Analysis

  • max time kernel
    150s
  • max time network
    150s
  • platform
    windows7_x64
  • resource
    win7-20240508-en
  • resource tags

    arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system
  • submitted
    27-05-2024 19:19

General

  • Target

    183d88bb9b02a073b72b7c2996c520b2ae7967b7decb50153aacef52a5d00e3a.exe

  • Size

    29KB

  • MD5

    4d83247af7f98fd81669ed48b84d3d37

  • SHA1

    db0dfa8a3d85979a6600bcdcc95f55a6c864634c

  • SHA256

    183d88bb9b02a073b72b7c2996c520b2ae7967b7decb50153aacef52a5d00e3a

  • SHA512

    12b31af6af471a45fd61ed0bd67615e38dc131b39f16e780c341da16ce2bac0f9520a64cd7ebda96efa15f288aa9dfe430ce86c5fc9c3a6377e685ef6e212db4

  • SSDEEP

    768:AEwHupU99d2JE0jNJJ83+8zzqgTdVY9/TW:AEwVs+0jNDY1qi/qi

Score
7/10

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • UPX packed file 29 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

  • Adds Run key to start application 2 TTPs 2 IoCs
  • Drops file in Windows directory 3 IoCs
  • Modifies system certificate store 2 TTPs 8 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\183d88bb9b02a073b72b7c2996c520b2ae7967b7decb50153aacef52a5d00e3a.exe
    "C:\Users\Admin\AppData\Local\Temp\183d88bb9b02a073b72b7c2996c520b2ae7967b7decb50153aacef52a5d00e3a.exe"
    1⤵
    • Adds Run key to start application
    • Drops file in Windows directory
    • Modifies system certificate store
    • Suspicious use of WriteProcessMemory
    PID:1736
    • C:\Windows\services.exe
      "C:\Windows\services.exe"
      2⤵
      • Executes dropped EXE
      • Adds Run key to start application
      PID:2120

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    b6ebe599c771601e37762eb61ce33149

    SHA1

    168b56cce872ff326a3fb98aa47e7454dbb544e6

    SHA256

    2e18268d87bd0fe2e189523d7a8949734f128ad006c654ffdc66b72cbc04f66e

    SHA512

    1501137e7aeee9acd4644559ab6b8e8089032cf8fec90f79281d6dcfe2edc7a0c6fa3c13fae76f812a110aae9f7565a78750623f9f345e05fc7d37d1885504d5

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    dcea2160ecc182b0b2db3f7f39328a88

    SHA1

    7308028daced831be4c9264c296db18a0b5e8100

    SHA256

    c590f8c9577a699323e61e35538dc0ce90d13ee1895d999cce2d16b6d6e82393

    SHA512

    20351aef30066880965925adae8c10b98b3f643c80c583d2f4bcd6a2251a1afeca0f974eb1fa54bb7dc4a4f3106133ecd50c323641b355f3e092219cbb3efd3b

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    5ac38ba154fe12f6afcc12bf0c84782b

    SHA1

    7bb092c61596e7939d18568f3774114a4d4c2465

    SHA256

    6fc68184135abcaba02da3b6dd7549ef5706f4d9cc126d8ca89bcc34272d57a7

    SHA512

    c630a2a8a8a94dd725864a4d0aac6d0b9914312fd3d276933c1caed76de8e086e1035961c979ba90115df71ca8cd5a9c4f5b3be50b6570a0fe63e4b14606b2d9

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    0e8252d5d71e29c1d5c0e8afe0674384

    SHA1

    5f6a3d0b568fcb9ec58edf49d2be957e064ac4fb

    SHA256

    aa52dc2afe38756805baabcf0306d764fea39f67ec14ddd27669ff3c8abec598

    SHA512

    1dbcf19aedac104f921686e5a3325be0359980b91110c5ce3ff56504621d7e436e6a51ff7688a71a5cf9e216069c3d98b01fa140e31fe2125819fcb54bec66cf

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    6919dfeb2a401bb8faafe5439c93fef5

    SHA1

    0cbf002108930db5832708a811f2336bd986aaed

    SHA256

    e1d6e82bc7260f9ed699fc9e0c91fb08a8f20abd1a2be1d77d008ac8f1ca70a2

    SHA512

    f87784b16dc1a65f9c5a9ce4d9467db6b5be04d41decdd08937185477c0d68a6afd8947a7f48c47c8ba08d019de13bbb0ef002c6ef63b1970a7878b09855a7dc

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    22e4ba7c9fd4d5952aa6c605a37105b1

