Analysis

  • max time kernel
    122s
  • max time network
    134s
  • platform
    windows7_x64
  • resource
    win7-20240508-en
  • resource tags

    arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system
  • submitted
    27-05-2024 01:23

General

  • Target

    0155c20cb19c9813620aed642f844f911cfdea37919ff503ae0000550ca86c3a.exe

  • Size

    165KB

  • MD5

    8d18d759964dd053a4febfb9d4040acb

  • SHA1

    38ec83b619e7f5eb9d02389b6c75ffa100be07fd

  • SHA256

    0155c20cb19c9813620aed642f844f911cfdea37919ff503ae0000550ca86c3a

  • SHA512

    8ee2a3498fda2c55b8537559df3a6f47c1911e40704a8a9907c206952aaf23c26b4af13190ea9dace992aa2a5d39b89f7e6094340ba68c44eb7a8cadfa71d432

  • SSDEEP

    3072:YRBi0aI3xe1cBpIALoZgsnbWISRmeczV0JK0M1VV/IM0Sp1eHeOz:YRBD6cBpIALoZgsnbWISRmeYVPLrm

Score
1/10

Malware Config

Signatures

  • Modifies Internet Explorer settings 1 TTPs 34 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 8 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\0155c20cb19c9813620aed642f844f911cfdea37919ff503ae0000550ca86c3a.exe
    "C:\Users\Admin\AppData\Local\Temp\0155c20cb19c9813620aed642f844f911cfdea37919ff503ae0000550ca86c3a.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:3052
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" http://go.microsoft.com/fwlink/?prd=11324&pver=4.5&sbp=AppLaunch2&plcid=0x409&o1=SHIM_NOVERSION_FOUND&version=(null)&processName=0155c20cb19c9813620aed642f844f911cfdea37919ff503ae0000550ca86c3a.exe&platform=0009&osver=5&isServer=0&shimver=4.0.30319.0
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:2608
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2608 CREDAT:275457 /prefetch:2
        3⤵
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:2732

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\6B2043001D270792DFFD725518EAFE2C

    Filesize

    579B

    MD5

    f55da450a5fb287e1e0f0dcc965756ca

    SHA1

    7e04de896a3e666d00e687d33ffad93be83d349e

    SHA256

    31ad6648f8104138c738f39ea4320133393e3a18cc02296ef97c2ac9ef6731d0

    SHA512

    19bd9a319dfdaad7c13a6b085e51c67c0f9cb1eb4babc4c2b5cdf921c13002ca324e62dfa05f344e340d0d100aa4d6fac0683552162ccc7c0321a8d146da0630

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\6B2043001D270792DFFD725518EAFE2C

    Filesize

    252B

    MD5

    ca6c437671dcb6c75ca9c8189292258c

    SHA1

    63cbbaed28dfa175f17afee95d4ed61e2e7ccce1

    SHA256

    494a3a6124457abaa3f5061740034e86fed783dcbe1ac0eaaf76484c0e951096

    SHA512

    22c5395b23eb708e93fa5e8fcdca01c80a7dbc6ec1f9fd8af3eb489f31646a275681179f47e0d6d003d1c1352dd73874e2677ad8e80072eb695fa55cd787674f

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    d38ba2f3f8df567e985b7090d9bc9321

    SHA1

    03f1cf458667a5a0aa0c70c1a3e712b251412c2d

    SHA256

    238cbaaa0149e08d9aec2d85a7fc4091631941dbd65f0ecc4902cb529253bb18

    SHA512

    49dfa3fd37e53becbcd6a68794b54535cd930dafdf7ee74d004c42836d208cb57732503f1fa139345dec801d0e070d89c21616ff6041fe179339fe02b9949e21

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    dde5154ee930d71a59b563a5f575047a

    SHA1

    7eed6476c89bd906b0f89e084c54ec91089f4914

    SHA256

    ea2382b9e4e43f1104d09487162fc7a5a7511e657583b44c4413b687db1295f3

    SHA512

    83f5520a2e6471a391ffbcc7ab36fb8f230b16da461d2c67043f9713244aef1c9badca05f3784daa64a35ad6c8a5a7f2eb0a101cd65407ae5beb707fba9f0d04

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    130bdc0d3555dda0235b51ed0550fdf4

