Overview

overview

7

Static

static

7

2944a5f345...18.exe

windows7-x64

7

2944a5f345...18.exe

windows10-2004-x64

7

$COMMONFIL...og.dll

windows7-x64

4

$COMMONFIL...og.dll

windows10-2004-x64

4

$COMMONFIL...m.html

windows7-x64

1

$COMMONFIL...m.html

windows10-2004-x64

1

$COMMONFIL...an.dll

windows7-x64

1

$COMMONFIL...an.dll

windows10-2004-x64

1

$COMMONFIL...fe.dll

windows7-x64

1

$COMMONFIL...fe.dll

windows10-2004-x64

1

$COMMONFIL...an.dll

windows7-x64

1

$COMMONFIL...an.dll

windows10-2004-x64

3

$COMMONFIL...fa.exe

windows7-x64

1

$COMMONFIL...fa.exe

windows10-2004-x64

3

$PLUGINSDI...LL.dll

windows7-x64

3

$PLUGINSDI...LL.dll

windows10-2004-x64

3

$PLUGINSDI...LL.dll

windows7-x64

3

$PLUGINSDI...LL.dll

windows10-2004-x64

3

$PLUGINSDI...em.dll

windows7-x64

3

$PLUGINSDI...em.dll

windows10-2004-x64

3

$PLUGINSDI...gs.dll

windows7-x64

3

$PLUGINSDI...gs.dll

windows10-2004-x64

3

$PLUGINSDI...Ex.dll

windows7-x64

3

$PLUGINSDI...Ex.dll

windows10-2004-x64

3

$TEMP/updatesafe.exe

windows7-x64

1

$TEMP/updatesafe.exe

windows10-2004-x64

1

IEProt/IEProt2.exe

windows7-x64

6

IEProt/IEProt2.exe

windows10-2004-x64

6

Analysis

  • max time kernel
    144s
  • max time network
    146s
  • platform
    windows7_x64
  • resource
    win7-20240705-en
  • resource tags

    arch:x64arch:x86image:win7-20240705-enlocale:en-usos:windows7-x64system
  • submitted
    06/07/2024, 18:57

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    $COMMONFILES/Angels/go114fa.exe

  • Size

    26KB

  • MD5

    be4cb0b0f6b6b2392e4df25ac7a1ab60

  • SHA1

    445d5b3ad9d14231caa5db1b2d899f37430a63c1

  • SHA256

    5b1a692e365eaa612e11e4f7161b2e2223b3f8171a18516368d646c16bd53e2c

  • SHA512

    fce748853a7f2e524f60c03b6587349c09211648978a9470c9980976b8830d0689a2876f60a6358f5dd8c5d886325b75ace982679ecaf6f9863a96d5d1a00646

  • SSDEEP

    768:JicxqkQ0OJQSf5Q4bDb87SSFAuJJ2m81LLEUbGNl:wcxqkQOYDb87ZFAuJJ2z4QGNl

Score
1/10

Malware Config

Signatures

  • Modifies Internet Explorer settings 1 TTPs 34 IoCs
    adwarespyware
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 8 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\$COMMONFILES\Angels\go114fa.exe
    "C:\Users\Admin\AppData\Local\Temp\$COMMONFILES\Angels\go114fa.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2888
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" http://www.114fa.com/
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:3020
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:3020 CREDAT:275457 /prefetch:2
        3⤵
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:1796

Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          342B

          MD5

          24e80ea29f01dac2bfcf5da607ce8c64

          SHA1

          e0b519377e8cf00364520442bab25aa39d78e309

          SHA256

          06586fe4e109e23f1580ea5a756946938c041596b56219b33023f49b43e50a82

          SHA512

          2f553f92710c8a243eae03f2c9d1f2dfd9bb8746e4511aa22771bb03c5bcf7a5f5d6bafb0d91e46263a65ef7ef9c49f37770658d6337252d07374caf8b833983

