Analysis Overview
SHA256
10eadcad3ef79833d6e78f5e3247174f79d4d8982088462e697200c5ab78ebc2
Threat Level: Known bad
The file 10eadcad3ef79833d6e78f5e3247174f79d4d8982088462e697200c5ab78ebc2 was found to be: Known bad.
Malicious Activity Summary
Ramnit
Loads dropped DLL
UPX packed file
Executes dropped EXE
Program crash
Unsigned PE
Modifies Internet Explorer settings
Suspicious behavior: EnumeratesProcesses
Suspicious use of FindShellTrayWindow
Suspicious use of WriteProcessMemory
Suspicious use of AdjustPrivilegeToken
Suspicious use of SetWindowsHookEx
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-06-24 18:46
Signatures
Unsigned PE
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2024-06-24 18:46
Reported
2024-06-24 18:49
Platform
win7-20240611-en
Max time kernel
135s
Max time network
133s
Command Line
Signatures
Ramnit
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\10eadcad3ef79833d6e78f5e3247174f79d4d8982088462e697200c5ab78ebc2mgr.exe | N/A |
Loads dropped DLL
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\10eadcad3ef79833d6e78f5e3247174f79d4d8982088462e697200c5ab78ebc2.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\10eadcad3ef79833d6e78f5e3247174f79d4d8982088462e697200c5ab78ebc2.exe | N/A |
UPX packed file
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\LowRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Toolbar | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\IETld\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\IntelliForms | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Toolbar | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Zoom | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\PageSetup | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\IETld\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{256B5011-325A-11EF-9266-767D26DA5D32} = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\InternetRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\DomainSuggestion | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff3d0000003d000000c3040000a2020000 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "425416691" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\GPU | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\IntelliForms | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\GPU | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Zoom | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{256B7721-325A-11EF-9266-767D26DA5D32} = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\InternetRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\LowRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\PageSetup | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-39690363-730359138-1046745555-1000\Software\Microsoft\Internet Explorer\SearchScopes | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
| Description | Indicator | Process | Target |
| Token: SeDebugPrivilege | N/A | C:\Users\Admin\AppData\Local\Temp\10eadcad3ef79833d6e78f5e3247174f79d4d8982088462e697200c5ab78ebc2mgr.exe | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Suspicious use of WriteProcessMemory
Processes
C:\Users\Admin\AppData\Local\Temp\10eadcad3ef79833d6e78f5e3247174f79d4d8982088462e697200c5ab78ebc2.exe
"C:\Users\Admin\AppData\Local\Temp\10eadcad3ef79833d6e78f5e3247174f79d4d8982088462e697200c5ab78ebc2.exe"
