Overview

overview

6

Static

static

3

catbin_test.exe

windows7-x64

6

catbin_test.exe

windows10-2004-x64

6

Analysis

  • max time kernel
    118s
  • max time network
    154s
  • platform
    windows7_x64
  • resource
    win7-20240221-en
  • resource tags

    arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
  • submitted
    14-06-2024 14:04

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    catbin_test.exe

  • Size

    89KB

  • MD5

    c56668c5291b40e16b3cbbabab626ee4

  • SHA1

    f68622a89a4ed86f5c1f5f147d58ae1a824c75b9

  • SHA256

    511b2a3ae74f152e09db47a7dc5806baf247b20efae0b3b4eb90b5e195d7aec0

  • SHA512

    b05de9996c6fcaba14b2741e58d90f0bb0a4355fdd1e058f60d848543d511acab1e0f3477e4b966484c744058e67833cb5db6960857ebe17b749901006937674

  • SSDEEP

    1536:T7fbN3eEDhDPA/pICdUkbBtW7upvaLU0bI5taxKo0IOlnToIfPw5OF:P7DhdC6kzWypvaQ0FxyNTBfPB

Score
6/10

Malware Config

Signatures

  • Enumerates connected drives 3 TTPs 23 IoCs

    Attempts to read the root path of hard drives other than the default C: drive.

  • Legitimate hosting services abused for malware hosting/C2 1 TTPs 7 IoCs
  • Delays execution with timeout.exe 2 IoCs
    evasion
  • Modifies Internet Explorer settings 1 TTPs 39 IoCs
    adwarespyware
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 5 IoCs
  • Suspicious use of WriteProcessMemory 17 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\catbin_test.exe
    "C:\Users\Admin\AppData\Local\Temp\catbin_test.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2512
    • C:\Windows\system32\cmd.exe
      "C:\Windows\sysnative\cmd" /c "C:\Users\Admin\AppData\Local\Temp\1B8C.tmp\1B8D.tmp\1B8E.bat C:\Users\Admin\AppData\Local\Temp\catbin_test.exe"
      2⤵
      • Suspicious use of WriteProcessMemory
      PID:1004
      • C:\Windows\system32\timeout.exe
        timeout /t 2 nobreak
        3⤵
        • Delays execution with timeout.exe
        PID:2356
      • C:\Windows\system32\timeout.exe
        timeout /t 1 nobreak
        3⤵
        • Delays execution with timeout.exe
        PID:2324
      • C:\Program Files\Internet Explorer\iexplore.exe
        "C:\Program Files\Internet Explorer\iexplore.exe" http://canarytokens.com/articles/static/olyxahg00gszb09viv2bua2w3/payments.js
        3⤵
        • Modifies Internet Explorer settings
        • Suspicious use of FindShellTrayWindow
        • Suspicious use of SetWindowsHookEx
        • Suspicious use of WriteProcessMemory
        PID:2288
        • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
          "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2288 CREDAT:275457 /prefetch:2
          4⤵
          • Enumerates connected drives
          • Modifies Internet Explorer settings
          • Suspicious use of SetWindowsHookEx
          PID:2716

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    3ff5120462dfb66142dade9ffeccb0b6

    SHA1

    c2eb82962ef844f8b0af32f62d2c39dbad587063

    SHA256

    82966b1ce2facff5b6c496abfb381656e91766f1e1a3d82d256ba2d48a7e2130

    SHA512

    324a839fbefa3385ab4b7c55cc98e7dd60f95306a4fbd58b04d82e0499586c7c21796c86e443254cd0e2eec64c20af5dda9021049825ed3d6b8d69c34daa3769

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    f83d66edf6879cf6a74740cc3a2aba3b

    SHA1

    d0bbc31e1bec1604a608360d97676c9e9ce99fc6

    SHA256

    4e3573c00ff7f06720847ee1539bad0ace0976991ee65d1e106f7bcbda8cb521

    SHA512

    348a5b731724b4e0616c636ffc8ef5bfec70a905c78d71241890c71f53b7f7a794787e6f913f58aac3c48fb622c5c6e29dc2eaaf056df83749a0d5b158c870e0

