Analysis

  • max time kernel
    122s
  • max time network
    135s
  • platform
    windows7_x64
  • resource
    win7-20240508-en
  • resource tags

    arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system
  • submitted
    27-05-2024 01:19

General

  • Target

    9bf43f6f8105958350ebe5c6a8d2a13999303b189dfd2aa2c9f2ae4883f158d2.exe

  • Size

    165KB

  • MD5

    07fbdec9b9db75f94cadac0094157149

  • SHA1

    71d0fe4a3e13d309e673a66cffa70313f5c798ff

  • SHA256

    9bf43f6f8105958350ebe5c6a8d2a13999303b189dfd2aa2c9f2ae4883f158d2

  • SHA512

    cda150eab62581751c3313f8a58de1ce91abefd7f80f6a501f439750407bb9c6c11a13e34b946958e5d6028e20158b0634f511854f760928c4ac42a899157b0c

  • SSDEEP

    3072:dFHZHOSiB4wP5gz1xyfIHjj3ELhDz+pz50kleh9ZN0AOeFB:dFHZHOSiv5gz1QID4p+Q8g9i

Score
1/10

Malware Config

Signatures

  • Modifies Internet Explorer settings 1 TTPs 34 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 8 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\9bf43f6f8105958350ebe5c6a8d2a13999303b189dfd2aa2c9f2ae4883f158d2.exe
    "C:\Users\Admin\AppData\Local\Temp\9bf43f6f8105958350ebe5c6a8d2a13999303b189dfd2aa2c9f2ae4883f158d2.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:1612
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" http://go.microsoft.com/fwlink/?prd=11324&pver=4.5&sbp=AppLaunch2&plcid=0x409&o1=SHIM_NOVERSION_FOUND&version=(null)&processName=9bf43f6f8105958350ebe5c6a8d2a13999303b189dfd2aa2c9f2ae4883f158d2.exe&platform=0009&osver=5&isServer=0&shimver=4.0.30319.0
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:2972
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2972 CREDAT:275457 /prefetch:2
        3⤵
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:2668

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\6B2043001D270792DFFD725518EAFE2C

    Filesize

    579B

    MD5

    f55da450a5fb287e1e0f0dcc965756ca

    SHA1

    7e04de896a3e666d00e687d33ffad93be83d349e

    SHA256

    31ad6648f8104138c738f39ea4320133393e3a18cc02296ef97c2ac9ef6731d0

    SHA512

    19bd9a319dfdaad7c13a6b085e51c67c0f9cb1eb4babc4c2b5cdf921c13002ca324e62dfa05f344e340d0d100aa4d6fac0683552162ccc7c0321a8d146da0630

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\6B2043001D270792DFFD725518EAFE2C

    Filesize

    252B

    MD5

    b4a019370647314eaf31848d4fe3e1a7

    SHA1

    7c95bfcb9278c701a94e42f10d30688541f9a791

    SHA256

    c00a61b489dbc34aeeaadbad2dd64f98171d1db85998ce94a86becccdf90467a

    SHA512

    edc872135fb48ee72b8cff321272ec25f00017ae74d998dcc9c9a9dc88ce5e5538fbe9ebf62688c014fca433c8364807595459653a196f065abcc11935d1a05a

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    0d32e0122276068ea7044a5dabb585b3

    SHA1

    e4bbf2f5aa47dda20f4f89593a22ca5a1233bd59

    SHA256

    b604ef964a45491391caff68f907067b094d7270150987f723c248a31751b805

    SHA512

    e5f48106d14f3f34d7c8bbaaa3072505b919e6cbfd55c64a00cbea39f8f65549175de2d556ad76311490cf9c294a00df8195caa5b23b3e0db75f4cac05904bc9

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    db296c64d39f4a438dc0781230d41b79

    SHA1

    d09e3adaee87377cbf2b25073b9b38d3b4ae6ee0

    SHA256

    896fdc4b9f56bb51478f2939efe40f9090afae0c94f8b45775a7b185f9c6fa0e

    SHA512

    cd8da83497f4b5a283e0b3c0c7951231a8b1e44594f83e99ba8de0aff76d74825408a29adf8660e146025e868aec8acb316c8828996dfcef3fbf90d3917fd460