    SHA1

    80d5076bde38b866c12f44ae402a4187951c6c2d

    SHA256

    0ee25d46bfb1d9301d96d04405c6e5a2a5dc97a7df3fc6e72d9bbb8cc0516ec1

    SHA512

    de8d675e8f160a1f2c2857482de11a57fd4e5ea92742706c43a2bc6a1fcc1c8a70073d3770b8e0ef5099f6f1d129f3c88714fd12c00f9971812249b7652a9286

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    b40fc79809d9e50841c7fd3615ae28c0

    SHA1

    e1af24248c8454a4db8d0946a541e5385cea6a23

    SHA256

    57af9fbd555af1505a3e0ed95994773000452af1ccdf33e5f69e05e35077c6fb

    SHA512

    361a6fb37380022e169bdbef1923f4fa6ab22e560bc6135cd38d36ef05e9c68f62aca8a6856779cc6abfc02b1128f0f8430c2f48c5366b515813ae0d3b5876f3

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    c15cd2dd622b1f20a879754d4bdc71e2

    SHA1

    d777ccf939e2ea43286ca522864673b046e2d0a5

    SHA256

    81791ad6ef716134406957e122f5f328543fb684adebb9e8a1930529e1b5fd9a

    SHA512

    2f1560e913744c067205e40457fa924fd3df682e23f93e5d7daabfac0dc619fb0c11c69f3e4963a37998b0f25ba5b5b6b01efd036c3c3e2bfb67cb262d8757a4

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    e2907bddbf521e42be85d644f925ba39

    SHA1

    9ebed4fd759aa42ddafb55a7bcdec703483ad747

    SHA256

    543fc7f81af2757fc52d770bcb21142509c189575aea84ea6148ae0b43c98dc9

    SHA512

    7da8f916759a8704631e2b3f11c1def18735f0904f38cd23b6f51e7d570e87c3c81d65186bca25f932c42def879478e040f1acb12eca9afe735112aab94bd6e0

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    20643dcbfe6849d5b8288388903018ea

    SHA1

    75701794826e44b2acd9f73d190782229b6d4655

    SHA256

    b9e87ba30ba0a86b73e93fadc0ca73828ac49e3b18ef6a5a8ba0f200c400401f

    SHA512

    f06d7d1d72ea8aff360f581781263e4005f23af4cd9f80c56097c74746cfc7e5ef829bb01596b9634cff2a3855a4bb4593ece827025f6bf77eec043d53788314

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    0ed75dd26b0c2a52ad48503dbf3839d3

    SHA1

    7bbced0a2fdaf3813ca4ae54821f44e0d07c11a7

    SHA256

    c711be1064d7194fa3421a78e462eb735ae943b0e031753d01621bd31a8364df

    SHA512

    48320876f867a5734bc586bef8900b15e809f36cf05c61ab4ae8c9136f7aa6b25eda1d31fa11c42331616a28118b5c4c4d976af014605bdae39aee2717145ca5

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    01a017ae21ed7732174ec69d579c0026

    SHA1

    e0f967071ba52d16af0a226e10cf859ca5707b92

    SHA256

    9a7e46d83af480961940c21269ee64f42a85b9da68f63ec467decefb8813a0b9

    SHA512

    ebb98a0f34e95f208389b771e1492646220d325611d0d2dbadd8a04563a97c7db906192ec7d3a1000a53add5c50dbd6761d21b366f9d6fcf005cd0af9d8d3832

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    982627fef75c88f411a2d7d86b6381cf

    SHA1

    ccdd138aed450069f3127f258db21019b59d0847

    SHA256

    b974477b98c031a4eea5130372e127da999387cb8e7762c8e21ed30d1a0d14ad

    SHA512

    0e1c33c11b294694f004f4fe0984eccace271666985e76ae88249a0aa5805f543924aae596dd194c92e7152cf7b2b0206d886946b9788dfa02f23b0372887f1a

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    aec8fb4d3eedc6c92f4522af15103b82

    SHA1

    79e2a0de6d024e02e8c378c8b25d5023c6fd232f

    SHA256

    b2c8551f0e6f619e3b5b5cce4a584dee3a8418e4530282187417b4fcd80a1f2a

    SHA512

    06d78d6f0d3a0ecebd44fb1d8fe2dc177d985f1d69e0fb91b8734feb2ed278aaa51e37abff60ea1ce817be6389c7da19b19ccceaaf930c5c3814e7cbf013b473

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    cc5f490f56534d49d1a87b918c8eaf1b

