Overview

overview

5

Static

static

3

cd884ea6de...0N.exe

windows7-x64

5

cd884ea6de...0N.exe

windows10-2004-x64

5

Analysis

  • max time kernel
    119s
  • max time network
    120s
  • platform
    windows7_x64
  • resource
    win7-20240903-en
  • resource tags

    arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
  • submitted
    06-09-2024 14:36

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    cd884ea6dea376d4c3648b4c9d407650N.exe

  • Size

    1.2MB

  • MD5

    cd884ea6dea376d4c3648b4c9d407650

  • SHA1

    e295f3655ff0b04abdc02de43d9851881f9d4db0

  • SHA256

    6156c2c41ebdd2f29afd59745c32cc80c6a80c9c518dc7bdedaa7666871ac6de

  • SHA512

    06cea45871d52352f061b9a8fa0fa0a024b1a905fc3fe2dfc2047cc37069e5219ecb2f7d058c553ab83edf6c7721a27ebfbb4767d66090630666d55d0224fbab

  • SSDEEP

    24576:JHe8CLUj4HlK3SR9IN1ZvSXnU0Uwxdglob6DX:JUwj4Hl1iTZvSE362KK

Score
5/10
discovery

Malware Config

Signatures

  • Drops file in System32 directory 1 IoCs
  • Drops file in Program Files directory 14 IoCs
  • Drops file in Windows directory 2 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 5 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Modifies Internet Explorer settings 1 TTPs 34 IoCs
    adwarespyware
  • Suspicious behavior: EnumeratesProcesses 2 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 8 IoCs
  • Suspicious use of WriteProcessMemory 19 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\cd884ea6dea376d4c3648b4c9d407650N.exe
    "C:\Users\Admin\AppData\Local\Temp\cd884ea6dea376d4c3648b4c9d407650N.exe"
    1⤵
    • Drops file in System32 directory
    • System Location Discovery: System Language Discovery
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:2028
    • C:\Windows\SysWOW64\explorer.exe
      explorer.exe http://www.v258.net/list/list16.html?mmm
      2⤵
      • System Location Discovery: System Language Discovery
      PID:1632
    • C:\Windows\SysWOW64\cmd.exe
      cmd /c C:\Users\Admin\AppData\Local\Temp\cbJjY.bat
      2⤵
      • System Location Discovery: System Language Discovery
      • Suspicious use of WriteProcessMemory
      PID:1692
      • C:\Windows\SysWOW64\expand.exe
        expand.exe "C:\Users\Admin\AppData\Local\Temp\ico.cab" -F:*.* "C:\progra~1\ico"
        3⤵
        • Drops file in Program Files directory
        • Drops file in Windows directory
        • System Location Discovery: System Language Discovery
        PID:2540
  • C:\Windows\explorer.exe
    C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2728
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" http://www.v258.net/list/list16.html?mmm
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:2784
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2784 CREDAT:275457 /prefetch:2
        3⤵
        • System Location Discovery: System Language Discovery
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:2628

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    ffcdd760e9b5f1d9b4840432b514d426

    SHA1

    56009f0b723204ca27acd707287a4a9832d2f46d

    SHA256

    8ccc14c9f0b0e35397c8a2aa09a8054c4e667070120c251d02d1d54533c2df90

    SHA512

    896a9a70d7642ae4eec1f4157cf9430456034470db2ebae481167c718f1eb417e0ae625c51cefd3d87312fa5175cbfd4f74a2f45f76b2b525258e165ba9daaa7

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    8d070c249ddef90e00051571c599c387

    SHA1

    141ebc4a6595ad84839556af98fd114e5baf6a3e

    SHA256

    beacc78c5d4a745efbb6b83b60396246786da80734230ad2b3c68f725a1e8e7b

    SHA512

    72d8580e687fe47dc13f20be2b4a3234783e5be452d6406b1a9a2d67296589fc36334d313772df3ad152963afce05d0395a271301fb598fea4669b63a58b36ac

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    88e6c765aba6838f36a5ca03feca5300

    SHA1

    c1cf74d0cbc849b8b41cd2878929af3c7d464388

    SHA256

    5f0abb4ea0307e68e6c187bb81ba3e7fd40085f6a1a12aef979565489c0a763a

    SHA512

    7cf6c6b0b9a6536291965cfdf914efca4161c3761b693229c151e51190fcd594f28b68de69d601fd78c02fbd40d55670791eddf18c727dabfce06ec4886b75f1

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    48f4457e241f60f42014c1bbf40edfbb