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    01646fa367831b4f8de1b25fd834afe5

    SHA1

    852f63466e6a94dafee5913c905d496ef7758626

    SHA256

    55fe68cba6f588dff51bd883cb75c9c9e5aadedc81c92dcfe752b02d87a9161a

    SHA512

    34c9dd430d5c323d7bea81b26b0ede5c3b5eda04e7115a1fbef64b2659aa17366245436a017310ab8f29f618d2e31bde6c466525f5264766ede58bd62cc06042

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    4f45fc44c6c89135615fc098b2ab47b9

    SHA1

    0d1b84231245f881920e2214aef728474d989d9a

    SHA256

    c754289ade07d2b5a805b64ad6f72beb1caf1501f726977e49a5531c7540ce75

    SHA512

    05966d30e650b9b8bf00b3f9f02db4ff6bf9a8790c304d2b709e20129a954d35c68634b27246d0fc7820e8c4fae8f657234d7c6e145faddafab3790898b9d138

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    61d7776658198d4a52d75796eab22dce

    SHA1

    66d1188f6865622ddf51481e87d4597afe962a18

    SHA256

    71e900c8b65ec4f7105418332eba90591ccc7613d88d5d0c95b5928ddec3b0b9

    SHA512

    9614eefa47fd2dc20efcf3abe5f6fa4fa6b5c20f0550b835faeaaadf3880888d2771da612d5e85c20c12621a973377f0d4722650d6794d11d445e2dc8f4248be

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    db89f218bbc7fa68f286d520faa222f2

    SHA1

    87c347110133b726e8e26414d31e811e9012dbec

    SHA256

    749951cf855c8b32d7f6c6c0572dbed99b76245bcbd9a80a0d0eae2c466548ff

    SHA512

    5381a6ef6912dd40d7d97359882fe869cc7d232ab25e2a49f49320aac5ed68f230c31da0b8bd0e8258db09d9cf13c607004f064fe673d072340711e071b128e4

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    130c6a841138184e50cabe28e9b67372

    SHA1

    e70b2609a22b4a13502f7e653c5941d88939c669

    SHA256

    6b084d95820efb19509f0e9204ec02f540ab42a8f93f24bce5410d39852f2a11

    SHA512

    c3bc649802e78d69e8b4c3be898f6ae8063d55006c5487227f810387b36ad612a09b7ff0b556262becce691ab9220a3caa097752fb41a901a481b30c80454d42

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    b20155705464a625dfef67bdde1aa018

    SHA1

    85e8d5ae3ac7e8f778444e48a817278e5602c4bc

    SHA256

    4008b95326667fb2f5a6d7328a3e4e4a2fc4c8f3a7ff6efb728c835ce7e15f00

    SHA512

    b97cb1b13640a9895b3a82c2012cc2cae44235c41d0c51a51bbd24f4d171cbab18ae38a018ae758d2b174194eea532846b080bf06096b74d09ee2ad462409bff

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    ca6bce11a41af2f7fd0699dfe1049592

    SHA1

    49ee420d067f01b751d6f7b8d9ac87338c634677

    SHA256

    2834bf334bf9f6393bed0ce76d8d19e7a65b686cb895e5fbf64ae5e041e73232

    SHA512

    76b6665569c60b4cb921e80c1329a81bc4bb34479c64b32a633e1a4228b07bb98ef1b7ac1b5a25b7997c145ef3c2b97a209a3af8b4accd9165d389d1e2c029c5

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    80fca9bf6ec4257b71bf70de54f14efc

    SHA1

    3373386394dfa6cc1057a69d5bf17b23918e4345

    SHA256

    f527c0dd7d2aaa63abe50c66e4d5e8ba32ee87c4a8a381531f65e4bd5c90d9e2

    SHA512

    ab9b1a279f449cd6f039d3a4b96f1cd3e5a5e51bdc1377c7589d8fe434e1227626c10d2b98e3c984eb9d90c7af85d0c195371a1cd75d91e09c4d3b37968f448d

