Overview

overview

7

Static

static

7

afrsu.exe

windows7-x64

7

afrsu.exe

windows10-2004-x64

7

asf.exe

windows7-x64

7

asf.exe

windows10-2004-x64

7

asu.exe

windows7-x64

7

asu.exe

windows10-2004-x64

7

asuf.exe

windows7-x64

7

asuf.exe

windows10-2004-x64

7

frsu.exe

windows7-x64

7

frsu.exe

windows10-2004-x64

7

sf.exe

windows7-x64

7

sf.exe

windows10-2004-x64

7

su.exe

windows7-x64

7

su.exe

windows10-2004-x64

7

suf.exe

windows7-x64

7

suf.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    119s
  • max time network
    128s
  • platform
    windows7_x64
  • resource
    win7-20240704-en
  • resource tags

    arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
  • submitted
    11/07/2024, 06:40

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    frsu.exe

  • Size

    13KB

  • MD5

    c4901678d3efed559490a9ff114be760

  • SHA1

    9b9d95024925862a84e6ea800e68185643a7b714

  • SHA256

    63c26dd7ea18935f55d7ff609dd705e2a7f6cbeea0db16852f3f0978c091fed6

  • SHA512

    880f2684e918045ab5748c1b58600c742f5c04172d9b83a58d422a05176f1f442c5c683a12263c37ac2d463ab3d157b71cd289451fc9244b2bfc2681fc6cd212

  • SSDEEP

    192:Lw9dBH9j/sAacK4oua7Rt77i/KiEaytJu7Br9ZCspE+TMIr3/bjOg+vtwJrSen:izacJe7G/KihybLeME/bjv

Score
7/10
upx

Malware Config

Signatures

  • UPX packed file 2 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Modifies Internet Explorer settings 1 TTPs 36 IoCs
    adwarespyware
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 7 IoCs
  • Suspicious use of WriteProcessMemory 8 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\frsu.exe
    "C:\Users\Admin\AppData\Local\Temp\frsu.exe"
    1⤵
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:1696
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" http://ads.eorezo.com/cgi-bin//advert/getads?did=1077
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:1992
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1992 CREDAT:275457 /prefetch:2
        3⤵
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:112

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    74ad6821be49a351168e4e33dd8e3024

    SHA1

    5526aca9869a4d4b8c3d7451793234f7606fc70a

    SHA256

    a85772b8d9f3a3b8b5fcb036148416c96ba38a699eb459c2833e2eb6dbbe7735

    SHA512

    0c1ed0f245d9e258a0bc2a98ffaceca5a5b85a031fbf57884211b6f8c7ee4c04898987f0acd59318b5221c6a5035974a1c3efb3f09ac499a237d3f6d96bf272b

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    587f2e2ccc6dea5f9d37d08b444a4bd3

    SHA1

    2590387f1521a6f2c28c94bc8cc4d5a594017e54

    SHA256

    243a0ecd28656f3bcfbda4c1e4c0ec950c702de2ae3378cc740a3bced41e6b78

    SHA512

    7ec420ce154b81b0c3099e9b0d6663902abdcdfd7c6438fc277d5032ea50d968ab5b7d343883e9cfb26c081de19d4aff194f1335ac5a8aaaf621528705d5906f

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    782b5d8f85819a744fa0fd99c360c7a8

    SHA1

    dd5b6159f9841c061efb41790fb9363ccf0ab21e

    SHA256

    84cbb41a69af4a654cb2ba03c006fa95de542a7415fa95d009b32b349c15d601

    SHA512

    523f47d12a9730d2a3e3765271c9599faf0bcc4f28d42030ee21da395270af126fc4671c465b652383bd2e0ed519d389236df3fc91ad9a66615131551dc79ce9

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    174610d2ebc78d8e8b26bf7e4ade8441

    SHA1

    b1f98f7237e671e540a60796575cad78c69f1308

    SHA256

    b78d200d431193429d00937d8407258f96e60a2ebe55611f9df1b08518546582

    SHA512

    8b6369d0e8e7e1138088cec3a02ad895223eb9525ecae48e41236f6d60e95c5d19fefb392e7ba58d505a37bab26f234dcbaa1c27e944c323c8f72d6ce16b921b

