Overview

overview

10

Static

static

10

x360ce.exe

windows7-x64

4

x360ce.exe

windows10-2004-x64

4

Resubmissions

30/06/2024, 01:15

240630-bl765a1enb 10

30/06/2024, 00:49

240630-a6bg8athpn 10

29/06/2024, 12:42

240629-pxbtysxfle 10

Analysis

  • max time kernel
    69s
  • max time network
    41s
  • platform
    windows7_x64
  • resource
    win7-20240611-en
  • resource tags

    arch:x64arch:x86image:win7-20240611-enlocale:en-usos:windows7-x64system
  • submitted
    30/06/2024, 00:49

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    x360ce.exe

  • Size

    14.7MB

  • MD5

    be80f3348b240bcee1aa96d33fe0e768

  • SHA1

    40ea5de9a7a15f6e0d891cd1ba4bca8519bb85ed

  • SHA256

    74faf334cb0bdd3e9dfab8c323d4eb3b9b089bcaadc7dbd639d9aa93a4f6f829

  • SHA512

    dfb3b191152981f21180e93597c7b1891da6f10b811db2c8db9f45bbecc9feb54bc032bdd648c7ad1134e9b09e5e2b9705d5e21294e1ae328a4390350745536a

  • SSDEEP

    196608:n+/7/fO/vBSVnf+viDyJBwhsCArf+viDyJBQhsCAaIF/f+viDyJBaF9hsCA6EJ0k:nX/vu0Bwhs8vu0BQhsvFOvu0BaF9hsR

Score
4/10
discovery

Malware Config

Signatures

  • Checks installed software on the system 1 TTPs

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Modifies Internet Explorer settings 1 TTPs 35 IoCs
    adwarespyware
  • Suspicious behavior: EnumeratesProcesses 46 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 2 IoCs
  • Suspicious use of FindShellTrayWindow 64 IoCs
  • Suspicious use of SendNotifyMessage 64 IoCs
  • Suspicious use of SetWindowsHookEx 4 IoCs
  • Suspicious use of WriteProcessMemory 7 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\x360ce.exe
    "C:\Users\Admin\AppData\Local\Temp\x360ce.exe"
    1⤵
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    • Suspicious use of WriteProcessMemory
    PID:1316
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" https://www.microsoft.com/en-us/download/details.aspx?id=46148
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:2784
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2784 CREDAT:275457 /prefetch:2
        3⤵
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:2720
  • C:\Windows\system32\taskmgr.exe
    "C:\Windows\system32\taskmgr.exe" /4
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious behavior: GetForegroundWindowSpam
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    PID:1336

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    2eaef7690a17e73032324402ec9ee101

    SHA1

    278dcf44c077bb1075b5490667cc17a846577e46

    SHA256

    0da18b57eb7b659fa760d2abbeba5a26ac718fad15cbaabf31cb9903af27e386

    SHA512

    d887ede6c56fe597962e4288e03ed74b2ba21014563b288ce5c663f0a61240a5d0e3fbb770bc55bbeb834b2d458566f9af2e812f53cc1cef0b899c8793d2a1ea

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    4358bbb552da7691af4107ee2ee8b8e2

    SHA1

    11c74467c97e5f2293e21cbca06484d4d8134b0d

    SHA256

    c25f6fcd2cfa2efebb959b15b59115660c795e7d3131b0db5e92ce1e3a0f6300

    SHA512

    6c485138e2387ee674dee2d92d2585f8fe4adb6d71a06e54683374aa0ab111430115362782580c02aad27082874f02dda18f9e31d948840fba8f360d72b46ebf

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    b4f0d031a5a40246942bb23b60614ec7

    SHA1

    9f06d6d8cfd5bcae03633ab5b626a9dc149a5868

    SHA256

    4b089b83188b5cd46ff3e81cf68172b1fdba9671220378583966f90658ae6b82

    SHA512

    6d14ba4afe46b659ab83cfb4b3183149c17e688f72fa726ff78bf9acf937a2068fa288dadde9ea6ba8bfa00abbcd1dfed5b97148a3d424d430f463eb6f701ca5

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    9a05c6060ddfd7c240cb441e703856e2

    SHA1

    bdf0d4e5ccabd780394472c67e3f715ef680a242

    SHA256

    95e2dce5456589ddb2d6205b705403e031e4409e067a667e6911cdf8a1144712

    SHA512

    6130588ca0d0876774a63118986f4b8feeeefc45776ee301a02d4c7d6f200fc598192c5fde3d8c30b79b9752732aca4bdf48f1ed01af710827da26a3f1ce21e2

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    259f39d4be901a6fce7a0102da6fb019

