Overview

overview

7

Static

static

7

afrsu.exe

windows7-x64

7

afrsu.exe

windows10-2004-x64

7

asf.exe

windows7-x64

7

asf.exe

windows10-2004-x64

7

asu.exe

windows7-x64

7

asu.exe

windows10-2004-x64

7

asuf.exe

windows7-x64

7

asuf.exe

windows10-2004-x64

7

frsu.exe

windows7-x64

7

frsu.exe

windows10-2004-x64

7

sf.exe

windows7-x64

7

sf.exe

windows10-2004-x64

7

su.exe

windows7-x64

7

su.exe

windows10-2004-x64

7

suf.exe

windows7-x64

7

suf.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    133s
  • max time network
    127s
  • platform
    windows7_x64
  • resource
    win7-20240708-en
  • resource tags

    arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
  • submitted
    22-08-2024 21:42

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    frsu.exe

  • Size

    13KB

  • MD5

    4c49677e80c4bc831ab50fefc7079a44

  • SHA1

    038d23a3bec8e4225d9b3029af5ab98a83d5e532

  • SHA256

    1827caaaf4f9286ad28339bba1a9e45b54e358e3a335defaf9e940bfb265fefd

  • SHA512

    4d0d43b798d74311e4f10d8cdc318df03933d2b1bc1ba91276c19d57acd66588afd2c5eb6a07fbf2c610feaffe1a54f434fbd91c161e5ae8785aeb8473bdd473

  • SSDEEP

    192:L89dBH9j/sAacK4oua7Rt77iztuO4Wu7Br9ZCspE+TMIr3/bjOg+vtwJrGTU8YNm:2zacJe7GBVJLeME/bjH8YNm

Score
7/10
discoveryupx

Malware Config

Signatures

  • UPX packed file 2 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Modifies Internet Explorer settings 1 TTPs 34 IoCs
    adwarespyware
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 7 IoCs
  • Suspicious use of WriteProcessMemory 8 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\frsu.exe
    "C:\Users\Admin\AppData\Local\Temp\frsu.exe"
    1⤵
    • System Location Discovery: System Language Discovery
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:2232
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" http://ads.eorezo.com/cgi-bin//advert/getads?did=1077
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:2700
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2700 CREDAT:275457 /prefetch:2
        3⤵
        • System Location Discovery: System Language Discovery
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:2712

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    8172d9af289f541798258369086d2943

    SHA1

    5713a31cf10caf0736ed777e063b56944b21cd32

    SHA256

    839be1445686154c01363a477865a39a6adc51fdc7f00f6f16b8ea5849604dfc

    SHA512

    67c9bffa2615b9b1020fd36f019c6142eea23cd457dd12744ad5c7ab1d1167487b263b527e78f1765acb9baa8c163749622350b19c3c6afb2fc2e788a082799b

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    bffc7d8efacdff70c31849fd99f4202d

    SHA1

    4746fb02361a9493e900da3fa2d4d353b7a806ec

    SHA256

    f6a2a20964fac9f4f1056f306eaa25c8dd4018d75239c57e19a541c6ccfeffb9

    SHA512

    5eff9e654b964c0944f16253e70a66f3054274c13cb8a51c22bf6899e149c4a0b42881c5ead26f5a5d0222ead5e55a51bf6872d93921c36d9ab5c13c0a11c23c

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    645d9255b67d7115018b0c7540d829fe

    SHA1

    d416fb61b3bf9235b4e1620bc1f3bd03c0ec3016

    SHA256

    199e7c3fc8c6098d47eaa4b55bde0636647c5770fde479758eb6296c07077ead

    SHA512

    cb16343e3b9661870e65a9abcddb62eda3c95d97e3aa90356b04991436f100d106e11103fb4915eeb58b74ddfbaa2fa86d9aa04fa629b3d0517b66f57b67d1a7

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    1be8f19a09ae644ee0cb7755b6ff83db

    SHA1

    2ca3302d1090da1c81c7bf9ad62e261d0152c6e9

    SHA256

    4f7941919f6a3d2ab6444e010fcb75de37cb2d4dcd7c2c273fc4cf8625fe1038

    SHA512

    2342b0f976e90218f596733ad3f5e016d4321035ccb1f5ca498e21c83c6cd1169705900e0c913ea25ee3698f951e4e3c06aa2bc00188ee4e5810869830d4f505

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    fdc9dce9abd777b4650e6c96ad50e805

    SHA1

    83c39e62bffaa2c5ce9dc6a572250348b1853e40

    SHA256

    1d422f26c5694df24e585a73660b4b1ad1c01c3ac6f6d2565aa692d44f7e594b

    SHA512

    700009ca28e266e70b202966ad353dc5ab8f6b3bc113623fee33f825fef1826d4b63e7e5596d29fc2235185727162d402ce592ae8083fb59413506d0596a26a7

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    3c6d3cb3acc1aa88560e239d20de48cb

