Analysis
-
max time kernel
119s -
max time network
119s -
platform
windows7_x64 -
resource
win7-20240705-en -
resource tags
-
submitted
23-08-2024 08:48
General
-
Target
3a192da93c34317d20c1646f3bcdb690N.exe
-
Size
890KB
-
MD5
3a192da93c34317d20c1646f3bcdb690
-
SHA1
e6f570866936bead9492fd3aaa054ab888375667
-
SHA256
583ca7fcede98896533e02a88eff6a4576bedf0f619bc29d70525df2bc0cfe04
-
SHA512
6f6a33d8c128b09ca80c471d1c252d6919d1cdfd83c303ba05781cac291934d877e727d1b90c78ec9a897a4915c70e2b796538d714bc1d4cf162259d31f49d78
-
SSDEEP
24576:cFE//Tct4bOsbDxA7r9q0Zz4/jUFR5LFA4:mSVxcE0xF9
Malware Config
Signatures
-
Detects Strela Stealer payload 1 IoCs
-
Strela stealer
An info stealer targeting mail credentials first seen in late 2022.
-
CryptOne packer 1 IoCs
Detects CryptOne packer defined in NCC blogpost.
-
Executes dropped EXE 2 IoCs
-
Loads dropped DLL 1 IoCs
-
UPX packed file 13 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
AutoIT Executable 5 IoCs
AutoIT scripts compiled to PE executables.
-
Drops file in Windows directory 2 IoCs
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
System Location Discovery: System Language Discovery 1 TTPs 3 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
-
Modifies Internet Explorer settings 1 TTPs 56 IoCs
-
Modifies Internet Explorer start page 1 TTPs 1 IoCs
-
Modifies registry class 5 IoCs
-
Suspicious behavior: EnumeratesProcesses 2 IoCs
-
Suspicious use of AdjustPrivilegeToken 2 IoCs
-
Suspicious use of SetWindowsHookEx 4 IoCs
-
Suspicious use of WriteProcessMemory 16 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\3a192da93c34317d20c1646f3bcdb690N.exe"C:\Users\Admin\AppData\Local\Temp\3a192da93c34317d20c1646f3bcdb690N.exe"1⤵
- Loads dropped DLL
- Drops file in Windows directory
- System Location Discovery: System Language Discovery
- Modifies Internet Explorer settings
- Modifies Internet Explorer start page
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
-
C:\CF影子辅助网吧家庭通用稳定版1003-1.exeC:\CF影子辅助网吧家庭通用稳定版1003-1.exe2⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
- Modifies Internet Explorer settings
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SetWindowsHookEx
-
-
C:\Program Files\Internet Explorer\IEXPLORE.EXE"C:\Program Files\Internet Explorer\IEXPLORE.EXE" http://www.ailili.info/c/c.html?new_0_http://go.microsoft.com/fwlink/?LinkId=69157_http://www.91duote.info/?w12⤵
- Modifies Internet Explorer settings
-
-
C:\Program Files\Internet Explorer\IEXPLORE.EXE"C:\Program Files\Internet Explorer\IEXPLORE.EXE" http://down.t6t8.com/fuzhu.html?g2⤵
- Modifies Internet Explorer settings
-
-
C:\ProgramData\Msgbox.exeC:\ProgramData\Msgbox.exe /97sky2⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
590KB
MD5d7c616e7c0c59624b0244768c48481b0