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    b88820e697d6e2f2ef721a0f2c9910b5

    SHA1

    e292dc29d98399ce03a590857ecc99956dc3fa37

    SHA256

    bcd9a2aa0895a18b43a5388fb146178e98be3627b8f08a6bea285fc1238d4efb

    SHA512

    7a4e3e318960f44d388c08e55f3220a7cdb8137fbbf269e24bc04c596a0d37c2afe3637be71226da35a3be4df3b6e518635aa11b96fe8808fd7baa297b8d328e

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    d95ebae920b109d71b4369a78d9a9528

    SHA1

    1bc4907f78d4e3c0f991f6fbb7b2d3ee2134839c

    SHA256

    87a3ce38a3fe09a0dac3c7fc7d2c990e79b1f9c9251a721bb7b1f193854bf649

    SHA512

    36df742b10b2ceb83b9a950751583d461384d0a4f4b3e5fabfa841e70d272b089b6d62175ae1314438476113630b52cea553418b80ac3d11e3f7b9445a788b82

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    ce2c8c25146fddea0fb7c755446a2f4f

    SHA1

    57189f9a03874b92a572d80f69dd37c2c47b1fcd

    SHA256

    60b709a42b0aa4d7a811e7706dea7760e4abcc06841ddc6809c361c67ac45123

    SHA512

    7e322f9029017f7f5058a0c2daaa0b84734eec59fdaee88203ed1c047fbabe48efe6ccad6253f6fb1dad62da03255ce4bced5bd1a5ea7dd878dac958c618701e

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    5ffff81f8fcb69f69121c1d2d616177c

    SHA1

    9c17ca0cc27cf8127dc29df87eed4409eb62cdf3

    SHA256

    1c9501f0370f733febcea223bb441e5b89779612fdf9617c3bc661fef4fbb2a9

    SHA512

    5dc5a75a55b7d88fea7a597f955855b86cd22e541cd5385fa1876d75df7e793a95beefac6041d1c7c642107410b01c35aeb4d17e3604c64967520db5dffa2c7a

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    c8f4fa20ab52321537c91ce03a6cd082

    SHA1

    b0307e74a104fdcd95b3f344568c73cc57800370

    SHA256

    7270ca4e19f89fa3ae2e0694d85963684a31c3a09bc6b468c25fc52aa83f3015

    SHA512

    91434b78b86b300611d1d680001d91805a3b1a9474b95b254ddaeb918fdf76b531de4cff58572e2569edb506340937f9950fbb17ae7ab7d5b492372c7768ae6b

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    df06aebe42e8c337da4d76f993a3bb3b

    SHA1

    d32d217307a4d642c6f67e4c3507d4635228c369

    SHA256

    da552303f290a7feed5d058b535e2b95d8b387cc3dd565cb4cb1da3155153e2c

    SHA512

    dacc11746d9d85dfb0e62104d6b198dd7dee205a5aae999fb9f755494e473910ca1acb84bcf8ee4853800f1ab800121b781d56a03ea91dc4a30121744480b3cb

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    8a0a8c4891fffc47a0f2a380b37d6105

    SHA1

    26fafd1f2421494763be3ff2d40d67c3b7c14f0b

    SHA256

    186fb1bc7cedb8bf1498b156cc1b123d229b3feb3d06016e30fefd539cfeb802

    SHA512

    cc571ed3e6ceb2bc50b4a34cbf716c6fc16806a045b8e0a2fb0d0f66cf90b5f61863e1fc5301d6b3bac5501d5123313697572c1c9aaa77fdb2d04a7c684b9582

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    4a3c81fed897be80b87607b1068dce95

    SHA1

    4c3a39ce94b80c657b55cb283e42074e6de9d41d

    SHA256

    af82e87af1a8fac8935cf2d85e7a2108e9819ec84772d175f20b7a7578019ec1

    SHA512

    080f42d7c6aa9ee1ca90694e7d764a63db47cbe9cfd9b79438a2217725f0d2fa5761c20745fba798f9f36eb53b3cd6b72b32511a67b17b25d3a2716365887aa0

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    0144f03c3a4feb311254b4b1efddee4a

