Overview

overview

7

Static

static

7

08104fd602...0N.exe

windows7-x64

7

08104fd602...0N.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    117s
  • max time network
    119s
  • platform
    windows7_x64
  • resource
    win7-20240704-en
  • resource tags

    arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
  • submitted
    27/07/2024, 21:55

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    08104fd602108af1ca5b186b92269070N.exe

  • Size

    78KB

  • MD5

    08104fd602108af1ca5b186b92269070

  • SHA1

    eb397bd07c3fbed7e4cfae3e06d29d6a2a3a5c31

  • SHA256

    4436cd6f15227a443fccefdb695a56b0bdfcff0256b7d2e241699ef494b1dc62

  • SHA512

    65e04a5002fcd233e78f14647d54e3dacdcce4f9ad375a1a3748a330153a976a92df6f3b8a9a7a678131abf1dd05ddc5df2d234c502df191f376d469ed2abf13

  • SSDEEP

    1536:kr+BeNcTMWESJamSe7qmqVEiOwGbuMuwAIPdidSpwJwLP6k7P8CXVD:lMMLE+NSera5ubQIG/277

Score
7/10
discoveryupx

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 9 IoCs
  • UPX packed file 2 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • System Location Discovery: System Language Discovery 1 TTPs 3 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Modifies Internet Explorer settings 1 TTPs 34 IoCs
    adwarespyware
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 18 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\08104fd602108af1ca5b186b92269070N.exe
    "C:\Users\Admin\AppData\Local\Temp\08104fd602108af1ca5b186b92269070N.exe"
    1⤵
    • Loads dropped DLL
    • System Location Discovery: System Language Discovery
    • Suspicious use of WriteProcessMemory
    PID:2532
    • C:\ecommerce\dialer.exe
      "C:\ecommerce\dialer.exe"
      2⤵
      • Executes dropped EXE
      • Loads dropped DLL
      • System Location Discovery: System Language Discovery
      • Suspicious use of WriteProcessMemory
      PID:2068
      • C:\Program Files\Internet Explorer\iexplore.exe
        "C:\Program Files\Internet Explorer\iexplore.exe" http://www.web69.com/trial/index.php?account=10077&product=1001&affiliate=GuY5tJ7u7lsI6tRf&cntry=United States
        3⤵
        • Modifies Internet Explorer settings
        • Suspicious use of FindShellTrayWindow
        • Suspicious use of SetWindowsHookEx
        • Suspicious use of WriteProcessMemory
        PID:2892
        • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
          "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2892 CREDAT:275457 /prefetch:2
          4⤵
          • System Location Discovery: System Language Discovery
          • Modifies Internet Explorer settings
          • Suspicious use of SetWindowsHookEx
          PID:2796

Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          304B

          MD5

          31f625e22ea0b05915d6503be432e4ab

          SHA1

          4853e8a719e82136ce4a35638998afc5b261ad18

          SHA256

          51cce0835872ca7af0e15e947e90d5e7e5d0c1a68e088eef43d1e8af1c165c20

          SHA512

          a2848616f1bb400656b16bab055f2cc9e6e3ab9ede32b7957f8d049fe0a62d13095f0a5fce214d6b9c8a48b82e72be7fee93f849bd3e80648687b1b5df4f26eb

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          304B

          MD5

          a618f78caa7295a502da65840d8e6ca7

          SHA1

          b9710be8245e63c45a7de4231ac52f0f8e1d828c

          SHA256

          34413b903d552dacb242108a0aa9725061ab54571e9bc5e9aad11ebf1aac9bbe

          SHA512

          6d26d025d1923a64ea7053f4ccfe0280546951c94b22b1d8bf03ff98f92bc4af7f70343071cbe25b7ca204ee767923b7ab21db4e0232a15282fa05c87aab1082

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          304B

          MD5

          7ae8c1f283dbc422b04ae60dec1e6689

          SHA1

          c653721b3114a4a5afb11c29b04c8994e9377449

          SHA256

          620cdf99bc7bd1e31dded8baea149fd611120771b346ad33ab3cdc176058c586

          SHA512

          22b252ab1287f28b9a3d84650bf018f8ab1c640c726989307bff1cfe737aec0b3d0b6957370ad4503895e4b0987e6ac8bf63c12847a5c2e4f1cc40f12a3c563b

