Analysis

  • max time kernel
    150s
  • max time network
    151s
  • platform
    windows7_x64
  • resource
    win7-20240221-en
  • resource tags

    arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
  • submitted
    13-06-2024 04:20

General

  • Target

    dixxy bypass.exe

  • Size

    3.5MB

  • MD5

    82a624df615abde80a5b9effffd5eae8

  • SHA1

    7c80fb2e5dbc6dff4cafb69f9251603721468374

  • SHA256

    48ae680ab1d8d2eae9e7ffd7863287c19820a6f27e0c6bb38f545594577ec826

  • SHA512

    2b69c724eccb579cbb9571244a30668ea53964470ec120f0d6b5f809c13c92cef1e84d1007ffa5bdb5e64a2ae7ba60e65ea68b112b0bf45fa1346fe8e12a3df7

  • SSDEEP

    98304:4cbgIPxIPxIP953Vl6CqV0pMppBuoG4yOkIKljuAW:4cbhqqLvnqmpwz+ZW

Score
8/10

Malware Config

Signatures

  • Stops running service(s) 4 TTPs
  • Loads dropped DLL 1 IoCs
  • Launches sc.exe 1 IoCs

    Sc.exe is a Windows utlilty to control services on the system.

  • Modifies Internet Explorer settings 1 TTPs 24 IoCs
  • Modifies system certificate store 2 TTPs 6 IoCs
  • Suspicious behavior: EnumeratesProcesses 5 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 7 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\dixxy bypass.exe
    "C:\Users\Admin\AppData\Local\Temp\dixxy bypass.exe"
    1⤵
    • Loads dropped DLL
    • Modifies system certificate store
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:2732
    • C:\Windows\system32\sc.exe
      "sc.exe" stop dps
      2⤵
      • Launches sc.exe
      PID:3196
  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe"
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:3620
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:3620 CREDAT:275457 /prefetch:2
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      PID:3728

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015

    Filesize

    70KB

    MD5

    49aebf8cbd62d92ac215b2923fb1b9f5

    SHA1

    1723be06719828dda65ad804298d0431f6aff976

    SHA256

    b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

    SHA512

    bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    f4f0540fb43e19be4c8391e210883cd0

    SHA1

    e7d4440890386b5d7465b45d6bf590b2ef9be0ea

    SHA256

    f38fdd6758f92596e3fd96b4f2559104dffe6746d24b9eaa355f7acb2e5ca5f1

    SHA512

    fa230fccb8416e87275309a444b329e86e1cc00df43244e5e987e5292c0945dbb3cedd8263a2d6c90d69d42575c6980b576233302712ed4ebaca91797e42d8dd

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    79d05cfc3273a574a9295608b728d806

    SHA1

    74383df5304ed674909b1f860d153e870d14a500

    SHA256

    7a2b8debf47369d3f7ecfeadfb70e9576f766ec8d574be7bb016ca65a293bace

    SHA512

    84643258f2bbcb496ac9d664a97b2393320562cb9544fe8307897f8d69bc9b9964b013fc7ede5b531a9b896f4118293894a08deed4cfea22a44d3095a4d5dfe8

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    a222e0d447e8a42f1c57713c66b4a353

    SHA1

    78d85b31a930981f6b6977dfc9356ff5ed62dd01

    SHA256

    43dd2dfd67aa14066e81039a74c44b06b8bba00b60ac156fcc8c55b212ca8bd0

    SHA512

    f4d63b74f1219bae2fa3201159327e6b9f0b0a3df9ae9a261bb2252fd20e4c3978cfc25510ed31aadaa7de00c060c1aab9a687066961cb29489e9ecc0274ce06

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    69018a34c60512fa0403a71a8d6ec0b6

    SHA1

    5054ac67c62b2f4330070e31f7bc3806823f9474

    SHA256

    153fb167eaaec722b16612aa355e283f07f0441566041af614237ff899673c73

    SHA512

    9ed7065dd7e32b639e8309cb8cdc11aad7a8903131840cbd223bd06f61c4a1ab890ab2b80d3f07a31387878163fde1e812b3bf0f33b96a07abd95907ff589464