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    15a145a99d06d6f176debcf4a325981f

    SHA1

    a3fe9cb8429fe1bb8c39691ffcbd2df5d2b96469

    SHA256

    5d6084d4f5da07dded781a2122715577149f5360ff7ce39b0dd8330de524411b

    SHA512

    37ae9e0eb0b04754c113c207568c5332e29d2407778f3b6f9f3a7929a939bca8ffd30e18bdcb62b780a45ffc99e2bf02e48cd55b1dae385353b0f0935b8f7c91

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    d763bbed6f67b586885f2b17452cc298

    SHA1

    39aaac7735d8cf603b9addddea0c773f81f79b77

    SHA256

    142caaa04f54e399a6379231c0dac17e38b266a2493c4659c847bb56a4359fd6

    SHA512

    175e93a021a501150670d66c1d966012c2ecff3659ff1a63a9c0ccdece843aa289260382d5a019f95d52251bccfa3f37acf8d1d27f0195904407d690c0407a81

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    25952d127a3c7a27fcd2816892d8648d

    SHA1

    730cb9ac94962e850fb695ea770167c1085200dc

    SHA256

    49c99b6a0ed2903b5d6cf575b124f45aefadc5b376290cc3bc2e90332c283c6a

    SHA512

    e7d68689c80431c755dabbf03cf765465824d2edc9e13eb2d9008100d72eaf0d9f255e5aa529b2bdfa15d55bcc34e36cf63720a4f1401e0ea0ce249046be6a5d

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\imagestore\3pl5scb\imagestore.dat
    Filesize

    24KB

    MD5

    f6e680bff128a5f42cdaaede93105a00

    SHA1

    8570e7a3650cc83dea571417f51fe128f2d88f44

    SHA256

    5f57e23f02f7f651332ef4b24b8ed469699354af0145e3fda2fa529310b79b7b

    SHA512

    fff6c209502b0ec0ed1b0823124d1caf59bc8a679989ebb3fc35ce76c1989aec1d7a85a8368905c6877339216df8cbef55c03d3de880812018945fdbfb287b32

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\OORQXHVT\favicon[1].ico
    Filesize

    23KB

    MD5

    ec2c34cadd4b5f4594415127380a85e6

    SHA1

    e7e129270da0153510ef04a148d08702b980b679

    SHA256

    128e20b3b15c65dd470cb9d0dc8fe10e2ff9f72fac99ee621b01a391ef6b81c7

    SHA512

    c1997779ff5d0f74a7fbb359606dab83439c143fbdb52025495bdc3a7cb87188085eaf12cc434cbf63b3f8da5417c8a03f2e64f751c0a63508e4412ea4e7425c

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\1B8C.tmp\1B8D.tmp\1B8E.bat
    Filesize

    282B

    MD5

    5455fd6df9f5a3ac02c88ca66be69375

    SHA1

    22907d8a749297e6a681d9bffb19d5535f7f4ae8

    SHA256

    45f5946f7cbeab8115a9069150a6632af36fc3dbc0e6587d7efcaf78cfe78786

    SHA512

    3f6a8ea58956ab67b073f465a6413c6341a19967eea41023650824c3a517181ccf318f8a389fbcd9e97f468eb2c4c5625e081f1276829f455c342f71cde85a5b

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Cab2223.tmp
    Filesize

    65KB

    MD5

    ac05d27423a85adc1622c714f2cb6184

    SHA1

    b0fe2b1abddb97837ea0195be70ab2ff14d43198

    SHA256

    c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

    SHA512

    6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Cab234E.tmp
    Filesize

    70KB

    MD5

    49aebf8cbd62d92ac215b2923fb1b9f5

    SHA1

    1723be06719828dda65ad804298d0431f6aff976

    SHA256

    b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

    SHA512

    bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Tar2362.tmp
    Filesize

    181KB

    MD5

    4ea6026cf93ec6338144661bf1202cd1

    SHA1

    a1dec9044f750ad887935a01430bf49322fbdcb7

    SHA256

    8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

    SHA512

    6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

    Download Submit