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          304B

          MD5

          9ba7ef5b46abf276880a3010b1b4f4b0

          SHA1

          b3a788086d2997ebe6223879ef3bcd213379e30e

          SHA256

          30b185c14bc2b825d0527c540c62829c3fa71dc906c1ac4d016ea410e8afa941

          SHA512

          1c5a30373ac2c09fae0ed4adfb005a0460cfdedd004bb01de749b1c46df0e78ce7db1ce7a72ea3d483ee2996b33c1c35449283ab4bca329e594c49a316547af9

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          304B

          MD5

          86a1de9e99f34ecdf32d57d9b8e8d6cb

          SHA1

          b6ac294821a12c99d8d3f1eba69aff703f5f2b3e

          SHA256

          9f889f42383b403c80ee0c2df7430f9b000203926d710a9feed18eaae3f5a468

          SHA512

          e1020efbcc00dc4a4a7e1ca3b96c1fab608b428284cb274c66114d4c30301d7e744cfef347cf8353fc6d27d0d8432cb423bd5f842277fd4e567e2bfa3b1ea84d

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          304B

          MD5

          66a6d31be6f762710d1b0e7a58fb586e

          SHA1

          8987142d83b6032260c41835ee44a6bdfd4384c4

          SHA256

          5512fbeaa0ea8d3ec473f7d971d3026c834d42b62ed4845df6cfebdc58fb5c28

          SHA512

          c1bcf2bf591879a0ea2d26a693185e3d38b4c76a53d6dbf57b8f12cb4e87f0d22bb607e50318ed83785358e75e1e969e744f288feff8936c87ef617d0984a5c7

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          304B

          MD5

          c8038d39f3227513061f9b47603bf0fd

          SHA1

          45f22f741f63a7e2e670301e2453b82765df2dc5

          SHA256

          718ef72a3786b52aee7f2796c59b68cfaffc06e038c83b21b592426579c085bd

          SHA512

          11c5ba0ac8378d30ffaeda7c22e363b38967531b9c4c89590d22213fdfcf45abea96476ce77e2fea27a1bcc93008b3c2b697b1dfbf0450de7c2f8e4354b8f126

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          304B

          MD5

          eebc386751c6535afa12a3b744956836

          SHA1

          9ce15c4e6c3df0ba388144c67d7ba1419d65380c

          SHA256

          6f10e239b32fb87edd526880d9e89692bb3ad8a99ad514c3ce4434689c083f67

          SHA512

          381136cf87d53b6f2f5f5ba34dfe53fac2c70da8173a67b225241cf0966e3bd831124a1a01068a949bfbc028905bcdd2e0dd2814d53c90e1e19a6804a5e21bb5

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          304B

          MD5

          3dcd5fdb49ba162d5bbe3516e2ac5cac

          SHA1

          272eb9b87564a69e19639934b987f52768d4664d

          SHA256

          1351958fac250c237814fe4205363182f3f00b897d536ad46e0e9670c1099c21

          SHA512

          b8b753bec2cfb65a3b5737712227d5f427025836e9b27d8cce1934251e4bfbb01f9e479ab230a313dabd6c3f759a0450f4819f2e4815c680a33c46fb863f48b2

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          304B

          MD5

          4a214c73003f3b966cfbdbb7fddb2df8

          SHA1

          8d71eed01b1cc6e3af54a4584e7857171c97e154

          SHA256

          fdd32e28290a213af788d4efce520b1a8221ad6d13177595e251695317c1bd26

          SHA512

          f8bec4d10478921e3804a396fbd2e7170c71ebb803a4f4e4fe20f8e117a88be4fe41f51e46b567dad8a59c66e4dde339432c653644c15cd0d790987fd579e03f

