Overview

overview

10

Static

static

1

ec61895ef8...c2.exe

windows7-x64

6

ec61895ef8...c2.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    121s
  • max time network
    131s
  • platform
    windows7_x64
  • resource
    win7-20240704-en
  • resource tags

    arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
  • submitted
    20-07-2024 01:21

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    ec61895ef8af01ff00970e46f7ba98c24bf9079d71e09d3c18576f1a9efc93c2.exe

  • Size

    7.9MB

  • MD5

    5e5611abfe988bec0e8f9fc012243add

  • SHA1

    8e28dd1b33a954dafc7d678b8e67c41cfe8bc0b7

  • SHA256

    ec61895ef8af01ff00970e46f7ba98c24bf9079d71e09d3c18576f1a9efc93c2

  • SHA512

    3d9636680d86bc918bded4882d5c717c698188104b7fdb1f28db67da29c95897bb0dc12d844cfe6b4e843f48b09e59c34edde4fb920aa67fbcc0794176794dc3

  • SSDEEP

    98304:r+oXX33dpwZDEVM1h5N2cnkk/J4Sf6Qq68:ya3LwZbh/Zyb

Score
6/10

Malware Config

Signatures

  • Legitimate hosting services abused for malware hosting/C2 1 TTPs 3 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Modifies Internet Explorer settings 1 TTPs 64 IoCs
    adwarespyware
  • Suspicious behavior: EnumeratesProcesses 1 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 8 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\ec61895ef8af01ff00970e46f7ba98c24bf9079d71e09d3c18576f1a9efc93c2.exe
    "C:\Users\Admin\AppData\Local\Temp\ec61895ef8af01ff00970e46f7ba98c24bf9079d71e09d3c18576f1a9efc93c2.exe"
    1⤵
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of WriteProcessMemory
    PID:2216
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" http://clck.yandex.ru/redir/dtype=stred/pid=2/cid=72021/path=info.win.en/*data=url=https%253A//yandex.com/support/disk-desktop-windows/installation.html%2523dont-install
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:2740
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2740 CREDAT:275457 /prefetch:2
        3⤵
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:2776

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\81B9B36F9ABC4DA631A4713EE66FAEC6_3127807E14AC026FFAE1EDED5FD0DA62
    Filesize

    940B

    MD5

    7002a943b6f6bcbe4f7aaad6fe23db3c

    SHA1

    c11f0110baea56f168452567a386e111930dd1eb

    SHA256

    19cd13ccd225abcfd24db5f7e7500ee8ca435f9c0046260bea7068ae401773f4

    SHA512

    c619b82999a11368cb6d598b20a1c08078b4b8f05794c5653cea4f5a21db1f2ebbf4098cb244520448a425ff7c60b0db23a16f7f6afcc7ff43713afcb878696e

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    4fb97e77c8db246c7fedb4fd967e97a0

    SHA1

    facd60bf9f4dd2cec9d46abef3bf5c87af8ae209

    SHA256

    aa29703f56d3260aa4e5a9fe72cff68fbf1c1df07fc3adafebdd2cf3e08377ce

    SHA512

    ec4ce4c5182e096193ca9f0d06cd65ddbd6131b61a208338425cb5da9083b8cf1469b242b2f374c0a162e05817f8b65e5f04eb57fc46fcd0296078429668f738

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    2f36d0801ce1573472c089a356f48fbc

    SHA1

    43f28ee44167b16598116fc446e8da00e15d1bb6

    SHA256

    5ecdc2c8b440b784e731ba6ee99a54b2601b251af86e903efaa0acec9a0a56ca

    SHA512

    0d09605c3b6aa50b2836287656ab17e5276bfdf5e5894f6c3873ff6f83704c077f90812a45cf12d05458492066b6348df6b085e3088a9a43944bdf2e8d4f070a

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    9cda90ebc04878efa02a8db8773617e1

    SHA1

    eae56cbeb8e4dda8bee1a9be7386c18e3e5ad647

    SHA256

    688529f2915bca322bcde0c5640cc0ec34a305af581424abae190beb565f4d8b

    SHA512

    b03237d97de92264ddff3b1726a3d658f57dc4660446841ca88d63e5c53682779c2e163ddc03f265ad92905252146c1ef18a7228f957b22fb342ac763469d091

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    73a8b7f28ca64439d52cc2cad7a41469

    SHA1

    4b4735c1d29b566c37340a72acbe689a66a8c753

    SHA256

    634c596815b04eec50d819dca7f0767f79165b2665bc248115d0d38cc87a5aed

    SHA512

    9452a72b894dfa6fdae616ce5a9c2326b69e14c45bfd35d00d67a279d57b5d22d10f5328e8bdbb2613d6e65fc9e7d583c216077ca53e814c4d704004d8fec4f2

