Overview

overview

7

Static

static

3

29d113e38c...0N.exe

windows7-x64

7

29d113e38c...0N.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    118s
  • max time network
    119s
  • platform
    windows7_x64
  • resource
    win7-20240708-en
  • resource tags

    arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
  • submitted
    15/07/2024, 23:21

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    29d113e38c4c78a97b0533b4906d0e20N.exe

  • Size

    1.5MB

  • MD5

    29d113e38c4c78a97b0533b4906d0e20

  • SHA1

    18a92a353d263e7ab60f4f79382c5f6051eebdd5

  • SHA256

    84ca6f93fe610003d48ade57a051d540c2aae175f63eb727ef4381c261e2f20d

  • SHA512

    bfb67b1e70dce5c741f992d472b7e8398e7033064cdca2c1c500f0f6d656136a6ad2e747bd30c4480ad5765f59a80b749bb0fa85d4313588743a191ffb923c6d

  • SSDEEP

    24576:EqK+79ZIJVZpuCCWoQwpMFx9zypH8yFKpS:IItWH9zyd8hS

Score
7/10
persistence

Malware Config

Signatures

  • Executes dropped EXE 5 IoCs
  • Loads dropped DLL 4 IoCs
  • Adds Run key to start application 2 TTPs 2 IoCs
    persistence
  • Drops file in Program Files directory 7 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Modifies Internet Explorer settings 1 TTPs 35 IoCs
    adwarespyware
  • Suspicious behavior: EnumeratesProcesses 8 IoCs
  • Suspicious use of AdjustPrivilegeToken 6 IoCs
  • Suspicious use of FindShellTrayWindow 2 IoCs
  • Suspicious use of SetWindowsHookEx 8 IoCs
  • Suspicious use of WriteProcessMemory 28 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\29d113e38c4c78a97b0533b4906d0e20N.exe
    "C:\Users\Admin\AppData\Local\Temp\29d113e38c4c78a97b0533b4906d0e20N.exe"
    1⤵
    • Loads dropped DLL
    • Adds Run key to start application
    • Drops file in Program Files directory
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:2884
    • C:\program files (x86)\internet explorer\wmpscfgs.exe
      "C:\program files (x86)\internet explorer\wmpscfgs.exe"
      2⤵
      • Executes dropped EXE
      • Adds Run key to start application
      • Drops file in Program Files directory
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of WriteProcessMemory
      PID:2016
      • C:\program files (x86)\internet explorer\wmpscfgs.exe
        "C:\program files (x86)\internet explorer\wmpscfgs.exe"
        3⤵
        • Executes dropped EXE
        • Suspicious behavior: EnumeratesProcesses
        • Suspicious use of AdjustPrivilegeToken
        PID:816
      • C:\program files (x86)\internet explorer\wmpscfgs.exe
        "C:\program files (x86)\internet explorer\wmpscfgs.exe"
        3⤵
        • Executes dropped EXE
        • Suspicious behavior: EnumeratesProcesses
        • Suspicious use of AdjustPrivilegeToken
        PID:2372
      • C:\Program Files (x86)\Internet Explorer\wmpscfgs.exe
        C:\Program Files (x86)\Internet Explorer\wmpscfgs.exe
        3⤵
        • Executes dropped EXE
        • Suspicious behavior: EnumeratesProcesses
        • Suspicious use of AdjustPrivilegeToken
        PID:2968
    • C:\Program Files (x86)\Internet Explorer\wmpscfgs.exe
      C:\Program Files (x86)\Internet Explorer\wmpscfgs.exe
      2⤵
      • Executes dropped EXE
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of AdjustPrivilegeToken
      PID:2984
  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" -Embedding
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:1432
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1432 CREDAT:275457 /prefetch:2
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      PID:1752
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1432 CREDAT:603140 /prefetch:2
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      PID:2636

Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Program Files (x86)\Internet Explorer\wmpscfgs.exe
          Filesize

          1.5MB

          MD5

          1bc50a6e8b7c9618c816c55e0d81b116

          SHA1

          7df3cead6897e8b65efb6404f97fa9819672836a

          SHA256

          d5e7b693e0d9cad3278bc91b17bb10e91e826555aaa0e45f9c0a1de742c08628

          SHA512

          3b3e632a3a87637df53c0fdbf3b8be0cd2d93b2eabdd40be74a0e0f9a34c4ec766e72a59231bd8152beb4110ac862c5a471f2421139416d405f09d2d2c50d20e

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          342B

          MD5

          1e7e355e64bef700ff01de74c5b5706d

          SHA1

          a8cc02e797ce0c0e2924bda49704e0530c53335d

          SHA256

          471377c654d84e334530bef9352daa9cc3a9dddeeb4ba07c4e3640622f51870d

          SHA512

          26002ddc057effa1fa3488ea2fcfeea18bd4ecf783573258cdf6d74c2450898198449ec4dde2eb980fb9665adcefff497b203b24559fe401f284789c2319bdf5

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          342B

          MD5

          d57f884809cfa31bf766f9ff4ec45deb

          SHA1

          a5b093e2fdb049f66c48c0a8e79ca4f57259b7fd

          SHA256

          fca5adba528649cdb770df58a3a631007dc61172f12ccaadbdfa8ae1c1b09c6c

          SHA512

          7888d837d5c1206f957352f42f6436c28a68dee207096d7e2aaf639d80344638dbe27b6c15e33939d012cfa2c89b48bf25a670b4dfdaaac7c0a420cdcc5811a4

