Overview

overview

4

Static

static

1

ProtonVPN_v3.3.2.exe

windows7-x64

4

ProtonVPN_v3.3.2.exe

windows10-2004-x64

4

Analysis

  • max time kernel
    124s
  • max time network
    132s
  • platform
    windows7_x64
  • resource
    win7-20240704-en
  • resource tags

    arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
  • submitted
    28/08/2024, 18:32

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    ProtonVPN_v3.3.2.exe

  • Size

    80.8MB

  • MD5

    4c99447793516d7c703112dd7011ce86

  • SHA1

    58f8f8ebed2567ca3053c4fedfa5cad40dda856c

  • SHA256

    7a2e8ab8c661787d2df276eb4940b18334b5103927acee009ca2331754b75754

  • SHA512

    3e914ef5538bae9fa05c9763f10949c67ac5ba6765bbbef9f7b4df098775c084eda38455b00e6b6e97a86185c2e31a71c47e601fc765301e053440389fc8111c

  • SSDEEP

    1572864:02FMkwL90fhSIf6r2NWg4qa3Sdz3IjjjXPvAd974hGuxPFz:02FlULZqa3q3GDgd9sfpN

Score
4/10
discovery

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 2 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • System Location Discovery: System Language Discovery 1 TTPs 3 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Modifies Internet Explorer settings 1 TTPs 34 IoCs
    adwarespyware
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 15 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\ProtonVPN_v3.3.2.exe
    "C:\Users\Admin\AppData\Local\Temp\ProtonVPN_v3.3.2.exe"
    1⤵
    • Loads dropped DLL
    • System Location Discovery: System Language Discovery
    • Suspicious use of WriteProcessMemory
    PID:2312
    • C:\Users\Admin\AppData\Local\Temp\is-B10GJ.tmp\ProtonVPN_v3.3.2.tmp
      "C:\Users\Admin\AppData\Local\Temp\is-B10GJ.tmp\ProtonVPN_v3.3.2.tmp" /SL5="$4010A,83693934,1033216,C:\Users\Admin\AppData\Local\Temp\ProtonVPN_v3.3.2.exe"
      2⤵
      • Executes dropped EXE
      • Loads dropped DLL
      • System Location Discovery: System Language Discovery
      • Suspicious use of WriteProcessMemory
      PID:1568
      • C:\Program Files\Internet Explorer\iexplore.exe
        "C:\Program Files\Internet Explorer\iexplore.exe" https://protonvpn.com/free-vpn/windows/windows7
        3⤵
        • Modifies Internet Explorer settings
        • Suspicious use of FindShellTrayWindow
        • Suspicious use of SetWindowsHookEx
        • Suspicious use of WriteProcessMemory
        PID:2672
        • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
          "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2672 CREDAT:275457 /prefetch:2
          4⤵
          • System Location Discovery: System Language Discovery
          • Modifies Internet Explorer settings
          • Suspicious use of SetWindowsHookEx
          PID:2224

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    f41fa9e7c66fe5cb3dd6fd2d03c98c54

    SHA1

    2eb96bb57379762d5843fe5a4d8a5793db1dc10c

    SHA256

    11c395dc594fb1ec61b27e7659447884498192b0d2e656f7e1b8c3f28a724f84

    SHA512

    df82cc8c62e708ba5ba586962590477316cd6b2dbb1c1ec9a685c8426483c9d4f363c9d1fec265c7cc79c8f7c9b9ad9a6711d1e95a99fcdfc1882c5cfe149264

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    56b09cb8983ffb93ccdf2dc6f1d8f1bc

    SHA1

    fb0941f7b90fe45675eb67e4f8a87d1770cc6e93

    SHA256

    ee46e221850c85b1dbb1b37d6bd6d9a8b7da9e1436da8adfb10d9bebdd82bf92

    SHA512

    02bf621f922be2ae89387773594d7c7a7c415351689cb931e0c0a70390e4827d9d8920e999b32eb1f47d8ff4cca66376bb4a72a8b5c44d5572891a07e4ab5159

