Analysis

  • max time kernel
    31s
  • max time network
    21s
  • platform
    windows7_x64
  • resource
    win7-20240221-en
  • resource tags

    arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
  • submitted
    02/06/2024, 04:48

General

  • Target

    BloxstrapModded-v.2.44.exe

  • Size

    8.1MB

  • MD5

    15a687ef872a149e075daf9183e0dd06

  • SHA1

    855424e42c9aa2ed61c74f132a5fc85cf342154e

  • SHA256

    e15dd2dbe65faa8c181cf1514e80cd64262215258a0e25b9b3f5bb439525c2d0

  • SHA512

    3af64000055d8b37d1cd0110126ed2324e1009d1fa28f9866c01303e150f0d76243e3b31b640e8d965948199c92c1faa452b3b5d0bc4ef8e17496149f17a2f27

  • SSDEEP

    196608:snVSUiMDl/at5sb8oIkkCcmtob/PVuS9U8gD3hIURja+yw2EcrE2cC:CSUrDlyt5s7HkCTob/tu8exIP+ywAr3c

Score
7/10

Malware Config

Signatures

  • Executes dropped EXE 4 IoCs
  • Loads dropped DLL 1 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Modifies Internet Explorer settings 1 TTPs 26 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 16 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\BloxstrapModded-v.2.44.exe
    "C:\Users\Admin\AppData\Local\Temp\BloxstrapModded-v.2.44.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2304
    • C:\Users\Admin\AppData\Roaming\BloxstrapModded-v.2.44.exe
      "C:\Users\Admin\AppData\Roaming\BloxstrapModded-v.2.44.exe"
      2⤵
      • Executes dropped EXE
      • Loads dropped DLL
      • Suspicious use of WriteProcessMemory
      PID:2948
      • C:\Users\Admin\AppData\Roaming\BloxstrapModded-v.2.44.exe
        "C:\Users\Admin\AppData\Roaming\BloxstrapModded-v.2.44.exe"
        3⤵
        • Executes dropped EXE
        PID:2788
      • C:\Users\Admin\AppData\Roaming\Bloxstrap.exe
        "C:\Users\Admin\AppData\Roaming\Bloxstrap.exe"
        3⤵
        • Executes dropped EXE
        • Suspicious use of WriteProcessMemory
        PID:2596
        • C:\Program Files\Internet Explorer\iexplore.exe
          "C:\Program Files\Internet Explorer\iexplore.exe" https://aka.ms/dotnet-core-applaunch?missing_runtime=true&arch=x64&rid=win7-x64&apphost_version=6.0.20&gui=true
          4⤵
          • Modifies Internet Explorer settings
          • Suspicious use of FindShellTrayWindow
          • Suspicious use of SetWindowsHookEx
          • Suspicious use of WriteProcessMemory
          PID:2608
          • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
            "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2608 CREDAT:275457 /prefetch:2
            5⤵
            • Modifies Internet Explorer settings
            • Suspicious use of SetWindowsHookEx
            PID:2772

Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015

          Filesize

          70KB

          MD5

          49aebf8cbd62d92ac215b2923fb1b9f5

          SHA1

          1723be06719828dda65ad804298d0431f6aff976

          SHA256

          b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

          SHA512

          bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          342B

          MD5

          5d7db3470e2d0fb0626eff3061e9a5df

          SHA1

          ae121ae5816e1d8f709c91985dcd38510437f958

          SHA256

          a9d28b1107de0136dcb82f7ecb362f9b9db598b6b29c6d1d0bc2e6810c528b9d

          SHA512

          0eae2bef4b0691898c4402b34f4014f59cf6c5a78b75cb920a7695e0bf2f4c3d04c67aa2533c9fea3ea6afc37d2c2f132f6b2e466aeb2e3b2b326644ba11a480

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          342B

          MD5

          ce232b6fef2699146fd84a9ae4908ee1

          SHA1

          0ed62515807f882472f639c34888c34da71aa6c9

          SHA256

          c2fda59e5f4982e895e134f3098e391ea965b57b22826bc77d0ae51ffbe46486

          SHA512

          c6810b6dc8a49bdee21f27bad3f680ce0500534bc5187a23cb99295d4009f8369eb421f383b8d2837c3429e955d3dcd813159143176208410ace93adea7a4367

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          342B

          MD5

          3329e96d810091d5b3607038361c2992

          SHA1

          f8e15906c904b4cbec9809cf667192e7710cef09

          SHA256

          038695efe796736a2c20e0182dfb5dda304df387ffea52c292b03b0281970b70

          SHA512

          618044919afe0fc2355ff9bccf79ded9f4a081e0bd02a3907687acb74b51d9fe36844ec5fad4daeb0b0acb867f585c4e9993ab8b9c2c541b38cc8b66c81cb7db

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          342B

          MD5

          e33d1650cd68e196e7668ebf2b7c0ec1

          SHA1

          95a8c8f81900cc994d91ace65ab51415a8ccad0f

          SHA256

          78d0d3b20eea959bb63d272b8b522d0ee89dd1078c5b3c4debcedce56c5b43b6

          SHA512

          26074ad7bb1239af40670ae1f5e2139f2602f62cb5f5b8985a9b4ff579621e89b048f732a12d352267c5085e42c183217557a3ff339cc6b4891a1fd1608dc004

