Overview

overview

7

Static

static

7

afrsu.exe

windows7-x64

7

afrsu.exe

windows10-2004-x64

7

asf.exe

windows7-x64

7

asf.exe

windows10-2004-x64

7

asu.exe

windows7-x64

7

asu.exe

windows10-2004-x64

7

asuf.exe

windows7-x64

7

asuf.exe

windows10-2004-x64

7

frsu.exe

windows7-x64

7

frsu.exe

windows10-2004-x64

7

sf.exe

windows7-x64

7

sf.exe

windows10-2004-x64

7

su.exe

windows7-x64

7

su.exe

windows10-2004-x64

7

suf.exe

windows7-x64

7

suf.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    68s
  • max time network
    134s
  • platform
    windows7_x64
  • resource
    win7-20240704-en
  • resource tags

    arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
  • submitted
    22/08/2024, 21:42

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    asf.exe

  • Size

    13KB

  • MD5

    a9ece0c59f3cd12697c93bb06923fd5a

  • SHA1

    d32f8a0144a5ce24fab90460d40e67916eab21e5

  • SHA256

    2045c1489cfc83a34f44f82f636cbd5e5970be5db021a1546d059d869d3678a0

  • SHA512

    798dcd7ab83a937dd77d9bef08ba024593afb3d6d2d430704d6b72e0a7d353aba567d4cff408c3427c08d261dd414578b921526cbe9d77bea30221ca324caefa

  • SSDEEP

    192:L2M9dBH9j/sAac1tHQen27LDxdjB7ylRr9ZCspE+TMwrRmK+vhOr6h:3zac1twr7HxdleM4mN

Score
7/10
discoveryupx

Malware Config

Signatures

  • UPX packed file 2 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Modifies Internet Explorer settings 1 TTPs 34 IoCs
    adwarespyware
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 7 IoCs
  • Suspicious use of WriteProcessMemory 8 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\asf.exe
    "C:\Users\Admin\AppData\Local\Temp\asf.exe"
    1⤵
    • System Location Discovery: System Language Discovery
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:560
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" http://ads.alpha00001.com/cgi-bin/advert/getads?did=1075
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:3020
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:3020 CREDAT:275457 /prefetch:2
        3⤵
        • System Location Discovery: System Language Discovery
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:2780

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    e80b847937c02c5bcb9aca0c451ce34b

    SHA1

    b49f0ff174f05837f59dbc9da859a69b6f78ea81

    SHA256

    ea4a939f03fa269521293a7e5e09b9f40051c8ff313a9f10d57c6da2be2304df

    SHA512

    39640c2d035393041d0be29542e1df8c3cffa565aead153ec4ba716a690c4256445eeb1d244bec71248a93e71b3c8e3808a1aeced08ff748e7f10f354ab2913f

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    6886f6354ecacd565915c7675769724a

    SHA1

    8f5088e2c7a83a77cf228404c49ae3dafd67bf72

    SHA256

    ab7b8563712b41e901e1f9dd105c0674769441a21b2e41833592e52e19ed2892

    SHA512

    555db7445f9a18b848b1879fcd32321f2c82268c8b1178f91ef37d699e17425a9b7a82761b8e943deff9d5a93b8ad7cdceb0440a131d3b1ab9b6e91b35a92bd1

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    b28d0be7613b4a9440f606c80c3157af

    SHA1

    99d1f7cd7ced5509353aa7726545207864708228

    SHA256

    dc4ee16ee00ed7648ecc6d983ebfc846951c0ccfc25cfd60a5f321f5941c4523

    SHA512

    1285525d49ef67e6c5b45d1434fab508601fb78a4fc96f89f0b37cc8a459657f474ef034f7a711664668c8198e59261264e61305f463798b26a836f0e5435af4

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    0b1791677566ddced674c5baa7c4ebd3

    SHA1

    993ec87d758043310bdcdb97227d8a67c75dd22d

    SHA256

    3c6698240affd0581f472f81e36c7229bafae1e700c9ec9a08c30ab5ade4282d

    SHA512

    48213b9c5b07506f05f9bd0ab85475800459b02ac09a9efdc90d05239ede2e239311e63f1328d102226f78930518896196e5e312bfad2df7d2271b95fa0fdee0

