Analysis

  • max time kernel
    142s
  • max time network
    142s
  • platform
    windows7_x64
  • resource
    win7-20240611-en
  • resource tags

    arch:x64arch:x86image:win7-20240611-enlocale:en-usos:windows7-x64system
  • submitted
    15-06-2024 01:40

General

  • Target

    b1912806192d130201a5adc52af7bcebbcbbf785ae77febcee4fffbc1432309e.exe

  • Size

    38.6MB

  • MD5

    ed9241daf488522ca7cb0de77631fe59

  • SHA1

    827c8caad03d919be34d64d7b04e4fffda87ebb2

  • SHA256

    b1912806192d130201a5adc52af7bcebbcbbf785ae77febcee4fffbc1432309e

  • SHA512

    8af044888b658fd6ccdbd75c3adee5bc54403824302541c8b6a69bc9053cd9d2c4fbc78a1acedb5ec0e4c2c62075e7013221d4bdeac5eec080bb0dd2a3d741c1

  • SSDEEP

    786432:cn6iTfRwFOUPofAl2jtyBKcDxvVkyaPZ8:If2VP9l20BKcD1E8

Score
1/10

Malware Config

Signatures

  • Modifies Internet Explorer settings 1 TTPs 34 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 8 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\b1912806192d130201a5adc52af7bcebbcbbf785ae77febcee4fffbc1432309e.exe
    "C:\Users\Admin\AppData\Local\Temp\b1912806192d130201a5adc52af7bcebbcbbf785ae77febcee4fffbc1432309e.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2244
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" https://aka.ms/dotnet-core-applaunch?missing_runtime=true&arch=x86&rid=win7-x86&apphost_version=7.0.10&gui=true
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:1312
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1312 CREDAT:275457 /prefetch:2
        3⤵
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:2640

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    d159b3f3f676118bcea5f2dc90af8877

    SHA1

    4999c06282732b28146ceb2e22ffdafce158b18b

    SHA256

    92361adbe1112a63c033575d86b87ba8ed3a7d9d3e948665110ef3cfc0e9e132

    SHA512

    b4b1aac0fe65dd8c4b8803693008083c6241d6cc48b070d193cb611b0d23dab8dc6cc17567baf296b3632895928948e53199d73f700335730433ce68949fc20d

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    9ece129ebf65fac7c514862345f2699a

    SHA1

    a683152100d05ffbf18f4c3069b0cf9e7e25f225

    SHA256

    57c815805724a07344c3946326d4af4b1a31534eed87ac704cd45b130e879680

    SHA512

    d034a770e4bfb2fdde3ea68777ed5d4c93968db33c0cc0843682ede317f12acd232989e232a25192d2d89d3f38bd19ee73c6df29d5478cc7b98f5745e79c5e0c

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    a240c00778f6a97e0fd786762c6bf164

    SHA1

    a4fd490cfb5ec79002db9c9c34dfc0f1447d1c33

    SHA256

    96bd96865fa8d98092bde2aea2b65ebebd2b013bdc251dc54225bf39b595c975

    SHA512

    8c9fa2fec3159fb17442304ae54b63d0cbd350e9464d44a60446d2ee8975f255c0a3f722a9184ff37e22e50146a4257720f9090ca99eadb059cbf0a894918c67

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    f76c6d12d6e5cc18e81e3204de0d9dfd

    SHA1

    dac833284e8ff99a04d3aecdc88d00ee3a05727b

    SHA256

    1adbd4959bd7bc3476e98ed179b5627040bbe8dafad8deba82a33518ba1989a9

    SHA512

    1e0510d542a5203655c829032d992d86421da1bd7e94c55636aaf7fdc9b217f1963368faddfc2ce810f8eedc5a15ed8231dc52e512d0febc04e31fc41ee631b6

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    0ed977fa14d64abc613450af6f1246ea

    SHA1

    c0f9685a2bcf64b579fcbf04a0c8beb9b5302f94

    SHA256

    cc3b070c2acc85a7ca046f527f184e3315b74cfbf6550b4e5ad8e6cb5aceb6b1

    SHA512

    8cde46626210617942c11a18a895188f4dac170d8d6e55638c3e8e519ca262fa0a8f5d6a9bc2bdeae8cb1dbb50d508cf40e8af92802174933afe97a07786a18a

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    05cc60b8859df62c30567c366f7691a0

