Overview

overview

10

Static

static

1

5e5611abfe...dd.exe

windows7-x64

6

5e5611abfe...dd.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    141s
  • max time network
    135s
  • platform
    windows7_x64
  • resource
    win7-20240705-en
  • resource tags

    arch:x64arch:x86image:win7-20240705-enlocale:en-usos:windows7-x64system
  • submitted
    18-07-2024 20:47

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    5e5611abfe988bec0e8f9fc012243add.exe

  • Size

    7.9MB

  • MD5

    5e5611abfe988bec0e8f9fc012243add

  • SHA1

    8e28dd1b33a954dafc7d678b8e67c41cfe8bc0b7

  • SHA256

    ec61895ef8af01ff00970e46f7ba98c24bf9079d71e09d3c18576f1a9efc93c2

  • SHA512

    3d9636680d86bc918bded4882d5c717c698188104b7fdb1f28db67da29c95897bb0dc12d844cfe6b4e843f48b09e59c34edde4fb920aa67fbcc0794176794dc3

  • SSDEEP

    98304:r+oXX33dpwZDEVM1h5N2cnkk/J4Sf6Qq68:ya3LwZbh/Zyb

Score
6/10

Malware Config

Signatures

  • Legitimate hosting services abused for malware hosting/C2 1 TTPs 3 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Modifies Internet Explorer settings 1 TTPs 64 IoCs
    adwarespyware
  • Suspicious behavior: EnumeratesProcesses 1 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 8 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\5e5611abfe988bec0e8f9fc012243add.exe
    "C:\Users\Admin\AppData\Local\Temp\5e5611abfe988bec0e8f9fc012243add.exe"
    1⤵
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of WriteProcessMemory
    PID:2172
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" http://clck.yandex.ru/redir/dtype=stred/pid=2/cid=72021/path=info.win.en/*data=url=https%253A//yandex.com/support/disk-desktop-windows/installation.html%2523dont-install
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:2100
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2100 CREDAT:275457 /prefetch:2
        3⤵
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:2980

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\81B9B36F9ABC4DA631A4713EE66FAEC6_3127807E14AC026FFAE1EDED5FD0DA62
    Filesize

    939B

    MD5

    6c1f5f19b13fe58094420e4689c156a0

    SHA1

    173deffe217ea1dc4931f0c978200ae14eb27700

    SHA256

    c8d7b164605e7d44ad85e8624d1a062712f8f07ffbde9b39b2a02f5173f4ca9e

    SHA512

    aa1925ede7ec66588676872b836c58752eaf419d5916b13ce44df6c910a88617e7c9375e8c8a88d2066fac41d2658ff5ae9404ff7c6710ece8641cf891990779

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\81B9B36F9ABC4DA631A4713EE66FAEC6_3127807E14AC026FFAE1EDED5FD0DA62
    Filesize

    520B

    MD5

    e534c675df5f2deb4681865395286346

    SHA1

    818b58e9e8f1a283791d674ba5989a6e13e6ce2e

    SHA256

    58599109c6511ebdccb217cc63c3de1691598cdb0803d1d8350ab9899d9265e6

    SHA512

    e74ed31887c851ba85bf8b2dd42aa68c4b536a24fc56116d9904b430bd7bfbb02847c3f610b01934051991e6f376b65f054af4b86049ac319de5b4eccaf50293

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    16a12b7c8268cfcfda4f7afb30dda71a

    SHA1

    4567b64259a557d9eb13a28009ece1b0b55d35c1

    SHA256

    9ca8cd42073ab3b510f1258e927fd1698f9ff5b4bfcd94d138f552ff2b353ef3

    SHA512

    a2f8b3ad0588f26e94b4cc1b1cee1fb655072467d22c25984a82d069dfd3761e3dffce8818fd4c14cc7479eac674e430b74a676860890ce0b2c97da2413ffbf7

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    15251a726b207a504cc100179c08f35f

    SHA1

    5a051fb0444d68a5e564ae73af2a8d434e9da6e3

    SHA256

    46eeaf0634581ddd6b70183830a485630db2aed325bcb5c763c53fd65765c081

    SHA512

    30f74fc0dd7e5174447c48c2620fdeb2a17a4c1892b759d4501c3e6cd02715a4be321785d4a8d242227ee0e04c03de618e1d5264bb2300feaf79d9e52fc768a7

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    e0a5b401adf429bb0ab56b005937be40

