Analysis

  • max time kernel
    121s
  • max time network
    135s
  • platform
    windows7_x64
  • resource
    win7-20240221-en
  • resource tags

    arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
  • submitted
    27-05-2024 01:11

General

  • Target

    5b4107e5bc4904bb7574eba96a6532c8b973826fcf3ee6829ac4982709851338.exe

  • Size

    301KB

  • MD5

    467199b4716ab8eb46f2d49f527220e9

  • SHA1

    56b8ecb6e895698aa871ee7b9dc19d5a69547512

  • SHA256

    5b4107e5bc4904bb7574eba96a6532c8b973826fcf3ee6829ac4982709851338

  • SHA512

    cfbe475ca4c17ac4af751ada6199d33459035067417549b2a66313ed8590f5b429d95d02eba8cee5a86de7e1bab8b2171dc28655c8977b1139eb43fde873ac1c

  • SSDEEP

    6144:2Gzyk5qs33ZLmSt6wQke54OjIF6kId33dLpkynb:2G5P6wE+2d33dLG

Score
1/10

Malware Config

Signatures

  • Modifies Internet Explorer settings 1 TTPs 34 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 8 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\5b4107e5bc4904bb7574eba96a6532c8b973826fcf3ee6829ac4982709851338.exe
    "C:\Users\Admin\AppData\Local\Temp\5b4107e5bc4904bb7574eba96a6532c8b973826fcf3ee6829ac4982709851338.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2160
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" http://go.microsoft.com/fwlink/?prd=11324&pver=4.5&sbp=AppLaunch2&plcid=0x409&o1=SHIM_NOVERSION_FOUND&version=(null)&processName=5b4107e5bc4904bb7574eba96a6532c8b973826fcf3ee6829ac4982709851338.exe&platform=0009&osver=5&isServer=0&shimver=4.0.30319.0
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:2664
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2664 CREDAT:275457 /prefetch:2
        3⤵
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:2748

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\6B2043001D270792DFFD725518EAFE2C

    Filesize

    579B

    MD5

    f55da450a5fb287e1e0f0dcc965756ca

    SHA1

    7e04de896a3e666d00e687d33ffad93be83d349e

    SHA256

    31ad6648f8104138c738f39ea4320133393e3a18cc02296ef97c2ac9ef6731d0

    SHA512

    19bd9a319dfdaad7c13a6b085e51c67c0f9cb1eb4babc4c2b5cdf921c13002ca324e62dfa05f344e340d0d100aa4d6fac0683552162ccc7c0321a8d146da0630

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015

    Filesize

    68KB

    MD5

    29f65ba8e88c063813cc50a4ea544e93

    SHA1

    05a7040d5c127e68c25d81cc51271ffb8bef3568

    SHA256

    1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184

    SHA512

    e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\6B2043001D270792DFFD725518EAFE2C

    Filesize

    252B

    MD5

    6327fe758c99f9385cfd81a1eddc8d4f

    SHA1

    8142664491e754825e9f2bc79d54c6bd9e353976

    SHA256

    d538db69247d51172f69b978a978d19bb5bf82537690df1bf095c63dbc2a473b

    SHA512

    a553dc35d0d558184f8b9c33cba20e46794f642ba5750b5b005efef74eaeb8337a01d59afad33ff0ab1ff22973a9162ee3319c60f213b25c8dfe6acaeea04074

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    10f2e484b92ece0b0b2afa88e69d1455

    SHA1

    b8d053d29e804cc535fd7156284abf631a6f8e37

    SHA256

    a5e9f2521e24260f3b5b0445d78ea81f6b35b8c8c3f5a142b473b9b300efd8da

    SHA512

    f58f8bd5480da73168fb92376ada733820af21387a2f48c07d2822f012ce847416c2fdb6da474b6d84eedc59077038df809b7f5635d4705692dc51dcd3f16a87

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    f129d329b1ce156771084067a3766802

    SHA1

    cff11aef02c1853c11f6687480ff16a9eac0f5a1

    SHA256

    e9f99a0ec28633fd54b2777ab29be327e091975e4f67762e1e44e773b4db607e

    SHA512

    d11704eaf0ffe203323120fe258955d5f48f5798e6ff951de08957a040214a8e08d6b1c4ef915f4997b20274a32005ef1a38b13d0e89e72e9bb716a3298624de

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    d4129c9d3bef8655b40615545e9c02c3

    SHA1

    9249751dbe232574c800f05e54969b1f7ded7da1

    SHA256

    3c9bcb81efd3e8b27a9ca5f49ed16977ed6e516311e06cc54be062613e6ae303

    SHA512

    ce33d41734b024adbd208fe79c7b883c7e64151ed585861bf7e9a3ff5ba3c45d49eb2d3926dece04ed7c78b22304853057620659ac8b9b4950506f6ef8720efc

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    527487a1b1aa7f7b6223f1825abc9c6a