    SHA1

    9a4f3947eb97df5da30bc9f7b08bbb713dbb0ee2

    SHA256

    d875175d82392fca2becd14df548002153bd5e89de5efdc8d214484c0fd8e86b

    SHA512

    7660b1f16ad04189b81fd2d2f7e28546828f28e0be2d1e4c167991138cbb8338e121d7139f06698c12aa179fcb562dd45b6f73ce1a5a128b30876f5732629512

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    29edea6fe67c701b48bd085f1c17d74f

    SHA1

    db9cf5a74a88816fd7eb661670e8b5619ccbeeb9

    SHA256

    ebae0be48621fa415ecd08c19bb3f4b2ef5b957eb3899a2af73baba49f404e1b

    SHA512

    33620fd5ac46a1b4d18bc0174415fd3e30e28f13ef1aa4671bb31747b701fc58ed970e188637edb241b51d4de7e4674c24eaef9a2250d564a150fcdcf8a48dcd

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    82177b261fdb6555a57f299df0bc8046

    SHA1

    4ec97fb0e4457fdad55124d46ca6575684789515

    SHA256

    7cbbcf2d7e5a2504324a534f00d26a6bb90b91fbbb79902581a6149fc392b723

    SHA512

    973ded066394df9db59bf2a012b84ebf863deee018a4616e4f4b0a19bd9a86e4f270d6e0568bf77480e61dd7a2cebd6699509ba1815173be362497d0210bd47f

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    b403a700f03b5710dd782ba01fbb3c64

    SHA1

    7ec5f49707b0228873d8f2471e5223072402f9f6

    SHA256

    1371b81ae75ce82429cffe7a53dd929ace0a356a52051e915d9cfd20964ac4b3

    SHA512

    d1206137f093926c334cb6e7334cf63615ad3d4c09453ffdd451374dedd0bfcb48ba49347702c1baf32175207cc3d92c25e2f1d29ebe17aa417a594e2e3cc523

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    1f21238177defbda90d7c548f0a43129

    SHA1

    003b8ae2ca6d163de0337805adc51e8159b3e4fa

    SHA256

    afac4554dc58d733ba5aae58a02b956d9669033fe53bf950fe98493646657980

    SHA512

    cbec0f54bdf7f39c7c4f95b4ca9b6edcd0cf2f3de15a00f33f47636acab92bd6ff0f9417f166b3e8d76ce3d51506114de764acff9d2c7c213add81304d3f778a

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    35de5ca931302fc475e0fbc00e760df5

    SHA1

    e40dd1b63553ce0cd8ce8bf4fab8a0edc526e089

    SHA256

    e67feded97c708b356264fe56adefdf0145b1871796560967d8edb8684f0c2f2

    SHA512

    a6a03dcbd81c1307c4f114115d4eee9279f14c5ffc098075b6ef671a8fa7ac74afe0dcb36cfebbd39834917e8546fa1abf9b1509d978709c85e07980d6ea6448

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    a3d3622f67f65aaa99ea41dc56a3b800

    SHA1

    2981c307db4377e80d53ca0750da8d22b7351c1f

    SHA256

    76b729284dfc9b4987fc3ed16a54f8b17c12a152508b5fd82eddca5452f4b3c6

    SHA512

    b89063ed0f9017ca652840d901538abb824fae7d1786ff42866ccafae144d1e894db3793ff14594760b3f0ec7f284367db17af09934d77f084861e430d030fa5

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    90d9bb9ae6e365ce4ff9176c2604ee04

    SHA1

    81b089876825894fdd639db974c33469484e2452

    SHA256

    79b2207d6801fdbab6d5219ffa8b6a152961f9bf37a452810f3b387c2cc1659e

    SHA512

    c248dfe2104a2c9fc17eee8261c2297dc575927454558a5c437c9943a4e1f7a7524d8aa00214aa301bb69a151f47f4d41c3ba42cc3b0e03e40636796aadaeb5d

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    02f5a850c0a2a3486ea64496e1c461e3

    SHA1

    64d4d45a52d93be285d0adb5232c947ae3b92082

    SHA256

    2bf0a34b38389a14528468599503523ab00f195d692147aa9c4624c8c2911efb

    SHA512

    91c2c9e9b32c93374b2b5a9d2b9b548506bb544496ff6cfb6a78a6609cda60fa6716ae691a373cb977bc46e141e2a84be6483df443ac5c4ba4f329e98bdcb8a5

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    5ab5b2ba035a1080b5d6151bf20e544a

