Analysis

  • max time kernel
    121s
  • max time network
    135s
  • platform
    windows7_x64
  • resource
    win7-20240508-en
  • resource tags

    arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system
  • submitted
    27-05-2024 01:15

General

  • Target

    2685dc0068dca5d974f4b19bcd23d2eb256e3a893959ccf54a8eac4ce13bdf06.exe

  • Size

    215KB

  • MD5

    63887685de620285c0f90e507b61570d

  • SHA1

    f1ec526bebf67480a4958e92a38a0d5eb3e2ee8f

  • SHA256

    2685dc0068dca5d974f4b19bcd23d2eb256e3a893959ccf54a8eac4ce13bdf06

  • SHA512

    17d47f36c55aa965ff27dea70589f97987f827643b088c263b8034ba7b9d379c832add2a3bd087df21101800e0b723a1488b434354c1ee0748c1708e00513e29

  • SSDEEP

    6144:mdsKl5UQFpO5jWZ4awaeJ9eZq8KbW8juDW:vi65jWZRebe

Score
1/10

Malware Config

Signatures

  • Modifies Internet Explorer settings 1 TTPs 34 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 8 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\2685dc0068dca5d974f4b19bcd23d2eb256e3a893959ccf54a8eac4ce13bdf06.exe
    "C:\Users\Admin\AppData\Local\Temp\2685dc0068dca5d974f4b19bcd23d2eb256e3a893959ccf54a8eac4ce13bdf06.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2360
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" http://go.microsoft.com/fwlink/?prd=11324&pver=4.5&sbp=AppLaunch2&plcid=0x409&o1=SHIM_NOVERSION_FOUND&version=(null)&processName=2685dc0068dca5d974f4b19bcd23d2eb256e3a893959ccf54a8eac4ce13bdf06.exe&platform=0009&osver=5&isServer=0&shimver=4.0.30319.0
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:2796
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2796 CREDAT:275457 /prefetch:2
        3⤵
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:2760

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\6B2043001D270792DFFD725518EAFE2C

    Filesize

    579B

    MD5

    f55da450a5fb287e1e0f0dcc965756ca

    SHA1

    7e04de896a3e666d00e687d33ffad93be83d349e

    SHA256

    31ad6648f8104138c738f39ea4320133393e3a18cc02296ef97c2ac9ef6731d0

    SHA512

    19bd9a319dfdaad7c13a6b085e51c67c0f9cb1eb4babc4c2b5cdf921c13002ca324e62dfa05f344e340d0d100aa4d6fac0683552162ccc7c0321a8d146da0630

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\6B2043001D270792DFFD725518EAFE2C

    Filesize

    252B

    MD5

    aaaa609fb91cc159c1f0b0304b0d4542

    SHA1

    03995206a3b33ec0f705a321c34f05b36fe63eb4

    SHA256

    7cb469444afbdb1c448de3643f89720866c1ac5bdedcd457a567ed7028913d6a

    SHA512

    721333e89f02b4f1afa42d8a44b862770567b88d4b62c8d1ca003161655b205d97d44aadb33ace45d9abe221bf58a7a67b82f32bebd64c182df255d2de47413a

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    2aff1e1a37dfe4d1a266919fd0f2620b

    SHA1

    58196be0d04b95073a6d00c5a3b701b04277cdd1

    SHA256

    44bf5966fc126a75d46fd091d4ea18ac5fd8fd8b80c1536445442ff2612cdf82

    SHA512

    76d907647031cba5c6a1a67f815094d7fa4c38804945f5abc1338d9e14be05c9a83e7d71756830d0ce0d879d0813d2da4d5a2ad47df375b5626c910174e54ee0

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    be5dc86b028c94422e75bd74927db6cc