    SHA1

    b31682dd7bd87ab7475c9f1269a9550b1832545a

    SHA256

    450cccabe9bddac14917be08289e5d06f3ce5c7bef4e9d10a009438429cd5d64

    SHA512

    c7c453b0c6e4a8f5006956c5001aa2a560e1f5952725c9006e19030f40e11c9f0cf58684b4fc926ba7ee77db0f2031a1f1d0970f4cded4211eb5ffe403a4ea26

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    7523307b925bc61890f35e15e4eafc8a

    SHA1

    78cef2b651909a2e8cfa41af23856f466897bb64

    SHA256

    34bb2ac63f48ac3a1b626243316cc33eb67f94791280c9f197296b28483f2f58

    SHA512

    60be7a1b343f7c984dedb37e5523e75a6dfdc595cc90c7e92dc756a931c69a6ee8e7aa8f67fbd09e623c2122994984f63792c068b0231780b41b58636cdc9b9f

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    c3774eab49d9845a3f1d8a4c45570b17

    SHA1

    c25ee069f739ad8579fd83b426325438d572cb5a

    SHA256

    412d8d4bd4ee7ddd9b0b5c1c5876094f83769481495e62737bc3f0f7588206c2

    SHA512

    b7ccd201423241e623c77843f77e00d1db4fe7f94ef4d9529a61c95a058887188fea63666f9bb6f1ae8001fde98424e4ad7f5542bb717f7359a1b665214b5e34

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    69c99b1e10441b022a64b8433f82e1ad

    SHA1

    c65923c665d289902d884d399b5324cb850e8ef5

    SHA256

    043bfdeaa7b6c825b3ac3e0625035569d832f9c1bf564df43c194423427d340b

    SHA512

    fd6cdd860cc94da8fb37e94fafc0d64b44c537699c3eea053c0ec935ea8dca8ceac0712d0c88256a8470b647778c46ef8dcb2101803b688b93efb688dcd9912d

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    be0748098ae45154e23967c5b947f945

    SHA1

    48a255ebfa69676161d69373887e167eb37be570

    SHA256

    998b3859c900545dc145e89798982bc2f08510a8f78a62a04b0dc1ecf107c2d2

    SHA512

    86a3396a636830523ad54bb59513615efc31e189cfab1d5bc2a41909c83ffc22d0b04fb5a0c10503810ac4a05b32f4f557337a669781125321f249bd99aa3afe

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    4f69cf8e5907073c392f2f770d46e8a5

    SHA1

    d6be54971a4daa5cea2d89b75d4d97adfcfb3bca

    SHA256

    b38e54507ce4d2f12820de88f680a3d8edfea1f12f949ba6c2ffd22f961ffe48

    SHA512

    86015093529fc49b1511c9b07c3dee2d9dfecc4795ffa66727922d872667acf1557bbf2e4bb3b7104e1e9fc6f37b1555ff5ad811ca3c9a37895cf29139328483

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    e653c72633ba9dfde2a7205224d4e83f

    SHA1

    078ca233b391199d594b9681863cc27bf9ff72e9

    SHA256

    dadcd134e0da6cf8e30996e0ead9565f98e13ce2cf45a2e81a8f0921e28f069c

    SHA512

    1aebcca9e61d0dee62c5d92497401de5d4c8b157ec970a1c50d932d0d9260d4a054d5c5bb12a527ebc285b0f00711cae5bd7075707cfb5ed27f44f007a08afc3

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    e312adebc307fefa512880654e164958

    SHA1

    fae50b545dd5327dc5496fffc2e4303eeafc19ac

    SHA256

    c13336c1d365765447543750a599d2b645f0284bb675bac7b9234615e542b1a1

    SHA512

    ad3cb933a6316d238326ac87d3f3443bd4d148814408e75f585b720cc3563cf24efeb48f25e3d5c66bf41a30438f6f4ce92e2abdd551083ef5946d8b61281095

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    09c45fa3c698c3b4a1bd77519ea844c8

    SHA1

    2ac87b02994af2f468319beadd7cc1a7b1cae3cc

    SHA256

    fe35f4f48253cddbddaa076621999ad81d7abfab7b89901afb82aae9c81cbf5f

    SHA512

    a5f9d3e39721f8bd3ee3f6e016346d40b1b5651fa8214f9e90243d5a92823d3fbfdcbf2516cb1ee654712a2e5ad49260a3793dde6fb8084c4d016b243bf633e1

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    64a0ea0e5463f39588ca5541870ebba8

    SHA1

    ae60b3352e5f696ed86af87de57c45d4b476bf3a

    SHA256

    6815a2e8df20fbdbf0ab4a4e25bcbb164fe8311b7dd3e45317eab7ab0d44fe80

    SHA512

    7a8ffecbceb253226bfba8555ec2fc229e960fa69c606d32bb2b4c2d2d5f85d0b5b5fcfb97ceb4fc877f292432ef586f8ebc5369f5197f8492ee19275c646e41