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    33182ad6860f016b82c8a672e21cf3f8

    SHA1

    d1ba3b901f07dd365178f60f059e33dfa4bb0e61

    SHA256

    f7315b5bd3dda8f0d824ce5559f03783eaa241a0528b6bcf528ccbf78c257ff8

    SHA512

    7eb4fab07e0027bf629e56ef4dbe5238d28d4b9fe3063b60f3d8f824e67cbab17fb52c21d6b3e53c3028136781541d4fd96a883a9a685c6cc5ef5bf12db79daf

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    771f1350f7cce919c71940e7823f3712

    SHA1

    2c26c9d9547afe568986dfc6598c4c3338803dc3

    SHA256

    69e39114e438bd836c9bb1495d40db956c4cf72938009a0b63863a9d575ae340

    SHA512

    5eba2782ce52e0910d03bd6e9e2cdb478bca70a17845e54f7babe61e497c61adcbae779f733af94e4728bf027a11e3ca01b67d0da659fe50113a28649f74e502

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    655b9f408ed6dfa94a2e0d0eef4f0056

    SHA1

    8185957ae16ead950a0d8d1b1ed9e11bb987e935

    SHA256

    5f0258aefdbdaec53551892ee72aa224d7d2055673971269ac5d15a362a2ae4d

    SHA512

    5a783ca6b645b98b2b098f30497101649076c50abddc263ba5e0284c98db4b42544e8d805a56864562febda3449d2a2398deeaa519d917e9c8909fc857ef8877

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    5a0fe1419961e0e047c2c73298700b6e

    SHA1

    272db135d688d7335528b3b5d39fcaaa76deb1d9

    SHA256

    0a5ec5ab50634aaac9c029c9b4d9c14de575e277482a1167f7ddd80b00932e40

    SHA512

    208f7fa0cb8b1efaf54c771b304b0755d81cede0f07de7a7b1e0b6abd60dbe1083c3239f73be07d98e9e2ca75deb128ce553736690e00e69f704b4bac0d0e098

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    a39717a1870c12c5a6b7fca321b55a08

    SHA1

    26126600dd70f929168f9b44a35bdf4dcebc2485

    SHA256

    4afce41a8d61fc4e08b45172482cee0b71ff495be21b286c87c0bd879f1ac031

    SHA512

    f561b76c5520ee6b6d691fd0916cf3d1a0f66a3eb23b2bf5743f3080f127418c6d2705d3fb2cfa3076397b70eb3856f33b226236bffd24e61dcdf2bfef54b3d0

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    aed493a910ab9b842cd997c1e9a71a44

    SHA1

    43e72a87cdab36e36ce028837c2995fadc85b2b2

    SHA256

    280ab6ac6ff18c5bdd227c0bd909f56e61e016bb78d14faeee3f4cdf49996a53

    SHA512

    d107b804fae88d3d4984305a0beaec6852b77ea75a311d852eef799b5e5bb6fad595eac97bbbda33c4166f2c3073cbd06b16d6f90fbb54d2e0c659767b1f83ff

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    287ea23b8149c0eee6c453028f701e8b

    SHA1

    4c101200c7ff9b7ceddc0c4e7ec6b0cfbc6220ac

    SHA256

    fc099320f05ef4578bfd7f431e9de9eb20160f631b3ff5cfa161f7918b9424ee

    SHA512

    41b5974603a9beb1c20e9c2cd76f8f9de58bcac90f2ddc98d724dc93244447f0ca40a8ed15024dd9975180c25ca266efad2979f02fbb7b0b8ff7a865653ba722

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    edec2a9fa444fb93b7b95649d9d65c14