    SHA1

    71d0e9b525dc33474642b2b8c972f9f6aa36d4ab

    SHA256

    4ae8c7a2c929a42fc3da0900c7236a9c2692efdd46d21889fbb1c63a114aab83

    SHA512

    1d73d228e4bf605d441a7b9f87a7b8a93e47a0ba3a9491a2a8e62b0302c7eaebb719ede2720111b7378527b0ba7327e5a64444d534604e92d7501a060e11059a

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    25ab017ee4ef4f6c8d9a96681891e03a

    SHA1

    34144b87c501459e77144298e4b7d11646c84828

    SHA256

    a2ca2b38ea8f6d3e24ac7679b022d214bef49525c2f4d1c121c9ffbe9b536dcf

    SHA512

    3a30b7669b417f55c54f7584f805c015def18edaf6aa6e03ffe68d63a82c31ea51eb126792e505f5e7f16af0b85332027c4d14b6ea60250428ff4fc07f2811b6

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    be1b865f3e71faeb6f6fb043954d6e90

    SHA1

    ac7ee6f6ddf907fb06a37feac6876bdbece0fe7f

    SHA256

    0d4d60c32a89859cf3bfb206a06118c971866a973240f4cdbda281724bd0d85a

    SHA512

    dbf98d233e6950530615cd8eab6986e4e4c370bed87e7463fd5b19607a21bb5ae94674695025772c13dc7b7b38357775f77ade420e9f424f87ef1b3031327272

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    28cb64a2d12775f5149e07db4b337fc8

    SHA1

    35036e9d12769a9b4f58204698cf663608f78ab3

    SHA256

    008bbf67a6846c3e5af683e58767d73dc508a46a229205b2d4bf6180fd208348

    SHA512

    93cd2dd47a15dbe94c2c1c4e5cbbc2b9b20da427adaa212a143c66f2109638cb0afd87f7f983ade45dcabf558ae15169ec575afb19b30863612d4d1bdb76188c

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    f0de6677b2c4a6891a00ec8b25dd9e63

    SHA1

    0593c368d2dcf70a9c02e496bfe1497a0cc3feff

    SHA256

    a37bf5e97863f92eeb979cdad1a36ef11f2dae1448853158b91f8725a882b0ac

    SHA512

    c1c4c35264eb521ac29cef89169a3e5238cf6b3237b3374a532a63b665be227ec291bdb8d8bddc2fa1e91e2d566092f0daee4c10e3559e6b873fe613c3185bd0

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    7aac4648bac01ec161af3cdc0a36ec55

    SHA1

    6b0728ca1291ca5922c748748776e1fbe927dd4c

    SHA256

    e9552dadb385b86b49bf1738826ae934c0ee0aaa52b31cee7ba3aa8af0feab84

    SHA512

    c0a2f0c4525ca64639200ab47590b9231b8a51774644a87cc2235084cdf5c8cc965f87fb313836e983a3ba34d2a967fb12829cc573bcc1cf665dfff2559525d7

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    06e850e7561abc499a44189dd7977242

    SHA1

    b97d52afdd42537c6dd66072b7907531ad85b083

    SHA256

    983830a74136072d2f4b29fd9bc183600b3c8cfa47044baf6a2153fa9601eaf0

    SHA512

    8ed14cea222a7d2aa4c427abb3e7a6e4ce71d050c03701f6e90696d0df8756d52e8a6eeeeca96e093a5ac866642e837767e6a501a5c14f673b3fcd812969dd45

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    834f2a4f6589bcbaeeebc70818ba0086

    SHA1

    868a73b1db6fff0afbee75f98c97bd9cc81eb8ef

    SHA256

    a701be1f6f8db758f2f3f33281bed131d5f50e152a85fe86ccaefffa51b39729

    SHA512

    7158e3be3ad8768004e235a43c6fc6bb9c2487f122e24b79b75fbef7301ad4b0f2851acbb18a56173cf2ac7f616822a0dca2c35fc99fb3c2e272b286a5f2e5ee

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    3b24327cda6d57f342a5e1dd2e7fffcd

    SHA1

    881f715863a77181ea70b831450e38390d1c2d73

    SHA256

    8755849dd7c37f14669a9e3d17eab5e954ba38d588217122887f7344f582da35

    SHA512

    600aba6fa113db479e890137dad2dbcbee4fd2c6ed3e54af6c4a8b2fd10e6b374c24b87f79427b0818d27a306eeaab29abe225f5f7041209ec2381b42f9acff4

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    afd0422726fe478592a10ae5886201a2

