c02

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    b5b8212932b31abf2cc19bcebd23a40b

    SHA1

    66903fe207b9bb2a922f1bc9671f5ec8ba5fecca

    SHA256

    6deea68bd367b3cefbd636722ec89d62232f50c4bbd8f9c77988075054087c23

    SHA512

    065a2d4272bdf84ae2c6b15e1ef3db1f1df6da58983d3d046ee7f1c3c7361941c505dba8808f2d886f62b8bb599b0e57dcb373ddf26285a0c0e6285cbd06635a

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    2a743da793424106e3b25c1cfe5b387b

    SHA1

    e4e0fb14c49a13c6e31871ca67a2dc8bfb26c195

    SHA256

    2574c841952b82e2313bf5bd2f57ea72bab0cd51108057f6a8ba6bd4b90a6c51

    SHA512

    f2e7b718aefde431810a688f0c849d3113cc23567135450242ce7d27174d686bea654d2d011528ac01f5783bd58167adcc5d2f76f91ef7e41bdb5ad66745696e

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    d9a56ae46d3a97645c8bac07d06cdcdd

    SHA1

    0f0ef28c2f12de11db56319dfe9654156f28b2c3

    SHA256

    f7bc58e6f92a204f3b6d1896fbec5771c7dfd8f684877c597b2556a0dc13ba2d

    SHA512

    ab2d11ebdb34df05d17bc321b260f566913afaca856c5bc9d78a5d62c44617bc7ab1d89d2308c809576369e4e46bc7ace04292d954b1803daa9a421f90b590da

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    2b4c0017928315b3d9d4052945e1e7d7

    SHA1

    450c4764c43795a6aa545a0e3a4327f07c900bec

    SHA256

    ce403f5e81288ab35d33b428b9edbf1b643010644f867c5a81593b66ef2c1a6d

    SHA512

    3fba852198c39cf6fdc5af92f6f2c951283ac288fbbc98d2e249649df3a773df247790fdb8c4d457cc0c8bd96e8de26728237b8dade6e90b814741590cea5131

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    91e9047c51e6fc40fc51bdca16ac59ee

    SHA1

    dea56902ff15cbf2e3551d73dff710e7cf081ecf

    SHA256

    50873ed9d2d482db04875dff05d86c989ed7a12444d1aaa603cd5d5f7ec4a9f6

    SHA512

    e26dbfeccb04bfc370e94f295b96f29c6ebdd8c3423d7f9b4431d5de78d6984cb0abc77949da6ddc6acdf430e88b9501fda3e814ad2ad10c5544e4efeef10f55

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    0086928d18a3240abc625cfcc8e4a2ab

    SHA1

    0393a36e2a62551b2b8a5c3ff7d6210ef59724d5

    SHA256

    c758c879d0815be37011ac95be7e6c0302dfe494c4c1ab37ca84015b4f0e7b8c

    SHA512

    d219d1df4328889175e3b266b361cab86e4041efba179df34f28077f78a6f6138a53087c614468cfe54b1de2c57f7a0c4b702f63bd7b24c8b7f57dc0036922a5

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    947be85e9577d51ef025adacbbc9574f

    SHA1

    a28361327ad4649fb5640ccedf940cf2b9e37b97

    SHA256

    93efeec37530b0165ba5cdb8e2376cc167e2ea42dac2670611c32412a15aa9f5

    SHA512

    c903e81dca2f375ac52775e44fa80a0b514046c68380b339203ae6244bf37a7a22e493c323fc626277d5f5589c6609a40bea8317d8c221ac86011bee15a2dbdb

  • C:\Users\Admin\AppData\Local\Temp\CabB33B.tmp

    Filesize

    65KB

    MD5

    ac05d27423a85adc1622c714f2cb6184

    SHA1

    b0fe2b1abddb97837ea0195be70ab2ff14d43198

    SHA256

    c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

    SHA512

    6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

  • C:\Users\Admin\AppData\Local\Temp\TarB44B.tmp

    Filesize

    177KB

    MD5

    435a9ac180383f9fa094131b173a2f7b

    SHA1

    76944ea657a9db94f9a4bef38f88c46ed4166983

    SHA256

    67dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34

    SHA512

    1a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a