    SHA1

    ca3f31d5695d892fb91d2a0fce3d978bda57a560

    SHA256

    4df33fe22d18c2da2441be277629bd47c8f4f86a7cdfcbf9ba71b2c6cf878ba8

    SHA512

    563efce3edb2a75ea59d6ab824b7aad73570b59608d6f2193df66272e122b0e8c5519b1ea9b8e97bfce3696108c8159ddea91d29cf1240a822a21d0ca5a3694d

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    aabc4d46558081345dd780bde4d5ddf2

    SHA1

    c8cdd446b5528dd51e093f574bd1ba9ee3bfbcfd

    SHA256

    9aa724feb1f74def98ea20cd73c65b7caeff19d6097acbceba87ee0815ebf30c

    SHA512

    cdad7862e65feafb1ab242903acb3d785c43a27446e0872f1b58c661a92d91f5ac89e68754df994bdcaf19bead6d8660beb0b2caf3c5bd30e1af9ccbbf7737b5

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    2fc2c8ffbdb436542ecc5e4d4915b193

    SHA1

    b2e078f511eea87b3dcbef0453a1e404f08cf99f

    SHA256

    3d10e755881a90b99a5d97ffa45f4fa7fa6a23acc88e1905c4369a9b36d2422b

    SHA512

    d602550d7f266ff33fe28c6ae9b6aae5fccd1fd21430c7e30e38d11191bb880a8f2d6e6122db9645e49ccbcebcfe17fed4388f330b755d5ac7c0a9f6fbd40ae7

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    18e13b00d9e64649a4aced2b03dc6ff3

    SHA1

    40de8e2872d6988f4f0a8e3c31050faf5f08fff5

    SHA256

    4d58e21a5fad0c85eda0fc69e14478b23682b872c3fbbab980ccc3213a5d616a

    SHA512

    6a631b3bd8fcee5b23e04c84d6a0dbb0a6e339e1990cf732ac0a247e1d7995ccc7b576684bbe050d03e2888a763fb5be1a6efa7a213a20cbe485314b4e50232e

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    660784e161e9d9cdbc919cf51a29089f

    SHA1

    28c6633e1ddf1386fedf7bb035c220cfa9509eee

    SHA256

    40100c83a7e97b6a28f9a78769423d34924e706ec35b010ec781b7a6093cffb4

    SHA512

    ddd7ce4118e94fca9c2d3357acb2385c021944afad04b8b1e22fc4dcb8dcab51b2a5198d810889a14036b1df328d4ddad7ee7f46275b576f34ea4039a1a3813c

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    46c0a1387266d0ca06ceec896af77da9

    SHA1

    994ac4c66371d0e8d34f778a9bb44fe974031dab

    SHA256

    3bb3aad05b0c3a64eca4d17895aa3725c6e75e9eecb627474c4c411dd2bf1c93

    SHA512

    9d762afc692b6170b3fcc68a7c485a2fc8dd37e06a8e3fa2418603e4da93ae2a41bf5d589d37cf1919731ff944999cb4216889ee57a608d60ae47e52217d1007

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    50040ca65a97ecf01d5667205148892f

    SHA1

    bc56c421bd36556f86246f10417c4f9086435039

    SHA256

    6481bda0b3a1e0229b05900478f75db55f7a72687726f8738fca41f0db66790f

    SHA512

    727c61ca3183e6fd55cbb25c532a65fd3dccb894e05d01b3ccfd1dfeff4e07ab9cdc4d0631ff0f78857cd3a598130d4feb0e0eee434b8f93b2e0e80e5c3bd8d3

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    7203bcc357b0c1c3a0fc6c58cf338eb0

    SHA1

    621fd817bc61ed4c5e778a6579e500fa35cf5cbb

    SHA256

    876359458505d98a4a6516c24380b5830e5fee36cbc12e297a2330e9cef163d7

    SHA512

    6fca792356c40bb49e02823b17667453f692058fea815a8f8ad15d2bb31ea0aeea457f6bebfbf288d13543b247835638f437fb99571c8b58ca558b2d5401a590

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    6cd9dbee847a0eb6049afd3b71c493ef

    SHA1

    cb7f36604548b1e3cb0d9fd1a67dc3c953b03b08

    SHA256

    7266624dff3e8dff07d6d1e3977bfecd29062810ba55f41eb420eea59c4e4705

    SHA512

    b7be78217189ad51c22512ee047a6ee56b5ec555da84c1273cf046707da18abbffd3faa0324aa554163d32e276ef8883ca0cb43739187ba6a926b53483e816a6

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    ffb192ec8bdae9788eb608ae6b7aabda