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    0119b261eeaba948ecd337c1b65db3cd

    SHA1

    7049b8155b37702ce779b92aebcc9f7af5bf21e4

    SHA256

    285dd9016499cbe78f93beb9ee196c7b6c8df947fea3bfd226bacb3044823ad2

    SHA512

    d078604490b47998fa459474e6addfe2dbcf684d80e7ee29f4251cfdbfe7b073582ea2c306dd3a658bf6212ca1856945a6c8323ed07a8a1302103e8be18b7f23

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    9d16b33510120a0c6d4db109e29abdc3

    SHA1

    d525c7309cc754b2dbaf4d562ea1feb8dad8af29

    SHA256

    52af327500ae4e954d42d1973aaf2234dc85e9c2338eff3126c4450d5b7d536c

    SHA512

    bb450242fcf3aa532e936d6587e5b81e0d418b5445ddfb45c4510c42e8c3c07d4b6cd081fe9f9be8730e8f1723bd45d1f09b6b90527a2e4c9e672cb05204b208

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    0b0c186371ff13783878f7b775fd1045

    SHA1

    d33d44ed1278b77e08e8fecd2a1b1d924aacbed0

    SHA256

    8b7e7f1bf34dae445c0d0f738468c37f02e7d627e7f25ef8aa6e52de52e79da7

    SHA512

    f04a2895d1805c9b901a89fed8ea54cdb1365d298b6f6344b278b69d02b053509dc9a894a3663196d9218367b074867acf299ffcaac31693cc4d803f92467954

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    a30f385369f03d93e3a79f1ecc5f2c70

    SHA1

    14437e0c30bb23ef6bab041914b7dad86ebe311b

    SHA256

    7abffbbd465997a3f025dcc0fcec1ce4c804c92f4be0d5d2463d351d780e9901

    SHA512

    427569075faae0c5a0d1d4857486a5180ff49100f60ebd664cf1b3e8704504d32b00018264846a9c7d62ef69fd35d5b7162691782c0e8314150270f8f5b01c99

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    e9b2388d8ce1853c89c7d166f00021f9

    SHA1

    355b912db5e8a0ac175b9752fa25e6f73f4e9a7a

    SHA256

    d96705f37e8daf7b4277c88e2f45c49eda83ec3bf570bdc115f0bc2bcfd75d4a

    SHA512

    fada1c9cf9b9d5b950737f54e0287317dac1650d23a8918ce3a2d2260f69091078e4bcea6d958af5535246f6f2afbed6482fd0765ff28520bd77cd4f7715a3e2

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    bab9a6ef35cd6fef4b45fd6132621308

    SHA1

    6a09d2ba8d0584b1a37984e32dc8adb8402c9490

    SHA256

    e1ed29e57b844bb53eaf46d53f340be10d889ec6fccd74abe4e6b79bb11a0e8b

    SHA512

    7c695571c867982866a2a2cf732fd24846d5544dbb833865672ad8a7b8d9a897a397d01edb5479e2dd44c1fbed429a4c13b87694246eb3d6089665962705a4e9

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\9CESYYXR\forms.yandex[1].xml
    Filesize

    85B

    MD5

    cca4d3edc80b4454617ae1f94c50637d

    SHA1

    2e659553c1a0aca9a8db70b9f9708497a147bb50

    SHA256

    818fe4c223a3d4e236aefa746d11c036d25ba27c647991dedfd8c63ef5282053

    SHA512

    3374d86c7747dbecd9e53f953d7edf8e8d36afc359f9ff7f6560d15628cf1d852dfee228c9d0ca5abfb908f4f81a11aff6ac0b1580dd0ee0eb69c50e019dca4e

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\9CESYYXR\forms.yandex[1].xml
    Filesize

    338B

    MD5

    ca71a212b753fb7793e6b6183ad782b0

    SHA1

    669e1c8696fb0d25934da9401102f2d613c29ade

    SHA256

    6a54fdcb1df322e652323ff3ac8f8063ec3deffded219aacb8db785129925acd

    SHA512

    64b0f84210dc8bbae3baa174464170dc9257343fceeb302a16e1afbdc3ffa46c352593e49284bc86d04b6446a18dbac1c07625109095cfa5597086f5fc0ddd84

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\9CESYYXR\forms.yandex[1].xml
    Filesize

    946B

    MD5

    ed486e6d400bca3ff2c830d1bfeb7663

    SHA1

    47d40eb5f9198f4aa11263d6b9bd7c3ac5afda15

    SHA256

    701bfd3f8c8add7e62cace80a15c9cdc4dd4a638b15248ff2eb0a6dab98b992a

    SHA512

    7f28656a07be86fab8b1b8515c35e74976ccfc793596f87dd9ba3204c48f8f314de70c739722f543db1afcbd57267f6a11c02c860038a3351652f3d6bc011db1