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          342B

          MD5

          5b25eb0392cfc3fd9c5019ae5c6dc19c

          SHA1

          fdbf66440c9d6d6528fe83a8a54ae44821af2935

          SHA256

          136ce794551857be3ed8f3146a47e4f08c450607eb49b475da4f4a9f9318b9a9

          SHA512

          082c34ec130097baaed277f23698b24bfc2d1a46161ce7e3e81403a527724303db035f43f8168cae3b13074ff412a22e4a69fd26252817d7f3fff74e55fe2176

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          342B

          MD5

          1f8eafed92361ad28fd067a837c3e0fd

          SHA1

          49335586942c47ee18a98b1e35d6a8c8683b89b4

          SHA256

          70600fa314e11856e993c66527bb84faa76f490f7be1f5b07333e251bf2ef5af

          SHA512

          e7fbeb728657468c4eec7fc7671d6844edbc07e4b5107c867fe2402c74e5008752e7750103462686a6039ab6fe8cec9d238497262ec35a57875cabb156a49c61

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          342B

          MD5

          c656c965516891b4919d79fff30de91b

          SHA1

          c04ed99324585c799da589251260f380fe0f5714

          SHA256

          be22811b698952496aeb70a3e8c07f2bbe808cb4b9936d7261f85f7f57d14481

          SHA512

          45e8ed8fd5fb59f199b1653e6a6ab844466d0f55dea1eb62ee0620bc96cf6f2f0855ec5644f45535fd78ad478b45e2aa15f9ca67d258458f6933b413a4417458

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          342B

          MD5

          ab1a7db737d79d307c508cc63ca96163

          SHA1

          eb616f2e23beaeeb13ac4d838b7fe85905a41592

          SHA256

          8af6fbe3bb591e63e4b3a469464c6c223317c22c205136d05bcdb491b072a042

          SHA512

          657e3d9183e25bf68e9c2437a987664ad7153f4d7a98ae0e572ac2e9640d9c63eae0effd33df3923550a3df5968d11ff1c85c863bb72f11640f8132deddc5690

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          342B

          MD5

          aa40d5cd7c32bf170d9bf8f7a31c2ac1

          SHA1

          c12b44c5cd4d7c82105629a68897b1bfda659d8a

          SHA256

          343769c484926691d411d2571125a6013214f0357e5c9b0a8afe39c8800cc56a

          SHA512

          dfed56474d2cd8c2bb93266dc3e4c4eedbab97eb6bf5346d7e864157cd2ef5b0367dac8ca627ba7c90d940c0271141f776418cc15b2736cb143358f4b1f98f36

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          342B

          MD5

          ded614c2d4e397e4b3e40b020da6bff9

          SHA1

          2a1a40c47e6564e92a334c32f7e98e7cdacec0ce

          SHA256

          9aa501cf74c6ce64760a13ce65adbe9db956ad6ff58329c04158b6e8d6f3730f

          SHA512

          eede2d03dac92f99fc38b40adda3a3258ca169e53ba7a38750d01e041be89e28ea498d952a37656f5713e7484278284e482314b4c60457293afdbd893ba728ab

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          342B

          MD5

          1f3ed3db1bfebef64243b45b1293066d

          SHA1

          965c09560ae34a20f65895feaf70ebb1ff7d959e

          SHA256

          41ddc40bb982a95382785a6c4885a871afea297749ebe4e1347766493e7e5bb8

          SHA512

          c1ecd583cea8d789c372616404ff3bc02e7b4c12467661662e6bd65c32dd121d0f862547a5309a01fa2525f0d3f7ab6dea9a43c4dd861745f2344254ae301e98

          Download Submit

        • C:\Users\Admin\AppData\Local\Temp\CabC3FC.tmp
          Filesize

          70KB

          MD5

          49aebf8cbd62d92ac215b2923fb1b9f5

          SHA1

          1723be06719828dda65ad804298d0431f6aff976

          SHA256

          b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

          SHA512

          bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

          Download Submit

        • C:\Users\Admin\AppData\Local\Temp\TarC4AC.tmp
          Filesize

          181KB

          MD5

          4ea6026cf93ec6338144661bf1202cd1

          SHA1

          a1dec9044f750ad887935a01430bf49322fbdcb7

          SHA256

          8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

          SHA512

          6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

          Download Submit

        • \??\c:\program files (x86)\adobe\acrotray.exe
          Filesize

          1.5MB

          MD5

          ed20627d944822ff4590c8e821f428f5

          SHA1

          2d3c59aec7400267e0b1355aadde5e38ebbf54a9

          SHA256

          ef5eeed1f3a421cea1db2540f1601d0a44b73b2b6f1ae485aa53a259d2f0d783

          SHA512

          bc6fbb897e2f90fd58f8f69c4013d3cfa64183d5413097bd8233e01a0fb4f0203be02f3d1e3dd697f73e496bc3b4c302de8684e87d84ad07eaa92ff6a9b7b6f4

          Download Submit

        • \??\c:\program files (x86)\microsoft office\office14\bcssync.exe
          Filesize

          1.5MB

          MD5

          3e39d805568987c7cfaad1e8772574bd

          SHA1

          614444450b582ae54798af067e773dfd24f14b02

          SHA256

          f28f0a83ed38f2a7e6a290cac17798382dfcf29a3f85c5d75033f5522ead7661

          SHA512

          7dd12f6ba5256ef5721709976e04967dd3bf9c9d6f81683669e11fc60933d2ec50292c301a5a18dadc9a7692a92ea3d0d6d8ed42de2c0233b4a991475120be14

          Download Submit

        • memory/2016-49-0x00000000034A0000-0x00000000034A2000-memory.dmp

          Filesize

          8KB

          Download

        • memory/2016-23-0x0000000010000000-0x0000000010010000-memory.dmp

          Filesize

          64KB

          Download

        • memory/2884-0-0x0000000010000000-0x0000000010010000-memory.dmp

          Filesize

          64KB

          Download