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          304B

          MD5

          d373ba97f63a8c78f3f50476dd9dfc08

          SHA1

          ff749d81e31f3facb732d3639a530128038ccd3d

          SHA256

          867d41a8a20d8b74b7e61f3b63c08269d658b7fe998bc2b3f2bc31a1e348853f

          SHA512

          9af5a15fd2050a87dfcd6625f1aeccbcac053c6f14ae05d309bbb0fbc5e89c23ee839eeab564ec1f79fdc7ddbdcd9469fb631d886816a164feb07f18f02239c9

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          304B

          MD5

          f0b8e4fbf1d7cef63386bc2001a2dad6

          SHA1

          b3607c9de6470ec156857462386ed83d7d58912f

          SHA256

          024a4aac2bdff0da8af38c903f60618733df8122a8aa2690343b24cfd150b648

          SHA512

          9a845403236536ed2124556eb88f398d781803b232b3366480fc071d207992e4318b3c23a1ba6b307e3c711216d4a6b26a1213cb27c9306c6e7c861c5cb4e9ac

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          304B

          MD5

          969a6f2585d6d827e9f02184976df0f4

          SHA1

          54c33b76a45adb58f92fe66c0ec2869d80a59ef8

          SHA256

          b0dd1137c1622dd1108b651df80b74cb5cf66691bbcc8203814f1cc1e3fed0a2

          SHA512

          8ef161400d76c60e7c40fa0f5d3b4b498dc11de17eff78a84ff55e9a963362ca710cd561d3dc739bb45da87cd9999eacccd750cd094a841e801464ca4fed4022

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          304B

          MD5

          befdc2ae7814100031094112dabf684f

          SHA1

          ff54f8a21398b7eed2375c80d09c86318807b64e

          SHA256

          529f5c1332f9808bf6eae858e6706beed5c18b99b54af557373072803e7821da

          SHA512

          523fe029cf3172a942b4b2fee3ad690e5d9c7922b8f5a20f6a45db5315be2ef5f14279dcd123e42c18efae6b8813a0b8bd5532adf735a3ac8d1fcc9f49604004

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          304B

          MD5

          d659fd2e308ff358c6e29c8ae2d19fba

          SHA1

          b933663057a56b48e1d04c130b2cc0a7a7fcc2c8

          SHA256

          d32833221287822711399f48411cdb2dc02f757b31175bb35b74163873b49222

          SHA512

          9b5a612bb2d1c02d4867d0f0e5a5ecc1037150c4bece4fcc0525ef335078647d7c5fc1986bc770bb0fc41c26a223bc23bb1ef424da5c97fede42f71fadf000fc

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          304B

          MD5

          90a37faa4951e9c622e101f0a9c206a3

          SHA1

          d5962378477f831e0385d927892f20845f4f2d5f

          SHA256

          6fddb5309dc1ab04d778faca38c5445d82e836154ba952ddbdd471b6f664f258

          SHA512

          dca6ba6661d8910e66919a1afca8297966146b88a3ae4f0280722c5525d18b7e0b0a7f5dc632a97f4d6c9443c5db44322b3190fb6ee0e68c39583270c7c5391a

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          304B

          MD5

          31302ca037ed768fa699b6933ad32196

          SHA1

          d2b8f1d4d546d894300cb809de1ab379a3cacd6f

          SHA256

          23e4935f3cb0c624c4f6f3c28373ac12d548ab8f83caf165f0af3327aaf7ce7a

          SHA512

          42670ed036fec8143397fe8d37af5d5f579fd9e62af040dd92058e4c51d681af6e80ede0bda01747c84f6de33cfe4c463a852c83130ca5e329d2c8d1f4ed399f

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          304B

          MD5

          49075421a7b805a989a38b02f23797bb

          SHA1

          62d3d02e466a1fa91a2201a6ac54ab6805dac0c1

          SHA256

          87dd9d12a63a0133b8e7cd7db7348260b2bde27d367fa0d18c37fb2ddb2afeb7

          SHA512

          a86377e092df7b20a653d9fd6966e875606186205afedef5ce705c3d8e11f63bc9f110bcc344b3d8ff6c33d4da51b5c0eee13c9248beec39794089122d82b995

