Analysis

  • max time kernel
    119s
  • max time network
    145s
  • platform
    windows7_x64
  • resource
    win7-20240611-en
  • resource tags

    arch:x64arch:x86image:win7-20240611-enlocale:en-usos:windows7-x64system
  • submitted
    01-07-2024 18:42

General

  • Target

    uninst.exe

  • Size

    66KB

  • MD5

    cda25e3909eec054001256e77209bd32

  • SHA1

    0dc7bbdf13a6df1a4e5b9ae23a64853b36394fc9

  • SHA256

    679ae280e8b79691c61eb5a2baee323112d4de2bc8cd730283a368cb3f6dc5be

  • SHA512

    f4f68e88bfa3cfb0dc644c580588cc42a2beae55464a44cbaba9d1af352a8848fd594a447072f0ecc751ed81a3d0585b2e58ee3c62a7899fb7cd6f5a8b3f3d8e

  • SSDEEP

    1536:shq3+uta99Hj25XvwLXJLiFYRN6QcIwytTtRE:OstajHKBvYXJLYqvthRE

Score
7/10

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 1 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • NSIS installer 2 IoCs
  • Modifies Internet Explorer settings 1 TTPs 34 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 12 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\uninst.exe
    "C:\Users\Admin\AppData\Local\Temp\uninst.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious use of WriteProcessMemory
    PID:1412
    • C:\Users\Admin\AppData\Local\Temp\~nsu.tmp\Au_.exe
      "C:\Users\Admin\AppData\Local\Temp\~nsu.tmp\Au_.exe" _?=C:\Users\Admin\AppData\Local\Temp\
      2⤵
      • Executes dropped EXE
      • Suspicious use of WriteProcessMemory
      PID:2728
      • C:\Program Files\Internet Explorer\iexplore.exe
        "C:\Program Files\Internet Explorer\iexplore.exe" http://www.newasp.net/
        3⤵
        • Modifies Internet Explorer settings
        • Suspicious use of FindShellTrayWindow
        • Suspicious use of SetWindowsHookEx
        • Suspicious use of WriteProcessMemory
        PID:2800
        • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
          "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2800 CREDAT:275457 /prefetch:2
          4⤵
          • Modifies Internet Explorer settings
          • Suspicious use of SetWindowsHookEx
          PID:2868

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    a62e2e4b35cf1a158710f261138c29a9

    SHA1

    f1f1f40ddc808b6c9738e7dd57e910b5dea6cc2c

    SHA256

    67ba89b2dd354373aea80ae2388f8d5a432f022be6bc6931a0451f6de32f8264

    SHA512

    0d665a2c0d15d88c5907b70547d6944d3333460f3879296664722038dbb624ccf697dd497ac67dc28db7c665af07c4c616b0cf5edcb133a8b1b780cdc8a5b487

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    f233210b08b0cc63599595a8f8c75f4a

    SHA1

    bb29e1de860eeee6d6d4430c5bff3c25924088b7

    SHA256

    95d136a7601bc634968624431175d1cda41464098fc75b0de31968c6d18f4f63

    SHA512

    4cba6b1bcd7b4eb51afa1a240e4e235ad3474f034abca13907385fc3ab5d419e849daa50f864398413545c70ad88f42fc3baeb098890df24663da3ed0fbd2254

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    b1d1c988faa40ecaf21e5e5bba2fefef

    SHA1

    93843b33328d6ad65faa66c868fdb0eea4b87309

    SHA256

    794e092226005e289b6a9bd640f7f62017637b812a896a979d57e3169822ebd2

    SHA512

    36587b0f8feac7f7f1c2aa206afab64269bcac29e275a777b90aa6e43e900be9edcd042d235d7504781012ff893d81f0db4884d212e1ea0b687969ee3bfcb1b0

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    c313325b7a5ebb96ef3ad3a29005464e

    SHA1

    34086eed0a75b8efd946592ee8c1d958ae3bd214

    SHA256

    30cea753fd8437cfc6db4c29094481b6c54cf383dfeafd175ffa813501e17a9e

    SHA512

    427f517dad80282a672ec5b6831d8c83ebc13f8b0d2ecfb744cd8fe2f3b5c551e67ceeee2acb98ec2a19fec6b5562f16eb5a7c950bcb869ad28c7e93f55b3294

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    254fc7af12740fd61bc26fa6281145e7

    SHA1

    494936d3465760b218f9b117448dad87591e7242

    SHA256

    712d25967406fde324fa9f307934eef7b145109bdaa73ee2687accb2229d0e68

    SHA512

    fb68dcd61a7313d0568338787b5c69303f7fcb862584c968ecd0fcc0521d92afd2f0b914093558f1dc5ae1406ee55ab217bee5b2978addb6a5fbe8dc1860889b