    SHA1

    dfeb3c992beb709202f57d43f0b07115723f33ba

    SHA256

    4d658ce0791ee6ba6936f16c738a3ffa5d74583146693dbbcbc35a10b478913a

    SHA512

    f01365c47c96e99c1e40d01b50f0f5e12debacc0a8bd97e6961aaee7b1c43942a0df1975e49e8a0bca5f6c47d761f34ce448a218d07a1ff32532bd0a902edfc2

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    a912e4f6e08169c178e464ec849650ac

    SHA1

    bb8958b9f90f6f2462010396e81341848da69e9c

    SHA256

    8cf3c84a7dc42591b9d081cdad2d2f5fc7fbd3659c91b3331d7a36ddc80cfbb3

    SHA512

    f0806a2942bddab2e084bb38a16046964ae2a26c9559a508a5ef465824495933af9cc895ebfee8a2186406c398ed1244dfc1641cfe2169e38e802024b044cf7a

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    3045d2b4aa0b5712936ec94c2e27699a

    SHA1

    be87bbf60406e3f0d4be21f323a978ac3ef56595

    SHA256

    88e3fd53f3dc7318c14ccb28f49ebe8bfa20bee460ce96310263d22e0503f4de

    SHA512

    cb4ec6871f2e6d52d7aafd369fac149b06d5afc8bb415645cc1b8c3084bafa2da5807f8bde05aeb689bfb600292c2b0b4b097222539287fc84220aee97208fa0

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    773956ce4cbe68c888f8f17b898c3726

    SHA1

    f0030b5a229fd04dc7b9a40360a3846c39eb855d

    SHA256

    c773ea7b0e54e49d26c9dd7ea02a8a643c34c87bcad9167411fb3c1b496d7315

    SHA512

    9608887b6658b18dabe9a5e14e47fa3d981880b16d0ff8c3d157f790e50ba25b452345a08730870adeaf92f1cf322e7eb151f05c8fcae7a3617556915c24b56a

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    3335c2bdb842e1418bcd5cbb503f6363

    SHA1

    4f217cd423fa3dc32acfaf351e0be96f231504f2

    SHA256

    1de9da30cbe04fcd5fe3dacdee359044069017cf64161dc55c885431acef2915

    SHA512

    ed73eb1f94e73d7fb4dd15909a6bac9ee7094137a2bf032bcf4d42e474718837bed4d0497c3bb1558c246e990b283e1b6ce33a44e2afc6cdd7a106d79e3fa3f5

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    c289e56c9b8153f11e151573dc70b060

    SHA1

    0ef6c2145abcf31f47817a79669d5e4b73241a0f

    SHA256

    29f56b51aaf1749363d8964fabf1f49c40ccb6469dc77941412309f36a16a9d1

    SHA512

    17a9c61d51fbaf435f2ca5ac2d7924592344a4edad267d82633c2d1bb9a9331263f8918d3ead065cf9f5cdf28f924fd3d0edd8f8116d4a666c001f66d48a526f

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    6185f77fcb7a3ed2e18eff7029254466

    SHA1

    a161054a515111cc9f8b573a6c2075d7b9af6759

    SHA256

    efbd7b997235f9b9803620efcb838cf5e3a90285a1340f2a3a167ea34521316e

    SHA512

    9421a95c9d65a25c52969e0d6b8f6a7f265692a777c05669d776d4d8ac5b43fbbc7e5ed0fb29da869dad9393f1ba0e5b58cab821f04132d62775ac8cbb561b00

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    881ef3fe651f0345205740083b75df02

    SHA1

    9017b11d939d87d7049477da24dc0df7c9ae5802

    SHA256

    f420ab4770dd1234bf12f86bc2533aa3fc9e382b88a0afb8634e3af6eace9b96

    SHA512

    b0b20dd130f7a74a38928ff1b1e9b1ec5de1932a8f695cab907a9cf4c55b053dc2c47c7f5edb5cbadd43e6d49c7c944858b053b5f62835bc63d13da0337cb5f5

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    6e423686109f93f8872f6f0458e24942

    SHA1

    55bae05fb776fa86c96432984fb92ea60e79622e

    SHA256

    d867777d56a1cb46cb843432d9a03bc0dfb214386f48f8497a265d531655b774

    SHA512

    a1df45276efbc4c3dcd624f2b871f4b9354bf75a5b6cbdca29387fecad254744aa30e9b8995e5b5a3c065d390d2e48571147b3456d11fc8ef8c1688afc3e079a

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Cab3FA1.tmp
    Filesize

    70KB

    MD5

    49aebf8cbd62d92ac215b2923fb1b9f5

    SHA1

    1723be06719828dda65ad804298d0431f6aff976

    SHA256

    b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

    SHA512

    bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Tar4041.tmp
    Filesize

    181KB

    MD5

    4ea6026cf93ec6338144661bf1202cd1

    SHA1

    a1dec9044f750ad887935a01430bf49322fbdcb7

    SHA256

    8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

    SHA512

    6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

    Download Submit

  • memory/2232-0-0x0000000000400000-0x0000000000408000-memory.dmp

    Filesize

    32KB

    Download

  • memory/2232-2-0x0000000000400000-0x0000000000408000-memory.dmp

    Filesize

    32KB

    Download