    SHA1

    c032d8895fc5fb7f7fd2d74987b5a16c4a7b587d

    SHA256

    972c1c13c4d8ce25cc5caadb5a84433e8666dae0c07e635c69eeaea5b63765e4

    SHA512

    98dfee6c73888fe617d12e568aed06f5511e42a795b8acc0e623959b8432d410f533d549dceba6c5e925aa5b9e5e893ff21c6b890b4f3e5c0a3ad0feadb01685

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    63515f8f929d6c1b1198dc317214a058

    SHA1

    211a9384d2f0bc9951534d25e672413baaa49668

    SHA256

    1dd9ceac88c9eba62cae6a2c364bc46ceacc2755487faaa9049e628992c5f2a6

    SHA512

    8f925c87c20543f5dc10f7e8c6f7cc3e51a232454ed3f8c8caf08e2a07fdb3849cae81d988f003e01013370900db2107ed8812c4b1b52db5466947a53eb77c1b

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    4295dfca7790ac42d1c9d070906cbc02

    SHA1

    762143542e9f8f559b683dd27492aedcef9826cf

    SHA256

    6f0313034eda2f684216ebd4b96211d578d7c0e84ed815ecd2c2c4e3fc624a17

    SHA512

    788dca8005260727bc84766fad547eb04e8f5cb903f0dbcd292bac20d869a1afdbb20ea6429fddae8c8e3b17f872bbefb9d730143af257c5b68ddc8a168a0760

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    5e302102d6078cd58d5249f7654fe90f

    SHA1

    67e924ed7cd50352b0f40cd889a440f98e8eedf1

    SHA256

    faa8c30f106bb7b106be0d647eb9a104c2c15f60f66f2122cc13855b4f1458c0

    SHA512

    304a8c507edebe01bf09ae56abdfd9df0305fc9e198a27a92ebc5978707739921abe88055b9de7f25a4d20785f138afce3d7a5a3d62bfa97879d32d8e8fd487a

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    5d3835c620752b27ad18879b70af44b3

    SHA1

    eb5dac8e92c0ff74f3430e6162b8c130b90126ee

    SHA256

    1bcb2b5fe286b8260a4ccb0dd1791c035cd89e8b6359763d100ebc14c14fd693

    SHA512

    3e58cfbc5ac3cc4748f7be0ed8f01777553bc399e404a0905696457b692f057746deedff7ada1dc40d2b0e470832c8ef1217063cab8a77bbce9677a7895d669c

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    e6395334505214dffd6392834cf6ad03

    SHA1

    732573f2428e260771f6d47f475d29b56ef38df2

    SHA256

    32d6b78d10e426884ea58c602f79a556f868d07746199514c544fed30ece84a0

    SHA512

    d32e6c47f089f0add63edfdf90504c60f0c787e6be0a51d5464ca043524efa615e057b72c70423109b911ee1e3a2f0b7a3e5fbc6b497dc53c1456a37fc8afe1a

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    d600502f30f568067e91bee5437ec32f

    SHA1

    3996ccd17cd8fceb87d3d6da0eb3dd228d103071

    SHA256

    f7c5f612c57b9641e28ad70f25f124771d7ed79ba49b3052636122010dc88bef

    SHA512

    670493062e8bda046f4c3ebf6bf5b16ab7402ae96dca41d5b62309d874fc2cbdf8660631d05e681ae52a97e671692626bf004045a64a017779ab2b397098e1ea

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    a415cffc78d1ecc2180a1d84f45cc70a

    SHA1

    89ac409caf2edfc12f4336057fea9e6fc0c50380

    SHA256

    88360de315f9bc52f8b63f4ba105c8e198bc180dfcef762c803aa97fdd401cdb

    SHA512

    be981c52d69f5c43afcfa07c5d7c6ca576308a2a12132a99d40bfa96b2049c76afe7f2c4412d96682d8594c42650c149fc359e4b2c10251ca47204ba4976f3c3

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    2ee829baaf00cdceb00030487e93cc37

