Analysis

  • max time kernel
    103s
  • max time network
    116s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240709-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
  • submitted
    21-07-2024 09:31

General

  • Target

    a425c2673ee1a138beee53cb47ce81c0N.exe

  • Size

    170KB

  • MD5

    a425c2673ee1a138beee53cb47ce81c0

  • SHA1

    394f11e52316a57d35369e788f4cbe60cb8e22a0

  • SHA256

    3d398ee18a6f799e15f06bf7dd6833f56dcae898cd1c6dfbe47794a2432bc252

  • SHA512

    5911c9d0063e3d185461dced5c499e54a2421cdab73e51d3e396f56228b844e906d30808371512d334757fbffb5acc478cbe855dfa3fb76ae208a27f5704bcf0

  • SSDEEP

    3072:Y/Bpds91VaIGeJuDlPjQOygr0/U91VaIGeJuDlPjPficKWEZo4lPGut1VaIGek:YhT0uDlPj28ET0uDlPjGWEy4lPGuUTN

Score
1/10

Malware Config

Signatures

  • Modifies Internet Explorer settings 1 TTPs 64 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 7 IoCs
  • Suspicious use of WriteProcessMemory 5 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\a425c2673ee1a138beee53cb47ce81c0N.exe
    "C:\Users\Admin\AppData\Local\Temp\a425c2673ee1a138beee53cb47ce81c0N.exe"
    1⤵
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:3924
    • \??\c:\program files\internet explorer\iexplore.exe
      "c:\program files\internet explorer\iexplore.exe" http://www.bluemountain.com
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:3152
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:3152 CREDAT:17410 /prefetch:2
        3⤵
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:3308

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776

    Filesize

    471B

    MD5

    869bf76626751bbe4e0f35b2cecc4e83

    SHA1

    500db15a72fededb9a5341cdc53390833b70950d

    SHA256

    8099faeb90d7ee6c21eaad647c361e8cef8e349cba3ae9ca6891273c0626f140

    SHA512

    dd7afdbf9e5393f928c65fdad7a2c1cae4839894e506e1b5b3dfc714ccd8487b8337b7f5f2b6e1ab805c334427e04ce709405610d250243294dca764974f7ed3

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776

    Filesize

    404B

    MD5

    d42b356bad4921dd82c8f35ba9240866

    SHA1

    4814080326e5a74b6206706f70f0bc065cf23cf8

    SHA256

    e870865e8265e65ce5f9c7d50dd40b10c777315aabe36e6c2254fbb97ad14c3f

    SHA512

    63ad563f47d09d3987a02966cea0480fcbeed3504ddeef7b81d85d7c1147a15dae46c3dfc3e7df38ae5a7809796137aea4548d1715d993867e70a097ded01431

  • C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\7ZD36YK6\www.google[1].xml

    Filesize

    412B

    MD5

    5be4f0ced3e65c19493757a26f678fab

    SHA1

    e576618a05fc0ca07f9eabc075cc2791c361ac61

    SHA256

    64e6739a0789a81cdc9764918d3da656ff942c78c6f910f3e64064113fa34cda

    SHA512

    1b91a78bb0ddaddba3ed6d1b5de787ddc91407653be27c1fa2e7a9b71d4fc772a7b2d897a1dd4453fcaeaca06ff802bc941cc90269dc28fd6ae9582e1d25e859

  • C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\7ZD36YK6\www.google[1].xml

    Filesize

    99B

    MD5

    cbc75086be310a9c2f297facce2518a5

    SHA1

    0695d78019e110ca219ef59749786544801dff0f

    SHA256

    ecd188be89d8f92c1664b3258eacc83b4d71e3eab1ccc86a512b16fb612f3bbc

    SHA512

    d21b776451cfa114e6fdebbc150c2d14a7a27bb90c8819e7fe5e58b103a22563e4afc975d942d6eae018fc51fed305679186def7e6d97588fe34a67fc13da9c8

  • C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\7ZD36YK6\www.google[1].xml