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    c738f5ce60101deaaecbed08e4f1662e

    SHA1

    3ad37b3a9e4cb50097ccbc5b0607f70cca40ea8c

    SHA256

    2a8d4d024366b76541ceabd9358304dfc63c0b68407235eabf06d24dfb52c417

    SHA512

    ee11f0f92661dc56f6c4f2686f5890b3f8d742eabf3da636b2a9db96c66426b418692077a5e8288016f1c1c6775c5cb3531e3ea14f429b3005dcd225a318a94e

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    2750e767d0e4eff5eb8cb253093431ba

    SHA1

    c1c018e5cc8e59f0e5c7b6c003bfa9e6ad299ea9

    SHA256

    fa724fa860f1c5c604e92935dce68a9455c28b8eef1fe9ec99ce2c3ef3bc5927

    SHA512

    3787b24567705e29796df427e25b8a98bd09edd07df88f5fb5ab1c02d55478a3e74ff6f7ca1fac4b59c455ce5e6b1c2bf88ab784ebbe92fea233b359d37382db

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    1e1739d12a078c6aeda6e1c2e1340d6b

    SHA1

    6b2a4475483668ccdd18fc354773ddce2bca7f4b

    SHA256

    3d7b29304ad81719116837d0016a77ecc7b8ea69d42d40702e3cd148fa458fd6

    SHA512

    097e876106ee6c3bd4c7f9bf9ff1c75a8a8b38a6ad770743decd4c3a55fde1dbd54cf962ce1a7015d9fbeafe3e17afb766111d862d3cd9a9825e67c59e7ac14e

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    e95a4d22bb3ff4ece93d5b634c9a1b34

    SHA1

    1d72fe38e45a2a47c0d329f9c2c06adba94e16dd

    SHA256

    8d7639c01053d7f27358862b7eec219ae9f10b4d0297843adb8531254e0f98e1

    SHA512

    7d541c6dff968fdf7db754de92ee5054c51eef17ccb9c9f6df7efc906c1f74b1e2e3f2eb9c7a05b7dbb81e01d8346951c21f8f3327ce98fa383466002bc1788f

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    b29b86f61801f9bbce53622e539957e0

    SHA1

    de84a7acbddc0c3b96adbc1c16c7be604dcce7b2

    SHA256

    431d6f0a49ff4fc8d9440151f2079032ada0aeec8b9ea5595f2764345c31c4c7

    SHA512

    75e1fb8d006afef39dc48bfa74989903be366fbf849f98850507d78af5504eb897dd55f0fdee7f393baac2a6249232c779909183a54ddf869ed23b8ed6103d5b

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    4938c395a63a502c895853ec88a31901

    SHA1

    185deb0c0646f13684db5269697afd71ec7ff2f6

    SHA256

    82ee0609cc28e0273d7afe4960824ea5b5754d2794c330d51d66065f0b30da7c

    SHA512

    f26b6d111957f27d3ee2d611f649ec24d52eef1cf997e750e034b2a076a35a8a5435095e164bb485029777e85536f4419c57d6588140137d01c9143d20d4e860

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    ceb2e00d547dd29d38d5826dcbf1279f

    SHA1

    d4e0764c5baf183edc4718d806aa75101583b0f6

    SHA256

    8760c2333bcef43bc13bb7057e3891dfc440c89667c8ac81e3379645ecdba443

    SHA512

    9323a6c6040f0549fa2d524e117d09ccf9967d330a8513315383946cb2bace7d89c743a84e68ec1f6dbd150b43db70f0bedc09d5d829842a33dd23924b9f46d2

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    9bce822bc2b9d0ab13f7860dd868f4db

    SHA1

    7fc091c9b4f4f3252f489388ff55739fb55e5668

    SHA256

    4f6cf04cd27d01e8946dc95a054bba25de7e4cf3692d7bcc3607060045a9ef91

    SHA512

    750fcb97860f2657bb0e7b9a6cd7d4eb50cc6cfff5c43bec48c2946a8dc50b9d6be4cba4407c6072e68e189bdc8cb79ebf5f466e4954c70f8b6d0f666f182961

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    e58f426c69156dcaee4d44482b7b519c

    SHA1

    492dd1100a83f650eb2521e850abee0824b8dc8c

    SHA256

    e67cd3072dd441246b02189d61303c0c8001123d243f388822a14d153a2e81dc

    SHA512

    97e2eac3e8e123e4806a991d5e35156ffacf422e030cb3f92334f5fb42c4ed941aa0f9994de47d1fb8076e70970655e18190db0eb3b42155edb02be651a6f6f7

  • C:\Users\Admin\AppData\Local\Temp\Tar2FCE.tmp

    Filesize

    177KB

    MD5

    435a9ac180383f9fa094131b173a2f7b

    SHA1

    76944ea657a9db94f9a4bef38f88c46ed4166983

    SHA256

    67dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34

    SHA512

    1a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a