    SHA1

    42e55206328dfcc6ed9ce4ec7b2141478df3748e

    SHA256

    479d495a01532627250333eb83d83982e6d65b96ef14d7945b182629183df1f1

    SHA512

    998abdd9caf788a3aab1d977303a328eb342ea2e5cd1e72630b71e78d69ae30dfaf63b764f41237ae9c969f6e64c625735673051cd47eba0e16f7c397c2f0d23

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    0326b71e884ca13f60d29898ac53323e

    SHA1

    fe09ececbcd683bba5e566d0d250a557a6756082

    SHA256

    b7df85d11310ffff4411e1da365f4ea881884a85501266f63e2ec6aa2e63d6c4

    SHA512

    e4e6a6f8083809ae1668ca9d5e736797234a7855036108b5d0a8d569698be1e12b5a0fba084d8d6d75a717ecfa011393d9c933edd4eef34809c5ee473da6df8c

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    889ee16841b278fb91f109549c149dd1

    SHA1

    c9b39a7d12f611212b84b249e53d8321b153025d

    SHA256

    13bb2051e6c554b6c91bd71e3a35ec39fd8d3500a5a52725514ada2e8bbbbad9

    SHA512

    bf250c7cf0223117b1890754d1fb6cda1a4a47e129769dd368576041afb535d1b266a03cb6e9b64ddab5339af969644238620499c5bcc4ddc2b14622c692cba5

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    754e0f87c49bcdc24c1c07009297741f

    SHA1

    4570bdff107290307d86ef7a6042b67469e90c91

    SHA256

    2b24838d4f4deeb5051cd07f33ee96d17055d49b03cc4ef4c8caf4bc113fc2c8

    SHA512

    182b8782b1b9bec9db1d5c56b8189dd901dc5bd38e552e1e8aa00a845c9c8d28fe8148097eff94671b4f2d85f29cd2dbe1612a7501d66301010c3023025007c8

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\03C7JC21\yandex[1].xml
    Filesize

    86B

    MD5

    af2482b45df3be1d97f449847f9ef3a7

    SHA1

    69bdf259fbc1b59c4573bc3981de52fa0d015e1c

    SHA256

    97ced2dcc49c7662ef20dee13de08bf4d9c836c766d09c7edcbc78840bf6ba7b

    SHA512

    07240b7542a815e4ef189c9f66c6eecbc1619529448d3efeaf8b3b36c102708d4c5756bf8d1059dcb438c7e0338ccfc28deb31e202a94c0cb06cdf0fd61e03d9

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\03C7JC21\yandex[1].xml
    Filesize

    418B

    MD5

    3289db8011f8388cd37f1338f35e6891

    SHA1

    840db78685ca1035875bfce6ac522c91e9638764

    SHA256

    b5cdc150b1dbc93c5aaa268131af57422ee0695922cb29248b2f43690c2cabe6

    SHA512

    63277fd228da486bdf73a166d5d2d1028058dc45e8d2ba7c6de853c8bd8903a908684ad4e9100e1337fbb85fece90b1486e35355bea0bb4f2d0a733aa820b9ea

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\03C7JC21\yandex[1].xml
    Filesize

    418B

    MD5

    6b0f19ac4519030673e8955f53eafcf6

    SHA1

    b95e54ab2583c4dfda70f227c0dd5fd1528782c3

    SHA256

    f156a5b88e5cc8d592e373846fda74cebe5f030e373e90427978a90a0444e4d1

    SHA512

    fa36b453981a11bed09ba3bc2fb801d7ae5c70f25a7c9f35fd26ccb9ab4768c3ee6e42c2449ef60bed96a92910367a84df11769d836b67f058b25ffda7c4ce3a

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\03C7JC21\yandex[1].xml
    Filesize

    418B

    MD5

    71f1ee6d2f5ebdfa1920fea74210bec6

    SHA1

    aa3e39cb283781a69f20729c9f72e99e7110add3

    SHA256

    6156765726160db88b0a8bdc1689e41eab5f03b0df72fed71ab2f314fd5e6368

    SHA512

    f1e06c0d53c5c1c62d0fc3b2101b24ba77b093136c56275fecbca818f96fdf0e1a2065ff692d7ffb04343bad3568893b8ab795e3231406b86ecdadaa1b8f03e6

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\03C7JC21\yandex[1].xml
    Filesize