SHA1aabd8950e57e4a6cc78e06a7ed39f4abe6c927bf
SHA256e3da76b5e264123a45281cd04684003cb3e8e644e04f5a26fd48dcec92560074
SHA5127ec4f9679b141e8334cf3eaeddb80659320522697ad0ba191ed764656b49f4fc15c07495b991fb4b065fc0ac396e7de3bafa9f8cb052729342417bf04bdfb4ea
-
Filesize
480.2MB
MD5ef4cc14ad87a32d0d65bff89e57f6f3a
SHA199b8fc9ef59a5ffe672011cc51399b23861f1164
SHA256505ed967ea18155f6e7476a5b4d971fb14be15db62869bccc929ce9b580f4f6b
SHA5123c503cefca192664e519d3a4120cf9051690cf15e0d963b41dc9a3e97bbffc07bdab2aea710385b31d18b10bfb09a5d9f5344c7a78cc4adc9e40b185b71900d9
-
Filesize
113B
MD5eb1dbbb6047381e87fcccbdb31760c6f
SHA1a2a817843a21220913e1b7e24d191e8afee147df
SHA25619b1fea9a2b70248232ce5d3b373eb9cb8592de5a8bd8e70b0789fa6af125778
SHA51231b8fc1307a4a55609bdbce77537bbe5398be9f81e429962af6977bf3705cedec9c4a8cd952f4a8f904d4e9f05fe164323bee6d3b91abf6600e8eca7706d75e3
-
Filesize
560B
MD599953c924b54ac438e8b7fc3e5be998a
SHA1f4abe8e9f2a261b83b80a239cc5ba373896633dc
SHA2560e90b1a0433f35eb37ec8161d32a3c564f9d793942ea42ef433523a4643dc329
SHA5128153d534460622cf0736c46332b40f140a0874efc41d537622387a2658be536252abe3b584827241d88b4b8b72c62ba83a00b041c21838ec0a80e93825e797d3
-
Filesize
934B
MD56214b9ed9b9990bd8466d20950138d9c
SHA17e123c933902ae5c3831649475a8a63ff889aeb3
SHA256e4b8f6d53e90fd4b9edb78ea7b932977ce0eee4ea13781c2f08f284342aee0fe
SHA51249f557dbec3cc0c51b7785acd0ea2c03eeea214b5567944f37f70d49882db03fc72597c2f754830a4532058ed06f847cb03d7a82095f098be48469993ff672ae
-
Filesize
5KB
MD584d829d2e0ebe20b06796ed0044206fc
SHA160f01ce9b2bf10183bcd10b23207bf7e34094ef2
SHA256a512d9948cb3afaee6d109ff610644ed461e605c2e35cf77656cac99679e9532
SHA51265b8008e9e67e06c5995841f26a256c967b178dced197bd552727da0e0183f2d67503cdd6603a9d4db56528a019d5e59b4b7ff3e76d5610c2f470a75e8dd92fb
-
Filesize
114B
MD5d8249c46aa6788c1ca336401bb06624e
SHA15e163898e06bc8b4451ba22ca76b02dda553eec4
SHA2564d0e01f75f17c3c2c2c409aa50bb77579fb15ab5d2a0f0c96b655603cf35ae24
SHA512a51ffd21c5861c0d1eadbe4215740ad166e0514dee42ab5a876e0108ba3a748a797701ada0d9d5e8434c681514df52d77a19a067b7fec2debb83bed7d28e29c0
-
Filesize
12KB
MD59df25c9b7ed9a4ae395ec10c2f07c7f1
SHA1c8d22a027ad08189ec7d7d06e3d0e015b405a8ec
SHA256d69ccbc8c31cc6524a184d5266ed66d01838c926725eab8c1ac2af8ad3e79e68
SHA5126782c46046ff0c1f2b04ffe6c4d871e3a0c4b4441b3a9a3545992d8bee3d3ac7a881227b7b59f293a68ac59a0d1633ee0c4aded9dade870e6cf4b2c86169fa82
-
Filesize
3KB
MD5facf67d639133f74fa41b57afbc0ef3a
SHA14dcd7a5cf2ded80bad272154968aa5386d73e07b
SHA256c53b5a4bd4a3bf2bc9812810273ee1b672dbae4346f7dbc47aeb8e30f08a4891
SHA512da68cfa90346dbf9fd7356f00cd3e33fde8a9ee350edc40e3f484ccc798f6617ada63920794489d9388a03c5b1455143f6241bf6ae51b7f7a4f502cd473df3c4
-
Filesize
15KB
MD5d156cfcc559bf6185e4257b6894e77ff