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    59a592d83c63c3d5893b7967af2df302

    SHA1

    ff86d3c6d4d1890236ceda2e9f1395d6b83701a1

    SHA256

    a2ad54aaace893d4f0af11f894df9eba64450a4a8926fdc09f210633f9b65350

    SHA512

    706811749a9b72160f258b3c81020b867c4164694e5dc428a463bfbc6ac64c414852287d177af07994c5783fe1b990ccf9cfa028676e34afc496c86a6b6c3c6b

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    286e8732175f3d1437a359f7ebaadc4e

    SHA1

    01eacce1fec391a9cf002185ed86bdb0e9b796ea

    SHA256

    57bfb757eb96449d08a49c69f3db4353aa288ee977e35ff665c62804cc4e6f5c

    SHA512

    0e7da1f738dbfc0163097aab946f77b5e7e00d2d99238b6b50f7c15b7405f18c41f3af50b10192346d1fe77dc00bb0bc162c010647a3c09b785e32fe70e7ccec

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    c78837ca8927397193dbf4b5727640f2

    SHA1

    14f0fef511d0dcb48dbf07805cdeefb3aa9c1280

    SHA256

    09a7fa27105e2df81f12e3fdf83aa6e729926ac6f731b51666311e9a361559ac

    SHA512

    f02094dfd2c72c49e7c100701b731606300a695f8336ed8dea7c8f7f64bda495e778d75dd9415f79ffd42a8356096e4cf0062c8a6611223c73de9eb7ba74fafa

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    5a221ac374bcdeb10d0e0ec46fd4a6ed

    SHA1

    1c1a9639432a2f41781be79ee528ae41c586f2fd

    SHA256

    dce8f946d377147ecc42c4dc9f1d7282d094cf94c426817ad722edb64a63b13d

    SHA512

    8a9ce00c032b4fba3e1acc2496e9d03713cc5dd325ddb68abd4521157cb0528b7e7ef92972df0d5347d876c8206be3a5ec815932e14d766f7cb3c14f9b0243b7

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    6233565c81c9da039fcf5644640624d1

    SHA1

    8d45165051dbaa2a75cf7137f01b220a543b3ff5

    SHA256

    a4c740918bd5f0094827d655efa74be96eb3df18f37cec8ad62d92d0478896af

    SHA512

    cb23563bfc6e9aec00a58842b2fb52edf477edd992a6258b08114af51b0294f6c92d5196c75c975e68deba908075f2c67c137998cff28ba1ec4a9187afe2e21e

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    5e2ae66645fe6a93acd9a8a7c863703f

    SHA1

    43b2af31a986fca3fbc0cb05cc1aa7a042ddec84

    SHA256

    e63662cbd2e30a1480b411830fd4be989989ae841a17167384392e826ed8b377

    SHA512

    b76d50c6bb08ef84b07c3adf0da7558a740a6962206e32b7c33ec90b471a9b753c66d882d28cb2d6d03c884035e8b4097a158b9a649cc1d68b52e50e8bde93d6

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    703388ba8826bc32d22cce5b506f57e5

    SHA1

    32c1a50bc6c65a21fd52e5466473e9ea2b379088

    SHA256

    193f6875723d4f09c3170b6226dcd3ba1c97ff841b6cae19c330f09fad7b9403

    SHA512

    3cd26e114e05c08b3c56359c9649abaa3c0bc74ed01b51c7c4a12e1d38f1c40abfeb23844cab4881d75c8bcd4246e96bb4a9e9b5341ddd6c0fa8aac40f8e1258