    SHA1

    9616fc1d02b6ccdaf0af7fe3799f75a4880a4991

    SHA256

    b90811f9c8695930d2787a901130ea35ad1582fd6843019319aa873c6b5569d7

    SHA512

    fddc101259479dad8ddeb541f4242d086fb1c2c645e39276fa87e83a71e593245ca5d9ae580455c5e76c7eaf4245aaabb5c989940bcf561be72df1da60d934fe

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    0d69093c7498f0e0be866487fb4289a5

    SHA1

    453ce8a71162e60ae4a7a99a885b17e559c9830f

    SHA256

    ef274256e04ffc76f0cea92c087b4078db4df206a6e2a4b3072d19dcea433e78

    SHA512

    6579c7f58a6b8327bb3b744f1b7f2efcfc5eee454d779facaeb4bb164a811ed4c6cb4b719f06668546df53ff9ecc4cf1c5ac6e931eb4b5cef7ee29fdf52e1e5d

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    27026a6957824ddfb3c43e7c3442960e

    SHA1

    ced81e71df6941be8096f9e63357743ca1434b0e

    SHA256

    6256efd7c3b3072e950160b58c03c870c4e67241ef4f54517dd3240542d32388

    SHA512

    382103874ea1ea192622431df6171c2bf2412c930dafdc2af6de485ab5c6b0334f1a9f3f0d3469a644d8062d3bb8bdbeb6571cf46594e9f2c85e02a1a3abdbf4

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    a0c3ad2bb845e7ccc9fc603aae8006e8

    SHA1

    45a2bc655af1e159d05c59b825d8c6188c64c176

    SHA256

    2fac9852683de40bb54835d594455e0cda7d1ccff15e53cd18ee815dab51d0a5

    SHA512

    63fc4655b42d737d2e35e9bd43ee3a377d3c02c1cf882d1cb444f9e9ca4c6553070441b51b71e495c1cf74c59eb79f5c78524278c5b4458af5d69e0495a2c48e

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    580629888f34422939de7d85922dd66d

    SHA1

    30ffd4a41c961a39116e47b4a90e8f42c37e8582

    SHA256

    c1d93614e3982a12a7b17a20d4c20f7ef798aa92351bc317bf45b6dfbaeb36bf

    SHA512

    7d6ee1cafdbd85b0659522e43d0e981f2514e4b923da4a1a66f82ec4e55bf043c0b962d2e7a5336df03b13d7d85d97488f6a60ce0e6eb9ab64d22be84a2d4faa

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    a07092e4183600f4d6a9357221ffe23b

    SHA1

    eee18cff310d5ceb86b0cd761c3b9c525923debd

    SHA256

    0631562719dd069aaf6216780fd2e17719325360b47d70811a120a8b9dec9516

    SHA512

    4d8ce1ff9f396edd2291e267826a614b16d891a365ab9cc6f55cc50eb7fcb97133514d07968e300b0244159ab2d806f8d1fb70ea3bb0b7a528fa7a8f3516c673

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    89b62ae4ef6592c734c5959f632caf4f

    SHA1

    10a3f225e1a8f548207dfa453984f5e151f19e82

    SHA256

    be9b5789f80230d67e8b3b8c97dbbee764f67f148ee6a0c0065ef6181ad1ec6e

    SHA512

    4cafc927fa25bcafd3b2827ae7a5d66dfabcee523bbd325beb6bf0163bb129193cad9af10cfde98e2395e6d54c1b4a0707f898c17c22a28fc3df8b8a68762e3a

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    47adb50607d1176a3c7bdba2764b9283

    SHA1

    dbdf2cbf5dbf23585706fef084e98fe877e60218

    SHA256

    99ccf5c00a4a7fc908c2a734ed9d815ff3de63c5f3e8a15a9728d164715b9b58

    SHA512

    db33723e741739a45afcf6eddbf34fde63d67e70f647a8ca9705a90a9e786d95eff51193052542bdaf4e0f36fa0dffd88285693bb967ff41a6902b3aee1e1fa6

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    6609f5786e8dba681bad260f5b2eca13

