Analysis

  • max time kernel
    141s
  • max time network
    134s
  • platform
    windows7_x64
  • resource
    win7-20231129-en
  • resource tags

    arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
  • submitted
    27/05/2024, 18:13

General

  • Target

    01d2712dc97fe32b0f67311e79858650de63537e1038b8af72e9809e4bbc5931.exe

  • Size

    86KB

  • MD5

    4926299ea8ebdb08136546a32c21b52f

  • SHA1

    1015f88684b05c62f237bcbc0106090be45ae6a2

  • SHA256

    01d2712dc97fe32b0f67311e79858650de63537e1038b8af72e9809e4bbc5931

  • SHA512

    54b6a09135a035c72949bf14c49575cda92a9c90659088de3dcf59406cfe1dc1b6f1197fe3a90c71179d4e4069875025d4f160d36ce564364197f0fb03559e87

  • SSDEEP

    1536:aZ2FWSNhd/4131iE80Un78UbErluGDJDYtFoo4ALpcXfrdSDpo8H4oqaL5N:A2ddQ131iE80U7hEJuGDOtFoo4ALpGrE

Score
1/10

Malware Config

Signatures

  • Modifies Internet Explorer settings 1 TTPs 64 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 8 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\01d2712dc97fe32b0f67311e79858650de63537e1038b8af72e9809e4bbc5931.exe
    "C:\Users\Admin\AppData\Local\Temp\01d2712dc97fe32b0f67311e79858650de63537e1038b8af72e9809e4bbc5931.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2888
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" http://java.com/download
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:2768
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2768 CREDAT:275457 /prefetch:2
        3⤵
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:2088

Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC

          Filesize

          914B

          MD5

          e4a68ac854ac5242460afd72481b2a44

          SHA1

          df3c24f9bfd666761b268073fe06d1cc8d4f82a4

          SHA256

          cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f

          SHA512

          5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015

          Filesize

          68KB

          MD5

          29f65ba8e88c063813cc50a4ea544e93

          SHA1

          05a7040d5c127e68c25d81cc51271ffb8bef3568

          SHA256

          1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184

          SHA512

          e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357

          Filesize

          1KB

          MD5

          a266bb7dcc38a562631361bbf61dd11b

          SHA1

          3b1efd3a66ea28b16697394703a72ca340a05bd5

          SHA256

          df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e

          SHA512

          0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC

          Filesize

          252B

          MD5

          033f3ec1180aa965afa99a688dc273f9

          SHA1

          1134aa0341ea0ec0933418ce03d5730aacf36836

          SHA256

          886f6457169a5878a07ca24fa75ac57d902c578c6ecb8aa76068b61ca259eefa

          SHA512

          716404d3482864e317aab78502c75565a89b083b2321bf2a03ab8825853d41760eeaee791a84213e0dca58591011813b4745fa8e3ca8de7bf8afb791bd249554

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          344B

          MD5

          d0d09239f4a00f5147feaf8104689a1e

          SHA1

          18f6ff08c689102bfe918185c7125686b5235cd7

          SHA256

          453899b53a3ff75eef7f9da94483d852fee112ad8b117c71eeff969e48aff603

          SHA512

          af0c7f80d7a6cb1f2b8e2323495d31db5daf29fd4c97e15e7939fafe28fe2000e3bdbc81628b72fb85d21e8677107cf6b2ca382635a9f93a7a668c6be0d06d3f

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          344B

          MD5

          1205ffb2de411b62ce13c2ae0431219f

          SHA1

          608adceb1e019de54b7052b88e0911d9435503bb

          SHA256

          a7a4b9d536c35d160d421d787f455d91563b08133dbc90d4b8e6cdffc156a449

          SHA512

          bb3a679fed7a9d813f3b9cb7b61b19fa85a2919698841241becec5e1fa030211998c233d30b45b5651209b4d378b3b46ee43d99f79414765e5bcbbbd16159b16

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          344B

          MD5

          70a95b99993a69d25a8753d77fab313a

          SHA1

          3906065097322e788d50646eab07cdc354e90d68

          SHA256

          5280dd0cd059e6a897b71f508c0f1013bb3cccc54a96e9b4f191c5ef87268edc

          SHA512

          a7f3c6200026d66b5dc5938577832afa317c591b0915f5faa38e907904f82383bf892b456473019ce1090e7dc35c1247e7e630ad3c310826e4890a0e506327fc