C:\Users\Admin\AppData\Local\Temp\10eadcad3ef79833d6e78f5e3247174f79d4d8982088462e697200c5ab78ebc2mgr.exe
C:\Users\Admin\AppData\Local\Temp\10eadcad3ef79833d6e78f5e3247174f79d4d8982088462e697200c5ab78ebc2mgr.exe
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe"
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe"
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2600 CREDAT:275457 /prefetch:2
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:3004 CREDAT:275457 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | api.bing.com | udp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
Files
memory/2100-1-0x0000000000400000-0x000000000042E000-memory.dmp
\Users\Admin\AppData\Local\Temp\10eadcad3ef79833d6e78f5e3247174f79d4d8982088462e697200c5ab78ebc2mgr.exe
| MD5 | 84b7783804fa7506672a409e9899c6be |
| SHA1 | 2da8a6e9c04662564e18cdf98f73e224a5662533 |
| SHA256 | b26a93c17ac6a412c6c191aa6a1543537f3185fe813c24153c6dec736fbad4ef |
| SHA512 | 8a867296b05f45dd79ab64b11b6cc0cc8fad835b2f5ba9b8469981cc9b3e15c91f98b688cbe7addfab7ea2bd55a1d475fc853c004afb24be1b5691f8183c897c |
memory/1112-10-0x0000000000400000-0x0000000000456000-memory.dmp
memory/1112-11-0x00000000001B0000-0x00000000001B1000-memory.dmp
memory/2100-8-0x0000000000400000-0x000000000042E000-memory.dmp
memory/1112-12-0x0000000000400000-0x0000000000456000-memory.dmp
memory/1112-13-0x00000000001F0000-0x00000000001F1000-memory.dmp
memory/1112-14-0x0000000000400000-0x0000000000456000-memory.dmp
memory/1112-15-0x0000000000200000-0x0000000000201000-memory.dmp
memory/1112-16-0x0000000000400000-0x0000000000456000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{256B5011-325A-11EF-9266-767D26DA5D32}.dat
| MD5 | 4aaf0ec1eb980c370a2a84b5f9e8771b |
| SHA1 | 9d573459f2894adb032e685b983a75f6545ddbf5 |
| SHA256 | b6ef540092517b61cd654ede92d23951138a859be6d5807b16889778a694d730 |
| SHA512 | c59fb75bc3a7769a88d14878439d33281ccbeae075b7590a56f5ab20a3c0895605b927d46f612771c225ffe8254357eed7954f3414aa690e72dd62643cede90c |
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{256B7721-325A-11EF-9266-767D26DA5D32}.dat
| MD5 | 8a2e266800821a7d88cade70a2818448 |
| SHA1 | 6ce72404da741bc8fcabf9a0012c154fc816013d |
| SHA256 | b5df526c2fd6ef11d83298089bde388667589e954264a693e10e9e29762b6c2c |
| SHA512 | 6297a3d6ab1de8213aba2b8358c2cc76754bdb65c228b4fe12515b15462f7d4b81bf81d9f569260b17bb74f5c7dbbfb3be27ef09f4c86dba69052631dd8d1f74 |
memory/1112-19-0x0000000000400000-0x0000000000456000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\Cab735F.tmp
| MD5 | 49aebf8cbd62d92ac215b2923fb1b9f5 |
| SHA1 | 1723be06719828dda65ad804298d0431f6aff976 |
| SHA256 | b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f |
| SHA512 | bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b |
C:\Users\Admin\AppData\Local\Temp\Tar746D.tmp
| MD5 | 4ea6026cf93ec6338144661bf1202cd1 |
| SHA1 | a1dec9044f750ad887935a01430bf49322fbdcb7 |
| SHA256 | 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8 |
| SHA512 | 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 4c52b33142680a516cfb4b97f8b8732d |
| SHA1 | 997bcbf588d0bb9eea06db32f242b217181efa60 |
| SHA256 | 78bc83be0568d29d8c50a0b553ad76cbb1b4e8d0290ade9de15b6d9e046b7249 |