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          342B

          MD5

          00bf2600f66f034711926cd731585a21

          SHA1

          3d61205b938a805e4893990c138314df71f1d5f8

          SHA256

          52a1c80d6dc8966f95e734484253c1e81b3159275676f27ae085c4b77fc5f792

          SHA512

          7db28bd68cd6148fd0167049361460faa1b677d6ac1e375d06b7f51532d9ca93e993689185a5b1401ef5d255d2a3527382ac46c2fcd3e247d4d36e405c117398

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          342B

          MD5

          fbeb9251a809e3fba4f8dc7d58f0f88f

          SHA1

          5d30b2fa11dfdef1f85736ddb8f37faf650b952f

          SHA256

          3a63651a22a28794088695d4120db8508c39388dd238d5219d0dfb25a3881f92

          SHA512

          699bc9169ef1a2326dcb0ec8bf083817b520c682914f59e3ca5d37a707081144f2efaf18f755931c11cc261ce7f586234179859cafb9eead61f4da99283ac0d1

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          342B

          MD5

          6ece1d8378581cbb37eb1b11b4c0f81d

          SHA1

          8030f93adc302bf55829b6d7b07ca78473d18b27

          SHA256

          a150344d8024c33474b18ef3db7dc19238621c4a9209dfee284f03984b2a5379

          SHA512

          5d1a6e6ca455440fccf3428222d6e8d61b579660bb049f142ba4ec4f3f671baa84325950169143c759b57425e71a740d325ec7b9f5f7ccc0fe65206cd85a3b6b

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          342B

          MD5

          d3f16451a98e9ce5633f0ca3b4549688

          SHA1

          1c3e54ece62061782015e999ffaee7c03044bdce

          SHA256

          1788ab89e1038428504778ac555427a9e97494e92b1fab158a41e438043d7d26

          SHA512

          bc1d9601256a43a1839ea4f56233f713d42d31b5e488b80ac7f5934b889d07066bd06846aaadfc8255d5d9653d19ae0b9cb9614bf1ce4651813fc6408f725dd7

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          342B

          MD5

          5c4ba22ba9651d19b7e73bd0f343a338

          SHA1

          7b61cd6219594e5a553dda60f1b0b9f6b68c497c

          SHA256

          be9bcaa94cd709f1b14b1cbc71c255e086aa62b7d1197c6f5d78448d3b5aacd3

          SHA512

          36a81376eee73dae3faced5750ae298eb7f2380a004a2fc478622dd4c25f1279aa521f3d98b88d6fe1515556a36bf5a64afd48674cd461cf1804a1676bfc1b39

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          342B

          MD5

          58b13f4bec9a20aaabd8d64609f30f8e

          SHA1

          db01324469121d384cc1032079ed9519acc8685a

          SHA256

          e0bd18c18539fdd4be65773cc7e2780a6b40e7c5261ddb2046af7696987e6784

          SHA512

          b488c694f3ba443d2dc7063e83ae63e5fa4f808f455e9947b6e9209ce051a861d6e454b749523e8d9de7fe508212dab6ea4b122afe32def6ea02544cbf3e2637

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          342B

          MD5

          442dbd9e774d5864e0c25ea53f62846c

          SHA1

          1438ce0a7520965169f54b823ad9bb7253c0b167

          SHA256

          2172534ac7ba374b0683e99450463a179588553346dfb9a980f0c7dfac954855

          SHA512

          76ca7176c660232dea9f0ed2433e7d3b12ac57310833966010272b983a8ed8d8329e2714b890fdec699ebed4bb1efd25647e30d43c13c466aa7567a2451d4712

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          342B

          MD5

          46ef8835b6d75842e867e9676e79f83d

          SHA1

          06cc553ed6f33620f32a5615f9caffec535ba8ab

          SHA256

          706e54e34f2aa83f9238b7c61fca3504fc68334b5ee2f8bba65016354e0f8052

          SHA512

          8c144ccba8eab70e93f2402a395484e77cd70ea471cda364d8faa14860aed7caefa979a5bb3f4dd04433abcda4136cb7f447b59176a22c0097b91142a1401235

