Overview

overview

3

Static

static

3

redzion.exe

windows7-x64

1

redzion.exe

windows10-2004-x64

3

shellexe.exe

windows7-x64

3

shellexe.exe

windows10-2004-x64

3

Analysis

  • max time kernel
    122s
  • max time network
    129s
  • platform
    windows7_x64
  • resource
    win7-20240221-en
  • resource tags

    arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
  • submitted
    07/07/2024, 05:31

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    shellexe.exe

  • Size

    36KB

  • MD5

    66a069c9befa0e4b76330a3d2fe612ca

  • SHA1

    5e15c02a062ca07b5211fa01f0a939435845c707

  • SHA256

    7a67977c62d1578507caf241982f15814483338da41552260c9dbc4b63619f4c

  • SHA512

    1c7c92aba371c1d80241048a5b7f05084fdc6ab272da592f5ab19c4aab0ccb89cbb884b8fbcd7bf8f82c6045a79d96c30dff8634617b8908e50bdf28c7cfba95

  • SSDEEP

    384:Og8GP2ejfsnNSmlZMyyFb/MLcrdqceV7Mc1a9gzUiUxo7ORevREzb:OgjP3Qiy4rrdqcqIc1AiSgEzb

Score
3/10

Malware Config

Signatures

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Modifies Internet Explorer settings 1 TTPs 36 IoCs
    adwarespyware
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 11 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\shellexe.exe
    "C:\Users\Admin\AppData\Local\Temp\shellexe.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2940
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\aboutShellexe.htm
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:2956
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2956 CREDAT:275457 /prefetch:2
        3⤵
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:2880

Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          342B

          MD5

          a597c7de959ee4fd1532499761104d33

          SHA1

          a1782d1f82bdadf1b6d9887abb80d310b9c279ad

          SHA256

          6d9b35e29a5e037e796514e930215660431b27b1e6d0822d63d84dddd80f1634

          SHA512

          71ebcdaad369fa8c1e87cac62615c0e56316f9c97a592614fac4fe8065b1d66ef296051e8ba7951fd45ce0fc36c11b58d62258ddae8cfb8c86ba220f35f5f9c6

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          342B

          MD5

          500fa4277ad4b74937f0a0e8e8890cb5

          SHA1

          624fcda8eb9e6265a813d879b236db53f34ee934

          SHA256

          9545efe062f6d70bbc3ece9e3b6b1d30acc01eef3ac416e826f121b7bf34ab0b

          SHA512

          69f38b8c87e6ce06c3f2327668c528a3efeea99cb82faee03f2a256b53d42beff8cae1282e2e5040a1a0ec722c95dcad80e3f0d72b1788cd27353c4b1a6a8ef7

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          342B

          MD5

          e3ebcb0868b06efeeb9c96e5cfa239cd

          SHA1

          fde339867858848304b95964db85d11b65b44d72

          SHA256

          1b789a8c7c4996f2b31d6672803f3f8d06a690493daf4ca9c83c60220226fbd9

          SHA512

          5ea04738cebb04699fbd6a8e53303809499bc6a34c9859a7dbbe0f062270241895a62e1606b9f96cf8932a8dfb9909d38b09ea95e50fec6b33cf374661c40f71

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          342B

          MD5

          710d0841d5110dc86c3e8b4e90cdb482

          SHA1

          9be55e2aed0a7d34bc4dc7d65ff7198a43deed44

          SHA256

          1dc4e30fb003460095459c84016985b62a2eabd1452a4cf0c7eebf1ea4ea1aec

          SHA512

          7f083d73792c6bcd51409d7072cc0b421eb30fa3c55f38029615dfebe32eb9e6643a21a59767f4d31ebe345d1b3e77e6b3de78915065bea008998605bf84e583

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          342B

          MD5

          dfde6f43ea56fe4118b2b5733a2885bc

          SHA1

          34ef9b4615c3350713f560ff6dc3257c12839b2f

          SHA256

          129f9bbb0e5020342b860808bb83894fc0c4509334f565519d4c20be3f521f04

          SHA512

          ec9c614259f1bcac3d04e2ba7143f695ae395397098fb1289292fb4816538057f59b96a5cae93e4fccabb1b5f3731f37079460a4f0c56f4228cb806ce24bcb91