| SHA512 | 70eacc360f2eb20b0582b866639b5e7c99cab1aee07c1166fa0238ee7143d135f23b3df5ec3166f6e59ac8ae30bd139367e0b612e4706bde0ff33ddc89fbf1fd |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 1363aeb4e0c7f661bd497f81c984b4f0 |
| SHA1 | 4d5bc2eaf5f7fe1fdecebcfe6bcc95ccb08ee1b5 |
| SHA256 | 36067dcabfe494c8e06347482d0b6465f61afceec21b8b2aeba816f702e93a56 |
| SHA512 | 4ebe65075f716e3665467e02c2327dc6cb236611284417f88e8452b70d5ceb9a1a9d7f704af3046dbed92012b7cd4620a086addf8199214b5d2a52efdf708bab |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 5c72d608b698a767378500fe42e319c1 |
| SHA1 | 50daf1c1bb68eb83977fbc086192ef72323247ba |
| SHA256 | bd025fcd9ea476eb4d1b36bfcd90f6de93cb6d315957e5c0b876a1b7ac8c858f |
| SHA512 | af18c7854d7b44fde5b9a7b76e5e0e38cb7482a7c7821bef925209a004cf6a6a6d967551d99f707d16257b4840e339483a35cb0d43437b7efc9ac38e0c771184 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 4a799401f841f3d844183f98d0962edd |
| SHA1 | 321910d117e4d8b5a30a22062caee20674faaa4b |
| SHA256 | bf3024c917fd31f2d5feb00874f56973c811be3d14cd33a0161462c86d042937 |
| SHA512 | ac57edaef14aebff195704198b9c2af96c19b184741de2cb4e85ffea2c0f8a434b89482b283e08781c4fc2980d2892ddf55000733c4b72dc540dd47fc70508bc |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | d32c154781acda471f5e1a45d0b222c5 |
| SHA1 | 212caaba903d9b407605ef99b246e5287c63e61a |
| SHA256 | 9b43625a21221fd6f559ea82aff7af96f3989a1634b7c71d7ee536592ac69ae8 |
| SHA512 | 52e7b7992fccdbe01b30091cc6e45f8248ebcbbc6d56bafa6994d87500c37d38e027a65eb91ca6115089c9271255533d8bdbaadca13818754a4fbdc5a4090901 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 20bbdf67ef7524dff970da8e23ca76cc |
| SHA1 | 1738d0232eae7063bd605155fb9c54ddd2ba740d |
| SHA256 | 792d8031a134fb472bcb858220ccc5d1af1a8e3b95f7feabf375852358f61085 |
| SHA512 | a8abecfca0925d407490e608e81e17c4c8c36dd07fa5739199b464dcce393ab1c0e1d2f4ce7992c367ee93d2ce80482def4aaa42c3a5dbc784af82f9002335ce |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 4219f5a7cfcb14aabdc56a5d44887791 |
| SHA1 | c7e15ac7f429f1ff3989d42b0c5c2e37d815da02 |
| SHA256 | 4f9926579b0b7f294d93c4878bdca1398984dd77666729f9f23e630855bbc22b |
| SHA512 | c6b73be88631d8fbe67b736396184ed79ec53a27bd22d58ac0f87c1bba4840bd64a2a2fd2432b062430ce1ba2eda00a07882148ad9afb4e6b3fc6ce75604c7ab |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | d21201e4ee77f8b4990b6faaadf58bfe |
| SHA1 | 3395665439ae0030c23ec2502500693fe4e172bf |
| SHA256 | 7b665495eb07ea2f9ed5c58ab4a86a67711402f78bf1cc58240a9817499e8eeb |
| SHA512 | 90dff2f240551c8405d1f0920428e2706d8ced13f3a30f8d6078c9a77c54471d0aa07d71afdf2695b52a7ac739050869b86afb4a99a5f067fddec373fcb59dd2 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | d1c96c59edf72dfb249f886da33ec6db |
| SHA1 | a901077f3320f2d75a300f97647bd367f6ecfa63 |
| SHA256 | 7bdb303a986ef08ad3cb42a474682c456c4601e48d2ebe177a215c6642d03efa |
| SHA512 | 961e4d874959d041d656bb63db685d38ee68f817804a5ecd9896223506e844d56e82694d91c36f11ace66b929cd86a9d96ef14cb697d9d04079861b5c24abcff |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 137d31ad8c59362cf8617caee182d2cf |
| SHA1 | 1041f9cb937bb5513e110776272b64286ebd10af |
| SHA256 | 51714b000030fc1b1d66324aa42b9f7270aba5febe0253bc812877d19f223073 |