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    4ddb80a0c75971b3370b0adc9050a242

    SHA1

    531d3c93d72c3054c593153f15b373ae29e108e6

    SHA256

    ae084f9baf059cbf7c9d3936476206c64638b5535c61dd961cccaca1842894ed

    SHA512

    fa230e0d6dcccfae84f86012673d2ea6cd9eb85bcaaf5e81dfcb194dacf6c452e8cb4d92a6427c3f8967df9b8d7307b4abfa64dd5865694d6b02737a120cd74a

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    76488684d3535b6aea60a7c5bd89bfaf

    SHA1

    d858be20aa0cfe46a837feaf678ce41503ec283a

    SHA256

    053ccad231fca3b7b15c4c11758b13255f598b5f9af6a2c99e6b1aa774762fd7

    SHA512

    bd1b69d5b8d33f3c872af60a5f214722ed0a0cd8769e8fd5bb9d41de394c0d6b86036e33a1cc238f863ed9541ac7f1f470c66758f858b91eff956f983acabbec

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    9422978a39bd5893403c41bbebb112b3

    SHA1

    3f3c853846c7c1363d9beb5deca2452ffdf5fcb5

    SHA256

    5feed26e42862ad6e3ec8ed371e25287bf0587a1dec705c67b91f147eac2b4c0

    SHA512

    ead8b22916e607e2fe9c36967d55f21970749b65c0f1542e31ab3526e3e9fc0f367e7715bd09b9ee504e8a80caaf960eaa9bd8b6177942918c779862a4b6ff96

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    3d5b24385ba55e817a77d317cc7c8ae9

    SHA1

    0e14dff67b649de3cacc4d9238f81e92eabf7df1

    SHA256

    9c29482769fb09d03bf0ad4d2417939c1bc9d6e0cf3aae5348de41c9111eacf9

    SHA512

    68b2af3286d85cbb8d1568462253d30175ab9a000745a54b67e883b9e6cca77c06b2279115cba977d5d43b2163a53ce32da02c83e283abbf4d13dca17cb3e5d3

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    e32034ac3446958e2e549e15612e8ac8

    SHA1

    ca6d025ff11f30db0e0d46a0b72f858f8fa0d37d

    SHA256

    d530fd70f4e6b45ed8fb9e3b67c2d55b6baf294bf46fe9d646dd85686d086532

    SHA512

    77b8d9406529830241eb712c438e75814894716e751d3d6692f9e279bec82c17bdfc0e291bf70aa7114c357513d37697f5b2fe9f3676f83c0a5369c3ca5c5b01

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    157a2db2e9700e403ce5e06c108f0d63

    SHA1

    ccfd7e90779cec9615772ef05a3f7a8eccb96c33

    SHA256

    27577806a8b688aa56f5cb3ca6096822c8a4489210f07e434a9a276d121d263d

    SHA512

    e3c5496e5cc96410ac4a82d1f67d2a6c91fe1c4c014f8ff4b646df562b81551fbcf29a1b5518bd70befcfa8cc62464dc98395b13a1ca6215f00f5cf01c744d5f

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    0a38ecae9b07893aceb72be1f50342df

    SHA1

    40cd74592175b91600b955c9a1e01cda44e738aa

    SHA256

    48371cf7fdc6e6f78862791726b8fe904905ff7df5be5939056fddc722f7c7b0

    SHA512

    76f83fb43e26e0f6ab13db07d96cd6fe4989120fe4fcfcd2f6938779550ef5c0dff7fed4a4c073584230ffb0070b1b6227c27e4ca0250c6d4276d0882b4e5147

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    d2cacb401f3122bdef4c8ed7004d1e19

    SHA1

    851796de237c22b05c62d1f992040ca6c2a7505d

    SHA256

    ff47f692ff8f9c6e94386708efb59fb913a5c651cf7501252d21b9c8b931b1a9

    SHA512

    f9577ba735c436b32f8d0728863f27d658198fe09d348bc7cc04466e78644de11e8414b5d584518463f044a4312e7ac608fdd283aa359ce174ff7ee126bb4aa8

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    1aeb2146485f52d81e7cdf836f76b644

    SHA1

    bca4d0bce16b724612fdff5b8cb451bc3ff11833

    SHA256

    f999ba004fdbe8b79a6c1336fbb4e5f842cfe10507dbc4d3b8e5565c5a72073f

    SHA512

    e84c2e57353c918f2c26fba449357d107c087179607206be2c82d6d9167876c6f8119597e2c004c001a73f2839fac8b553226a3cfec8a05a4d5b458b652eb778