SHA1223560b78927ee325ac5866c268a5569951aa35c
SHA2563ede21a5e4cfe5d122fd864452ab6517b510094fa60acfc8ed0c0a99a4e380ba
SHA512f47ca01beb1b932a840c72320a0a3050f7e61a5e32390b8563958c22dd2d28645263685661aea79e4138706b8ec20cfb28f05a9438392b434ed0ba571bd81023
-
Filesize
65KB
MD5527fa5ee2566f847c5e900ea2d218953
SHA149838b4db31ef107fce0ab5b836178a0aecec51d
SHA25602d2ce9f52cc7f3bb8fff0f6272f2e383fdd20831a3bee468e225782d68fb922
SHA5125f3b6fc9422929a6c2ea9c023cb71d8f28689fb771bcff097bec7da34ddebaf8b92bc253e82d3711532843082f3b60d9f96c9a8b9640927daa3f209542ed273d
-
Filesize
91KB
MD565682a21b58654d8eda27f85d0f57255
SHA123d1daa9435a827370b14c38d04aa9402bce75fb
SHA256dfe45a2b62f018ffaa1f6e280c37b14190d2719951d13e79a7b82737ad286a86
SHA512a18b0a6360bb395615cd77bc9767204e5505fce6aca69ae8c6c39ec959369a0c5817d25e54dc3516093e814d839d5b04dbe410792da2a816e3e438bd362d12ef
-
Filesize
281KB
MD5063925805035e2c688713041d9358acb
SHA17eada59b897e817f3eb469ab92f6ee1efc9ec61d
SHA25640788a79f81ed057d714af2899222d7befabd917f872675f58358c56792b3c61
SHA5120ef4e18f9983643f2bea13bd3ddbb6e6bb01af5b781403cb03dc8466a6b767f34a0105f4568ba11d42ddb93a18fea28b621b5e1f6e25ba15534466fcaf86f33c
-
Filesize
7KB
MD5aac6df148e6d827bcf54ee3cfd6e5637
SHA1ab01204781fedb4c60025268204f87f57fb226ac
SHA256b11a84a56920920b4686d718158b4c81d3525c4099a17a9ee765fd8309167266
SHA5122fa10844328f798ff02e525a8d730316c41b5f5c9e848ee07cc70cb1fca48cd8f2933c46f8a9a2d18a8cf3a48862c86374421f479b4039ea70b612beea898e49
-
Filesize
94KB
MD521d1ae1df988161236479dd3eae83637
SHA14913cc735ba1ab4b6eba236443f6d0deab667511
SHA25654f421822556c9ea66c198210a295a8b4cb5b4688aafacc99f7f9e68451f3b06
SHA512654ba5595d3a797e4783c277bb50dcbb86864f0f878ce60339cd41ed12b20b22be8cf0fd113c1b48347f0ab6355abac2cdc5992620056d5ea50ed85e5efc7dcc
-
Filesize
24KB
MD5d67677a789dff7e301037548979804f1
SHA19ae55b47e6d20a90f4d32a120e1f3928e38deae1
SHA256c61d21571b85099f8736c350f30d3de20c2075ace358b28981e1c1ed53d56315
SHA51212fcf86efd8b870af02217b3d6841fcc2635d00d94026d367f030fa200b47274d710bb9c720f9db3a5794f6262612c1c284f6fec750a1afc9035403958bafb09
-
Filesize
41KB
MD59354efad5c9f5519f606c3c39434b9ec
SHA129f1c62b0b8b4dd8344e028ae8afb3f52fecdfbc
SHA256d8367dde9af087c48a1552ceb2e92311b409e9fdb4c245285188e92f1d372632
SHA512c6150f0ac6f8b8c1cde94fba1b2836f8c60fef9f994991df2651e089480c314bac99210bdbb9c4ddc835d6c726df638c11423759e78aa4a76d4d1ce420230598
-
Filesize
664KB
MD5ac5a06b6958062b4a433a4f81d6b887d
SHA10ae0318ecc0e42753e5479a7b8ecc821cb23e0b0
SHA2563a950e7f0f32ea4dfee1bddb2461ecac96c5fe5ebfd8ebad0a9a58d33f932e58
SHA5120366c296fc2f2a495440d43bbc9cbc8fc8ed9bf0ba9bf8995f915bddd19d14c4eea0c4540a1ae3d165ef5cd8e1a657cdeeef28cd597bc5649a3815e6cd049e9e
-
Filesize
72KB
MD5388d059dffa87621761c31ced2935ca4
SHA1997d0214da5c397e440b67934fd94c53248e51fe