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          342B

          MD5

          e307e19d8bb53af9c391f8dae13099e7

          SHA1

          3309f81b66f1b3af4a8eb73007ad4a2457acc4fb

          SHA256

          e0895bf8c86495d97aee2659cb04b4c06eb7315226b3edc3b516a20c08801e10

          SHA512

          e83eb642ccf003a07217bd765145752ca7d6d6760947327762397bb6da1f0d63b317a588c43b07e54a06b6e698d20a918c9a316e791ff49f5f5f333bb08c736c

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          342B

          MD5

          92acf1cdff129b332bed6dfc5ea177d1

          SHA1

          d2dd0509c75d7cd0d95c967b1bde1ebb257f478e

          SHA256

          7699715e318a38b7e5fc2f9d55108661870fb0ae16151eec99f6b63c4225f0b3

          SHA512

          f2336dbe31dc53f5d60451a6f257e91ef481d722c734b2e1e57f7cd9b15c658c0af8c9e9530fe1914dd645220f77d0d1d45fd3b3ad3e391c0436784f000ad2d8

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          342B

          MD5

          f844f0700748f1df51b52a27ac3ed923

          SHA1

          ad45ab2e927924fc47a653ae65e3043f4dc89e09

          SHA256

          9765ff77103c67cae93b8be29f693598ea031b15be7c70d54620037e6bdbec80

          SHA512

          e25525f6099ddbbd8c0229b5c5b77dd5609b3fe7f22b9f473804da40b440115ceef969887e3293fe11f3e12d0be8b1b7e071bee0b36229e878e3786160974905

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          342B

          MD5

          8c18e4281fa7370d0b4498395d170177

          SHA1

          0274235bdaa2cf149ae8f762adf9abb1c8c412bc

          SHA256

          f4abd1f5b1d4307c4e9b69709b326565b215fa4263dedf493e861478d4b49437

          SHA512

          56c4927b31308991ac866e8a2b0f0722ccbe9b4f82e9910cbb320ccab986df34159f220a3a4b3c599ccbea404e5561541b21860ba97b0aef441b91bc50dd78b9

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          342B

          MD5

          423a6bddc670d13e91626d2d5b1e2c70

          SHA1

          93806efc59b3d2db852d21ae83ef5705e105bd82

          SHA256

          926d2caf02b3a2d09075ddc295336b7080146b4185651d19f8a57a853fa6619d

          SHA512

          1882d92d6a78d6c0d3d4a0598c3f062b9cada2ba8a33bf3a0e5bca118b807c571ac146cb37a9872f055c5e7b7936bac3a1ed9bdd9c83fb8a5c48d69eaae6f9c5

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          342B

          MD5

          a5db2ef23f6472d0839f5ed5a849723f

          SHA1

          34f3378a64922cd30c926ac531856cea8296485d

          SHA256

          454da69e8450deb5ed211225667b6635b82d98dbe7bbffe69adcbc421d75ca00

          SHA512

          fe39c3905223375ecfdab2816d13d0808d36813e176a65341ee56916c644a9c2e2fbfe12baa2591a05c2339d8212f0897dc8950ff19e8ff1127b631ec5f52bf6

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          342B

          MD5

          e2b6b7c3a2acb9c7f23d1fa2307a5593

          SHA1

          abcb64d3abab6f67220cc5af3def379cac3f51db

          SHA256

          06c805657e168115906422a8b56d38221d888eee36fe48349f18c4ac8a53631d

          SHA512

          8826102c49c2aa69a4918e6140246730d1944ce80759a486ffc8987bc9a4ced9092ba1785b87f37d806c1b5af9573ea890f89c3d7b28c02c7b54bf7138bc55b4

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          342B

          MD5

          bbb36dd4d36572515c79e7e26f2dd0f8

          SHA1

          16e998731ad519ee3e920578ef69ad821151af85

          SHA256

          ca643a257540f7dc5f7f811fe7d57e1d3b527044b7e062643eb6a652bed374dc

          SHA512

          72a314c32de6f026f57eed04081e5df73740a855342320582cb9733ea33e976702e9d95ce8d0b05f85f2f2adb57623088280f7b058854ed8d579d3c1e7ed496d