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          304B

          MD5

          76ef2689bf24e32ba6567a305d1938ce

          SHA1

          b56ee2bdcf5e8a2bb29edb4d3b7aea57ffc4d7bc

          SHA256

          3a866c238192988b50ee97ecddc6c0597c3d3080d19c1f9baf3595e3adb4d7cd

          SHA512

          d384dfc5f0a2e03c9105fc9345af52d338c086e6f0223098423aff4741d027d49ca6635db0203c656b9cfde022b997b67f09e6fbb89be8a76967b63480cf8d88

          Download Submit

        • C:\Users\Admin\AppData\Local\Temp\CabC228.tmp
          Filesize

          70KB

          MD5

          49aebf8cbd62d92ac215b2923fb1b9f5

          SHA1

          1723be06719828dda65ad804298d0431f6aff976

          SHA256

          b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

          SHA512

          bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

          Download Submit

        • C:\Users\Admin\AppData\Local\Temp\TarC307.tmp
          Filesize

          181KB

          MD5

          4ea6026cf93ec6338144661bf1202cd1

          SHA1

          a1dec9044f750ad887935a01430bf49322fbdcb7

          SHA256

          8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

          SHA512

          6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

          Download Submit

        • C:\ecommerce\dialer.ini
          Filesize

          5KB

          MD5

          24c3e829933d7db688dfce7348931198

          SHA1

          1be439cc2b068aab010ed3a2649d101bcdac324f

          SHA256

          80ab4734f2558d6abd578d7990981a905ddb0cf9c6f423c8397bbf5f117e4c27

          SHA512

          c2727f403e6db332140bf5317041f34f7c1e53d90a6f0f352800f5c345a879ce3eadf69689e8d0b3f95c184c0eee1dd9df48a02b372edfa151a20dde3d7eb5a7

          Download Submit

        • C:\ecommerce\terms.txt
          Filesize

          8KB

          MD5

          a084f3d497f702fb83c8040bb966b231

          SHA1

          ac2c7085a655ba46572278ed5fa573f3c8c41781

          SHA256

          83d99e3cdbc84e171c61553d3d2c07c4f04ffe548a3702405b09c413c38f07cc

          SHA512

          bf86082663f7ee7e38b7e36c8ff366ffd5cddb39718aab51bc811c9a78171c9b314cb5f09ab3256f4c678a37365406251928781bfd359028bbf0a7a9ed9611fc

          Download Submit

        • C:\tmp.ini
          Filesize

          5KB

          MD5

          f5dccda843713d8267ee41699b4b6885

          SHA1

          df12a85a7824464b48e2c254d7403a8a1a62bf01

          SHA256

          224096aa0de1d559e6b1099e9774f63789f64991d8016e6b0757490984ab3b3b

          SHA512

          5c36fe3c685186cbc5eda32a8d41881c350d8dab4c8dbd430e1b312d9562a72c3c736c1d93732eacc0e421434dd5b8157bfd00958fbcc5fba494aa7fef9e23ae

          Download Submit

        • \ecommerce\dialer.exe
          Filesize

          90KB

          MD5

          722e8a175f3dee2a94fc966c86fd89af

          SHA1

          fed100426c1870b55ea77d7b5177c011c26257bb

          SHA256

          07187d445d67eabcae28b34bed76f0c62b8d92eb06ec0e4707948f0594e610b7

          SHA512

          f06c797892cf753036500d1225b023ca525f638c2478993059ee2a6bcf0d50e658c15446debdbeec15419b4c3b29d8c1a45b1a5b2af8baee5d4ae3724bd5b4a0

          Download Submit

        • memory/2532-0-0x0000000000400000-0x0000000000416000-memory.dmp

          Filesize

          88KB

          Download

        • memory/2532-2-0x0000000000020000-0x0000000000036000-memory.dmp

          Filesize

          88KB

          Download

        • memory/2532-1-0x0000000000020000-0x0000000000036000-memory.dmp

          Filesize

          88KB

          Download

        • memory/2532-49-0x0000000000400000-0x0000000000416000-memory.dmp

          Filesize

          88KB

          Download