| SHA512 | ec3fc337ac9a9778dbefe3674926ae5a0bd7a0786102efad6a9ba1d2694ed37d84addf0eb5c5a8af2ab08ba8df152ba0a8c36337fbdaae042b00f1aa206ff242 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 39a3625c6d8b80e2549f7fa8f75eaec3 |
| SHA1 | 8f009c7b198fe22521ce98484ee755ef511a16ba |
| SHA256 | 0a48bd413aa55df9f151c15db17416072cdc1d4928faf1390c26d9130cfb6068 |
| SHA512 | 44f535dfd4f465c76782eb3d9f8488cdc1aa543a4b258958bcf238614736cbcd87834d84182712fe050c5c9da64d0b91cc22f833079519e153f21f19f7a36edf |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | f3cef9a9d60225deb75dc5d45f6c3a32 |
| SHA1 | 33e103572e026a75e1efd3be11bb9c1db548d434 |
| SHA256 | 31d377c8869a942c3f818017493a15924b99459e524bd1c045850971685f4a03 |
| SHA512 | 91316f87dd0d36e2213c65f757cf431bee7993da4c526eb15b2be55d7af0721d9353535eb5e129fa90b42ab4124e22da5684e9b8ce2f0c9aa78a88a829a0a4d4 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 3af08531720dc9c76d7ddd95fb554b7c |
| SHA1 | 59303286be2360a94ff4209c0e6485d471160398 |
| SHA256 | 98196bcad04759c12ab3742668e1076134ec849214df9a6a9072246b40072b38 |
| SHA512 | 42a03098691ca80a524ab592b7895a548aa395c844a56a1e4fd2f0d9dcee3763bd0aaaee69526ec817fa2d4616aa2bfd5ce13d945bd581b733d4208177a8fba1 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 51f7cfa51fb7a407503923c95f9426de |
| SHA1 | 74e43bb03380927a43251f180c62f0e6e00ae8c6 |
| SHA256 | 31a1acc286e810ba4774d4b12325a5416e72f0c12abd33d86eea1fca9af1ba0e |
| SHA512 | 0bc95ffb8025ec0001d6f41fbd03c48fb74207316668ed25bce6ca09cc2eacf5040196dfd9abce60b781e340db4364d7b1ea4edf8916352811882cd9321bc2e2 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | bbf22fd65430486cae2650bf99b4b981 |
| SHA1 | 2ede00c606e804d5140f6451839ebaf3718d9eb7 |
| SHA256 | 714ac47c13c3e9f542ceeeecba01cca454ec173712ce66781cac9247d91999b5 |
| SHA512 | 1641da1d0e4540093cb0be566410944a463ad2a1c2f826b84b805abcbf6dbc4c798d7f935f6991fc235a207246c7b3fd8ca70d8f68ef2a3c76a95bb2f607e0bc |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 7754faabb9db0378c29ce3d1c8c46091 |
| SHA1 | dd2233f0aff3f13c75096ecf106e72d0e21b3a2e |
| SHA256 | 81b377698e7071e347d77709b730a0c0173c43852a67651453bad2ef8ceb3a2a |
| SHA512 | 0025c583d5cee0a0065819f963c55fa76b910cf8ca0c1442dbb4781aa2cfc4fbf04cd2d4be39292b8c51f6ad415494ef1f9552985bce7b9604565589a8f403c2 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 6ebf1671c1a304ec0e216a6f61d80b94 |
| SHA1 | a69d40e33452954639db32f01594859021f28fef |
| SHA256 | 59c3cb1c3ea61d5e5534a66d988f7f9ae25d14563ce761ecf6db8dcab44a8c74 |
| SHA512 | b2166f49d2cc8864f15fb518cae9ea69127203c810f725ec1ecdfa963a58c97655b7f60fe7f81e162633efadc5f5691a5a3a01ad01c60314943cec0f7811ae91 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | d01bdef4d402b4d5bce7b3e8c88fccab |
| SHA1 | 834813dae5fef8cba888a20d05b60426928940fa |
| SHA256 | 14a3d0d1cdcee1b192e03ad250a3821bc831fe4c1eaafad8ea29e4aa8d43b5e1 |
| SHA512 | 1251bc57f07e74e67a2a831f807bc73d60fc2bf35ea82d0371dbfc58389408bcb941be7e8cf90c868bf970b112ff189a7b19136a1b7d077468cc201877b5d464 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | bcf8e58156d18952cb776ce6b0f48035 |
| SHA1 | c95e3e582e9ed47772fdc2946098346d0e7b5b62 |
| SHA256 | 28f1ec37e9a64be64a90ff41b1c7ac52e7cd33095a2952b5f1914f7016244049 |
| SHA512 | 24417d3c304e06245549959db81dcc2121cb69f57a642066b7875a6d6708f50621deb18537872d0cec355ee3952670ec1b5bfe4a936e9399243e924cb8cbf485 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 0e0253fddca9a81d8252e872ce415462 |