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    e4c4d2b1a260061b46bd0bfcfcde0522

    SHA1

    0ab325f8b860592928350cca1f3d7419fa3dc2eb

    SHA256

    f40522026e8914a1c75c120238bf30e3ec1f7f2a0d060e0cb290c9138828634a

    SHA512

    6c9a2093f5dcbfbaa1aa8ab9b06bf33c0a3331949b2e22a587b93976c7c4cb11ed90a03a77c48c929260a8054565c4275a2b0aca15c0e1f5205813c2320be005

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    9975bc17a4814dddcd0f6cb92d0d2f7b

    SHA1

    d58f4b31151b29dcb67a72cdfdeb0fe605a9df94

    SHA256

    66a6b0d1b603d8442e418224374205ad59fbd4ee10fc6fa3a7b9786033497095

    SHA512

    aa9e6dfecb588bac7ea300ea5553081735e46f3f87badd3c425330bc996713145833a2227162c06ee18d1290c45b02e28e0338a9e16322f762f5e8e72230fd71

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    c38068b565d973faa0f2591ddc231419

    SHA1

    1cbc03c96bcdbba6b82e6bb9e55f7c0cb92a2ba4

    SHA256

    8769b796770585feb1acdbc5f32c0780270dc208c355e675ba4bd599ea2c4375

    SHA512

    0e7205fbd5deb1178d81ebcad13c29ffd1c7307a97b8c437774c45f3bffebd6a7a0eb498541fc26a968346be58b4f16a2bcf4ccbe1bc40880da30845a92284af

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    9ee74eba119517f7c284d7ef2f6e6502

    SHA1

    7d37794c4126fbf28a0a7b946a1b8179893209c5

    SHA256

    fea52561425f399bbbf909ded13fa8383796d1bb3cc88bcf2af755cb3a13185e

    SHA512

    bf1a551aef3fccf642ded0e22f1a35e243fc20902b05beb77fd91b6e9931357065fb947bcbc69dc11c5f1b7be753f666043b34a6a605b52d492c96978801dcf2

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    3b1db4e4cba375c67a424f8e8bcc6b82

    SHA1

    9ab27a37c67c90079e1a822831deaaf0b0ff2284

    SHA256

    f725ba0f1003cec2c51b1f11f7ea6e87594dd7b59b9d7ec17c3a094227e71a9d

    SHA512

    4e88051e615ff40e076db5ac8bdf043dbbf335436b1b5116b8116e3ad50263e6ca5daecbdb1a12f20ee8ae0aff39f535d4b56d28a80458100b34017cfb44c495

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    2a1834fd2f8ac307e72c48c9431c564f

    SHA1

    b87be49b958737a9705967448fdc3c474170b750

    SHA256

    b50c282a1be6dfa76c58e91108cc5cee1f0593287169e05d19b9156a7ccd0fb3

    SHA512

    ca95c5afa80a64ba1682e213ba556dcf4a65f79cd70761a443fbc76a43aa18b524fafd23b7fe0e52cfb0beb39c1a2277bec1cb4ee8c8922453728316cba2bb8e

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    1c94c8f38db9b42e4448fe3031ae1202

    SHA1

    7da4da5f5a23fdcf18cc583056cec2cabec0fa9f

    SHA256

    28e326e24d5131246f0fd3df441edbb8d4a0363a162f43a4925bb2f1db5967b6

    SHA512

    2ef94894db9d133c7604d70c5ad59da23ecf6cc9328827d7668eb773c88efa80551e25bb7ab71f297790596ac03b7ed52bb918c14bb62c6dee0eb389ac5009b0

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    c0336a85f65f971f2275e9c2fdfe0cdf

    SHA1

    d2ea64819d702f2c83c9a39305cacb98f4d5764d

    SHA256

    2fc422c5e19140a80f1d360c6e929df078847225d574aaecdd8efb413a629ab7

    SHA512

    3404edb54aa97edc16ab172109c41fa2285b2822722d450d4acf46773787c9a843314b99101f733d8a11999b1029fb17cef9ba9c28e3566c552d6f1feb5a4be8