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          342B

          MD5

          9aff8f185999846baa8c1623c63192ea

          SHA1

          11d3eef0e4245618c2665755a3d14716228ea241

          SHA256

          eb664c40cb36064b36c273c568f91722784baa729c276d65a6b7bbc9fa2323ec

          SHA512

          42ee37d77c745e6d3274c7ef1e5ca51eb6cf497fa5069047a1ee6d6a3c8a5855c473c56d35f5295203292b019e5d487cdc81e1f5c555a8e6c4115578dd4cb26d

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          342B

          MD5

          c5b3760e1692a8174e95399eb8c4b26d

          SHA1

          0f7004f95f0751332927d5b6e2574a71e64aaec4

          SHA256

          487805ea0b0ce918c1eff30e4c69cf65e49b81d965e996c3f71165f3f6a6ded2

          SHA512

          2e3e312575d750b8944e8593811669a8db38679331e02c9bb8c6c68f9915e116b490d720b0ed1c7839b94d33dcbbddbf17aab20232d395506112562e5d7577fd

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          342B

          MD5

          48a5fe3fa04f9c9b68f7213ddb6f2f97

          SHA1

          51679308b5f50634e05d65cefe69a0974d9235db

          SHA256

          47d547f4e521e4f581bd5af77224206cf4085389ff6dd2b82cbe2813e6d9f49d

          SHA512

          bf150e141d2303f3bc0f6439d2fbaa6af3d425e21bd17581df28ec9874d498c3ad6c515ed55d52cd526f41e56dd80f0cffb5ffb0db94050b474db3ad6cfd4cfb

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          342B

          MD5

          d857369bc576be26243835357c1c269c

          SHA1

          a9b18ae6284be9249e89080a27d91de7ad331fbe

          SHA256

          1f39981b8d2a47dcd5a0be4b8ffd185a95d44dbb8d0430a1526facd3615bfc7e

          SHA512

          99a12675516a5951c3082a2655fa3aa029d0906da770ceffc5a5dc8ac135dd5599643e19df9448fff37e22dc3fdc5c4c4ba3069e760adfa5e2fce6b8a8b506c4

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          342B

          MD5

          967c7d79874091b71260ede685f54fd5

          SHA1

          58169ad9a08ebd865ff9c2864eac9ada0ff62a72

          SHA256

          b6f70c52fddd9b94b2c0d02573e098d6c61e514d25741d25e9145960d429bd2f

          SHA512

          f931b5990d97e5a17089c6eb4985f367d6b986c18db9ac778a6252d88c0d1d27ae91471ed3fbeab99212645bf3ac1e156b83f08a79ec7e4c6131d0c51fc4705b

          Download Submit

        • C:\Users\Admin\AppData\Local\Temp\Cab24B3.tmp
          Filesize

          65KB

          MD5

          ac05d27423a85adc1622c714f2cb6184

          SHA1

          b0fe2b1abddb97837ea0195be70ab2ff14d43198

          SHA256

          c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

          SHA512

          6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

          Download Submit

        • C:\Users\Admin\AppData\Local\Temp\Cab259F.tmp
          Filesize

          70KB

          MD5

          49aebf8cbd62d92ac215b2923fb1b9f5

          SHA1

          1723be06719828dda65ad804298d0431f6aff976

          SHA256

          b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

          SHA512

          bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

          Download Submit

        • C:\Users\Admin\AppData\Local\Temp\Tar25B4.tmp
          Filesize

          181KB

          MD5

          4ea6026cf93ec6338144661bf1202cd1

          SHA1

          a1dec9044f750ad887935a01430bf49322fbdcb7

          SHA256

          8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

          SHA512

          6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

          Download Submit

        • C:\Users\Admin\AppData\Local\Temp\aboutShellexe.htm
          Filesize

          3KB

          MD5

          75a4d13873f1aedcdb13fc1676d79509

          SHA1

          fceb1bbfbc43adcecba70161895cc0f514a431b2

          SHA256

          299647006f22e10fad9643127ee00d6d00fc20f5eda3df72f72b84372092d78a

          SHA512

          471b6e20ec46855cb2b60a05a50e59c74f58c1869c45d498595f60533e87de02a8bdc73d09e56438e183417b0bfe4fe0269113da85784f57917e709041f758ac

          Download Submit