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          342B

          MD5

          8dd620d1b5636cde49eaf08a8d3564ba

          SHA1

          402b9a16cdd4a4150208314975d7cac3615fd9cd

          SHA256

          39f1436cc0bf05dfd122135c1a6479f4795c9c095ce3d7a74fb6342c89ae8ce3

          SHA512

          7fb2100b9bb575ed2577fb82c4a45934964ca6bea22bdf2ab77efa86400aed694ec79fe832ae01ab9d7de8176546ecc01bec8a71cdb3cad570235ef8a07406e2

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          342B

          MD5

          55e752a2830b191c350343f2dac2b6f9

          SHA1

          e3a9540cf730447aba56160200d9bc1636b8b85a

          SHA256

          854247e58424522afd045d797dfd50a9a683ffb03acb26df0ce91359905d8eaa

          SHA512

          06a2ba645cdb758f7095d3192a8f67091c5f0e43caac60c570a37085c907558da13803188b1181e5f0cdc9a85596a6fdb76c8de73ca8463b6e46b77933677b63

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          342B

          MD5

          3462eb714c0c224a243c91ca048b5c42

          SHA1

          1ba64b2502dea928cd3afc5d11cdf17448f4bd26

          SHA256

          8ca1815418ab7120969dc2f3e6f966f0ee2ec8b380b40080fd9154f968db7117

          SHA512

          669e2a911d00fecc7f26278632c66b5f699e324f675cb5371a8e594b426aa13a324ff126bc7ffa243e51b642186760146d2943deb11b388e2d7931c02ca598c3

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          342B

          MD5

          7440496aaa6439ff8470d4d024b35533

          SHA1

          4f1e9ee0efd38e595505b1b60bdb85f1ab33efa8

          SHA256

          b80f9683c5831a4d45f6afbce9457ad7f81511a69916998eebfb4652f2c4da3e

          SHA512

          5115f3b702f22c36b5981a3daec6c9782cc70931c64bc9d0a9b1bbf662c3a7109daeb21401cbd2a4b9206259c9f414f2103f96f0b3877f9bf7818d628d11d5e1

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          342B

          MD5

          b372f3aa2d18b38c2caa234bd1a49001

          SHA1

          f4384874be5fc9c358b38b84e04434c46272c03d

          SHA256

          dd679316daf4fb43472da0ca82c78d37573083cec65d6af31ffc0004a9c6d77d

          SHA512

          5961eec96b485867800c7331239d3c0e499d7c0423b100f8eb1463ec2add0a6f57a8c728db90d9b9bfba6c1880f3544f651c9e6361171caed92301fee8b1c7c6

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          342B

          MD5

          f9053e296d779a168af20828e564b992

          SHA1

          214efad139989b5ffa56dd001ac3be6dc4e02f04

          SHA256

          a182190c5d67bf71a7f3fab1f5fdc67c151239d460f2b16cd7c30fa034d14ea8

          SHA512

          4c4f1c2be6f9db3bd913104495f8c98a12667788454efd9156c7e99ff686a342119352972b1e182bcad2389dfe71d9c7ec1381b02646ab22f5f7204ad5c9aeb5

          Download Submit

        • C:\Users\Admin\AppData\Local\Temp\CabD4EE.tmp
          Filesize

          70KB

          MD5

          49aebf8cbd62d92ac215b2923fb1b9f5

          SHA1

          1723be06719828dda65ad804298d0431f6aff976

          SHA256

          b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

          SHA512

          bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

          Download Submit

        • C:\Users\Admin\AppData\Local\Temp\TarD4EF.tmp
          Filesize

          181KB

          MD5

          4ea6026cf93ec6338144661bf1202cd1

          SHA1

          a1dec9044f750ad887935a01430bf49322fbdcb7

          SHA256

          8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

          SHA512

          6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

          Download Submit

        • memory/2888-0-0x0000000000400000-0x000000000040C000-memory.dmp

          Filesize

          48KB

          Download