Overview

overview

10

Static

static

10

ErisimEnge...gi.exe

windows7-x64

3

ErisimEnge...gi.exe

windows10-2004-x64

10

ErisimEnge...I2.dll

windows7-x64

1

ErisimEnge...I2.dll

windows10-2004-x64

1

ErisimEnge...eb.exe

windows7-x64

7

ErisimEnge...eb.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    121s
  • max time network
    148s
  • platform
    windows7_x64
  • resource
    win7-20240903-en
  • resource tags

    arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
  • submitted
    07-09-2024 15:31

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    ErisimEngeli/BTKInternetAgi.exe

  • Size

    797KB

  • MD5

    5299a07f38ca573f1d4bfb998229f0d6

  • SHA1

    7b37be31b784e41a98c9f84755f3b9bda37a11cc

  • SHA256

    899cdce451f9793046356eaeff97468d477b7ca141ba7d67649e60dbd17550d6

  • SHA512

    2a4617566e164d2d3dec5240114f744ce138786830d8f72de63a112192a7a4cc1598f1051c8fae1b8b433b8b69fd5937b5ca2083316b4e99dd5aa016873b6870

  • SSDEEP

    6144:ynBCfpm7azL4wRxS7TXT4lhHEZgwKC1ascGqTkzBOtoGte6GIhb7U:MBcSnclhkZg0ascjTkoL46Dq

Score
3/10
discovery

Malware Config

Signatures

  • System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Modifies Internet Explorer settings 1 TTPs 34 IoCs
    adwarespyware
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 8 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\ErisimEngeli\BTKInternetAgi.exe
    "C:\Users\Admin\AppData\Local\Temp\ErisimEngeli\BTKInternetAgi.exe"
    1⤵
    • System Location Discovery: System Language Discovery
    • Suspicious use of WriteProcessMemory
    PID:1788
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" http://go.microsoft.com/fwlink/?prd=11324&pver=4.5&sbp=AppLaunch&plcid=0x409&o1=.NETFramework,Version=v4.8&processName=BTKInternetAgi.exe&platform=0009&osver=5&isServer=0&shimver=4.0.30319.0
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:2052
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2052 CREDAT:275457 /prefetch:2
        3⤵
        • System Location Discovery: System Language Discovery
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:2336

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    4e19cf023b590681644d1a3a4e308d29

    SHA1

    ac827d671a28439715342a71bd2a53b9bc4da9a3

    SHA256

    4abce9613c1aac7844031ac8b57407d0e3b4e4573a4b2f4e924d370681d78fff

    SHA512

    a7c87e96a8524643738bae2960b401aeefe789f5c15e5acb068478ae291872050198e1bd1c0700e44e4d41152e00729f07cd2d52b8da79bbe63e86eac451265f

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    12376560a12d758905ba2abe7eb535e2

    SHA1

    e28cc18df37a0179e875423796f626a562d90ffe

    SHA256

    b5a418e94da4f7fa426da8dd90f4f442c528244159853aaa08d910a11e014fba

    SHA512

    0add2725909386c584e3ef234e446be072f3641b47aee9d743217d35d4ca5c04462af388352eeff208a0512e0b596ddda369f918bb6bdf1b34b3ebaae45241fe

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    3c3925f4312db6f2e4fbaf8eaacae257

    SHA1

    e9bcbe0e996552922856dba3ff0230a58d60f1ea

    SHA256

    f7c99a05015490b4a571ac067aa9d6aa35a12ca3cfc01f92a43731b745769eed

    SHA512

    5d59ae4d54507672402edacf3399764e9b964d21183a04d8e86d968a76479cbd71c7d955b9896d0faad693fc20f6e133a8ccc2e1436f4e9b770fecbb360acbe4

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    0ed1e5ef657189000e6a04776a3147f0

    SHA1

    6d412e643fe72e708c7ba16c863aed68d792552c

    SHA256

    775b7f352965842e290dcef7e27e7f7666496c0a8f22ad79519656477676573b

    SHA512

    6686d4eee4b0124e6fb593d9a552378d44032296f045ee702e46e503e36ebaa5805d67ee4361c66912b485efd473750cd28e02f3c196abaf5bb126c68b68d5a4

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    675d732bbb7065c671b7441fda9386d9

    SHA1

    8c1cb4abc8950a10516d0277f9c798dd9e9fd0da

    SHA256

    862bfa2ee652770eab9751626e330066424c9afa1d046528cef253cbb1e5f7d8

    SHA512

    6c8b41a3cfcb1fcb207262eb3ec05327468246f956ef7c5c09941715ae3f50595ad58b3cc15a3aa5f8670f1e4a64698d4674d070d9e4f998e82f1c8a2c622cfb

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    bc911717068ce9ab630bef888fdc4196

    SHA1

    4e8fe235f0e92b4703eea5917b7718bd3476fb70

    SHA256

    6ddce58f35dacd16eee242cd30c80dd5a39be59d0f3636ca22e6b7002803606d

    SHA512

    c66da51275bf23f0cd5232cd09b997b9b095fb61bde93e8a25f7b4ea16cf278fb80f0d4f1f56325199c555b667be6c116a0970d720471572a473d88ca027e9e8

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    aea9be21f9a5cc4a6af4d45d99f94877

    SHA1

    155a338c95692b0626899d8609c2b449ba9fb01a

    SHA256

    ed215ea14a5fe48fa9a01e854713b95f93abf1fb417766e303a1489ddb7134d7

    SHA512

    01f8661161b5dce870be4d61230a3d0910265e7726ab2c1e034b2ca88453a43001282db0489dfb1f5f00c114cc98666e01c670a1965c28d912d5ea3f18672cec

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    f80596e510f325a9fdd4d72f1116900c

    SHA1

    1365ba8e27441a04295cc9826162abd9dcdeb639

    SHA256

    a9f63d020b2aec973963b56765383c7816216180aa206413538b398ac9a1c472

    SHA512

    26717aeea0af3429b39b57ef1c8d7ad2a2f046edeb463f001d04fb1ed504c304eded02ac609f1cb3602e6c3c391c42366e15b5345f9869d62f3291dbf49e767b

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    6d90f90aa346d8616180f84c83404b3a

    SHA1

    690a50b0826cde827df08ad42976a802c8bf6686

    SHA256

    3adcd6eddea4d306000fdd627fcddd6cd31d68094e5958bc5e9f3a267c78bcb3

    SHA512

    856320955cc475ee4e3953598b5771d1f452153aa64fb1a100a90db59c2cd1cf8d60462c23a4ca10cc00a219b09c459e4225b6703ae346bb8c8066574992e2c4

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    b63d33bae7bf09c9f156ea62a0cc7165

    SHA1

    cc20f4701300d2c103658b8df33f9c2502e9f1ca

    SHA256

    2c479af2c06b08574c6fe01a96f442ea141439fb121f42b13e0ee37da59d1624

    SHA512

    0e4311949dce5a72cd55fde14c142f7574946d1a9ad2bac2eaafb0cdf4d23e5088f557c7dec68bbb5f60f754d4310ae7f33907924126f8e96143fa2a8df347ba

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\CabD72F.tmp
    Filesize

    70KB

    MD5

    49aebf8cbd62d92ac215b2923fb1b9f5

    SHA1

    1723be06719828dda65ad804298d0431f6aff976

    SHA256

    b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

    SHA512

    bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\TarD751.tmp
    Filesize

    181KB

    MD5

    4ea6026cf93ec6338144661bf1202cd1

    SHA1

    a1dec9044f750ad887935a01430bf49322fbdcb7

    SHA256

    8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

    SHA512

    6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

    Download Submit