  • C:\Users\Admin\AppData\Local\Temp\Cab1EE8.tmp

    Filesize

    65KB

    MD5

    ac05d27423a85adc1622c714f2cb6184

    SHA1

    b0fe2b1abddb97837ea0195be70ab2ff14d43198

    SHA256

    c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

    SHA512

    6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

  • C:\Users\Admin\AppData\Local\Temp\Tar1FD9.tmp

    Filesize

    181KB

    MD5

    4ea6026cf93ec6338144661bf1202cd1

    SHA1

    a1dec9044f750ad887935a01430bf49322fbdcb7

    SHA256

    8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

    SHA512

    6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

  • \Users\Admin\AppData\Local\Temp\2e467f22-fd46-4a8b-b54a-a1ebefcab704\SiticoneDotNetRT64.dll

    Filesize

    75KB

    MD5

    42b2c266e49a3acd346b91e3b0e638c0

    SHA1

    2bc52134f03fcc51cb4e0f6c7cf70646b4df7dd1

    SHA256

    adeed015f06efa363d504a18acb671b1db4b20b23664a55c9bc28aef3283ca29

    SHA512

    770822fd681a1d98afe03f6fbe5f116321b54c8e2989fb07491811fd29fca5b666f1adf4c6900823af1271e342cacc9293e9db307c4eef852d1a253b00347a81