    SHA1

    9e98c3282ab255aaba936d90a2230331199f2157

    SHA256

    7c15af03aaabc22553215a43b9890d600a4cf3cafae706b56f86ec1ceff51bb2

    SHA512

    0ae57ec393e6ae69073990a31602e5c50a000fa3f8540fce2f19403a6d9f2a2fba65233cad56a3137537bebc0d42fbf11a20cc8a44b361ce81eaea227b3e9018

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    aad66ea2f8c0db6854969dd3da4137c6

    SHA1

    7fb2577b7e76467c01711a297d6c1a5e28b0b231

    SHA256

    e456f8a92806942ccb76e04807ef84983317feefb10f924654645bb7811855e0

    SHA512

    305816805423037cfe39529cb1a8e23864b2c85c6a65a93b84494506c440fd57ce18bd2ec2c85a3b9af3457c22f07bbcbc9f28a66a3d61d495456925bc35f7cc

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    7403e41f5de8d7f8e7f60f116529e691

    SHA1

    16304bb4642eaa4248f0de3965aaa951ad6f21df

    SHA256

    38b5990a698f1837584a3658b3f20341fb1fbd7c7ba0e8a2c990dc2004a042bb

    SHA512

    b315f1b435baeb8332c5ebc42fc4a192530672ab433a564341691fc1ce1f479206919ffab661680f89b246668dae49aa719e7357e9f971ce92707bc2c586c76e

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    c10676fbea510640d59d37dc919362f9

    SHA1

    99fc79986a1613329a1ce21b927710b1b9b3ac35

    SHA256

    70394f8df1df430cec5a258cccf95e778f3344fa35ff15240e7376498791dbd8

    SHA512

    3735d8903f228fc4bfe930ff5274117a1660a019230598c5d32f93d38a2ded115cdb319713e7355620255d4bd63f45ada392807d956bff76e55b02f69ed465bd

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    969ce879957a64af2bfa85d07d292273

    SHA1

    559f42825ca5a4f29cedb7fcd6b32ab202f795bf

    SHA256

    8f081d01676c93ff70bf3298006c1c14dc81fc14837d1a0fdb7acfff8761d094

    SHA512

    025ac13ae5908244097f645e6a562236d892c934257a68328133934cc538ed8ce6c2c0c51edda7c79a58b87f82bc36a8d41bc0c3900e436a3a82460897b27d93

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    6f6869fff2846280b1e65023bad3c396

    SHA1

    8eb1c7a3a4e686ca894f845785984525f47e31ae

    SHA256

    0ae7d4c13b5cf88b4e44cdb77d0639f55937deff95bfca92d2ec32a46ae183ec

    SHA512

    73d33ebf3b492b088119044bb42900a0f9810f9ff17434ed746ffa617b6ae83f6964efdb877372898a1a802f4386d4d2ec7442a933d7eceb61dcf996e3d2b9b9

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    3838b41986bc5a3570095734c8ba82a4

    SHA1

    f9ab54b6492fcd461a67d0703714619cf36d5e9f

    SHA256

    9790df1eb8218d7a2a5f1008ca012ca92acba961315e661e140afc50c81e4cfc

    SHA512

    d6d68d98f7cd8746f3d62b40517992a872ee66044d52bcb86f9bbcbc1364ebb1236afdd7c1a88a25f41319776965d43ec0b4ec6d8f721828b15f136e2d61c92b

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    3b501503c582d7c81d817ac7be6e0410

    SHA1

    f79edbacbf6b0d491b4d63163120fc4283de77bd

    SHA256

    7684f33450e30ac09b376f3a4c2f1960f3359e1a8118d9a62b9887647435c230

    SHA512

    4f75c6a9c0491edc8c9ed1c190ad39371eba5f47116d6f2d30930acd9d32057d72dd20e66e20789a5acd3d1c5c6f21249a6a19c32445f4a0d53f863f919ce37b

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    9f0b645f8a4d15b9e8d189bec61fc1b9

    SHA1

    3fa4db38f6027a0009bfd8ee918ec97f78842925

    SHA256

    f6a960aa555e247248c8461726474d9a41030b0a36cf82a7585b2aae3c26b5bc

    SHA512

    e546e3e1db100df6328b277c4e103de397300c44ccba6bb9fb7adadcdca863a214f138cb7a8452c15ee907fc9727ce6c85eff05ce142ff813378aa8df5a03b39

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    9a86f4a1c3462ba474044799d670b52c

