Overview

overview

3

Static

static

3

8169f55789...84.exe

windows7-x64

3

8169f55789...84.exe

windows10-2004-x64

3

Analysis

  • max time kernel
    148s
  • max time network
    149s
  • platform
    windows7_x64
  • resource
    win7-20240704-en
  • resource tags

    arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
  • submitted
    22/08/2024, 10:44

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    8169f5578974e259418fdcb46119598b6d27b447037a8f2b886ef5748bd64584.exe

  • Size

    7.9MB

  • MD5

    cec65cf9f3b90fa8082ae676762ae518

  • SHA1

    18a1def61eb0091a184a3459bf6e43aae5015fd1

  • SHA256

    8169f5578974e259418fdcb46119598b6d27b447037a8f2b886ef5748bd64584

  • SHA512

    429f2005895cb2f5cf2b38124a8327ecd99a505e190548b85093957d40eff27bc1846f8264053335e3bc34cd98463ca024c484603a14338cbaa934969352164c

  • SSDEEP

    196608:L2rMaDKzPJt9u/k6GuAfP/hRLXMWZV3D5OpXj4D7aDfhJ:yct6knoWZVzApXQaN

Score
3/10
discovery

Malware Config

Signatures

  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Modifies Internet Explorer settings 1 TTPs 34 IoCs
    adwarespyware
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 7 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\8169f5578974e259418fdcb46119598b6d27b447037a8f2b886ef5748bd64584.exe
    "C:\Users\Admin\AppData\Local\Temp\8169f5578974e259418fdcb46119598b6d27b447037a8f2b886ef5748bd64584.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2852
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" http://www.ni.com/rteFinder?dest=lvrte&version=21.0&platform=Win7_64&lang=en
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:2388
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2388 CREDAT:275457 /prefetch:2
        3⤵
        • System Location Discovery: System Language Discovery
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:2828

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    20b594828ed41c85d7714477114c4082

    SHA1

    78b80e954fe01fe88e4d9864a7a945742a1ea26f

    SHA256

    40996e1797934470324a921fa2134fe36901064e1b0a744f3489c5e2ed0f7a05

    SHA512

    081435d734874dd1ab5ad2c4588eee849946986aeaeb873d739029d90f7a0ad1c75931f47725d5d821bdb5a17ec29bd78d5ff16ae7baf5d99646491a8c662f27

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    169f09edad7c1698336766b509644ecf

    SHA1

    3062d1078bcfc97df6e3aed76b94f054b26bcee1

    SHA256

    0a136706c1af921aa5d75b61f72334023e0f02fe1e9ce61c92dfafe31af41d79

    SHA512

    20c2e4cabc6f64bae54bd4c8fde317610cd319170a8e48235b206aba636881c0097c7c394baf3efba853169bb7d806c1c91d7688b08bc1e176f7cd2570b8967e

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    52be7dc528356f4243616c2b5a72d67a

    SHA1

    aa567da4d2507869a6da53802d0dd8c51d37aa53

    SHA256

    cf25fc136c6b5cb02e131e7f14120bede637719aa39c3b6aaad0f9a3d564b2f9

    SHA512

    c1abfd3006d3f85e288e7db95a3b7c3ac02a003c7fe585ec6d17c39c0050e30a670ea0a93ae5fbb29f9bd27bec8a3497488a2e5efe23524dee10069bc0239ada

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    4d28a0da0d7056a1ba43cf799555ebef

    SHA1

    dfc9d3621b97c0d54a646d5e20ae92e519ddccb0

    SHA256

    b7f23c055829b96c66195fb50a46cc43738808a47038d9d2259f0f7f04df57e5

    SHA512

    3ccafb6474e0edd011fc72993860c6584bc794e764d53f069bf7bcc574df4e6a873b11aab0912261f6b428c8aa96578e95b3766c2bb5f7704fc0888c84d60cba

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    5e1345a72538650f4cb8a57a3f648fce

    SHA1

    fb7f1fe726a71fad4bf057f023b08bb7ac9d8084

    SHA256

    c8fed53b621bf9b2049434956c7bcf189a7e3f820c3b72893202c7fe9abdc16e

    SHA512

    4a7cb418d924a27eedc5b9631fe40208f2fce169aaf051db8fd1f17bce7a1e33d0693a1d97f9f0328916cf59e471a38f7fcaa11e5b4a0fb5cc0925e1afa920cb