    Filesize

    238B

    MD5

    d0d69cfdd092b111bff2080b8eda44be

    SHA1

    09cbaec5e3bb0b379d4ebe76f203a5068eb76aa3

    SHA256

    cd0dd6e21a75f725e2d3d95e056a7e15bfa998f4f44b61e0f5d941bb2ea12fc3

    SHA512

    3c6fcd3812f4d4ee808af51370173b7c22c37ea6cf536ce1d7c3401fbb90eb1c7a6fb5edf6a845212787d916e5a7dbdda9ff0741c080d212a6b9da0791b3ebfd

  • C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\VIDV910L\www.bluemountain[1].xml

    Filesize

    20KB

    MD5

    61908ce6c267758dd35c756cbbebc1d6

    SHA1

    f86cd4214591b118d913b81f3799ce360bd72cf4

    SHA256

    f5dcdfe62f9bf7755f565a2020b08f61d411fb267fe2433ce04812eacb7764c7

    SHA512

    307b25b0e06b74f59f7ae542071be24448a7fc3513567aff0eaa8645b590405005d9a4161ae3d884605792903b59494ab1e340ac6f03d054b9d0bdae41c28b99

  • C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\imagestore\wtwvts8\imagestore.dat

    Filesize

    15KB

    MD5

    23ac79a6f5b0c7739f85835d611f77e9

    SHA1

    a214efbac9754155d1a7d9255e1f67138183a5f0

    SHA256

    b6186b25ed267fed6063f272c49eac39f71741e3156dbd4ffe27ce7a1aec5364

    SHA512

    96ce1935a781759e2dea9e4b619cc2e15c32c7d30ad6e3dc7447613e6462ae2d8e95006619fab5f8b99bef97dbfe3f2987f61dd44301e2823a784eed754b3a05

  • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\MQYRE6E5\sdk[1].js

    Filesize

    3KB

    MD5

    0e722510b4fa52d9085bfffb5cf3c284

    SHA1

    45ff8421056d5b0bd2ba02a71e60524452003e57

    SHA256

    ccce39de64f5e496374b0232d7cc3da4d2184597c1b8334b70e91ec01ba8d084

    SHA512

    575b3c2a8fddf1b8d769c3070dd4898219d696426d732acd1de4f902fdd7ebdcdebda1a13f6e5fb0ffe9ffc643dcd4eb3d0712c0942e43b13721a485a1e2bcd0

  • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\NTK5APBE\3fVg7F7RJ5E3VJqaeQl7fDb_k9GuOSl6d4P2vbcgkfk[1].js

    Filesize

    24KB

    MD5

    433e23dea1f55b2129af619c2d005602

    SHA1

    17214804b0126aa1a5604329afac9e245635c984

    SHA256

    ddf560ec5ed1279137549a9a79097b7c36ff93d1ae39297a7783f6bdb72091f9

    SHA512

    77af67620ee85618c2e9f249732ae745396089856b5c3c6f1e006e4f46e2a51a0ffdf1d15ce4332496dc443cbd188b9eb38bcbd14e7fb3d0dcf86eed3db29f52

  • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\NTK5APBE\favicon[1].ico

    Filesize

    14KB

    MD5

    8621363f0814e206afd62832cee173b9

    SHA1

    51e141c4d8bb78ec605ab33f54a93b0c7e210fb4

    SHA256

    365a1041ef154f9a4a212b839b22f4b479ee5ca2a889a34361aa179ecd1964aa

    SHA512

    676e47e495b0c0fd057fe43c43e8fc4af79a28d371c2ad79ddc579680b950f65160e9b56169c1275bc708fc7101de1d72ba77925a6058ce7c6f44cf04258e6c3

  • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\NTK5APBE\recaptcha__en[1].js

    Filesize

    533KB

    MD5

    93e3f7248853ea26232278a54613f93c

    SHA1

    16100c397972a415bfcfce1a470acad68c173375

    SHA256

    0ec782544506a0aea967ea044659c633e1ee735b79e5172cb263797cc5cefe3a

    SHA512

    26aca30de753823a247916a9418aa8bce24059d80ec35af6e1a08a6e931dcf3119e326ec7239a1f8f83439979f39460b1f74c1a6d448e2f0702e91f5ad081df9

  • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\NTK5APBE\slick.min[1].js

    Filesize

    42KB

    MD5

    0334244519d38a0d9e724ebfddcd0cd8

    SHA1

    420db1500951f3663761e52ff27b6f673f7c3cfd

    SHA256

    bc17db45875d33bece6bf22cedbb01718ad264db460e640f060e7449f099c1e3

    SHA512

    5bf481032725abd549f436b3f4f479eca8bb54838d3bf61660efec6e9652445228754ac0b647b43812d400c7f4f192eccbfbe5c4ccd02e0d61ba81f74104d3a1

  • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\R9TFLRJ7\accessible-carousels[1].js

    Filesize

    3KB

    MD5

    4a7e6d68dbc82b2ebd73f15f22f4824b

    SHA1

    a950da00f27d8f5fa70b8c88d265b668158b826c

    SHA256

    01a8be818e2a734c918b3731a27bb01b37e87b5a57b4f0383d4de6a18ba15369

    SHA512

    068e96233d6ab6b8eb9f4995167b0b90ccf03a30e9efbc828789f668dc5413434e535033377453328b3eb31a9995940d35c9b2e999e03acdfb5b92a5e334ec85

  • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\S20L3CYC\styles__ltr[1].css

    Filesize

    55KB

    MD5

    4adccf70587477c74e2fcd636e4ec895

    SHA1

    af63034901c98e2d93faa7737f9c8f52e302d88b

    SHA256

    0e04cd9eec042868e190cbdabf2f8f0c7172dcc54ab87eb616eca14258307b4d

    SHA512

    d3f071c0a0aa7f2d3b8e584c67d4a1adf1a9a99595cffc204bf43b99f5b19c4b98cec8b31e65a46c01509fc7af8787bd7839299a683d028e388fdc4ded678cb3

  • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\S20L3CYC\suggestions[1].en-US

    Filesize

    17KB

    MD5

    5a34cb996293fde2cb7a4ac89587393a

    SHA1

    3c96c993500690d1a77873cd62bc639b3a10653f

    SHA256

    c6a5377cbc07eece33790cfc70572e12c7a48ad8296be25c0cc805a1f384dbad

    SHA512

    e1b7d0107733f81937415104e70f68b1be6fd0ca65dccf4ff72637943d44278d3a77f704aedff59d2dbc0d56a609b2590c8ec0dd6bc48ab30f1dad0c07a0a3ee