    SHA1

    28ed8b2f07cadc7bab34b08cbc1e2a343db0d9fa

    SHA256

    5603638e9630064fa03148b08d40db44229d2f646469894279f6a8c7a0a5fa0d

    SHA512

    2a27c4c950d775171c68c148bce3ee2a8b9958cdbed1813ccc990ccf442dc97d3ef6d5333553230103b1f5af0dcca29fa80dd4d2bd6ff89b967072fef38d30f3

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    247609d8bad6ce975f75f2f6fc67d98b

    SHA1

    1855a95d974d77b5bbb69a677dfa49de7bc0a0ac

    SHA256

    4a8cfb0875869a3643d501317c296dd35c24a9cee68a162ff72dd37ae8355163

    SHA512

    be4ec06a05a20ba1758e025eee7fd2db74e6778c24fa57411e75de5372f9d1994389b0bc4824c02cd477f99022bda3f21abc51f4fc9a6b1370703b80c7e42f78

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    bf4bdf910c4dfd84faf8467d3046a771

    SHA1

    eb7d59092a497cf124dc5f754ba97832865873e0

    SHA256

    6a59a825494f1af1eb5836c4e06b4d0b96d88592064c68b655a2ef881efee2b5

    SHA512

    67bdc9b79e687ea67bcbbc81150fdb6be409c531b8b1da4ee157a0cbb17cde1c7e6c1c9730c099ee61e37578949ed5c202cd0f0841067074086592a43b40f559

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    f6746d3caecd131f53f648a9b47a263e

    SHA1

    cd99d415a9e4c93e51e83c1256c488fdcadd59d4

    SHA256

    d855edb639dc082c6045d4ea5568824b64d229debccc30e100adaefbcee409c5

    SHA512

    6741d20f87d627aeac93d3fa909d5efcec2ca1aebd0156caee2fab9f543ae18cf79349fe86409f529b195332eec232dd97e10784933d5c6752ffcebbd15fa373

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    ba08afaa628b37f0455ab6ed8cec8bf7

    SHA1

    28717bc4af8c23a45e89eb99ae8c1bd0aba8d523

    SHA256

    7836f4493018b55df88d4dbb2b1bd89a096968485ff3be7293e9f962cd648ff2

    SHA512

    f0b3747d423d391b5f8b60dc3508406112139eff83689420b882078eff4192bc4e03d751d9c06a178d9b810ae38ec13163e9cd92e01bc192fb1a08d5c9adb1a3

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    0fd70d08b1c12c27319f1c5e0da31a27

    SHA1

    01525da86abfece9571b2d830c0abfb3fd3d4369

    SHA256

    63a6bf3cde70179782375c45e56fb879ae4adf592a5467c555f9baa5867da613

    SHA512

    e85c289a98976b650084e2f190395452288715fbe73fe0b3c6b0148c240ba86ed956311b48eeb1ba0fa6a4b63c21f637884b3695bcff43a8b5f11d6718a2395f

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    072f26ffe7c50ffd1a9a2419e4f2e6eb

    SHA1

    a9b50fdc1037be958c2e266de8f16b03860aab1e

    SHA256

    e67cc32c62c5588302a3cbf6798c4b5240a4b0b7583553ecc31d14a777a02552

    SHA512

    e8d28118b29ee74a514e06a8af29dfd229528c2b5412717fb43d56542bc37fa94c6f7425af59f534d3475a5d149ff62d6616669fc9470bd49f8657901d332102

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    d97e31d54b06f68befef8e084d3fc1f1

    SHA1

    ea454a9dda45b3d91754a81b63a07c83fef0eb00

    SHA256

    1c1000ef92e349d25cfffd91cd712f094b703d85a9b74dc95a1d750b08620929

    SHA512

    7453b521193d8ba956c9970ca7ae37f5d2ef8597619134a996cf7a08ee92cdf26e8fa4d5998641d7f28ef10a0d7ae5e0686c5de58db3aacad56a2c075453bb9c

  • C:\Users\Admin\AppData\Local\Temp\Cab99C0.tmp

    Filesize

    70KB

    MD5

    49aebf8cbd62d92ac215b2923fb1b9f5

    SHA1

    1723be06719828dda65ad804298d0431f6aff976

    SHA256

    b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

    SHA512

    bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

  • C:\Users\Admin\AppData\Local\Temp\Tar9AAF.tmp

    Filesize

    181KB

    MD5

    4ea6026cf93ec6338144661bf1202cd1

    SHA1

    a1dec9044f750ad887935a01430bf49322fbdcb7

    SHA256

    8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

    SHA512

    6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b