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          344B

          MD5

          c84111909caa124e353fd555deea25a6

          SHA1

          9678786850bb3f9e983abbad28c289e2e770f942

          SHA256

          d900087721ea4a63aba838e836d5254847ee39b9d594948e0ff874389840e45c

          SHA512

          abd0530c1dd823695d66799ca3c14b4aa40393bca8c70c27018a542dea7b25a92cd5411b24a9c119f551b29464f77608d23ad769c6e9ff72e8f3389b83901343

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          344B

          MD5

          5c73275c1f202154385606bfb898c6c1

          SHA1

          520c2c7ca2663bacc9ad8600f148562ebdb96459

          SHA256

          3af39b994e1ea51a299d2a23db9d8019cfa8286ff06ba4aa15319377ad004972

          SHA512

          1fcf560c324bcad2cfc92026c32e285d8fb21043c2460d997c148d551c84836a2a92c2dc7eef050a3eea32a1df37bfd4be04de826e51a261ce990119cbadb066

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          344B

          MD5

          70c5ca480b881bd41a212699791991fe

          SHA1

          a26feb7f18ba5748c068d5c0806d4fe0600d6aa6

          SHA256

          78068144056c002f849e1df68f069b3049e0ee312e859ff067571e9cc5a987c0

          SHA512

          5c230645ab3fdfe41d5437accccbda30c21cee74aa6ab8157b831d7e9c04224b6798b8264c2765f0fc6028e9880ff45977833f4f6a0471ecaa374ca288403f6e

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          344B

          MD5

          58d8abf0e72f405ea79d02348e21a32a

          SHA1

          35eb23e1e67b950b1d7b5cf9b9605f182c13c685

          SHA256

          323fb8ed54cc7bd7f4715a0a17a2792b8c508d3cfe6ea824d4a4af914870f895

          SHA512

          d47ebcd3d61f3686261c92f4e078ce817848f1f2706da56d35f50c4edeaab3dc6fb0897e87ea077a4143026402adf26cfdaacdac3d9992dca41b9f0e6af6bf3a

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          344B

          MD5

          2bae2ce35e7e11b3387eb925193b881c

          SHA1

          d9e979746a542bf739b60c674d66571ea728b883

          SHA256

          2485c969d78939aea89f18e28548578c6122b8271a6d57af48099cc746ec3ab0

          SHA512

          6012133289ec24d6a3d058bdacd507deee6bffaacd252f6b63420012fde00d3c0bea4d3e1e579a942d04bbd33a09e5df796a0a526d683b3fa03a312425fc4372

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          344B

          MD5

          6fc2f0f7d5fae4683721942c4d91f77a

          SHA1

          816ac5256864f0ac21e778dd5a39f2930d0bb9e0

          SHA256

          0bfcc37f71277b8b2151e33bcac864bbea5df6220d135984a6626473e0479bc7

          SHA512

          e1ed39a34d626f368d76e4adf57a721423c396886ebf9a95da1bfdffacb3bd4ecfe0eff29d677c97da9a98a75d962f9c450755f3c0efa80bd75a49e3572ba03a

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          344B

          MD5

          0e123843f80526c837364cd1a00341ad

          SHA1

          4d2a02142af6ed9bb40801b0ca08a47f4caabb20

          SHA256

          8d306c9689866302009db68c06fd4b6505ac7e2926f2cbf8bb08f8faa97a7212

          SHA512

          c0e07e0ddf5e1355c5d6b14fce0664e07cc216c582a2d04a3268a619e7394a58e111eb204c2c468ab74f044d69e8f1a3235822cb2c85b8094f05ec96cbbaa219

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          344B

          MD5

          a0218f365ebc878c72f3d234345e9da7

          SHA1

          cebc5604350e1bbc646cca3c5254876c1af33dfb

          SHA256

          48c10148d14b6dad09014e48af61016f0ec11ca82c5203adea24cba4059d3b56

          SHA512

          4e86c4beb5923203da45476bd6dc608c216f28e49b50657a3954fda70987e1a2236b2e216f5a6baa19b5229cba5736bc396ae638b6dfa85ba34ef01354cc5bfd

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          344B

          MD5

          34731f4a5efdd5dfa507220bb956a65b

          SHA1

          6bec204fe5777aeb3c6d688797318b559a76313d

          SHA256

          20932783deafe45f2b626c6c1fcd3299188a53edb20c30d209542d63bc72aeef

          SHA512

          f8f6a4f3bd616f4f2a3dc7a2a71547c08bd4e808e677063ecfdac6c8c4f181ecc4d150dac588f3f77803444a056a7af86e96afabb59c236f9499163ff140ff2b