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          342B

          MD5

          9118e1154c3904a38d137076b1f220fc

          SHA1

          bd903ea952cca559e87687b0936ca0704a3941b2

          SHA256

          1f08e8ab8e2000c21d3cb423380de972e344e2b082b0a1d1bace1a4eeb62af2e

          SHA512

          cbcfe7b64198690727f89d7dceef4ef585c1b5ff07e6fe67228e4fd455376a5ca30e9a824880eed7391a183812d0880a0f3c08c85735cdb18b5e34d2803de466

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          342B

          MD5

          46ff97216540daa00d1be6fc9dea7eac

          SHA1

          4e7915674715e7f24d0e6f61ca12c345b7f6e56b

          SHA256

          6ed762ffe92dbb9ea66638035a005caafe102041cd20318d71e97613d02c011c

          SHA512

          a8775fdbda752cdee49a5524e33b2b24aeaf5b2da0149ae44e1f9524729ddb86bcd5e90ee36d37bcec3bc5aa809859b923e38f39d0b193f8dc779a4e0dd57be0

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          342B

          MD5

          77080c28a607b4b54dc83bba0efa3511

          SHA1

          6ac30842cd2ae40ea707a34aa5c3ac0981561080

          SHA256

          9e43fa54f8c0c7b52dfd9c19367b8f5757f3b04b8b864b45d8485a8e760236b7

          SHA512

          60da8d23b10a819a26bd3f9858e1004929a3657ae967a5bd63cbdb085c316c4dea994ecb4b53abb717cf2f5f40d1726f9f57a16fb42350f3c09b5d2ff68c65b3

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          342B

          MD5

          2f501af5126c784f0417f2aecfb72db4

          SHA1

          f574ece7c2c2557535ac5906930cd4b54a4c2fbb

          SHA256

          2a5414cc38af08d67cc1cfc9a2f5cfbcf292c4b8b4051882375352d8a186e919

          SHA512

          bbe91e12068bd8a4c7f3402d3b87abbaf5c223ae3720939a8dd2cc437a6868cc333a262daa741486f5388802cd15211ae2e733d4a0f6c0dcbd4ccb0acbaed340

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          342B

          MD5

          6e34ea9ee4cfafde8cc3f0e06b8f9f79

          SHA1

          8077b0e9ccc8878f1b30d43d6cead7627b67bd11

          SHA256

          ee80b0a66a35f84c69e84c4ca3b04974c7e75c8125847b4a023321a249442f76

          SHA512

          fa5d816e1d0075fe979c5beaa689255386872d62704fddeb40d116d0a19f1bac4216fb8cd38c5c986ff8b8f2d8f9552ca055524ece7bb97bf2cab9d33c39d7e0

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          342B

          MD5

          8058bfda7926ee7274622efb12475526

          SHA1

          35a46a3a3d932a683afa88ea9988a99ec61e95fb

          SHA256

          50eb535da4ac64cb2defe98a01dca157a0edb2656e557eb994c3db7a9a6c9dc1

          SHA512

          1bbdeabc7a3ec3f89871c53e3b66530bd7a2fc07daeef28a7d6d469eeb4651391175a0d2d4f88559c185c55c3846582294890f36f9a3addd3d36a8bba5356fe2

        • C:\Users\Admin\AppData\Local\Temp\Cab364E.tmp

          Filesize

          65KB

          MD5

          ac05d27423a85adc1622c714f2cb6184

          SHA1

          b0fe2b1abddb97837ea0195be70ab2ff14d43198

          SHA256

          c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

          SHA512

          6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

        • C:\Users\Admin\AppData\Local\Temp\Tar4B7B.tmp

          Filesize

          181KB

          MD5

          4ea6026cf93ec6338144661bf1202cd1

          SHA1

          a1dec9044f750ad887935a01430bf49322fbdcb7

          SHA256

          8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

          SHA512

          6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

        • C:\Users\Admin\AppData\Roaming\BloxstrapModded-v.2.44.exe

          Filesize

          8.1MB

          MD5

          c7317fde88040107d1275f241c2501f2

          SHA1

          1a59ee0f3fd658b62f0c031ce3a60d7cb2a7e366

          SHA256

          99452e83c11a91c6500e3f9aa0e069a419d29696d4df40d9ccc82d4961f12241

          SHA512

          ee68a4afe52358d6ab9476e050e5f990dacd6daf4e36bec1cc99dae8c73a0ea009381ac8184570fd0ecb277b6f791eba5f441b940a495233168335619b49283f

        • \Users\Admin\AppData\Roaming\Bloxstrap.exe

          Filesize

          7.6MB

          MD5

          04f41a01edd9d478ce2d0a1f9d3441d2

          SHA1

          718d0fd7603863da984f3a7eaad8efd3f8dfda77

          SHA256

          7ec833edb7296e73f3da4c0bb14f5d343de49a2230eb1304be80dd0228478996

          SHA512

          4eb43b9b37cf485eb936000b4a7f8f07f56d3c2cb9a5ba0c80faa216d5c8bf458bf57d2016c07c3a703f49f7c2742594eab06f2df90b36adb9e0d5ac0787f739

        • memory/2304-1-0x0000000000F30000-0x000000000174E000-memory.dmp

          Filesize

          8.1MB

        • memory/2304-0-0x000007FEF5223000-0x000007FEF5224000-memory.dmp

          Filesize

          4KB

        • memory/2948-7-0x0000000000C60000-0x000000000147A000-memory.dmp

          Filesize

          8.1MB

        • memory/2948-8-0x000007FEF5220000-0x000007FEF5C0C000-memory.dmp

          Filesize

          9.9MB

        • memory/2948-16-0x000007FEF5220000-0x000007FEF5C0C000-memory.dmp

          Filesize

          9.9MB