    SHA1

    32962dfc18472aff4301c66904c1f57b5dfc4ecd

    SHA256

    85931edd91ee20ccc278ae395649e1090d555034cd3d44a8d322161dc493b31b

    SHA512

    003d3eb66c72d5623a62d5e898b89615cab0e7e7eb2df9769cd1249a6abe567cad6ffd22110f6cd592fb5e1fa1f5d59e4819e263383934b245efafac396e4ba8

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    3e909fee917f401adeb37098f0d01fb5

    SHA1

    fe776f8451beee46dfc6b090835c46af0a2f7fef

    SHA256

    dd636f1ae4f821824eb62711034c67b03e45514c9a52f606600f19a53205bfd1

    SHA512

    ae77486012994327e63917026f4ae11f434fc47917968c149625d7edc790b3f2a18cf8a9f011c7ed57b6547abfef7bac55e6adde3fdeb99b2638442eab1354a7

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    a588c88739f84dc212e5b57da76a5fdc

    SHA1

    382a6572fbf792f1d530537352a6c847bd2e64b0

    SHA256

    29b303d835fd11b7db6fb26754bd8a4d64156402d671f76e4b9e62ebd50048ab

    SHA512

    623d2e61eb79d54ce6573c46867a3e8a1f002b90b2fb5c7b06629beb8d179bd831ce525575549f84dcdbd4f141c49ebbe2036b58fc8db3306f9e0113ff3b857c

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    35db38052bc33492d3a6c80829c0edae

    SHA1

    f332f299dd12311c6f58ef1aa7586818a2c766b4

    SHA256

    ad75a7201263e273862fca5e1c4ea381803be2447cf9389b90e18c2ee3c073cb

    SHA512

    9f788c4327b5d92eaf0044994c3bd648c099b58635b38995e53d29f1de4eb0e1a64711490bf7bb9b5ed066148a416f6890ccfc098b16cad3a714c43aa6442a9b

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    a3ea45cc43862f59a523631f5c6fee73

    SHA1

    7f25ae277a3ae002224232c345aa6a5a982854e5

    SHA256

    05b346a172b731c214eae7c05d3680ca02b369fccb9f9e69eae4191e6df3acd5

    SHA512

    ebc7db320ac8d73cd971834f35ae5fbd4b0f50597b0a070b011b51643aba3a2aa5ee9f0123c6909da2e8c089d59b01b7a1f04c6475902efc1881ad0d0c8c71d7

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    10a394cccc976541e43783705afaddac

    SHA1

    e7960dc526b7f90b5093487228228066e580dd24

    SHA256

    6aea0711e4021bed8843cd448164e11e3f9a0be812a53bf5b2a347560ad24e04

    SHA512

    6ef81422f791f6cac8319f818186b64e2bc1eba30c1763dbe66d30bd252f3d7d8ab48171d5c78a37455a4a9305441fa28ed9bcc5550b75de21623f38336e2941

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    79a665db039125f1ffc4bfa3ed679f22

    SHA1

    5ba2b84652f6f32f0f1ee17d001ffdf8337b25db

    SHA256

    a9db0719299618c1a3ff9331da16f601d982b2adc7933d067eb86e4cc403d2f1

    SHA512

    7cd5c291884ce033ef862d355d09a96c0d072c4a9bcd1c4ff2a7c491d670d1ed653165a420f69a4e9ef6e93f158bdd87ab3206de265bc7794bd5787a6e52c9b6

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    dc8d9f75fd98ceee116121b93b1526f4

    SHA1

    25b8fe92a4a8c4d5cbf54244e4e7fb5904d27ccb

    SHA256

    783a6bcd7bdbed08fef8e88f075436734ad97a663d5e9b5c375e85773aa1a81e

    SHA512

    e5641586929b6de415d7fdb3f9ae39fb4977df5de8ac87f7357ff8bd9f39791b8862410f9028f8deeae8f53e1bd0fd2b4a6a4b505caea0d0495993dd3e0d1ce1

  • C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\IW68H88T\ZQCC8H6D.htm

    Filesize

    175KB

    MD5

    e23c348a681184048a416c714bca2509

    SHA1

    2e4e726560c76ae9b8f6a6d7c157c879d8e0e104

    SHA256

    a0975a3b17d334f621799189b0106ebd0fe11bb6c316bf070fe8a3d01df02912

    SHA512

    e8af649ced3a6c976bb5af9734bd2b5e3677a22e5910f5ae30c021396d9c3d823b335981157b56cb31a7d5c1cfff1bd295bc008e9ef743f58f5bcb64df51c430