SHA2567e5d30b3a8dbe644998b4722bd96b7f7f23c9f403b045f61c0566ad5a133c566
SHA512347a9f2b2e8af186ae4ebd774eba976d40b68a0642575aeb2cca2e39de28106f438cf3d7409a879d474b5c3b91a36f003a22855c230ef2e715e420949d75e81b
-
Filesize
7KB
MD55fec89f47d0662bf5f9e4e17eefb99dc
SHA1f53bed02caf8e32c782e2de3943c4df55cffe3da
SHA2560890b779f3d599db01c14bcc827a7bafc4293e455f6fe6b80f6a54c199dfa8f5
SHA512c74304b7fa33bf1848ef260fa9f76a8edab15c8cc1b476749f9a39130b39b232524b1f03bb3c7acd7be2e345205fcee28f4f764d57aebe2fdf37a9e5b13e7dd1
-
Filesize
3KB
MD54644b1365b341bc21a65b69a93ed92ec
SHA11b2b310663c0d1a550ce21b51d41e0b5b0ffb4b1
SHA256c967c928543bc32a4ff75c26e04c9838bebf81c5b228e119b54d6e6b002c6e02
SHA512c9d3936f083c6e7b69b66f174a6173cace88a7e4a9d74b3e2bfb0324c232d87225165dc9d99e4510d6cdc74bcba5853c64a73af8932fa187211e735d9c15e15e
-
Filesize
49KB
MD58b52ce61bb484d21da5cd9ffcb370753
SHA1bccfe79ed472608ac39bdb187710630a1d23f52c
SHA2566867444e75a57575b1c5a0f8048e4dc54116bc266ee219ce0aa7ddfefc8f1128
SHA512bfe7ffb28b7e895d00539ae2555ec478c7a66fec020e3dd17deca299a1874e1aca91a3a93b39d2c072072cd9561bb1b2e84fbccec5f11d497f024841abaa5231
-
Filesize
150KB
MD55feb950dfae337516926fe23039e22af
SHA13d89ea4edbdb770597091349f3f364a00e5866d2
SHA25609bf88320d3c6a3d741ead5de3036f57a46de8874ef3e7e5ba70eaea1cf8fe8e
SHA5125485535524687e84173f8d8f6968f1676c1fe6fa8ff1c08086238a12a9bff7378295d9d589e67c585fd6306c85f538bbbc3370dc0c976e8ee22eb1c3ff9f43e7
-
Filesize
472B
MD57eddfbab61d38bf007cb6c19583a0c6c
SHA15a6eaf77e2d24bcee30d5d7abcdef6e21413f1dc
SHA25666cbf915be0b4cc812f949aed35c85037f3ec8f2a1da5dacae9fc4d87342e703
SHA512d0e57d3e2fba69d92b674e985df1cd17614591680b88f482a96e9cfd76f2ea6c438eac1d9ac325907bdfcf939640031016f4d7228cdc1956ae9675cdd317e611
-
Filesize
3KB
MD5d6a664b2160978ba21f663d2fe953515
SHA12c7a709587cdbdfb846ad215230d3fb4d491f95c
SHA2560947f92d3b73dc1a7f4908a7901c97e8f65e10c364e67cb9fa05ba436d8cf245
SHA512a8861af938e99c26650e24469c45972070328d255871da726f203fe569917c123eeb04dce60f8b5430be5ef40c603288c09cb92af5cea8efc00d396075c3fd42
-
Filesize
70KB
MD549aebf8cbd62d92ac215b2923fb1b9f5
SHA11723be06719828dda65ad804298d0431f6aff976
SHA256b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f
SHA512bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b
-
Filesize
181KB
MD54ea6026cf93ec6338144661bf1202cd1
SHA1a1dec9044f750ad887935a01430bf49322fbdcb7
SHA2568efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8
SHA5126c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b
-
Filesize
724KB
-
Filesize
724KB
-
Filesize
724KB
-
Filesize
724KB
-
Filesize
724KB
-
Filesize
2.5MB
-
Filesize
2.5MB
-
Filesize
2.5MB
-
Filesize
2.5MB
-
Filesize
128KB
-
Filesize
128KB
-
Filesize
128KB
-
Filesize
2.5MB
-
Filesize
2.5MB
-
Filesize
2.5MB
-
Filesize
724KB
-
Filesize
724KB