Analysis

  • max time kernel
    120s
  • max time network
    135s
  • platform
    windows7_x64
  • resource
    win7-20240220-en
  • resource tags

    arch:x64arch:x86image:win7-20240220-enlocale:en-usos:windows7-x64system
  • submitted
    13/06/2024, 04:36

General

  • Target

    a105cb3f7ac23adb8da6432a04b9330d1ea27c02ee5e972cd096287179b7a3a8.exe

  • Size

    688KB

  • MD5

    516af38a59747ede388c31cfa88c0875

  • SHA1

    56a237e5e0df01eae119d7fff73b63601db4914a

  • SHA256

    a105cb3f7ac23adb8da6432a04b9330d1ea27c02ee5e972cd096287179b7a3a8

  • SHA512

    1140c5a379a15e3d54e1c4af099a45a822928359b7dee9c3f6a331c4b8902979e5ea06b76e112fa7779852d129ba42c41b15400a57adfe222c01e4e801606f45

  • SSDEEP

    12288:0w05IrOxMjzZCFxsW1SO26fO+W3zK4i9P+iXT+ii1giwiiaiiWByrUCdzQ39iVia:AWrOMPZC/7sT62+W3zK4i9P+iXT+ii1d

Score
3/10

Malware Config

Signatures

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Modifies Internet Explorer settings 1 TTPs 34 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 8 IoCs
  • Suspicious use of WriteProcessMemory 8 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\a105cb3f7ac23adb8da6432a04b9330d1ea27c02ee5e972cd096287179b7a3a8.exe
    "C:\Users\Admin\AppData\Local\Temp\a105cb3f7ac23adb8da6432a04b9330d1ea27c02ee5e972cd096287179b7a3a8.exe"
    1⤵
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:2192
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" http://8.130.50.108/
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:1788
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1788 CREDAT:275457 /prefetch:2
        3⤵
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:2604

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015

    Filesize

    70KB

    MD5

    49aebf8cbd62d92ac215b2923fb1b9f5

    SHA1

    1723be06719828dda65ad804298d0431f6aff976

    SHA256

    b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

    SHA512

    bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    bde29d9f328bc4a17e9da32f0599ba04

    SHA1

    0d4e6521cf0816a2bc9108d828afccd4a2474cb4

    SHA256

    05639d39705347e8359d80af41b74d837d655f5e134b5f0280962bf7a9cae35e

    SHA512

    bcd422014989c10cfd2ffb1895ec89a29ef93121a0c979d2a1731136c6e2969290e3c11c47cf92ffe2b1c888a77d14df77d4f45d01fdaa06a3a1bc76c7a00b04

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    09fc141942e014a6379c6bfc8a6a3c9e

    SHA1

    5fc45dcfb1c83f0f45d12084f9986d2a4be43cbf

    SHA256

    821f0046205b1bf65c2864348b6cb9e4371e94b81ba4ee229cd02d50c597a8cb

    SHA512

    2705b53d68771399f7a007e36258656848874631077b1c5cf4ce54b8eb9e45ccbbf1882664f014d0f51611860a6d17860203244f82fd12c7c78275edee1cd5b5

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    4f67ec0eaa708cf62e32ff7c2bc3ecae

    SHA1

    21958ea9847a465901efbd889995b50f6d3966b4

    SHA256

    81b6954837707a57da4b23313bb885b53af1c7ae11ba549509bf6de8c3b5a7b3

    SHA512

    967b6492609fbe6cea05635cdcfb83a286f31f8919c3e8477698da1d44425713441278c625f8e204138e95cfd6efe585eb4b3d239e074fe1ebab5ad17629b3d3

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    7f888f6401386f572337a4e5b84c4ffd

    SHA1

    3ef8cc38b322b0323c56443616220852e53a993d

    SHA256

    8a2aa385374d078e16758d42f853ab70d7cbf2bf69ddf0622d02c0e250aed592

    SHA512

    29a7a620589d4c9d94719cbd1f8bd1d2f1df8658f2f9cb8daeb45447ca0b556d944fa5932f415baa192c726ca6a40b617b81c995d9774ed2c116bf06eba16f25

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    4f71b8d488dd01090601d3f6ff119f26

