Overview

overview

3

Static

static

3

MEMZ-Clean.exe

windows7-x64

3

MEMZ-Clean.exe

windows10-2004-x64

3

Analysis

  • max time kernel
    47s
  • max time network
    47s
  • platform
    windows7_x64
  • resource
    win7-20240729-en
  • resource tags

    arch:x64arch:x86image:win7-20240729-enlocale:en-usos:windows7-x64system
  • submitted
    05/08/2024, 17:53

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    MEMZ-Clean.exe

  • Size

    12KB

  • MD5

    9c642c5b111ee85a6bccffc7af896a51

  • SHA1

    eca8571b994fd40e2018f48c214fab6472a98bab

  • SHA256

    4bbf7589615ebdb6c769d6d2e7bdcb26072bac0cda6e225a4133ba8819e688d5

  • SHA512

    23cc74b5a7bdf70ba789d1730a0009414cfb9c780544e3d8d841be58782b9a9a089969c4295a0da25d07285505992386486d6ff0524e75605b96bb99cd3aaa1c

  • SSDEEP

    192:BCMfc/GinpRBueYDw4+kEeN4FRrfMFFp3+f2dvGhT59uay:AMfceinpOeRENYhfOj+eGdKa

Score
3/10
discovery

Malware Config

Signatures

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Modifies Internet Explorer settings 1 TTPs 44 IoCs
    adwarespyware
  • Suspicious use of FindShellTrayWindow 3 IoCs
  • Suspicious use of SendNotifyMessage 6 IoCs
  • Suspicious use of SetWindowsHookEx 5 IoCs
  • Suspicious use of WriteProcessMemory 8 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\MEMZ-Clean.exe
    "C:\Users\Admin\AppData\Local\Temp\MEMZ-Clean.exe"
    1⤵
    • System Location Discovery: System Language Discovery
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:2168
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" http://google.co.ck/search?q=internet+explorer+is+the+best+browser
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:2576
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2576 CREDAT:275457 /prefetch:2
        3⤵
        • System Location Discovery: System Language Discovery
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:2572

Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          342B

          MD5

          db67047fa1c93554a6794b1c8a1bca81

          SHA1

          c76a8c4d64883d77e3b53a29b03f48a6e020635d

          SHA256

          7b5ece5289e35c94fe1c74f7e53cf658b0319058d64ebb80600051d1c956a6eb

          SHA512

          69d45807fdbbd1f96713e4b681fcb7329bc7d0a0ae4712df85db92001ae66abeb546520f08b552a8b48d69d2b7c63f808421a0c8b7ed7c6f2610a20c0760eae9

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          342B

          MD5

          38b803ebe23d68a9e985981aaa4dcd7e

          SHA1

          caf11dd5eb74b98600dadc212db3ab08ff13fcd3

          SHA256

          1994723c43e610137b93a26ff752dd336fce73cea0e84e394d8946313aec072c

          SHA512

          7da2c52876e3c0a3e79ffa976c2cbed072878a0f159948c6d0804467c97e88aa68038529159c4db113baa7a2d27351a09c37a4228f9194fae792e5055e78c659

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          342B

          MD5

          93459792217cb304032617596bd18a7c

          SHA1

          7e4b408565c419b54ed7e11456ddd9ec1c092b30

          SHA256

          8de565a828b5131f733b3537669f8048d9e7ea95ee51d6491980e069b7babb6d

          SHA512

          5eba3577f0b6981a0668165bbf98fbc9ac6daada977c7888c69ef6db6985d82bba5f2062cc282d85b76dbdcff8130704fa5e7fe21313fcb8ebb67ea7e31dc57a

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          342B

          MD5

          6f0965b3edd99b4d3e4ae47dbc8a6754

          SHA1

          e40cf4444a883685d406b182c6f58188be54f6f9

          SHA256

          178ec0bef659fdcb2c794a806a234c76457abcad5cf2552c770cc67e47e84c72

          SHA512

          dbc14a63d334a1c97558dc7455db8562a519f08602ad929f9cf03738fc01d23a8c4e62c233b7d12c2815e71d515abfe0818a758e4dbb8d32ae1370d10595ae40

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          342B

          MD5

          a790cf72bb9ad3eeddabd1205e07d38b

          SHA1

          62e21a7778643f644dd321bee96bb935f461a0bc

          SHA256

          7f83fb86d039ee67d2d1762e1a4b54af3d0b9bb591c466ce9553d73c2c521a0c

          SHA512

          823fbdd0f5f00d22dde03c351b4e92d2651d177566fdcfa4cbb84d6896c4f04ff988b5710a522d79a2b487ac3292f93108c176f918ea463b0203d661252aeced