  • memory/3152-44-0x00007FFFBAA10000-0x00007FFFBAA7E000-memory.dmp

    Filesize

    440KB

  • memory/3152-54-0x00007FFFBAA10000-0x00007FFFBAA7E000-memory.dmp

    Filesize

    440KB

  • memory/3152-35-0x00007FFFBAA10000-0x00007FFFBAA7E000-memory.dmp

    Filesize

    440KB

  • memory/3152-34-0x00007FFFBAA10000-0x00007FFFBAA7E000-memory.dmp

    Filesize

    440KB

  • memory/3152-32-0x00007FFFBAA10000-0x00007FFFBAA7E000-memory.dmp

    Filesize

    440KB

  • memory/3152-31-0x00007FFFBAA10000-0x00007FFFBAA7E000-memory.dmp

    Filesize

    440KB

  • memory/3152-30-0x00007FFFBAA10000-0x00007FFFBAA7E000-memory.dmp

    Filesize

    440KB

  • memory/3152-29-0x00007FFFBAA10000-0x00007FFFBAA7E000-memory.dmp

    Filesize

    440KB

  • memory/3152-27-0x00007FFFBAA10000-0x00007FFFBAA7E000-memory.dmp

    Filesize

    440KB

  • memory/3152-22-0x00007FFFBAA10000-0x00007FFFBAA7E000-memory.dmp

    Filesize

    440KB

  • memory/3152-21-0x00007FFFBAA10000-0x00007FFFBAA7E000-memory.dmp

    Filesize

    440KB

  • memory/3152-20-0x00007FFFBAA10000-0x00007FFFBAA7E000-memory.dmp

    Filesize

    440KB

  • memory/3152-17-0x00007FFFBAA10000-0x00007FFFBAA7E000-memory.dmp

    Filesize

    440KB

  • memory/3152-15-0x00007FFFBAA10000-0x00007FFFBAA7E000-memory.dmp

    Filesize

    440KB

  • memory/3152-13-0x00007FFFBAA10000-0x00007FFFBAA7E000-memory.dmp

    Filesize

    440KB

  • memory/3152-11-0x00007FFFBAA10000-0x00007FFFBAA7E000-memory.dmp

    Filesize

    440KB

  • memory/3152-10-0x00007FFFBAA10000-0x00007FFFBAA7E000-memory.dmp

    Filesize

    440KB

  • memory/3152-8-0x00007FFFBAA10000-0x00007FFFBAA7E000-memory.dmp

    Filesize

    440KB

  • memory/3152-7-0x00007FFFBAA10000-0x00007FFFBAA7E000-memory.dmp

    Filesize

    440KB

  • memory/3152-4-0x00007FFFBAA10000-0x00007FFFBAA7E000-memory.dmp

    Filesize

    440KB

  • memory/3152-50-0x00007FFFBAA10000-0x00007FFFBAA7E000-memory.dmp

    Filesize

    440KB

  • memory/3152-37-0x00007FFFBAA10000-0x00007FFFBAA7E000-memory.dmp

    Filesize

    440KB

  • memory/3152-57-0x00007FFFBAA10000-0x00007FFFBAA7E000-memory.dmp

    Filesize

    440KB

  • memory/3152-53-0x00007FFFBAA10000-0x00007FFFBAA7E000-memory.dmp

    Filesize

    440KB

  • memory/3152-52-0x00007FFFBAA10000-0x00007FFFBAA7E000-memory.dmp

    Filesize

    440KB

  • memory/3152-51-0x00007FFFBAA10000-0x00007FFFBAA7E000-memory.dmp

    Filesize

    440KB

  • memory/3152-55-0x00007FFFBAA10000-0x00007FFFBAA7E000-memory.dmp

    Filesize

    440KB

  • memory/3152-41-0x00007FFFBAA10000-0x00007FFFBAA7E000-memory.dmp

    Filesize

    440KB

  • memory/3152-3-0x00007FFFBAA10000-0x00007FFFBAA7E000-memory.dmp

    Filesize

    440KB

  • memory/3152-45-0x00007FFFBAA10000-0x00007FFFBAA7E000-memory.dmp

    Filesize

    440KB

  • memory/3152-325-0x00007FFFBAA10000-0x00007FFFBAA7E000-memory.dmp

    Filesize

    440KB

  • memory/3152-43-0x00007FFFBAA10000-0x00007FFFBAA7E000-memory.dmp

    Filesize

    440KB

  • memory/3152-42-0x00007FFFBAA10000-0x00007FFFBAA7E000-memory.dmp

    Filesize

    440KB

  • memory/3152-36-0x00007FFFBAA10000-0x00007FFFBAA7E000-memory.dmp

    Filesize

    440KB

  • memory/3152-33-0x00007FFFBAA10000-0x00007FFFBAA7E000-memory.dmp

    Filesize

    440KB

  • memory/3152-28-0x00007FFFBAA10000-0x00007FFFBAA7E000-memory.dmp

    Filesize

    440KB

  • memory/3152-23-0x00007FFFBAA10000-0x00007FFFBAA7E000-memory.dmp

    Filesize

    440KB

  • memory/3152-19-0x00007FFFBAA10000-0x00007FFFBAA7E000-memory.dmp

    Filesize

    440KB

  • memory/3152-14-0x00007FFFBAA10000-0x00007FFFBAA7E000-memory.dmp

    Filesize

    440KB

  • memory/3152-12-0x00007FFFBAA10000-0x00007FFFBAA7E000-memory.dmp

    Filesize

    440KB

  • memory/3152-9-0x00007FFFBAA10000-0x00007FFFBAA7E000-memory.dmp

    Filesize

    440KB

  • memory/3152-6-0x00007FFFBAA10000-0x00007FFFBAA7E000-memory.dmp

    Filesize

    440KB

  • memory/3924-0-0x0000000000400000-0x000000000042D000-memory.dmp

    Filesize

    180KB