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    47b3c95d28771e2865bb3fcadcaf6ceb

    SHA1

    1999f7a3fdff0c28d12019a5fb0a7c1825fcaa21

    SHA256

    eca8f0acbb4919e950bae92b193a8e711c1cef3ebfa9abf254f8c40ca5b11038

    SHA512

    ed95f7f94222c2c4a758ebe4c9c124f0431ea9b7052919a8755ab19767f60a02d2d6bb3c7c0392765e905956a1ab03961ecf6b701c0270d6c8f3240102e843e3

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    3464611a09216a191553b0107a9a3a89

    SHA1

    79e531365dccdf481bce5392d5dce12c7679d308

    SHA256

    1af5403dff64f85d07d0a9192d858898ef63387e2df3868c68f8b56df8956afe

    SHA512

    c13039dd3cce320965c1f1aae557f0e685d21dcdb7ab2a8009298479cae5fca172003ecfa5209e0c57a82fc6f6b731561af59e82b76b47ff4cffdd437fb899f3

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    fa33a1f458950df5803de934cc5b7270

    SHA1

    5f9e9969175e01c3d976813aa80d975a63f7a192

    SHA256

    37769c7fe060f088c9e9f4efdbf5b0d1cd39399e3b4343be1dbf4969b259b2e5

    SHA512

    7fbe7740b8eddb3ab47ef4a3e41a2480cd982f62c3c74a612f423ab3fdffa79e2b3b15e96093b3e8897efdaedd7e503c13137654b4307ab3ad31fa4000c7062a

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    2675e00fe0a824ed35520f4368155cc1

    SHA1

    d97ff8c4106184e26beeb0b7ca818dde30fd6387

    SHA256

    a29a3dbd148904b4f505910acbcafec7374936882d13b7988695bb0a881ce9a1

    SHA512

    bd307f556183eb1980e627042384686bd09b243a21900c903c020c8b3f50e8621a0fd99a4c68b6560ff09dce7d20a6755d7bf32041ef59f6256718d3c3e9fe2a

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    f18cb3a2fc59e2d24eddbbae07a65535

    SHA1

    50a6f1bc5bb8ea95b34e48459822992cb489b87a

    SHA256

    8cb008ec39dbc70685dd986de16032cd5566ac8aba8d70890d20a9c595726b0f

    SHA512

    1d08341ba685396a1130369d4ec1921a79c441f7b7239bf55c96b7da4e8ae1bf943468437d780499a092fc0ac5386808ee81e9cfe33ef48a82dfd0be93d30252

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    62f23dd6f4e82f20b4b18eca7de4ba93

    SHA1

    9d9e753378d6a2b036e82d21a6f1089b3765c4be

    SHA256

    672408f1653b70aef165d3e427a28e8a5a92427e7542f8e12f414d402dc224a8

    SHA512

    1e5d9f56c7ce75bd3eb067a39cd7c016b9181e0a82b29fd84658d038691ee1ec6ef30f1e7a0c2431dbf3fce8342e98fc6e81cec41aa7602de3d1f183120bc84d

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    57eb10a27713d23147470bc2039e39a0

    SHA1

    a0e1e5402a681be49683d920a9a505882e0cae80

    SHA256

    eb5153a14ae1c330fd9586efb278348730d84399bc2278095490cc6484723950

    SHA512

    b284e031b4639bc98c5ff3f68405be575f49f9d04a9790d5da012323bfd8cc25fac7dfbca1f5db3ff0ce51bb02948f8eb4df30e8f31797eef5ae1d73b41b8c84

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    3484378e89926ebed4813002adc153dc

    SHA1

    d62c0e53ecdf468afc72baaebf92646dbfc3055c

    SHA256

    cdc4b5906ece743d9dfa9605b6f731e6155f1553ad44242a8ceae6b3a059df56

    SHA512

    375ec5c202075948d74645989aede88d546e30679eb7a8e643895771faceb8354eded86394020bd5dd110c909c3ef5ba78d02149aea5eca869f2951b2b3f8a28

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    052057d70e4596caad9e4df6ed78ba87