    SHA1

    2a43d524db38a3aa0eb83807040973ef7d4e00ee

    SHA256

    61d7fa31c581e009f6f62944bf84937f5f9e7c6d7ec2e9d6782c81f3a0d0cc9a

    SHA512

    e38b76cfc8ce2ed55cadc9e81ad4f2c6dc6b3ecd637db958e0aaabf23d876450af67253dc7223e6ed92695b416a91b5c4d80a466a644acb206cbc3c13bbf8278

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    8a89550dfcd1ddc1b81a1bb260efacfc

    SHA1

    f52b1cc6e280133d6cc052bd830da005c164edc0

    SHA256

    7d431f96f55e3a20526fd2e7a0b884046d9c15dd5b95cbb4783bb2f3186a86db

    SHA512

    3228a71a995bb10c0efcd5c533cc8ba2892aac2585b6c311e23cba5cc440c308240a995d527aa8b4ec9c733e715487156e5116e6d5c6452ea503a9e1b9bf6396

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\CabDF97.tmp
    Filesize

    70KB

    MD5

    49aebf8cbd62d92ac215b2923fb1b9f5

    SHA1

    1723be06719828dda65ad804298d0431f6aff976

    SHA256

    b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

    SHA512

    bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\TarE076.tmp
    Filesize

    181KB

    MD5

    4ea6026cf93ec6338144661bf1202cd1

    SHA1

    a1dec9044f750ad887935a01430bf49322fbdcb7

    SHA256

    8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

    SHA512

    6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

    Download Submit

  • \Users\Admin\AppData\Local\Temp\is-B10GJ.tmp\ProtonVPN_v3.3.2.tmp
    Filesize

    3.2MB

    MD5

    eaaf0a48c689dc165dc5e13aff88e5b9

    SHA1

    68ed13650bcdd295789c3b89dd0a2f37aa132aee

    SHA256

    6e5416fcb5f477e5a8c8335f499c3f5963ff9b8e461437bcc660b830e2aab132

    SHA512

    6b57ecd795f574ad75c5b259864f3626bd48e4994ff0e960486c65a474f4b8cc752348424644be5b887367cafce9f60e39a1528e6cf2f21bedcb0d4770f149f1

    Download Submit

  • \Users\Admin\AppData\Local\Temp\is-K5JST.tmp\ProtonVPN.InstallActions.x86.dll
    Filesize

    565KB

    MD5

    5372cfad6f664b137cc29caa9c1f11e8

    SHA1

    0d0e26840f872366aba319c84cfa3b66f75cd744

    SHA256

    9feea50330e6ecc2a0dd8e38313801ca8e43033a15c54a72cbde672c06cd6dd9

    SHA512

    1e564bef1101ce24f203e38e2df66ead5515e782b160ac4f21bdc1f70a52bc1762e75cb20112f0e850a760d6a06ad9861e780131748c8ac95169bf97a6df4ff6

    Download Submit

  • memory/1568-8-0x0000000000400000-0x000000000073D000-memory.dmp

    Filesize

    3.2MB

    Download

  • memory/1568-15-0x0000000000400000-0x000000000073D000-memory.dmp

    Filesize

    3.2MB

    Download

  • memory/1568-16-0x0000000000400000-0x000000000073D000-memory.dmp

    Filesize

    3.2MB

    Download

  • memory/1568-28-0x0000000000400000-0x000000000073D000-memory.dmp

    Filesize

    3.2MB

    Download

  • memory/2312-2-0x0000000000401000-0x00000000004A9000-memory.dmp

    Filesize

    672KB

    Download

  • memory/2312-0-0x0000000000400000-0x000000000050A000-memory.dmp

    Filesize

    1.0MB

    Download

  • memory/2312-30-0x0000000000400000-0x000000000050A000-memory.dmp

    Filesize

    1.0MB

    Download

  • memory/2312-14-0x0000000000400000-0x000000000050A000-memory.dmp

    Filesize

    1.0MB

    Download