  • memory/2732-113-0x0000000020430000-0x0000000020692000-memory.dmp

    Filesize

    2.4MB

  • memory/2732-151-0x0000000020430000-0x0000000020692000-memory.dmp

    Filesize

    2.4MB

  • memory/2732-105-0x0000000020430000-0x0000000020692000-memory.dmp

    Filesize

    2.4MB

  • memory/2732-109-0x0000000020430000-0x0000000020692000-memory.dmp

    Filesize

    2.4MB

  • memory/2732-111-0x0000000020430000-0x0000000020692000-memory.dmp

    Filesize

    2.4MB

  • memory/2732-115-0x0000000020430000-0x0000000020692000-memory.dmp

    Filesize

    2.4MB

  • memory/2732-117-0x0000000020430000-0x0000000020692000-memory.dmp

    Filesize

    2.4MB

  • memory/2732-121-0x0000000020430000-0x0000000020692000-memory.dmp

    Filesize

    2.4MB

  • memory/2732-123-0x0000000020430000-0x0000000020692000-memory.dmp

    Filesize

    2.4MB

  • memory/2732-125-0x0000000020430000-0x0000000020692000-memory.dmp

    Filesize

    2.4MB

  • memory/2732-127-0x0000000020430000-0x0000000020692000-memory.dmp

    Filesize

    2.4MB

  • memory/2732-133-0x0000000020430000-0x0000000020692000-memory.dmp

    Filesize

    2.4MB

  • memory/2732-135-0x0000000020430000-0x0000000020692000-memory.dmp

    Filesize

    2.4MB

  • memory/2732-137-0x0000000020430000-0x0000000020692000-memory.dmp

    Filesize

    2.4MB

  • memory/2732-141-0x0000000020430000-0x0000000020692000-memory.dmp

    Filesize

    2.4MB

  • memory/2732-143-0x0000000020430000-0x0000000020692000-memory.dmp

    Filesize

    2.4MB

  • memory/2732-139-0x0000000020430000-0x0000000020692000-memory.dmp

    Filesize

    2.4MB

  • memory/2732-131-0x0000000020430000-0x0000000020692000-memory.dmp

    Filesize

    2.4MB

  • memory/2732-119-0x0000000020430000-0x0000000020692000-memory.dmp

    Filesize

    2.4MB

  • memory/2732-101-0x0000000020430000-0x0000000020692000-memory.dmp

    Filesize

    2.4MB

  • memory/2732-107-0x0000000020430000-0x0000000020692000-memory.dmp

    Filesize

    2.4MB

  • memory/2732-97-0x0000000020430000-0x0000000020692000-memory.dmp

    Filesize

    2.4MB

  • memory/2732-89-0x000007FEF3E80000-0x000007FEF3FAC000-memory.dmp

    Filesize

    1.2MB

  • memory/2732-145-0x0000000020430000-0x0000000020692000-memory.dmp

    Filesize

    2.4MB

  • memory/2732-149-0x0000000020430000-0x0000000020692000-memory.dmp

    Filesize

    2.4MB

  • memory/2732-129-0x0000000020430000-0x0000000020692000-memory.dmp

    Filesize

    2.4MB

  • memory/2732-147-0x0000000020430000-0x0000000020692000-memory.dmp

    Filesize

    2.4MB

  • memory/2732-103-0x0000000020430000-0x0000000020692000-memory.dmp

    Filesize

    2.4MB

  • memory/2732-14570-0x000007FEF5540000-0x000007FEF5F2C000-memory.dmp

    Filesize

    9.9MB

  • memory/2732-14571-0x000007FEF5540000-0x000007FEF5F2C000-memory.dmp

    Filesize

    9.9MB

  • memory/2732-14572-0x000007FEF5540000-0x000007FEF5F2C000-memory.dmp

    Filesize

    9.9MB

  • memory/2732-14573-0x0000000000F40000-0x0000000000F4A000-memory.dmp

    Filesize

    40KB

  • memory/2732-14574-0x000000001BEF0000-0x000000001BF0A000-memory.dmp

    Filesize

    104KB

  • memory/2732-14575-0x000007FEF5540000-0x000007FEF5F2C000-memory.dmp

    Filesize

    9.9MB

  • memory/2732-14576-0x000007FEF5543000-0x000007FEF5544000-memory.dmp

    Filesize

    4KB

  • memory/2732-14577-0x000007FEF5540000-0x000007FEF5F2C000-memory.dmp

    Filesize

    9.9MB

  • memory/2732-14578-0x000007FEF5540000-0x000007FEF5F2C000-memory.dmp

    Filesize

    9.9MB

  • memory/2732-14579-0x000007FEF5540000-0x000007FEF5F2C000-memory.dmp

    Filesize

    9.9MB

  • memory/2732-14581-0x000007FEF5540000-0x000007FEF5F2C000-memory.dmp

    Filesize

    9.9MB

  • memory/2732-14580-0x000007FEF5540000-0x000007FEF5F2C000-memory.dmp

    Filesize

    9.9MB

  • memory/2732-14582-0x000007FEF5540000-0x000007FEF5F2C000-memory.dmp

    Filesize

    9.9MB

  • memory/2732-14583-0x000007FEF5540000-0x000007FEF5F2C000-memory.dmp

    Filesize

    9.9MB

  • memory/2732-14584-0x000007FEF5540000-0x000007FEF5F2C000-memory.dmp

    Filesize

    9.9MB

  • memory/2732-14586-0x000007FEF5540000-0x000007FEF5F2C000-memory.dmp

    Filesize

    9.9MB

  • memory/2732-99-0x0000000020430000-0x0000000020692000-memory.dmp

    Filesize

    2.4MB

  • memory/2732-95-0x0000000020430000-0x0000000020692000-memory.dmp

    Filesize

    2.4MB

  • memory/2732-93-0x0000000020430000-0x0000000020692000-memory.dmp

    Filesize

    2.4MB

  • memory/2732-91-0x0000000020430000-0x0000000020692000-memory.dmp

    Filesize

    2.4MB

  • memory/2732-90-0x0000000020430000-0x0000000020692000-memory.dmp

    Filesize

    2.4MB

  • memory/2732-82-0x0000000020430000-0x0000000020698000-memory.dmp

    Filesize

    2.4MB

  • memory/2732-80-0x0000000002AF0000-0x0000000002BA0000-memory.dmp

    Filesize

    704KB

  • memory/2732-2-0x000007FEF5540000-0x000007FEF5F2C000-memory.dmp

    Filesize

    9.9MB

  • memory/2732-1-0x0000000001360000-0x00000000016E6000-memory.dmp

    Filesize

    3.5MB

  • memory/2732-0-0x000007FEF5543000-0x000007FEF5544000-memory.dmp

    Filesize

    4KB