    SHA1

    acc9363d138e478e0bed624a5428b69db6e92f2f

    SHA256

    ae8af893820f48c101dbb0792c76e2bb75fade0f788cd7308bfce6b51eed0559

    SHA512

    c222b7f683c31c83c10c68ed6920f288120cc516865e86859eb3046101724a5a8a237e6a166bb81179e33c9035d0fc03bf83c41f3b1ab97c8fc892a3352606ee

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    6b51976dca0559a216d46e234da86530

    SHA1

    6b6fc6c2701189daae1774007ef7257eebb7eb6d

    SHA256

    4b969ca1e96b64bbe325776663f467ea1f8695dd095292242a49a61e41553de8

    SHA512

    1373a28fcd7700cb13c7563f381ea91ab4c3d1561b7f0c48a1423cdcfa162c1e9971e8a74eede258598847060b28db2a53ac94b9f74d770d02208e93c31bcb31

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    74e5254f55c715df1ab12a846224a725

    SHA1

    f7709ff86e57238dc6e9792d219161a7c20bde39

    SHA256

    b861845e589b35788d4a1889e249c08e6f580bb438ac2ca38838ecae0ff78019

    SHA512

    80222028379040847aaec4f0ea6178ddee458e9a1a13570abd1f8e684638872ad06455aa5d9b63ed44b60655aa09dd7a6f7fe391a54c3cf065696a109247504a

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    b953debfb5a8bf4b1a4496deededd819

    SHA1

    b42f18403e61713e680e10f871237f768ead772b

    SHA256

    8280950afb562b9a0886b2d92792cba453a39c61438c3739d4bec7ba17e93499

    SHA512

    ed45e3db217f246550daa12e14afbe1dae12428bb44b58d703c0a46e53bb0ad071ad3805f44b974476130abb369fcfb71b7ce59037649f26b9854ed987f75f42

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    d6e20b9a1bb1e5201d5ecca17996e85a

    SHA1

    9e660c4b7f52170993ed03291488c2f5aadb99c6

    SHA256

    4829db1f0d26f5d7fd50c056773940e252537c00e4915e79753fe8fae1a62f02

    SHA512

    bd0dead4c24267f71b98376e5577024a00f579cbd1f368495437d05cfc8cd10c13088db9a907112fd3cb7f1f7196fe51911489719a743d4c11defd38c03b840e

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    480d69ee25cfad9c4b9ea8e24ee696b6

    SHA1

    759231555b48f76192716fc1e2ed68e5c051a62d

    SHA256

    3b89eaa1af993a0f3e283aa938a4b5bb8b718076f048c13aded9683c0edd6b5c

    SHA512

    4e3d50ac8b553dd5d112e4535fe4e526859359990e8412f6d05454491798d3dbe62da249ea07778dee0880fb629d25f799630ec3b7f0c3dd72b22304a9f7381c

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    6689043b31b75fd14fd585f489965153

    SHA1

    8bf3bcbcbf6c1eed4646da788ecddc572ee9b41d

    SHA256

    6ea2325a58b8ac47e1314db486fd4313b910308976116388f57093e66f02bacc

    SHA512

    06909f96daafb5dc192bc8f34e237fa41ebfaf18d272a79427e3afb7919bbdb3e083b36e5f39c0e30e86527922a6ce13c053e6489db2fa4e8781c8a37c8686a9

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    882c90692ba38ec04b21dd3885db7a93

    SHA1

    c6cc1f7d1c4a912fbaa8de230de660b03d987502

    SHA256

    c6b1cb72e52c7eb1d211743161aafed14617d00f5c1e2586bee3ab2586c9d701

    SHA512

    0b05b433de0bf27396161fb5c7315f579e10e55bcc5ddeacd3f0b4e0b050e2960f4fd5bd580c9c56061b3ff48a2301588d3aebba1c4094cafb23bfe3bfeb262d

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    d8ad002e55cb679d45ec5f55740c55ea