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\CDQM8NF8\yandex[1].xml
    Filesize

    85B

    MD5

    78a9b3ef9373cb9825b1d2b533670ebc

    SHA1

    13144124539ac437903923b8bda0a6aaf5898091

    SHA256

    ed28dc09f16e375a942bd99e2c006eb38437b935f98b902c51e80893584770e2

    SHA512

    3e36bc784f478cd38666991d26c1fb2dec92abab223c03289e67830fd91ce6090a79f81c26418398375057e2f1cd1a571daf7f73d0aea6e589b44835199ca2b3

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\CDQM8NF8\yandex[1].xml
    Filesize

    414B

    MD5

    4bf30f298d18996c021559efd429930c

    SHA1

    2d07d569f38e17d1ec02d281a5516b092e65c7d0

    SHA256

    21be89a64289fd49825a316fcbcc8f0aedfe0d0c40653715386c5b76be767a9e

    SHA512

    8f9443cf94f88ed266d7d5ea9a133c3db8181304f3b7635fc469a8201de4a7fdb8e543931edeabddc16e8318b5b0b0e25717eda90aabd81c01978c201a47f70e

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\CDQM8NF8\yandex[1].xml
    Filesize

    414B

    MD5

    dc61e6f41c4959eedb68fbb1a41101b2

    SHA1

    f7fdc22d5fff9378e283c4d62a77505bbb1a9a57

    SHA256

    f1cfc3b781534973699aae854d9a546aac621a77a4a409f550fba76f8d72276b

    SHA512

    ccc91bc14a7871e28c27ff0a6c8ea7f13e0c3a331d96579991c0a2bce10d4b09fc84e0dd23df2f93f67906b2d3dd768250adb5d413a56c15b506a47ab5311502

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\CDQM8NF8\yandex[1].xml
    Filesize

    1KB

    MD5

    3674f506c491a0df40c60a371587c4e3

    SHA1

    978fed34f0d64b0f3597ee60d49570a44611428b

    SHA256

    9f9b68055c81fc09e2487058a671027c790c72fc4f631dc79bd7b2396de2f4ae

    SHA512

    deedaf6a612f5b1a92f8845a0d479cbbd2d7cc7323a886b1d39b4d26c317d4412551c50867c5546ae6df64bd94854b6e234d1ab3938f0189f76635851b835c0e

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\imagestore\5f5nsah\imagestore.dat
    Filesize

    9KB

    MD5

    d9a8f770cc6cb4ce2ad1a41d6a3a4399

    SHA1

    910044ae619623382a94ab79b47c73dc6de5b5f7

    SHA256

    7522b09fe97fb7bcd0ddaf4c2833692872b01a43809ab975d8c9f964312f2311

    SHA512

    d537a8d3a86afb583f92dbf86d5cf5493e7c77fa85861db44e15507aee00c0fc1c67cbb0c0c2269d874e1123c7908efb7eb274082dde46ca0397403c0c10ff02

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\VCY0HBA7\watch[1].js
    Filesize

    156KB

    MD5

    d01c84eb2a23031746c852ec3c90bc26

    SHA1

    4e8fe3495ed035ddd655c0ea7e67455e95980602

    SHA256

    ab79906d21d5be65b700de505ad52752458953d1c49c12b80c2fb344681c3715

    SHA512

    50c48364461f639673952707445d5aace8c77e793282119ce8a4121d6a4a85346aac319571049f7c83d14cc1b9c991c060193935c2e49fa6385123853078af18

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\WNZH54VQ\favicon[1].ico
    Filesize

    9KB

    MD5

    5bd286ded38badeda66e9c395b814405

    SHA1

    49e2213a60c70825b9552505cb8b7334a3a29a40

    SHA256

    bdd8486f2d838c7d9b0e2dcfe732a52c92f63879525206c2662905a051dd31ea

    SHA512

    96bfc9211f0f1c1c375e49ebcfec9e85280bba64352a4936b95e15d5128e77e9b4d5ba60cbdd76f8e39ce7bf537e8c77fef218e0b24856f28fc34671fcbecd0f

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Cab2DB8.tmp
    Filesize

    70KB

    MD5

    49aebf8cbd62d92ac215b2923fb1b9f5

    SHA1

    1723be06719828dda65ad804298d0431f6aff976

    SHA256

    b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

    SHA512

    bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Tar2DB7.tmp
    Filesize

    181KB

    MD5

    4ea6026cf93ec6338144661bf1202cd1

    SHA1

    a1dec9044f750ad887935a01430bf49322fbdcb7

    SHA256

    8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

    SHA512

    6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

    Download Submit