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    de53c2f0bfc35e064c0b6b9e58cd1ed6

    SHA1

    4806f7d88b8c257d898fd779350eeadd4c6e5e59

    SHA256

    604c2847b04115d376045c13d4b48cd751300b2b16503ea62960eec7985d617b

    SHA512

    e79f4a153ec2756c50a1600c072cba9b1bccaba534679ab967aca428bb74dca62a8ad351c2f2fb9824482f688844941676b25f73fe8422fe8d74501ed4cd8f6e

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    202b18345c60ee0fdbe4bec7453c914b

    SHA1

    fa28f909ee919980c5c60171d8a7c1ceaff1190e

    SHA256

    f2ec2776940c1be50289e5a22f22b8e58b423cc6423f7cb784afda50cc512324

    SHA512

    a5624b09e45fe930ba44ff3f2b17cca5a9d143fde16e2fd37efc067bb426cbd8a962b0dcafdefa8a3fc08b34294ac3f3fb8189340fdad14a2e89976e26fcdd85

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    69050a57df96fe1ffeb47ed6837860ca

    SHA1

    0e2bfbdf02a5d898f5f5ddf30aad94ccb8ffff89

    SHA256

    1dea80892b5f2c1dfd132906a28bdab750a8f35aa5831a266fea9b57da76b69b

    SHA512

    fadd27d2d67af2980bb6a42391628a5d99f2ddb00d03ab25a765396889f906ec0a8794d51b80af30f5dbfdb597648ebfea8ef0d09bb449a4ce3f047353f57de2

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    9fec29f1242a727dc5e370589f14d5d5

    SHA1

    6d0e491c4a81cc427c3c786225d74b55b2399915

    SHA256

    60bbf433709459f71b062867324b2b6e0f0c7624be31a01818a8d874d9ae8544

    SHA512

    4612538525a2e0193a68835c6b14edc5b1620dc122610ebe76963230c04b9a3bb053fec4cf2c8d00c10a82469c3272a6f9a7a6a72256c72d8dadd99d11abda2c

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    e99f0dda485c526aa4688b1a87dfab1c

    SHA1

    8cea7f105ff39c8df49b97926f2478631543e960

    SHA256

    1a0249458657bba2e348533d643beb47ea6720fd54b9a5d7bf1bf13036d334a9

    SHA512

    a936e9da7f7ed926bf027d287bab7c247a086e4cc082cd221251a61642f880d35d88751f31dcc533e90c73fc1b718d49c32378eacc948dd1ecbabb5d1a851f27

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    471dd34a4044f1d70c9907b78da24cc3

    SHA1

    e18bf77e85ad5c78cbeacbb08f0e4d39e45d8916

    SHA256

    35e8067a6a88a9e05f81bafa752f0b15f9d77014259c6a6b87e2084caed4f401

    SHA512

    01b5484cbab96a38619c016b0ebd68df04a99e2d1003af71cffc36d9e20aaf4a9f27e2dbc4be20e2d12e784dc1c6b75d1a7186c2fd875b9518e8a67585491787

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    468dc4ea63ee0a03c81afc19194416ba

    SHA1

    a569bea42c8fa5ae3b8e693a0895d1750d946488

    SHA256

    062a89a7401037aa55e3b882724b7bfa01b09c53e527774c1f8252919b86de0b

    SHA512

    d0b9889a8c5df944cdbb2878eab1f00efa3ff4a80409aaa3be72f807906188893c2363bafd3c0c6aa04140cf241cc697049a3faa98b5532430fde528287053d0

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Cab6126.tmp
    Filesize

    70KB

    MD5

    49aebf8cbd62d92ac215b2923fb1b9f5

    SHA1

    1723be06719828dda65ad804298d0431f6aff976

    SHA256

    b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

    SHA512

    bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Tar62CF.tmp
    Filesize

    181KB

    MD5

    4ea6026cf93ec6338144661bf1202cd1

    SHA1

    a1dec9044f750ad887935a01430bf49322fbdcb7

    SHA256

    8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

    SHA512

    6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

    Download Submit