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          342B

          MD5

          557d4ae0960a0254867f7ef318607102

          SHA1

          621ef833b31005932f40fcb48a6b18b6e37a173f

          SHA256

          d1a8bb436f69a33a6052d741f6f668c8528e861e2da1102f89bbd0a3304aa2ad

          SHA512

          9b7ca97f0d850badd1337b98d31b1d6769f23c3f8d323b615970d1aad88324483733fc5e6f1533e8566b96fb196abb711e135f39c8ccaf2a2c78dd02543ad118

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          342B

          MD5

          4e6da843515d2fe90796c5fbc6800086

          SHA1

          309cfaded3e25b7829f202c8ea5453ccf09ce508

          SHA256

          dc9bdb546ad50cc05217f992387ff71b34ea91b183497ebd9d35e4922f6e7e7b

          SHA512

          ce8834362eaa5123b9d12e93bcc384dda90951527ac5ab4d6c754b220079704f7858a9eeed10afeb805b129d95fb923e630ec7e61dbc8e424e2491dab2dd4a8e

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          342B

          MD5

          ccd2433a4e9c0d19050ba7bb1db6f901

          SHA1

          4f0e37cf3afc14834825f92c43bee5e4b02ec15d

          SHA256

          6e27ea31b76ef6fdad64ce27f39f1f008113dd6d228bb69276fa41893c385e50

          SHA512

          0b7b4ea24f716815ee85f639b4dd91c7ee31309c1c763ccc363f7aba5eb508e90f8a96734f1ef6c261cbe8673743879a7fb1f9cbc72eaa94b91768fe7267c372

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          342B

          MD5

          b8530df73b0ea5d918289864cf1045a6

          SHA1

          95815546889c02a4c2f0fe82f806a3c8a75ed167

          SHA256

          5ad0897cc38fb183726821c536542ff28de3261933230f04455e5abe19f08890

          SHA512

          fbbaa71bb18d6e34bdf6fac950d085910e8ae5afc03c95dc0967f2b4d3041fcb06a161a62356f54d158c1d54899fd007ba02420642d6898083001cc3d25e8c78

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          342B

          MD5

          76d47e7a5541a960939184ff95496bdf

          SHA1

          71b6ed66a0b90e8f2d533538bf86133156c4d780

          SHA256

          3c879683e9940127620018e0a0773ac516f3d9a33a895eec1bda3f31cf8a56a9

          SHA512

          da55de8d3007154c7873f121c122b55a6a62cca72de8a8cf4df435cd4cc3ae8f1ed0092b2b93cdf95cb827a7e5a2154dc28c65dcdfddb9ff86e1af213e441b06

          Download Submit

        • C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\imagestore\pzrzu69\imagestore.dat
          Filesize

          5KB

          MD5

          e7b6f7acada72548340cebfe251a7626

          SHA1

          7960331db624f72f2e0cb46ae29c296db3b68cdb

          SHA256

          16f104f037e37d8b4c0b73fdf51b926cdf44a95644410492e08b5cc05a651694

          SHA512

          f1628ad60b95233e896bc179081e097b851b2cd4ca616f07604d3413683dad3182b503d126bb135d1c40c3a71633f29258836fb67f505988b489dd8493151b43

          Download Submit

        • C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8B420DKQ\favicon[1].ico
          Filesize

          5KB

          MD5

          f3418a443e7d841097c714d69ec4bcb8

          SHA1

          49263695f6b0cdd72f45cf1b775e660fdc36c606

          SHA256

          6da5620880159634213e197fafca1dde0272153be3e4590818533fab8d040770

          SHA512

          82d017c4b7ec8e0c46e8b75da0ca6a52fd8bce7fcf4e556cbdf16b49fc81be9953fe7e25a05f63ecd41c7272e8bb0a9fd9aedf0ac06cb6032330b096b3702563

          Download Submit

        • C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LW44N8OS\recaptcha__en[1].js
          Filesize

          531KB

          MD5

          1d96c92a257d170cba9e96057042088e

          SHA1

          70c323e5d1fc37d0839b3643c0b3825b1fc554f1

          SHA256

          e96a5e1e04ee3d7ffd8118f853ec2c0bcbf73b571cfa1c710238557baf5dd896

          SHA512

          a0fe722f29a7794398b315d9b6bec9e19fc478d54f53a2c14dd0d02e6071d6024d55e62bc7cf8543f2267fb96c352917ef4a2fdc5286f7997c8a5dc97519ee99

          Download Submit

        • C:\Users\Admin\AppData\Local\Temp\CabC312.tmp
          Filesize

          70KB

          MD5

          49aebf8cbd62d92ac215b2923fb1b9f5

          SHA1

          1723be06719828dda65ad804298d0431f6aff976

          SHA256

          b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

          SHA512

          bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

          Download Submit

        • C:\Users\Admin\AppData\Local\Temp\TarC324.tmp
          Filesize

          181KB

          MD5

          4ea6026cf93ec6338144661bf1202cd1

          SHA1

          a1dec9044f750ad887935a01430bf49322fbdcb7

          SHA256

          8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

          SHA512

          6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

          Download Submit