    SHA1

    efd611b2238a70cf18a42dbe9dcb93c8a8d758b5

    SHA256

    615bdf33b4eba8d40d1403dc02545f3d6374cf7becc6b30cb5d9676f7bbdd688

    SHA512

    3d259f760aba22599fbd23f29bfafcd926cb2d513f20f846f14650b76f885aa2a5325a1fb98ed116166d476d2fdd191d13f2b13541711e88b2940e74f6a6393b

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    b5e4b1cf41e886a61d39a84c22041152

    SHA1

    96db3c57aa2c7c78dac1e8b5b1f68f6582219a83

    SHA256

    72279eda2fefdea085e10de553aa602a75f422dc2e1a3dabc50b0698303dce8a

    SHA512

    0992cb04c3f93b83252b21d96afade1f117e4ced3afc63a838f7a16e4f7775ecbff1fe3aa96e5e02b3fc62eee66073145afca4df0b164d2efbd2aafc6432b4b8

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    750741682cb4c1adc1b0c05fdcb363bb

    SHA1

    2b1e79b3d5e2ef7e634801bc35cc08c6ea7fe8a3

    SHA256

    7000a4309f627d041f9f4d756309784dcfd63a11408a544ccff2ecb6bb76887c

    SHA512

    b6d633a40b8a5a3673a0f66f7dacfca8847cd9c1173644f64037de2ec67265410918f4ec9c08904db7541705d130dcbff2b3a06354952b3ccaf7f4e8e97e5fd2

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    aa267fbf1bf1aaeb6fd51d1f006f5b35

    SHA1

    6baeda6a6e28a114a3a230d11220d7fe645a4a22

    SHA256

    7229c9b8d619b9df7541e1bcee392e72442ccb0b0c825094d24a5522e15c4f5a

    SHA512

    a3d7f6e75399666ccab263bfae1aa696b81a4d447cacd06afa11a0111c2462bef832d96c4562c9a23331eaf23a1a014d4669abbc4076dc6746fe13876b9d100e

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    b05e046614d9db99b58fdee0f00c8ba8

    SHA1

    ef8ae725a62444677ec3478fb91e76ddf971771a

    SHA256

    44600deb0384d36aa27e893892016c54ef6aebcf2f133eeb5808d6fda581dc45

    SHA512

    b13071e0f45f9739b6a97ae6e0206ea8bd2285e7fa2a6c0bfdd457bf1a082b1a9cdf118e28f294f7548d1797faacc2214dce0f0dd5921268ef8bcdce41030d1d

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    ff900b13a1ce0eabff404ae8428511a2

    SHA1

    26253c18be038a1bac58c495dbbeff990c88d17c

    SHA256

    06a370f4661453da0d3c63f77848c444b4578399dcace3db17c22317cb084974

    SHA512

    974e9aadabeba0f27c391d2a42c61a3d8ad9bd1efe27c3346338f61d14a41835655e90c2c8da8ca9b992a74d2f4539b957f724722d3f9a9391135dda8e7adfb5

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    7805bbf9302ec8a52e35f1c528bbd31e

    SHA1

    44646971374cee2ebb8a51ba441895cdc49db3ed

    SHA256

    7b12eec6148240503ede95279b7bd85b45ef1fc7c993533f12a0c2189d542eeb

    SHA512

    1d2f5177c9640a53fd6274b6b4ae4db9d1427ecb70cf4b2fde1d5d0401f7e106b6d62f7ae1bbb92527e88fb9d63065e2e25edf12f21cfa444e67fce0de5c6ed6

  • C:\Users\Admin\AppData\Local\Temp\Cab2924.tmp

    Filesize

    68KB

    MD5

    29f65ba8e88c063813cc50a4ea544e93

    SHA1

    05a7040d5c127e68c25d81cc51271ffb8bef3568

    SHA256

    1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184

    SHA512

    e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa

  • C:\Users\Admin\AppData\Local\Temp\Tar2987.tmp

    Filesize

    177KB

    MD5

    435a9ac180383f9fa094131b173a2f7b

    SHA1

    76944ea657a9db94f9a4bef38f88c46ed4166983

    SHA256

    67dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34

    SHA512

    1a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a