  • C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\IW68H88T\search[3].htm

    Filesize

    126KB

    MD5

    74d43ec1a9d9b98936ee7c1630223ade

    SHA1

    47a5382e8813e2f1058296d83fc7dd8acce274a3

    SHA256

    98f0367bb26239ad041c09bbfa53fdc913eb052b55b9728911e379ac8b02c2f2

    SHA512

    5d11a47b1f2231d8a5bd3aaa8c90f6177412c18122bda5e3bcfcc71a8e5283a35041bdb1415349f6fe010ed65470f78e4520ea801e2685238e5f66cf95808ef2

  • C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\IW68H88T\search[7].htm

    Filesize

    151KB

    MD5

    f48c1d9b06fc43fa152c083aa2bc3cf2

    SHA1

    34362986ebf391f5f720e93209d6bbd6a99fe1c9

    SHA256

    cadbbe43652c939534f53d20327456ce60f5ac2a98ca62127fabc29d658cd810

    SHA512

    392192b5fad451ee6b480b5a91b34c67764f4846f595233fcb95b74bc540448a2c3cd707d5a70fb8e00c4b1f932c771a3a8a6f2c8ca766304e59ad0732b5314b

  • C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\NVDR4C1U\search[2].htm

    Filesize

    25B

    MD5

    8ba61a16b71609a08bfa35bc213fce49

    SHA1

    8374dddcc6b2ede14b0ea00a5870a11b57ced33f

    SHA256

    6aa63394c1f5e705b1e89c55ff19eed71957e735c3831a845ff62f74824e13f1

    SHA512

    5855f5b2a78877f7a27ff92eaaa900d81d02486e6e2ea81d80b6f6cf1fe254350444980017e00cdeecdd3c67b86e7acc90cd2d77f06210bdd1d7b1a71d262df1

  • C:\Users\Admin\AppData\Local\Temp\CabE194.tmp

    Filesize

    68KB

    MD5

    29f65ba8e88c063813cc50a4ea544e93

    SHA1

    05a7040d5c127e68c25d81cc51271ffb8bef3568

    SHA256

    1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184

    SHA512

    e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa

  • C:\Users\Admin\AppData\Local\Temp\TarE197.tmp

    Filesize

    177KB

    MD5

    435a9ac180383f9fa094131b173a2f7b

    SHA1

    76944ea657a9db94f9a4bef38f88c46ed4166983

    SHA256

    67dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34

    SHA512

    1a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a

  • C:\Users\Admin\AppData\Local\Temp\tmpE179.tmp

    Filesize

    29KB

    MD5

    d503b2a6c3888d5b887860db5d0c2ebe

    SHA1

    103cdbc670ff9df5bcff1de0427b255929af61d6

    SHA256

    cb710a12b7f8c14fa243c7e5800bc513af9fd584eb7f5d63d0b0396b066c89a5

    SHA512

    e4768b50a198d7efc6405a9a2730a2480a15e4190f87a00b666abf9a7fde134f61eefa5165f26afbc30d5b1761147f73118db11579360e61d8a9d0f18e9254f5

  • C:\Users\Admin\AppData\Local\Temp\zincite.log

    MD5

    d41d8cd98f00b204e9800998ecf8427e

    SHA1

    da39a3ee5e6b4b0d3255bfef95601890afd80709

    SHA256

    e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

    SHA512

    cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

  • C:\Users\Admin\AppData\Local\Temp\zincite.log

    Filesize

    320B

    MD5

    9aadecb7f3704a519554c182d531370e

    SHA1

    108cee575fdf7f9050c463723fe946f653085902

    SHA256

    9d215dc2e0fdf8f1141598407475f972a0130f51c69a02d732ff26e9cac97a74

    SHA512

    6f123bc78754156d30c3e800a00ff731f81abac201de281bce39708fd33fe511049560eb008ab5df57be2aa8f32946019f617db31f97dd5b69fffbd1bb20fce7

  • C:\Users\Admin\AppData\Local\Temp\zincite.log

    Filesize

    320B

    MD5

    42fb43929e7ab71d652292691826b411

    SHA1

    c415b09c7afa5a6455fd93a7614f56ed5170045b

    SHA256

    acde88b6b41c1f6bbfcb12838d2817edea1b125317fc452b6fd7662eb9073858

    SHA512

    3af21a43e1876bb66c1af38b0345d676f5d7d22d8bb5cab2fe84e275bc5526bd7d3fab9fb550f8c38f5f9c706b3248ee6a606e99233bb9b8d0dae38346a64c5b