    SHA1

    b5712e992cff9d7cb4f9e8bc00f0d4cdefa03f11

    SHA256

    8144545a9d10fe8e5f48cdc4bd6c8923672d749b98506c135eaba21b3cbe694b

    SHA512

    df15c1ddd950e4f99d126797127ee78d28659f0609ed73c1f27baa796b9d98051841fa546044990125d84c20ef85817014b492f862ee559d3d419cc8319660ce

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    7eef1dec0ad970102521390355b94110

    SHA1

    f53c75004b38b654a42ca6287bcbbfcd150d2f2f

    SHA256

    d2d3d7eac823b6cd30105b66947c31c1ecd1ee97158907b6a60e949034d206b6

    SHA512

    579a7e476cb36830cb5a8b49fedb5cb12a0ec07d46744f15f10abf8a732d2306766130b7a6c7aa3826a5ae5ccc3d559c779f8ff73cd01f27ed5ee349644478fc

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    776e52be3ae74d67f3dcbbf6a2996acf

    SHA1

    a9d4f39bfe79282a3cfe3e3f6b3d3933efd62389

    SHA256

    f3418b37799f7322cde3307f03a589601542e018bf32b5f2021a4273b527077d

    SHA512

    91a76d7ecdd7a7c19114e3e3f621978f706e0bf8eab95ac4681b8951d03d39c72e9dde8d62df7e44706b160f29d76a07cee724db3d88bae5c0970e3fd273ef36

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    e9af9a882142236e222873f381ba6086

    SHA1

    f1d0980e66915ef86fd848c18d8febe4277c4fac

    SHA256

    490964067af339d7326e15db7e6a228f4afb648ffd578acb71a24a3f36e6b357

    SHA512

    47dc23f8a5e27f039038f1d3b2f49cba4ed6ceca79011290298eecbe6670602678e106b87382870e36b1aa6178ffd520dc67f0494ac85d2fc5403386c45d24f5

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    2379bfe5c895d4a26af84d01cfc05c83

    SHA1

    15fff799f124d989327c45a090603e7af343a2c7

    SHA256

    f28ffe5d4774069299a4969602295d3cf77a64e56a4ab6cea47587ddd87c45eb

    SHA512

    38654186879d53f3122b74a533d4bfe088ceeb9da7e4b4b1c29282d312a8ae2ed65ef7d417edef422c09bcc779e110478e53d52c2e065d714e92addd4391f80b

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    a142d5c14648bff811adfdfc744f1c29

    SHA1

    c2e69c0b6556e14449ea184004a3a408f85cf97f

    SHA256

    c3768c979b54038dabd46f1224a88cf436c075b60e1e09e20b581f5bb38155b5

    SHA512

    3d4c5219ee9b6a6173c547b04eabcd577a5547947bdb861aca6f3837bc0b29a43ffb083ed1562d128a42b10b508cb02cabbb5d89a435381cfb47a33ba23d67db

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    82e7a9c0691be42dfedfc41a2aca1247

    SHA1

    7286b93170dd4ceefc1216f25ec7f03dbb1a07d5

    SHA256

    8784c7a74d30c24f30038038edb71a4095046413596d171a5886146aeee572fc

    SHA512

    53a9dd10b8a2e53d43458a39237af53e88cecd74728757dc181442b844e31aebc63dc7b6e8885bd6fe9c53ce026b922352ea36f0b1192740b6b0081684e9882e

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    1c368b7f079f4a209402c8f338449dc8

    SHA1

    58fb824086fd9aadb1a873bdf1a05476959ed3b3

    SHA256

    e44b989d11390046368563cc7c2cc262ff314f598b9945bab9917017d25d0cda

    SHA512

    9c8935eeb73719368feab79a5c41191f02c56dd94d25a1c51fb3a3335f9fc2740721ee265cc4bcc15e87bebb5fd7de3eeb169b531c7aa14404cf3d9ffde0c94c

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    354a8ecec68cb8fd495db2166bce1e97

    SHA1

    439075d851704fea6063be877f01cde994ad93fb

    SHA256

    4f6948e3f38524d34448f0d422be0111ae122928b9286672673743a0042282b0

    SHA512

    533e9197bff36f21e70e344044de007377019ee234a2ff252bb3aa0b1fab8b6d97b467d5fe37bda259f52135c123b553b7c352b2a9370eafae669c2d5687e8ce

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    d255d174af3ba0eb4cda69e23f847a5d