    1KB

    MD5

    8c4f1b0ab7c40457da66231112c9e1f8

    SHA1

    29df60f9dfcc16d2ef577a6c04e4f3b49ec160b9

    SHA256

    d9c06bdf5c1c3c268c7b140607fe17a51d042e573835078fb1353ee37b110885

    SHA512

    4f67718b426f1585308cf7adf2043699a4ca1b2588e3c8a6b9d347bf638f1efe8dfd723f2f0ca920a3cab059072b64367a790471926beeb4984625a3818af1bc

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\L9KX3700\forms.yandex[1].xml
    Filesize

    86B

    MD5

    e5123aaba5fb011897b46e08ee4c9aa7

    SHA1

    3817be534fb908ed3717d15dde6d7c790be8c077

    SHA256

    e9ad83b048951fdd67a2b4a21c11dcbd3ef1bb61bd949c05aa10f68e8fb8e0cc

    SHA512

    ddefd2e1de8f3b76d623a891bd7c04b445b6a3da8b88554f51cde73246911321225df2c7589e5f4c605e2be62459b8c4be6fa55b3b0dc8f17a52af12a67c2b02

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\L9KX3700\forms.yandex[1].xml
    Filesize

    342B

    MD5

    aa6702b418b9897dae85f88e147f62da

    SHA1

    f982c29eb9907ac5666d458ad476c1130f383e01

    SHA256

    a92132ff8a5fbedccaa0ec8a229188ca971a223ffaa8d1e7c8509d8f026870ad

    SHA512

    6e80dbbd195e2afa2c63962b5bbb3e925d1d264f0c7d31492ffdd44e67da882ab2cd18ff6ad99a5c7ab2c134e586db7c1b942d1df6a05edfca4dd7d2fd655e42

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\L9KX3700\forms.yandex[1].xml
    Filesize

    1KB

    MD5

    03510c382f7fd0ac5eb280c5bc105ab8

    SHA1

    ee61be0c3900a36ff5624130d93b6d933f812933

    SHA256

    6d99d442396f1c09ff031b0c59940daf6993fd3981b6d502367713faea12ada8

    SHA512

    5fc7b600784cb6c6a2a18e9329d1fc26d1cd7616780c75c56a702e04725f265e7973907ce46203503d48c5da073322b0947c866dfede0334b5964d1432f46dbd

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\imagestore\hqw8ypt\imagestore.dat
    Filesize

    9KB

    MD5

    4193ae4ad52eb6bef9bb453c564a509c

    SHA1

    544bec71f5d8d3d61011941a694f35623ebdbef9

    SHA256

    df087cb4427f9ca1860c104e99e2dd8ca1598b35105001500d7c9e8228aedbdc

    SHA512

    7b69e24bebe05070b9dab21090ab1157042f50ef2ecadf8593622e262951b3df922d6a167352026ada668453039ce50c4a44bc83317c9f8e6d3504a7eab94b09

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\HNGGU6NJ\watch[1].js
    Filesize

    156KB

    MD5

    d01c84eb2a23031746c852ec3c90bc26

    SHA1

    4e8fe3495ed035ddd655c0ea7e67455e95980602

    SHA256

    ab79906d21d5be65b700de505ad52752458953d1c49c12b80c2fb344681c3715

    SHA512

    50c48364461f639673952707445d5aace8c77e793282119ce8a4121d6a4a85346aac319571049f7c83d14cc1b9c991c060193935c2e49fa6385123853078af18

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\M7GT0RRO\favicon[1].ico
    Filesize

    9KB

    MD5

    5bd286ded38badeda66e9c395b814405

    SHA1

    49e2213a60c70825b9552505cb8b7334a3a29a40

    SHA256

    bdd8486f2d838c7d9b0e2dcfe732a52c92f63879525206c2662905a051dd31ea

    SHA512

    96bfc9211f0f1c1c375e49ebcfec9e85280bba64352a4936b95e15d5128e77e9b4d5ba60cbdd76f8e39ce7bf537e8c77fef218e0b24856f28fc34671fcbecd0f

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Cab141E.tmp
    Filesize

    70KB

    MD5

    49aebf8cbd62d92ac215b2923fb1b9f5

    SHA1

    1723be06719828dda65ad804298d0431f6aff976

    SHA256

    b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

    SHA512

    bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Tar1421.tmp
    Filesize

    181KB

    MD5

    4ea6026cf93ec6338144661bf1202cd1

    SHA1

    a1dec9044f750ad887935a01430bf49322fbdcb7

    SHA256

    8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

    SHA512

    6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

    Download Submit