    SHA1

    274ee1cfa7d4764ce33a74a897a51cdc411cd3dc

    SHA256

    e1a3ee79ab17ffeaef8284b08f5fb8e6c1f33bf585f7089e2185d24122af91fb

    SHA512

    6f7b05d16540124a5c1149bd907e33566e00cc295bcfd2ec77c079d2a874b8b7e5d4c073a249431cad6913ba00b76266891b0e00d0dd5b9b124751257a33ed53

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    f0238942e05cc2fa72bb1776ad22466c

    SHA1

    d7b7af36b20cc6a83bd3d066a76dcf8dfd10380a

    SHA256

    0a9afe8dd16ab8713541f5510568ae678a3f3a160473d438ef9223d5391dc422

    SHA512

    5e174e4590399ddad3651fc6939b977174f5ae6e363129da91f36953c66f99354b4e1dc0081374fe3204a4e0ddabaf3bcb26257a9e52b08181d2e6bd9b618a4d

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    7f25b8ea401c217d6d79d9831b65d035

    SHA1

    e19bb93658b1808e31145fd62dbb55a29f6f1bb2

    SHA256

    35c869c6a3b500417a1f4d4f77fe7406bf1ee1d6e3615b5edab0547c781d2852

    SHA512

    5ca3aff6f5a3a30701d820b7c6fc9399f32dfe255a8aa17aa5e05bafc292869fcab84265cd3f4179fca0a16366c7089fc0cb6c24b50e116b33a1cb0982e72c07

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    5694541822f9917546a2f8957e417280

    SHA1

    f90c3f87d645d66e728aa8a957586dfc9e1b819f

    SHA256

    38d1a1b9aab6ffc1cdde16678efbdd69ff8254d0c793adbf07705e07a9ad6781

    SHA512

    3d6d0c1f51ca3ac72d45f48b352994613ddb3b57d42690942d58ad5705f8e881f2920e6e7111d1ef5466b1c01cfaa8fc44b23a53374dd64efb2af7fbee11917c

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    b103ce0db3d02f8ef12e41082d1a2604

    SHA1

    36a7d136a6f2008f993395546ab1bedaf16c55fd

    SHA256

    2c268b99b783e6cd19539a33ddd7cfeea2a7345306295c1cef1b9c54e583c02f

    SHA512

    5da29e171644b5b18f40051f410583fd3bdaee586143b9b22a9263cac9ef8ef7f37b712ff8bb2d242e79797c429193b7ea414feab6fc433139f5af7c7bb35671

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    1fa6dfb801b76f6c37b2c74baffbe011

    SHA1

    bc3cf60633d31df66521a0efdf76857ff381bd9f

    SHA256

    09f8d4284e2c66a33ef235477a4151ca916fc618817fd3dc25ab9b8dc624ad40

    SHA512

    3af61b624f7a191fe755aa0aaeb6026b1e739cc885647ead8295615e0cfdf0489992609296a75f4a1edac6dbecb99a872f2508116678b4c504f6ac62f31cdcc8

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    b330937bc872e483583f621154828178

    SHA1

    fa1427dc33f2dacfde48e685a6a3e56e149abc2b

    SHA256

    0a24b7c213133a570e02be37c0955d7a8bfd690efd90815869c9e10620197070

    SHA512

    9fe803f4bbd259ce90d82863a5103f5214e10cae5d2fe6d4ad810dab007d751588ad885594b1c10e050414ac5d04c8c2e422c0aa0f4515d7632b81d537da9a7d

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    fe99b157e590714fadc898ac1da31fb8

    SHA1

    8e348436f0f57d77c91f019ffd1ffa63169678fd

    SHA256

    24242c6236e776dd697c77c3749d5e1da2c451bd227e7bfa0b146ba9f1d25606

    SHA512

    64168e1c32c7686c94f470caff64a52e56db31bec210566c8010ccaabb2d8438f2c386c0fbbb54508bd004b3d5a083cf08950e047653c837c94778f26410300c

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    f1c8410731483d41d6bc9859df887c0c

    SHA1

    a6a020cee09666db4f172a3e8755eaacbf71fa4f

    SHA256

    5e2c04b1292a1e597f066be1fc368de09230bcae9ebc1da3016a10835eb91bca

    SHA512

    1595e6dc213e003adf2eff5d89fe6cd9e8055164a82d4ba58544d289894024d40af834827a96e809530b1ddd033a85c405e79499cf9445ac359d5479c3cf15fa

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    bcf122478a947f0a923b34213d2de3a0