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    48ba4cf4aa48c669077ef95adfa68378

    SHA1

    cc5420a53007366e4c2f78e04f1e6ad7ada2fe68

    SHA256

    ee5ee20e534bb747cd26651d100e7024b12d014668e3974d3ca7fa0dc5a1e486

    SHA512

    581b4cbe75848ac5975e1f3bed4cd298223c2776a561858cb157936b36ca94be19479edc100277724fb0c729e443dad7115d91c20bdc1efd482e8de075677652

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    bcdd9fb14ddd7eb5825620afa65df117

    SHA1

    3b4f2916201fa0f9005b9763ed58a91b31bc9d0a

    SHA256

    45d1e5f086dc083b34a502c660768882a29b0c33656180332bc12ff8a7662501

    SHA512

    f39aa4bc502ae44092334628302365f4359a66df7f25a5fcbe66f29589f23dbaf08aa5ee8d2a4d646741480e48b509d4483bee1cdae86fc7a86438e94bae47f2

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    626ab5c00e0d9af50f801e607cdb48b3

    SHA1

    fcf4159650daeee4e570c818831be043c989bf53

    SHA256

    77b46b2997002d55af1720b46957dd5481ef7e2fb2e61d99d9f8613bfa3e26e6

    SHA512

    0c04fa08cea85a97bdb885ffed7b1e3fbb558e71159bbcd6158971a28522e1998a5d4d7b3ce0286fadfb193e8a4c3411d9b4c5fec20ce5c1754e995411e21c49

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    3500c9433083e4ba21962ca88fe54ab8

    SHA1

    8170938bcc2041a0d177b36142ae3ba462201e23

    SHA256

    09c1bc641e95e52f5e2807675bac1482b6d3c730456dd2dc990837392409a3ee

    SHA512

    dd0b1468b01c462f26603c7478314a315df96f530216de4ff27a55c4fc7120efd39ab591420aede08c2b2693ffc176eef0ae49f66729672ea745a57c1a968f23

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    0fee0a23b5fc60e8ad4c3f504faa4eee

    SHA1

    02b8284e12bbc8302aa5752702be898c93a856b3

    SHA256

    5b8d4fdf8dba1369dd3f9eb0a333378120affebe331e6ab3744e96f2af4a8097

    SHA512

    426281a3d4a5c09cea9b3ffcdf82f6734d270f4fa4be1217ce80afc376d2196448b2781983c773473eb37b4e977d362f855ff6fb74e91ee9891ff61df9ace735

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    257324812d8dd0c303ffaf4bddbdf6e3

    SHA1

    e2953e5d9d7f0fbd628b5159ab80e583986e62bc

    SHA256

    48d79cdb62feeece2769fe6ca9e3587dfbadb799472ade6da3c9474835170c10

    SHA512

    13b11001b1cce09014a202952b6e44e4f2f6f0e0704b9df7156c3c9b64ee1b131452ff0e83068fb44bd0f935bac5affb61c005ffcf3fd204ab48644af59c0a39

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    43815b70078d27d1e7d5101b4cde48df

    SHA1

    880fb5c065fae31dfc790ae6741cc2b673c3259a

    SHA256

    93f29c414e914f06271cfd7cf83176c673adc729b5bf96fd39755d3e77383bca

    SHA512

    7dc97eadf464cad13cd0e9cd36044042321302250798ed199832da50c336e4b57bf50964874bbe3348d908cd596b77c8e95d947e651c01f4a97a77b11a34cb8c

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    7fddfb7a8bc46d431caa23bee15ed9dc

    SHA1

    209c03abf423e3e21d454e091c7f5f9fa99625a5

    SHA256

    846cdee00230989795d1851a9c5cb9813755dfb0382dd46a23e6bdc661c39ed6

    SHA512

    c308dff53ccbea75de26319205ee874f8afd28005bcf167704654e3877651c53748e966b53433528f0d8927c8ddabdbdea017b37e784d1be849a551fc5bd4610

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    291658b0b7d32325f67fd924e079fc98

