Overview

overview

7

Static

static

7

02ee1c54ac...84.exe

windows7-x64

7

02ee1c54ac...84.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    121s
  • max time network
    127s
  • platform
    windows7_x64
  • resource
    win7-20240903-en
  • resource tags

    arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
  • submitted
    04/09/2024, 13:54

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    02ee1c54ac46706f85f4011016aace0b6174026593be85e27a6552b57dadce84.exe

  • Size

    398KB

  • MD5

    cfe30fdca9608291dcb065b21040c4b0

  • SHA1

    da415ec672436680560ca9ec0111c7ed22d466e2

  • SHA256

    02ee1c54ac46706f85f4011016aace0b6174026593be85e27a6552b57dadce84

  • SHA512

    c71b0427255d25743708a88c85371413fe56085312a415a6c4f50656d5cd2142d9959bb5e22d6c0a5f1be4d7507038ddabd3e076df29f8873a3df230bd5c22e0

  • SSDEEP

    12288:YOv5jKhsfoPA+yeVKUCUxP4C902bdRtJJPiiFRLV:Yq5TfcdHj4fmbb

Score
7/10
discoveryupx

Malware Config

Signatures

  • UPX packed file 2 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • AutoIT Executable 1 IoCs

    AutoIT scripts compiled to PE executables.

  • System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Modifies Internet Explorer settings 1 TTPs 34 IoCs
    adwarespyware
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 8 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\02ee1c54ac46706f85f4011016aace0b6174026593be85e27a6552b57dadce84.exe
    "C:\Users\Admin\AppData\Local\Temp\02ee1c54ac46706f85f4011016aace0b6174026593be85e27a6552b57dadce84.exe"
    1⤵
    • System Location Discovery: System Language Discovery
    • Suspicious use of WriteProcessMemory
    PID:2328
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" http://taobao.560560.com
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:2064
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2064 CREDAT:275457 /prefetch:2
        3⤵
        • System Location Discovery: System Language Discovery
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:2244

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    766afdd7962323d9924db8478bfb6140

    SHA1

    cc70037e01e1d0ebf73e4532807628aa9bde3fc8

    SHA256

    ef818d7d1007feb7acea1318922076fa31ec518876e9d5bf59b548217f57bce2

    SHA512

    2cc2b1dd0b7464798eb2a2cc4a021471abb5fddb86b69eda2866526e80af95b0f8ee399fd4831e2ea2aab9118a72f7ef2c0544fabc541475b8508cdf46e93145

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    815ef79674161f7b3177c6bfdb4f704f

    SHA1

    36379fedc8f64c1af4edff1215d70510e9c8ce35

    SHA256

    c1e1119b63670d88f10219d9b1d16a8b15ac3b8622373e47cfa7e91768f65e52

    SHA512

    6d4a81a6e077b115bcbb5dae24f66351d1c63c97d7aceb965a8b040eb7821cae5da83142029cd2e230ce69b9fc3befc50c0e91a2c97bf751448ca3ad22ebd02c

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    028583a275c01953817af677afa30d96

    SHA1

    f2c3f52456ea146d3702137958aadf491a2e81a0

    SHA256

    ab7fd25613c1743520b9a7e107b25e968b91f40b6b6cd9791d86c5763aa66118

    SHA512

    cd2c25453106a1133bb097524520b621140fcdd695c786d807245906420b250716461100c87760d474d70091c33852f491efbb9936e3e7e24fd1eb9ad0a37453

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    53748b4aa87096e699db936b3c6840c0

    SHA1

    6aba67fbf187af9954977f2be8073d666d9fbbd6

    SHA256

    9dbccf7672548275e051756df1823f7151ba1aa52e4fd570313c239aa70ea157

    SHA512

    f5f2a1fcd5e96b7462fee47fc544b88039af2635392d29e28e10d680064258b8b5bb98f9a61a141191f0761cdc6ce5ed7f129b58d48d597f8aa95c5eb5cf6513

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    e8b14b78948008e1b3a3ad925c78b5bd