    SHA1

    22d333af0eda0f5072feaa8f3335454baa962070

    SHA256

    30fdbc3d5a92c9a76cd12d274a0203d71c029b4cab0d2aeb79900617d26fd2d9

    SHA512

    00e5c0f3a1eb56a6ee0a933fbce081773a0226e7bec0ce7b67e5965d1d09d0c41db534b1d5806920547d01d504902d8b945b2f1d13ba7b0c60caf9c49534cc23

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    3de24ca785b53a8665400303af63a787

    SHA1

    5474ae14bd96e095d930cf84ed362d4f3021b336

    SHA256

    521082393161a0acec3a76813f040503c9237866c626b44b19d32f0378ca0f35

    SHA512

    6ef015950b81d35c3a9acc8d0997a774bb60cb8270666c9a091ccfb5514a62271116d182e4c65e612914ec815f27f843516e2327a79ed8d4654151e88355a96c

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    c30973b97b1bee0fc7fccbbb8d49c4a9

    SHA1

    95e3433a562f183f5fa313a1b52f7f88934097ea

    SHA256

    a3a63717a4cb9447ed5bbda7d47be7bd1fc702b9198c4d78cd1c554fdec516e7

    SHA512

    812c5f84daab8354d4240bc080e7aae1722f805ab954de66ea6b649c28e99c3ac94f81316ab2ffefd647378aeb16c1d2b807f3c28873fc8cd91681c61519ee61

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    ec74f3853d87538fc941a0a6718e3553

    SHA1

    caf14132b800da390abc02297b6249ce6a5c7df9

    SHA256

    e5e9048f92aab7f43277d0a8e69b787ae3a903d0f45223f151ffa7ebebb740c4

    SHA512

    f5f81fae7859130ce2485e810c913f9787f9c1deb6182929604331dfe1e7b670722284c597d9b593cdd305020b5318cbe13a72e7a12d89ab289d1661e8bed4b8

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    925999a805a6e31808abefdc8731266b

    SHA1

    8148992ccca35047835a8170c2f9c8007d991885

    SHA256

    1f593b9d11d1345009b1ba59365c075cf3c751060abb3e53df5d87b79dbb6417

    SHA512

    dca346f40a6ba31c8cf619a5b9f856c6487c6bec8a298420687917d51f86840220da25943a7be258d74eb7f51c4d21323046434e8bae088373ed9cb2049474d6

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    282b42809f35733e22848673a346d402

    SHA1

    ae8bbe600b3d5345e7e7955a6d2ba3a70c02868e

    SHA256

    18e09e585f03d682d12f7df599dd0eed7ca2aa72f17857e7e7fe6e506c62bb1b

    SHA512

    a2f7234a4bf341d90097553add79ec065c936073e14af83c70a7610be188b272dea1bd971b40ad29afbcd0c869383b7210d96549c76e2d8789ad8fc5856f3e22

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Cab226.tmp
    Filesize

    70KB

    MD5

    49aebf8cbd62d92ac215b2923fb1b9f5

    SHA1

    1723be06719828dda65ad804298d0431f6aff976

    SHA256

    b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

    SHA512

    bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Tar2D4.tmp
    Filesize

    181KB

    MD5

    4ea6026cf93ec6338144661bf1202cd1

    SHA1

    a1dec9044f750ad887935a01430bf49322fbdcb7

    SHA256

    8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

    SHA512

    6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\cbJjY.bat
    Filesize

    98B

    MD5

    ada787702460241a372c495dc53dbdcf

    SHA1

    da7d65ec9541fe9ed13b3531f38202f83b0ac96d

    SHA256

    0d0f600f95192d2d602dbda346c4e08745295f331f5a0349deae21705367b850

    SHA512

    c86091735b855691c89c7946145591dec6a6a6a36a2438d392587a9cc1f2d85c1ebe44fcff1cc9d94271a24ebbc2ca38639577a6f5c592e9e10517da26572708

    Download Submit

  • \??\c:\users\admin\appdata\local\temp\ico.cab
    Filesize

    20KB

    MD5

    1319e9998cedc513c68fa6d590b6ad63

    SHA1

    ae95b333e88a13886994f320f5dfb4856168a710

    SHA256

    9a5b18efe243fbe9b9b0be3674a24080e9210436986988f3f85a4007905083bb

    SHA512

    d4052a899c6c310296e2f5fdf6c2031c22d2644be620cb34ddcc6b59789d82a6462daaeb34466c568be48ee975c4a5ab43143eab0792312a6cd0d49f9fbd8d3f

    Download Submit

  • memory/2028-38-0x0000000000400000-0x0000000000534000-memory.dmp

    Filesize

    1.2MB

    Download

  • memory/2028-0-0x0000000000400000-0x0000000000534000-memory.dmp

    Filesize

    1.2MB

    Download