    SHA1

    e778b4e2cda440b2792ccf4e9bd2ca9cd0d2a71a

    SHA256

    0f0948b7760b813797d28e4db5aa1d9727f8ca3fb739878f64111917127c8eda

    SHA512

    8d9e62ed8e6cdef27bd08309314f5af44cb525e96956e8c63ca50f2be0ecb027437a31031ae4789780f2ec239e6d7282b474122a35eba5e5a644e2f1c2ed9db9

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    2298a2938a84e8ebf58ae142dfa0c0e2

    SHA1

    357050b4b19336b69cd4561c5612e80a27d4589e

    SHA256

    0eb9fd2dcfda32fc10e3f4fa3e2d6b009d49a687c95aebdccec04d0e81541e31

    SHA512

    e211993f85b6c79971c77960552c8c3da1bb634762d05417b68deb6df4dceb5a3f3cb62a49f1f6e426c329ddbf96aa3de78754bab3fef24be1e9cc12f9d83a8a

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    f39dbe6aef0f268a1622ad2eba87c877

    SHA1

    681decdfacb985c0e9beb52b2b45ff189ca4b0ab

    SHA256

    5dcb752b2c5835cd0980c798442e94f0a99b176e3e252784ed664802ae812de2

    SHA512

    cece073cb8376e5bbc99de867b6b3fe9f41d6359616cac2432218b6eb76a93d1596b165d6c911a5ad9ac760b9928f925a295b3a2f0001c25d929df5fecb3458b

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    2a77520deed06e1bdb4832ee7dfd3b35

    SHA1

    ad352687344d97838a1ad2bd75a0e5e81f8f5715

    SHA256

    7422453f8160d2dc64644cef9bf52d5b7bf51d5e9ea84ee834d24dff2334daeb

    SHA512

    e90dbf173a3f5a1c33364b324bd0500059d8efb29cd500cb0ec673bcb2d846dd88f8445ba7562a178c1f7d5e3dd25a7ae9ed5160ba32baceaea058fd0b9749d8

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    ca69a0f1f956b3b57bce9c370ecb482a

    SHA1

    de77e21ddb33535e827cac5bd29f4ee23ac8b9f7

    SHA256

    bec1967e6b2c30a8ad2044f5c5fae8063f06f2319ff6fceccd846d6b54eba9c8

    SHA512

    da17556501b9c59288e2d114d06427d72bc6a8cfb4e9565d473755dea939bfd316ff4cef42acd22be5e4e99660706ec0fc5626b91b37cf88da3945c5ec52aadb

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    d73053414c6e4e3b3d118e260f3268c1

    SHA1

    6e2fe7e2aa8aab76757e8a65dd4b66d377aef902

    SHA256

    b1ece48337b7866e1ab63208cdc8934f87bd2aba051a1d7896d3ffbde5b1f714

    SHA512

    9f15c001ce2fb00e545f8a7d71755f07523e7268f8b771d5389dbb0d444d81e871766bb89deecd864d1f57234caaac2765ada050ab1a0b7a3c80d5fd0123402d

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    37e911ddc953b0e38e66759ac4196cff

    SHA1

    a4a9b2a48b14a613712ae405809f072027c43d50

    SHA256

    eff0705424aac6477148c114971e120d15ef57323c8050ddd294cb8a60143bf8

    SHA512

    9cd71d763e9ef810e53fe87ab66765625dff69df58e0dc48c27629068d91af5eacb260595fdc6ed7a588b022cb5edb7666dfe341b27fc9d1050c221889328b38

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\CabF9AD.tmp
    Filesize

    70KB

    MD5

    49aebf8cbd62d92ac215b2923fb1b9f5

    SHA1

    1723be06719828dda65ad804298d0431f6aff976

    SHA256

    b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

    SHA512

    bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\TarFA4C.tmp
    Filesize

    181KB

    MD5

    4ea6026cf93ec6338144661bf1202cd1

    SHA1

    a1dec9044f750ad887935a01430bf49322fbdcb7

    SHA256

    8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

    SHA512

    6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

    Download Submit

  • memory/1696-2-0x0000000000400000-0x0000000000408000-memory.dmp

    Filesize

    32KB

    Download

  • memory/1696-0-0x0000000000400000-0x0000000000408000-memory.dmp

    Filesize

    32KB

    Download