    SHA1

    9c81678323ed741bf59392d93ad415a150b7a2bf

    SHA256

    fa2113bd9e96a652db9e8c3fe7d2177b88a37e84f748be5cc1e116c3f74ce4d4

    SHA512

    45be04078b1c60d120d6e58175e6ea4d12f4924b61ac3709eab060c268ddb13baafb8a568469decae3920a46925134671931543f7352adf1ffd0861c0974e7ed

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    f73bf1717ab242a5dff6f18a80ca5a07

    SHA1

    747294329c1671369a95da6288e81a873095c112

    SHA256

    ee5fad714f8b246930c40c37896de2ee87a15b747e3176640dcf1e57ebcbde1f

    SHA512

    489db9ca708207223a9bb115b96eb854d983beec7422be2cc5f3a708f66a8a4a5e4d536675f14531844c1ac2ff105d0e698c3d3747c4deba6588b2593fdaf201

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    81303c2a8e4ef9320f1f8fe63d6d59c2

    SHA1

    a960f993650814c8d44efadd08574dfae60829d5

    SHA256

    15d51a24ad5f1b54fcea9960b97b7351ba2a761136d0f4ad4fc65f5ff64fba69

    SHA512

    2790159e647cb18fb38a31cccf9418c3dad002a565723770d7525d1927d00248b785c9015b2481ce1b2f432f022a15289dc3b6423ccc1f1e2c919564c1b339f2

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    14d81b1c92ad96ed1b5f42bd0e76c3b8

    SHA1

    501ef78d4c043f16ec586aeb51e751d5cfa68564

    SHA256

    23eea4299b4496227023b8ede2c77d1254ce0ae59816106ea86e7dc6e608c9f6

    SHA512

    132f3bd66ee9ae151ff6e8a3fab6e0013ed9085886b6b4d6ba9e868e7b6014852158a25c60722380d83e2688a7b320948592acb39956e44c5116be48b09f4b8e

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    f7b5b6b715877e0e27583f92dcc9af1b

    SHA1

    7c358677808df7bb537623508098e264139ad211

    SHA256

    bdf7e174d4f949344377e7d373a495b26e46894e1848d19c3792286dc9400558

    SHA512

    b670f7b90adbaa22a33ecb325e0e289326610d47d426f15be09080733c3c3bbc9af088d5939d69e3fb7ae16857c173f0f4163d606378dbd941efa024cf599f10

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    ecf1664098e692c06e2cf29e4e66e3d2

    SHA1

    be2c0bab78fac9efc2325d666850e6fd50c42472

    SHA256

    32e7fb0d9079a76b0c85fe374b3c9e7a48bc1b3f3893bf1ed5bbcc777abecba5

    SHA512

    b1ce5312530de980246fd39a7d59cfcb44962693ddc5e009d38054529c165720e02d97920507064a225b4512ffcd304baa1475528bc4468fdb538426c3b144a3

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    fea60a364855cbcffd112ca4d116a692

    SHA1

    1ae6d5d8ac802c30986ac94d3878c88f1da26529

    SHA256

    94041d7c48b0bee4f4fdc335b2416039841c9d7e34599de4e4fc60df7b1f5d3d

    SHA512

    17a9fb2458ff4acf2ad62e6429a81a59901dc4c01a6d2f460db8295b2d038dd7f6f5070777110560fa50d5eca62e08118477d8607b5f07bccb8756903214ef61

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    c04b354f55b00c022b0e06157aed6c77

    SHA1

    12d3decbeb68b0600ce475a47ba017a3aa30fd44

    SHA256

    e6fd154003cd144fc183e40a1bc48cbaf4bd411f33d6c280409587907dab6178

    SHA512

    9566486b714d69da7d0f49229dfa1a1caa56cfd6c69deb6822b6d379e62713ef5447bee58174a97c827bdfdddc20e2e080aa5419ff0f25f645c9831fcfcd13de

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    26026f0ebfe958492297470752f68f0c