| SHA1 | 8083c425b4438a04ce52fdddd26bc21e9ef5912c |
| SHA256 | 99a261f48bba80ec7ab72a27b2b2f70c1af0303b797cef2257b0c8069b39be8f |
| SHA512 | e9d1d88931abea3386471d8b29e6099acf6176e3f4bd8a5f47e8607d29f3e8913fdc70312d10e2e9531f00be7f17e554a9b55aa1c0280026d0efaf184ff9dc56 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 17080b1135405de62626a1ec5e1446d2 |
| SHA1 | e40c67a6f31e452c4819f63e5af75ca354404bac |
| SHA256 | f76c53f1c8306ef9c17a903b18b3db307dcf974dc51810150d8a9e4537d0b762 |
| SHA512 | c7f2bb332fba6259573b891ed780e2cb2e7b6cb9210beecdad4c95ae7daba7b5f0e8f3a55fc0c7ac7f884b49f5154e3d66a39fca63157a93546de7c03b038998 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 258f4e02926077efe2b65cef1cc3c3ba |
| SHA1 | ff403a972cc8d233ebd8df849cf89f1a25883dc7 |
| SHA256 | 13ddd71e1044e2cc7bc6968cd166cf49a1f2a64cece0ccc412dbbb72983b5c15 |
| SHA512 | 257bdaaf64cf025dba849f24aebae9e63611af832b7a19dfc033b6d3775ab30f9c3f1860284bd53de3cc0556a6c77a8e99d59d635905f1c3846877ade0ac7f9e |
Analysis: behavioral2
Detonation Overview
Submitted
2024-06-24 18:46
Reported
2024-06-24 18:49
Platform
win10v2004-20240508-en
Max time kernel
147s
Max time network
151s
Command Line
Signatures
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\10eadcad3ef79833d6e78f5e3247174f79d4d8982088462e697200c5ab78ebc2mgr.exe | N/A |
UPX packed file
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Program crash
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\WerFault.exe | C:\Users\Admin\AppData\Local\Temp\10eadcad3ef79833d6e78f5e3247174f79d4d8982088462e697200c5ab78ebc2mgr.exe |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\10eadcad3ef79833d6e78f5e3247174f79d4d8982088462e697200c5ab78ebc2.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\10eadcad3ef79833d6e78f5e3247174f79d4d8982088462e697200c5ab78ebc2.exe | N/A |
Suspicious use of WriteProcessMemory
Processes
C:\Users\Admin\AppData\Local\Temp\10eadcad3ef79833d6e78f5e3247174f79d4d8982088462e697200c5ab78ebc2.exe
"C:\Users\Admin\AppData\Local\Temp\10eadcad3ef79833d6e78f5e3247174f79d4d8982088462e697200c5ab78ebc2.exe"
C:\Users\Admin\AppData\Local\Temp\10eadcad3ef79833d6e78f5e3247174f79d4d8982088462e697200c5ab78ebc2mgr.exe
C:\Users\Admin\AppData\Local\Temp\10eadcad3ef79833d6e78f5e3247174f79d4d8982088462e697200c5ab78ebc2mgr.exe
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 368 -p 1072 -ip 1072
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1072 -s 264
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
Files
memory/1568-0-0x0000000000400000-0x000000000042E000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\10eadcad3ef79833d6e78f5e3247174f79d4d8982088462e697200c5ab78ebc2mgr.exe
| MD5 | 84b7783804fa7506672a409e9899c6be |
| SHA1 | 2da8a6e9c04662564e18cdf98f73e224a5662533 |
| SHA256 | b26a93c17ac6a412c6c191aa6a1543537f3185fe813c24153c6dec736fbad4ef |
| SHA512 | 8a867296b05f45dd79ab64b11b6cc0cc8fad835b2f5ba9b8469981cc9b3e15c91f98b688cbe7addfab7ea2bd55a1d475fc853c004afb24be1b5691f8183c897c |
memory/1568-4-0x0000000000400000-0x000000000042E000-memory.dmp
memory/1072-6-0x0000000000400000-0x0000000000456000-memory.dmp
memory/1072-7-0x00000000004E0000-0x00000000004E1000-memory.dmp
memory/1072-8-0x0000000000400000-0x0000000000456000-memory.dmp