    SHA1

    2e6a9da27dc48e59cec99f113cac0d8770910317

    SHA256

    c51ddc2634fe348ccb833934f97566480a215676f716d992ae32fc8ba98e023c

    SHA512

    83e5630501099908e00244a1f26aad42b5c70f88985cff77a3f8d0d1a784e6aafa77d6278bed24e9c0eebb4cfe5ee23cbe2eeecaadff493e46e010090e1824f0

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    132eca1e72a44ed430d714565361bc70

    SHA1

    892acd7412942fcbc2fb6b268c8c49d4714a623c

    SHA256

    fde133a550952220e3a684964b8064c54682383cefc2d84e426747081837de74

    SHA512

    888b706806e7ddb32b2a37bf89dcc39f653e6fbdc32ccd93e5b04a7552549423a24d24104f790c7369841aea8bce0bb1fa1376fb1623c2334db1b2a36d204bec

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    cca1f7db3081f406159e2535ff0c8d4f

    SHA1

    2aad85f5fcf2055d3b88f11a81b75d09af24d23c

    SHA256

    967341241dd700556b24b8efb5a968f0eac3c4861d5208053c0e7612a8c5e6b3

    SHA512

    1f16c74a4edc43eccb1a0a000115c713e91c0baee480d644ee5e5da42b9273a8ce543475de5965ca11637054d588c1f12eb51672de440a3afdff014f5003fe2b

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    766a1725d4ec6f6577bd5a842256f66d

    SHA1

    ba03e897ef5ea9fbbfdd08b95193872b9ae07edc

    SHA256

    b7cf07e6f5ce55a5592c76d62b66d03c1751416459239d7957be62b5547953b5

    SHA512

    bb0a475e0e8392c93a5b7721963224f88932bf5e858ba848a0e332f9a16b499b93d88fe9e718b226c354a0e730fa4cbca5a7902ce27f47d5341bbfbfb1655d60

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    0569b9f039e82a6887327316044c1baa

    SHA1

    028ce4a20b7e59d890823fc807b913c5fb7b44d2

    SHA256

    ad7f23e74fbf6fad3cac1e75bd7db4924a36032ae5a692f3d0c66e83127e5268

    SHA512

    3b720ba63d0d753dbbcfd92aa1a9dddb11250eeaa5f9df7282217a82b7b5687fb5c48602b0b81ca5d2d48719e1a623f2aba45a1c572e1ae3afa86f83746ccbb1

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    9fbd907fabf16136e74600822e763e51

    SHA1

    a25a3a2edd23b4630a8249ba6ad4908ec4726c9e

    SHA256

    f37161824eb3feb396d567bc1a31a8e343c7b1d06920d0487b51325cec729bb6

    SHA512

    ab6ded8bd7011cdb2451f16b96c8f35d618302e949bd6420ffbd3e9b42f27519799befc4373d07c00d04f4eec4bcf2ab28050c2ad7f52e1e1d298cd450c0f0c3

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    deb187ede36bd30c4a249f7450e38e60

    SHA1

    a40945a415a52a70b874de6f45c6faab56150702

    SHA256

    aa1cab0897fff0a6f63ce349696c0a3e83c2805ad085f8f9b646b24d45329658

    SHA512

    c1dca8f963323a8d6446f07f2c22b3f663411b17a391fdd4e55152fd58ff0475d8a55592e2973e592823dd5e0c7f20a875be331bf13472c813591908309dd407

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Cab3FEF.tmp
    Filesize

    70KB

    MD5

    49aebf8cbd62d92ac215b2923fb1b9f5

    SHA1

    1723be06719828dda65ad804298d0431f6aff976

    SHA256

    b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

    SHA512

    bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Tar40AE.tmp
    Filesize

    181KB

    MD5

    4ea6026cf93ec6338144661bf1202cd1

    SHA1

    a1dec9044f750ad887935a01430bf49322fbdcb7

    SHA256

    8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

    SHA512

    6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

    Download Submit

  • memory/560-2-0x0000000000400000-0x0000000000408000-memory.dmp

    Filesize

    32KB

    Download

  • memory/560-0-0x0000000000400000-0x0000000000408000-memory.dmp

    Filesize

    32KB

    Download