    SHA1

    af4050af3c31fba53035157636af4268964e81e0

    SHA256

    14c3cc796286f445db3fdaed3c1204626070e297af8858721d31e3329e2fce7c

    SHA512

    076ec47d87d420cb24b24a9130e78d0dc6c414fab6a8a6349352e5089fa222a0826abadc04d6452f8dfdfcc01847abb9bb28ef3e7dc9899789bb2d394b442ab4

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    8051b3322bc84db343104c38e5c4e051

    SHA1

    d4085113c59f6b1492a7396db8ec49c2df967136

    SHA256

    c8d143904801fa50f99b81806c9f8df0d37d89e820db5774c788b97f00934a7b

    SHA512

    00dfb1fcb34d7effab2603dc0e496c72a4b40219045a978d549e0807b27207d6881173d18dd0ce0f80351b7d63a452da451b63a1436861976c0f650014f63449

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    cad0df2989c1d435b651d0f0cfdbf99a

    SHA1

    95ff1e1642f6bbad2460c5264213a01aa8f9b309

    SHA256

    20a9b918efd7e0f45532c8e7004664abb482ba3d3d29458c539a232c6190a9f3

    SHA512

    fa9a8637c3c753335ccfe86b0a9010be1d5e6a30ee6d73c9323651f0d85aade23e37d6b6527f901af7afd236f821602d9c3fbb72af31c3bbe521ceec5ac96c45

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    1e79ab195ab2c147f18004eb19b115fe

    SHA1

    f80d759c409bce9826aded01fd159dd2efd7a471

    SHA256

    f60ed14ac6b627a2227f50940c32abe9a0fa70b5ce98345ea67935ed2d1d3ced

    SHA512

    8e34a539fe76163b8dbb67264eedcdaa41c42caf440115cdff7f5ff81b200590236c250b317a59b3026ebbdaf04fcbc293a85b76b37588ed8e1836ad6d3d2194

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    307b1b1e23d0093d18cf3c0bc159f87c

    SHA1

    de0ca4092c7c6f947babb4f857617c8a778ab849

    SHA256

    c3e70483a8b149dca87be0b2b357cf10904e2093084403fa4f53a3ac51c9f116

    SHA512

    2274e95b198f734d18f9fa18acfa2b8dfbc055df4b9571cf1b4fa653872341bca1e18ca79cfdfb7fd48f50ff846ead284e639f6953b67bd178617c87be4c58f7

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    3206899a7e29d2186a0a7fe2dbf524ad

    SHA1

    711d6cbd9a74476316cce9b38b7ed49a00865baf

    SHA256

    0d621ddf1c64b62cdd746736a95341801b9ca1e07905934c4e8afef5c6144063

    SHA512

    d0bccb7ca0f192151e46e534cc7a9bdc98d531fb05323f3d8b39b51d61e9a9b073d3420b4c03f2b65ce3a12dda31b97e79922d8c877c9e491024b9ff06dd0ebc

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    17a976eab68e15c6a108657a2e355c1c

    SHA1

    b16c52f4bb1136155b43ab0520ebf1fe6f432718

    SHA256

    393fd46bd426acbf7e896839a34e767cfc0ed0e6224136bd9d7e0785f13df408

    SHA512

    9228131791b6d13b85ae4dcb8a3898838391f791901be8bca017db5e94219198877af5a02c1c76593d4178eef7eed86b14153ead225e2a54702ff0c67bef1b67

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\CabAAE1.tmp
    Filesize

    70KB

    MD5

    49aebf8cbd62d92ac215b2923fb1b9f5

    SHA1

    1723be06719828dda65ad804298d0431f6aff976

    SHA256

    b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

    SHA512

    bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\TarAB54.tmp
    Filesize

    181KB

    MD5

    4ea6026cf93ec6338144661bf1202cd1

    SHA1

    a1dec9044f750ad887935a01430bf49322fbdcb7

    SHA256

    8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

    SHA512

    6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

    Download Submit

  • memory/2328-9-0x00000000008B0000-0x00000000009A7000-memory.dmp

    Filesize

    988KB

    Download

  • memory/2328-0-0x00000000008B0000-0x00000000009A7000-memory.dmp

    Filesize

    988KB

    Download