    SHA1

    ac73a303ef6da6ace88257769135d3784a0438ac

    SHA256

    4c118f7f3b993415b6e0eb4d6eb2ffaf222ac9abda01fa518330a3c571392995

    SHA512

    c15ff5f7d4cfd8dad98db27783cb605a53e644d9b457e4c88e3676433ad218333def7c2b03b8cc9baefd2a3100965294ca2480d33bd95832590fce8704f5b01c

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    fa602560d0e523da10721c95686a35a2

    SHA1

    5d632d9f41dcc0da58d18940db595da4b3ba41f5

    SHA256

    c7d34aa93ff46b832277d734832068cd6e7618e67937bac43b7706467a135f40

    SHA512

    30fa7fee252f6c6a93d705caa16b62059cd9fa931dd0111773445d1f1926cc0a0a7c0caef77a0d7f41659f55abb6d901c748b615c06fcc3a71ebd3a203bea63d

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    f93b77e73a39403accb11d1088739413

    SHA1

    d63fa81bb3087864028e0b214025d244319149fb

    SHA256

    c8388669b684cac27390fe0fac432ed7c5fa9766c056a4370a3335abdecccb16

    SHA512

    df09ae51b219c859a3ebbc9a900bba004de853f7b1dd1a85945b2a321a401c5c7d8841347e568c26102596e21286fe41c5e625e74438384d00b8e450cbe09be9

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    56b1133ab8f40a739e8853a214a99e84

    SHA1

    2b55e3eca471a66117a1a5cbfae64b6de19613cc

    SHA256

    e46a3bb851852621fdead2409e754cf07a62032ee404a2551a8521f4483210e3

    SHA512

    c970ee3b7ecb8ace62ab495fea67c2d007c4f1e8634637071ef05a874e1b55252436e396b1eac04b0177d6f2970204a5020bcdbdb581938d25c3bfc5250e6d64

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    1039689726eaee7b505a01135b170d07

    SHA1

    46040f77e9d63d08a9aa891c78e39005d82512cd

    SHA256

    18ac49e3a1f3e5ba484a765f2b5fbe6b7f187215184040b8c32b970db7de5ee4

    SHA512

    61726c4125656eac8591ba02e2cbe6c09fbf3103c45ca8de5489875553b1ecbfa6f19e446035d9ec4fb18aac56c30a215b2e8e71a542182453c30471a7ecff5f

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    ec886b36c38b3e678abc5486345e300f

    SHA1

    117d703b25e133a886b2398d489b01f28bb420e5

    SHA256

    dab6fd20722057f3d436b55e43efa1f1930f7f24f3876c1a2bda59ad43fb562b

    SHA512

    de233afd9e5760f5f402fdb7ccbef75ec13f03abfdf55e473c964d52d03677fd7de3b8691e56e5b3180876cb906dd34758e38873c9ebea3f25f7fd0c6a3cbadb

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    a5e31ce52fef0143b6326c8e8a90d03b

    SHA1

    a0bf0d1feadb6a7a362c45c1fe84bf33edce7049

    SHA256

    d1a3707a07584b5d0027289ba8459a4f3a9fe38abdd7c0ba9cba37e015d04d86

    SHA512

    dd6824d3eab6fee8818cd24779e504a493941df1d1f608ea3724f2098b24fb11ef3ca3ba1ca9861434627bb32f12f09e12a82878c013df0b0216b29d83a151cf

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    5a7d3a29571e109f08f4806a805f865a

    SHA1

    fa8d1578bccc18ce3b44b8d55226af7ac6f01503

    SHA256

    fd25e5a33250bed3ab74eb950a0831664e3253f673b50c0b55fd9dd8cca420c6

    SHA512

    edc85d5cc82e9d4be1e3b0fe162d4f6d2cfd4573f33dc9dfa780d1e15078c7f53c299a844fc76a5206c24e9a845419d3098bd82a23397fbd06e44765f631df8e

  • C:\Users\Admin\AppData\Local\Temp\CabED2E.tmp

    Filesize

    65KB

    MD5

    ac05d27423a85adc1622c714f2cb6184

    SHA1

    b0fe2b1abddb97837ea0195be70ab2ff14d43198

    SHA256

    c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

    SHA512

    6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

  • C:\Users\Admin\AppData\Local\Temp\TarEE01.tmp

    Filesize

    181KB

    MD5

    4ea6026cf93ec6338144661bf1202cd1

    SHA1

    a1dec9044f750ad887935a01430bf49322fbdcb7

    SHA256

    8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

    SHA512

    6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b