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          344B

          MD5

          da59ee287ffc4598c2a2e44db76f852c

          SHA1

          174278956f8c27f2ea4b5a55296b25fefdc897d3

          SHA256

          bc6f64e70a13df423cd7200c2c494ebe5718fb35d5191c63525b359533b35544

          SHA512

          4a117c7bb92489b8ee6ba846f4832aa4d6e75b241a4d2df91fe5e26e9fee6e495cbccab9b28f7688ae9285af7b27ed0cf37ad8cf77e9827509716bda89aa1349

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          344B

          MD5

          0c51b328f1a0d427430a245f2f48ad48

          SHA1

          0e27475e8c0cba3ab6e88ad9808878b0406a6e1d

          SHA256

          7aef7f40a12b34cba1fb0f353120257a060181fa9fc38b6f0c34cc2487a8a11e

          SHA512

          61cd9254649f67caf5302f7181d7885d9c048286032341ecb718293959261a78c7fd533616fcff6dcbc82978e4f321386b90cb02257a443e2668a899f1678fa2

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          344B

          MD5

          00a043e93ae3bc0c4ab29e782287ec54

          SHA1

          4c3d1d6b78d6c6c51fdda25aae80fbd3e4b0b3e3

          SHA256

          1a93f9bd97176624a57619dafd7d3f25fde0440ab51bc045d2e07be87af52e51

          SHA512

          7e2f8030f0f6780e764d7b53d3078397a2e2f40ced4d169d679dca7ff3e475b13c11df385e973a00397872db773d22b8477fa53f063007b164913fdef5f4a923

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          344B

          MD5

          81dd22d0d641d96b4411d3e4f07102da

          SHA1

          ab99bf37047be56b7253a518edd9bd47abdc4944

          SHA256

          57b8210947d72d64cc67691f57bdf98509dacbb9decc22bc81aa08b68e778491

          SHA512

          e36035468875ec21ce945a79ff8fee68f274fd91b546caa2f6f7f2e954e6db91d744cb6739b90d375681a4b32c61b3b659a2c4fb8148a867594fc1134029ee3f

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          344B

          MD5

          b0483178ae92bab67a998b732146d9ce

          SHA1

          a63174dd0d7cec91992a18549251510d7f948a74

          SHA256

          7229f140a6dfb09d12eb3ebbc441370f101bb02b56797ff4f1095208e5f79053

          SHA512

          371b2561092b19df788e89059ee8611c705ca981176d9b581bd9af67d460058e5af52c1567b1df78e35d5dda6e04aa1689a1ff0a1073511ca992edee160537fa

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          344B

          MD5

          c46057f37d45e26a878955e4d61666c1

          SHA1

          915bf525ada1f28a35b86516509ae7c8787c179b

          SHA256

          74cc91945803b68704f27eca8205e21f6884572475e2affd548d9b86e20bef50

          SHA512

          1fd666c7c6525c5033f57446d413438ab471306aec7a622131498c3bd4b38d7beb0e8db66766de7b41f375658014d80f9d99dc4b341bfeab0538f9918501fc21

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          344B

          MD5

          40d0bc7af116ad289129f1c33be2ca86

          SHA1

          da6a4ed34c386277a02420f00a802731ee0102ee

          SHA256

          713a8530c785168d4e69174560160150fa22c192096b362832dcd3f5c4229ca1

          SHA512

          2d2cd5b90cfc827ea61df2ec08e6e6e074660d26907f20c843461b0cd0142f4b1206311264f5ce352cf6f93139ec67902ce25e83a811f6a89107fa49e479503e

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          344B

          MD5

          74ef85d92919e9f50a0efda1557598fa

          SHA1

          3449c14ae4e470a3e26777c520217d72df6c49e7

          SHA256

          2f0135d3f6f27540dbf2b73e992dab6e69ba3752bd99b82beefd90b64e2bdf8f

          SHA512

          1d6978817c7f72470c8d8739003271319735fc79eb95ff3824b605308fac69d6212d402f0721ddd917b285d774c54b8e6ee373a5c5a4b5c135d31a068432f414

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357

          Filesize

          242B

          MD5

          fb1494b6094dc1319befa6ef9ac26d5f

          SHA1

          4db7bf83143670c04962bc943b05bed0f1bfc985

          SHA256

          3f7b823f8c34ab6bc8f047be8a1e26bcf7c9dbd8bebce972214a01037db8efa3

          SHA512

          e6c4c759934447d0253e0cd106860308e0d2fad3b19d8836c22c30c6097baf6c916ed34932b69c5697b982af85b6cb47edce78cc1a6cf721ea9231a47ae0fc91

        • C:\Users\Admin\AppData\LocalLow\Microsoft\Internet Explorer\Services\search_{0633EE93-D776-472f-A0FF-E1416B8B2E3A}.ico