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    ef19470b4f84a3db1270b96b8738193e

    SHA1

    c86817c4e13bbac8bb9a853ce6270ce7e617bbea

    SHA256

    fdf219d78a853c1ac140d648970d010be17698b55f3f76884c8cc08bb498af5e

    SHA512

    24c5ffd302448c208b47decd9aafbae9a3cc50e9f241fe9777a2d41f40211a0a2e74da308e212f00d7de26060e73a99750651de57aa3af4d3401d7a0d9ae9263

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    97fe81c76bc19c3fdc49e1b0f1cfe980

    SHA1

    3e35697995597537ac6b6fd7c0d2e838615856bb

    SHA256

    b7ec7fdf47185f52539e61fc0ac2ba37be2e225a13a6e546af1c46f42684c88b

    SHA512

    43e696f1b7880be59e086c2ab064baae1ece2d3297cba3497b9c8e9c944f740c0cb3e6e08700c2c84860cecab4f13d8125d79c0ff8c56182219a52854b7ced4a

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    50cda454abf6f318e7566508363cdd59

    SHA1

    925c4c4fe0654711234ded21e3b57bfc8f19a01f

    SHA256

    9c93f9025970fba5b471eba8f11e307121b399e8b3c64d06e59757eb24d267d9

    SHA512

    afbb082fb18152ea70e135a5c85742000626a7a3a0098cf8b68e0d05fc88766957b52705e6f5d27ca9da8bbed26354201e2034ef1f77a1765b1bec4fdb8dc73f

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    2814192b9ea992f259209c62d8d89a70

    SHA1

    9019e3484b22c3f3de5b155c25e5f4813e7a9f47

    SHA256

    741658d4f4525e88539061d27c05221e953d0254f1f5d9c7c6c04c88b6191d3b

    SHA512

    4e20e4998634f34e98881d7ccb5eac0345e4d56e220b791e7bdbedfb9d8d02d77da82963534a7ece5e0a8834b7921697bf69182a929b05c502c37f8d7814ed37

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    2c1f75f0f8820243628dc38026160639

    SHA1

    00c072a671eb0a78579f2baadf130e7a1f9626e4

    SHA256

    6c9a702c7471d1dd593dd41d5cbf8ff428c6205abc9c0870d8510e17e696db4a

    SHA512

    84ff4cf19ad5acc82926b5c2dcd673a9d4fe71d042a63bb9a0885ad3c95ceb932707286bbd292d953177cf4d42a9f98fec4a78ab3125a8190d6ea13c091db145

  • C:\Users\Admin\AppData\Local\Temp\Cab70AF.tmp

    Filesize

    67KB

    MD5

    2d3dcf90f6c99f47e7593ea250c9e749

    SHA1

    51be82be4a272669983313565b4940d4b1385237

    SHA256

    8714e7be9f9b6de26673d9d09bd4c9f41b1b27ae10b1d56a7ad83abd7430ebd4

    SHA512

    9c11dd7d448ffebe2167acde37be77d42175edacf5aaf6fb31d3bdfe6bb1f63f5fdbc9a0a2125ed9d5ce0529b6b548818c8021532e1ea6b324717cc9bec0aaa5

  • C:\Users\Admin\AppData\Local\Temp\Tar7163.tmp

    Filesize

    160KB

    MD5

    7186ad693b8ad9444401bd9bcd2217c2

    SHA1

    5c28ca10a650f6026b0df4737078fa4197f3bac1

    SHA256

    9a71fa0cb44aa51412b16a0bf83a275977ba4e807d022f78364338b99b3a3eed

    SHA512

    135be0e6370fd057762c56149526f46bf6a62fb65ef5b3b26ae01fa07b4c4e37188e203bd3812f31e260ec5cccff5924633dd55ab17e9fa106479783c2fb212b

  • \Users\Admin\AppData\Local\Temp\~nsu.tmp\Au_.exe

    Filesize

    66KB

    MD5

    cda25e3909eec054001256e77209bd32

    SHA1

    0dc7bbdf13a6df1a4e5b9ae23a64853b36394fc9

    SHA256

    679ae280e8b79691c61eb5a2baee323112d4de2bc8cd730283a368cb3f6dc5be

    SHA512

    f4f68e88bfa3cfb0dc644c580588cc42a2beae55464a44cbaba9d1af352a8848fd594a447072f0ecc751ed81a3d0585b2e58ee3c62a7899fb7cd6f5a8b3f3d8e