  • C:\Users\Admin\AppData\Local\Temp\zincite.log

    Filesize

    320B

    MD5

    2cf3d377b343fad7a3b093f247e0f5d4

    SHA1

    d5d9c4ad18988a85442a12ee4924e7a85c08e633

    SHA256

    1873e63e85cd7cfdf43f917c6461d2c0fb71115cdc60b2e793bef62aab75493a

    SHA512

    1908169137f1c275e706f62bee87549dd39fd27c24796dbf958f5195df54f1666fb115428cd8c1ef62376ddbc55710fe8f6c58879f5b0128ead944fdd243dd3b

  • C:\Windows\services.exe

    Filesize

    8KB

    MD5

    b0fe74719b1b647e2056641931907f4a

    SHA1

    e858c206d2d1542a79936cb00d85da853bfc95e2

    SHA256

    bf316f51d0c345d61eaee3940791b64e81f676e3bca42bad61073227bee6653c

    SHA512

    9c82e88264696d0dadef9c0442ad8d1183e48f0fb355a4fc9bf4fa5db4e27745039f98b1fd1febff620a5ded6dd493227f00d7d2e74b19757685aa8655f921c2

  • memory/1736-55-0x0000000000500000-0x0000000000510200-memory.dmp

    Filesize

    64KB

  • memory/1736-17-0x0000000000500000-0x0000000000510200-memory.dmp

    Filesize

    64KB

  • memory/1736-24-0x0000000000400000-0x0000000000408000-memory.dmp

    Filesize

    32KB

  • memory/1736-1427-0x0000000000500000-0x0000000000510200-memory.dmp

    Filesize

    64KB

  • memory/1736-1423-0x0000000000500000-0x0000000000510200-memory.dmp

    Filesize

    64KB

  • memory/1736-65-0x0000000000500000-0x0000000000510200-memory.dmp

    Filesize

    64KB

  • memory/1736-4-0x0000000000400000-0x0000000000408000-memory.dmp

    Filesize

    32KB

  • memory/1736-53-0x0000000000500000-0x0000000000510200-memory.dmp

    Filesize

    64KB

  • memory/1736-1086-0x0000000000500000-0x0000000000510200-memory.dmp

    Filesize

    64KB

  • memory/1736-49-0x0000000000500000-0x0000000000510200-memory.dmp

    Filesize

    64KB

  • memory/1736-0-0x0000000000500000-0x0000000000510200-memory.dmp

    Filesize

    64KB

  • memory/1736-67-0x0000000000500000-0x0000000000510200-memory.dmp

    Filesize

    64KB

  • memory/1736-30-0x0000000000500000-0x0000000000510200-memory.dmp

    Filesize

    64KB

  • memory/1736-10-0x0000000000400000-0x0000000000408000-memory.dmp

    Filesize

    32KB

  • memory/2120-50-0x0000000000400000-0x0000000000408000-memory.dmp

    Filesize

    32KB

  • memory/2120-66-0x0000000000400000-0x0000000000408000-memory.dmp

    Filesize

    32KB

  • memory/2120-31-0x0000000000400000-0x0000000000408000-memory.dmp

    Filesize

    32KB

  • memory/2120-68-0x0000000000400000-0x0000000000408000-memory.dmp

    Filesize

    32KB

  • memory/2120-29-0x0000000000400000-0x0000000000408000-memory.dmp

    Filesize

    32KB

  • memory/2120-18-0x0000000000400000-0x0000000000408000-memory.dmp

    Filesize

    32KB

  • memory/2120-11-0x0000000000400000-0x0000000000408000-memory.dmp

    Filesize

    32KB

  • memory/2120-56-0x0000000000400000-0x0000000000408000-memory.dmp

    Filesize

    32KB

  • memory/2120-73-0x0000000000400000-0x0000000000408000-memory.dmp

    Filesize

    32KB

  • memory/2120-1087-0x0000000000400000-0x0000000000408000-memory.dmp

    Filesize

    32KB

  • memory/2120-54-0x0000000000400000-0x0000000000408000-memory.dmp

    Filesize

    32KB

  • memory/2120-23-0x0000000000400000-0x0000000000408000-memory.dmp

    Filesize

    32KB

  • memory/2120-1424-0x0000000000400000-0x0000000000408000-memory.dmp

    Filesize

    32KB

  • memory/2120-61-0x0000000000400000-0x0000000000408000-memory.dmp

    Filesize

    32KB

  • memory/2120-1428-0x0000000000400000-0x0000000000408000-memory.dmp

    Filesize

    32KB