          Filesize

          4KB

          MD5

          da597791be3b6e732f0bc8b20e38ee62

          SHA1

          1125c45d285c360542027d7554a5c442288974de

          SHA256

          5b2c34b3c4e8dd898b664dba6c3786e2ff9869eff55d673aa48361f11325ed07

          SHA512

          d8dc8358727590a1ed74dc70356aedc0499552c2dc0cd4f7a01853dd85ceb3aead5fbdc7c75d7da36db6af2448ce5abdff64cebdca3533ecad953c061a9b338e

        • C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\EWWASWHN\www.java[1].xml

          Filesize

          216B

          MD5

          f0db8f5a00b0b6023afdbd6e9984dbcf

          SHA1

          2ff325a7d56074b9b5394dc07f20b2707ade8791

          SHA256

          ab408a158a30f6f3ea032e7f13b89d06a78abf60f7a561a234ee3913ccabbaa6

          SHA512

          c39a3d80f63e9a031d19ca46a183d664f30ce0c6ffe61c154b0d6af479e7dbcd9fbaeb66f72e66b4373f030a851cec5316c1f1aa4e85d6ea79781518539a7049

        • C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\EWWASWHN\www.java[1].xml

          Filesize

          323B

          MD5

          43ca916c3b2b40bef0bcaf2b422e72b6

          SHA1

          524f84d38e162ed61b7b24d0f88789293fdbc505

          SHA256

          98adeb0acb223ac4930658447ff17536dc143cc3e272f713b1253e67e34def64

          SHA512

          57591f590964a8e195653c3ce8a8068359e2dbb8093ef75672974d1070f84734ebd45a18b38f82b77acfbde89fe4783188e890109ddd50c220d9bcb31fb227e9

        • C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\EWWASWHN\www.java[1].xml

          Filesize

          398B

          MD5

          e55c5a903e1d10c11126241f08e89781

          SHA1

          7d9053aba66e88fe172599ba3f34bc7ab168807f

          SHA256

          daf5ee943fc94bf41639d7e69629b0725b894d57352f43eac7db46c1f831276e

          SHA512

          ff3b87d8af334ada5ad01f0a0467d6ee5a5821f651f00cf48c2510517f2b7084f05f3f6dbb18b1565c6d8d5b9546a1ccd5181e33d1d725ff3980e662ce6e4e93

        • C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\EWWASWHN\www.java[1].xml

          Filesize

          13B

          MD5

          c1ddea3ef6bbef3e7060a1a9ad89e4c5

          SHA1

          35e3224fcbd3e1af306f2b6a2c6bbea9b0867966

          SHA256

          b71e4d17274636b97179ba2d97c742735b6510eb54f22893d3a2daff2ceb28db

          SHA512

          6be8cec7c862afae5b37aa32dc5bb45912881a3276606da41bf808a4ef92c318b355e616bf45a257b995520d72b7c08752c0be445dceade5cf79f73480910fed

        • C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\imagestore\s8rbov0\imagestore.dat

          Filesize

          1KB

          MD5

          d05180c245e0a96c9333852dddc854b2

          SHA1

          466ff99b6c9adeee22555b871eb5dfb38b524d19

          SHA256

          ca7d609e05a69b9dfc6ad28f6faf24a027c848dc50b70aa3a286d0f1016a48cf

          SHA512

          1ffa2e0856e0794cf08c7d57aba0ec4f8176c0510bb4fc19c9ecde2be8b52c91a5344dd09c5df139d63112bbafb47ac663ba042024b5c612bbf11288024b2dc3

        • C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\PWU92FQD\favicon[1].ico

          Filesize

          1KB

          MD5

          8e39f067cc4f41898ef342843171d58a

          SHA1

          ab19e81ce8ccb35b81bf2600d85c659e78e5c880

          SHA256

          872bad18b566b0833d6b496477daab46763cf8bdec342d34ac310c3ac045cefd

          SHA512

          47cd7f4ce8fcf0fc56b6ffe50450c8c5f71e3c379ecfcfd488d904d85ed90b4a8dafa335d0e9ca92e85b02b7111c9d75205d12073253eed681868e2a46c64890

        • C:\Users\Admin\AppData\Local\Temp\Tar4655.tmp

          Filesize

          177KB

          MD5

          435a9ac180383f9fa094131b173a2f7b

          SHA1

          76944ea657a9db94f9a4bef38f88c46ed4166983

          SHA256

          67dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34

          SHA512

          1a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a

        • memory/2888-0-0x0000000000400000-0x0000000000422000-memory.dmp

          Filesize

          136KB