    SHA1

    384ca7e9ee964bff508d614248dd7167f9d68a74

    SHA256

    9fa138e0d7cbe3c2b72dd081ed96272210194cb6708536a44d44fbbdc5db3e76

    SHA512

    cd5a2f08a304d78c7af878f643c66de536f6987ee1d3bd0b748cc444aede779801ff8d43db108d875df54cecf3579f74e5080a9e2afadb951748fdd7f09643b4

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    044c37dc78b1be3538ad4ba7e6baae11

    SHA1

    812fce0397a22727c3f7586cfa89ba2446ea4749

    SHA256

    09446b8b972dd07bcea1debdd3f0d9dd44bccd6235e1518c56044b6235df6db1

    SHA512

    09b5dd26cd9bae2a71f28051a850519f569c5475a5b63ac534250194830b50131e9722092d89cc68037f33e525b5a334b08716cefd31282fe2f2397a8473a4ac

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    615be2505364292a2a7550822d554c3a

    SHA1

    b7f0572a17a19683a724beda58ffdc6cd2d5c976

    SHA256

    05c80ae5f0cfefec00c4e55325745c3494b7a0ea9d365bed25a25f1b6bcaaf6b

    SHA512

    b0d22cea4b5d7216e1f7100ff6183bb8a72cca943ca9b8033d1fa45974c1a95845bc746dab695e77b7d77a012f59d53c0d6c2a069e5dce63b95e3b59b93189db

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    b6ebc30c9d577012cc9774ab5088aa39

    SHA1

    1ee30be4b5dd7af9d3529309fb3e8987ae05b637

    SHA256

    09d93793f0620158441d3f3024e6c5ee460698efd7eb138543ff0b3797cc67c8

    SHA512

    83b5483052429d64a13fd1044d960163ba6eef0b2b20edff60d1b87525039238491fb891e821c9335b41e207f1d3add7a9bcdcb35d107cb1894427b34027250c

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    10be6c22525527bd2de1705e9fec09fd

    SHA1

    d397d02e643b31903073e17d72bc54edc06a77f4

    SHA256

    7b8bf8362a81136dd22d67593f7713cc35c48f98e884f0bf8ac247cf1d9b172c

    SHA512

    4d8d26deb7c6007d012cacd5d2544aba7350eaca25ef99544a2fc0807be11f94d03ad8c078d27eef9cd95e8293d08c5809a63e9bc4795ad40c34f2f60032acf5

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    2ad132f2e136d2d84f98fe2ea08a6ce7

    SHA1

    231def0e73e4676af92647733f0dba77c8c5f3fd

    SHA256

    00ec916f9c7bde9db9ab37df916930b33845a42d68e1d312387a5ef53475acea

    SHA512

    76151de727417617c2752984c75ea223b55e788b67cae63e94b2c827e91456d0b62c8ef1bad20c3729d1d63bf8c0bfd9f4795838660d0f2f8c8ad4f7b2f726e0

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    90fef310f63c30fbebad0ddfaeb4ce19

    SHA1

    c0c2bfc769f466b5296d61c7c4e60c4006a79163

    SHA256

    982bfd93e5e6d081bb775b33a9a7b0884c29b095d31d87815e8f010978560ffc

    SHA512

    d2c21888d6c31d1829b0639f471d7a70879c881cec89394a8da420059351f291ed9d3212170102728c5d03f87427da75ae8e7060d968ee3ef9bb33de10670a98

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    e9fdac2588c26931454ebcbccecb0a82

    SHA1

    58800ab9a1db5e8c7b956e05c083a59fcc55ce27

    SHA256

    08d5e2e01f6bf2edfd6e74da0a5091422d2546987a16f23227b7213e38e7d68d

    SHA512

    87241f521f98238c7677ca60954ec5922693589fed7851d861c402d8b627e227f25d637bccd915b406b3c236081eeb704b790c7de00169a5fe665f1d2f5f55a0

  • C:\Users\Admin\AppData\Local\Temp\Cab3044.tmp

    Filesize

    68KB

    MD5

    29f65ba8e88c063813cc50a4ea544e93

    SHA1

    05a7040d5c127e68c25d81cc51271ffb8bef3568

    SHA256

    1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184

    SHA512

    e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa

  • C:\Users\Admin\AppData\Local\Temp\Tar30E5.tmp

    Filesize

    177KB

    MD5

    435a9ac180383f9fa094131b173a2f7b

    SHA1

    76944ea657a9db94f9a4bef38f88c46ed4166983

    SHA256

    67dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34

    SHA512

    1a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a