    SHA1

    2f47d13945f498040a570a29820c44674ab0b9c3

    SHA256

    008c4d7344fb2da44d425a2fd890c82dc1596b2de39e63991ed2224bf2c22df2

    SHA512

    3c5653b5881e0ef5170a9a722625479bac5348bc00f72c3bf785f6eea107dca27fe12cdf4e6e0c32f404a65474a16a1b3472eb0706e5ea944df989470ab6ddee

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    307ce2e4348204cc938cd0f454474922

    SHA1

    1d434ed15bacc6f9130bed030994c44d3a25e45f

    SHA256

    e213c9d5e9e6cdc84980f978772f2e084577310208e0e25cdde95d1683b4f2ad

    SHA512

    e978f5400dc3d5c4ee9d9a0c59d63c86f8275a8120db2de2871da86b1c6e8e05dada7c6e99194e524a22c27329239baff30c2dab641aaf14fc190faa39589c6c

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    5c40ec14d18ddb58fe925f98fce4463e

    SHA1

    8dd5214ab04280febe303f6ecad1c721b1d7c7df

    SHA256

    44b0fc9b19c1194232aa485a329c8ded45cb529b1196ae4767459a0100be88e7

    SHA512

    5b3200139629740611a3055bde55cbe87471dfe7a7581f83f9a65621e58b7514922bce57530390c0bd5b752f44893d5bb3127dcc23d995ffe4b26135dab7f5a0

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    3ce6a08b6effdfbe9231d2c92db97b54

    SHA1

    b39787efc6df6c2c53e9b3c0d36516bf000b65df

    SHA256

    ebc754e11862dca9f201292bb0a940bcacd5d66edc7c05aa10cbc8cc1414b213

    SHA512

    49bd65112c49b85e3b8dad990cb4a5096597447b0b2fca97f8945b0bb365b2e0d1c1fb0f868aa0d6d5bbc9118c349f06bdb8713072626e84802c8649648814e0

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    faed9392a1589dcf498cd85dba9e8c1a

    SHA1

    11951e63a3818b8521fa111e4b928fae7b7fab4a

    SHA256

    ecd2f91952dbc9e69f67c2f9d42fbde13de777e3bbf7fc021f0a5a39206188b7

    SHA512

    48391d0dcbaead35da05da981f37f8c33bbce603efb440a62ebd3d0ef5e581a51464d0aa82e2d39f15f88fde47e63e3e7d348163571a2ff03ab23a6427212abe

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    c110a6cdb2a2827170ae2d3c61dcfa10

    SHA1

    55e803d26ba5434fe1003f936f7409cfb60cc105

    SHA256

    1ac3ab9ef492d65a827069035cd44d47bd75a89010de5c41aa9489c9eb2f936a

    SHA512

    5dbe0fdd5c8c709fa7500f2059b491c71fb0d53cb2fed81fbcd69c527a6a0dad745f8ac2e114211cb7d717ef11f09cb53fda2e1739a162ad7a5fd774cabec98c

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    094d4bef8c3a94db531b5457c6f2df24

    SHA1

    e85a452257c24cf93f7d29437c3ffa2db4822d5d

    SHA256

    9f06301a0a9a040096fe6b2a9f1cb07687ebe8bd947b922bdbda20ec55a6a8d7

    SHA512

    1386d378873be4e88ea1e98d46dc2d532e989fad03911e90384b71f7fd88ac56d7f6a87f438598b65011c02663ea502a63f1d86387f9f87d5585af3925d24b37

  • C:\Users\Admin\AppData\Local\Temp\Cab42AD.tmp

    Filesize

    68KB

    MD5

    29f65ba8e88c063813cc50a4ea544e93

    SHA1

    05a7040d5c127e68c25d81cc51271ffb8bef3568

    SHA256

    1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184

    SHA512

    e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa

  • C:\Users\Admin\AppData\Local\Temp\Tar430E.tmp

    Filesize

    177KB

    MD5

    435a9ac180383f9fa094131b173a2f7b

    SHA1

    76944ea657a9db94f9a4bef38f88c46ed4166983

    SHA256

    67dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34

    SHA512

    1a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a