    SHA1

    bd783874d83c6b095d7f2bd53a9c986c1d911de6

    SHA256

    1ff2a50c886b283c8096d75b8ce4e1bf481d9457c6fdb9fe8f1896d04455a37e

    SHA512

    6f43510e64e6399cf96ceda1c943232e69c519a0078bbab181c686883947f5c20987bb1b1a76837472b236569e8a987bd565c440d83b8b1ce4d7c8ddb96b23af

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    478eda7e1a8ca2234fd88498bc4d65e9

    SHA1

    f435a26c659e782f90ff7f7b8751a022ea1c064e

    SHA256

    d7e8bc694e8e20eaf91485c90a4baed9de0466a50a5fcd067bdea8a014162a1b

    SHA512

    da99846fbcc81e216bc3cd008f977697606722cd7f917bd1708ce0926d7b35ea3786549ac723312a9c4a12301618eaa8d5ebb09472cbb20645096e1a0a40cd6d

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    d50d7eb747c79a5b2a056e07fd16cda6

    SHA1

    516ff51e86e28eeb1d70f34f01cc9b0349c4e390

    SHA256

    1d3d21b7a2d7baf64eaacbfca7495329acc4dfad8e52a11b002cba8d86b4a330

    SHA512

    0b47cef6956d9157e26faee3b101e554109e88a7baf5e9bce47104c0814050a74a580e05cb5e00bb72ff58d9eceab75716a40427229f334af3c012db52d20716

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    b58d61646f5283e47b6bb6839bafcdc1

    SHA1

    577b7fec0c667d2da7b1f909ddfbf6d114a328a1

    SHA256

    d923eb028746fadd43335e342bbbb3048081b642a0adc16f7464631f2a0840d8

    SHA512

    cea8592c3804748e0c13d836b7a5789101db256cf31590f5f248e6930a8f7012255df3cc99b743ec33aa015a45841ed1bab98797b7ed4e86fdca6322d06f6727

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    7c9f3e1061d31fd8e5c49133c6c670b2

    SHA1

    513dbb689db53019010d91e81aea844b97de3f1f

    SHA256

    4a64ba37bbb8d3e1a75a736605748ffbbbfb913d86fc26e63cd47fb7d70dd13a

    SHA512

    4592d8d1ca32cd8520a8886427b8b0f103aeea3ef20ed31f03cd36607452fa677c7947a0817b2474099b716c714a6b129837e1858c286c3851ed55ecb3563dfd

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Cab2D57.tmp
    Filesize

    70KB

    MD5

    49aebf8cbd62d92ac215b2923fb1b9f5

    SHA1

    1723be06719828dda65ad804298d0431f6aff976

    SHA256

    b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

    SHA512

    bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Tar2DF8.tmp
    Filesize

    181KB

    MD5

    4ea6026cf93ec6338144661bf1202cd1

    SHA1

    a1dec9044f750ad887935a01430bf49322fbdcb7

    SHA256

    8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

    SHA512

    6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

    Download Submit

  • memory/1316-464-0x000007FEF5AC0000-0x000007FEF64AC000-memory.dmp

    Filesize

    9.9MB

    Download

  • memory/1316-3-0x000007FEF5AC0000-0x000007FEF64AC000-memory.dmp

    Filesize

    9.9MB

    Download

  • memory/1316-2-0x000000001C120000-0x000000001C2B2000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/1316-1-0x0000000000910000-0x00000000017D2000-memory.dmp

    Filesize

    14.8MB

    Download

  • memory/1316-0-0x000007FEF5AC3000-0x000007FEF5AC4000-memory.dmp

    Filesize

    4KB

    Download

  • memory/1316-7-0x000007FEF5AC0000-0x000007FEF64AC000-memory.dmp

    Filesize

    9.9MB

    Download

  • memory/1316-463-0x000000001DED0000-0x000000001DF1A000-memory.dmp

    Filesize

    296KB

    Download

  • memory/1316-6-0x000007FEF5AC0000-0x000007FEF64AC000-memory.dmp

    Filesize

    9.9MB

    Download

  • memory/1336-894-0x0000000140000000-0x00000001405E8000-memory.dmp

    Filesize

    5.9MB

    Download

  • memory/1336-895-0x0000000140000000-0x00000001405E8000-memory.dmp

    Filesize

    5.9MB

    Download

  • memory/1336-900-0x0000000140000000-0x00000001405E8000-memory.dmp

    Filesize

    5.9MB

    Download

  • memory/1336-901-0x0000000140000000-0x00000001405E8000-memory.dmp

    Filesize

    5.9MB

    Download