Overview

overview

7

Static

static

7

WebHook-Spammer.exe

windows7-x64

7

WebHook-Spammer.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    1563s
  • max time network
    1564s
  • platform
    windows7_x64
  • resource
    win7-20240903-en
  • resource tags

    arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
  • submitted
    20-09-2024 23:54

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    WebHook-Spammer.exe

  • Size

    8KB

  • MD5

    9e836a50ed510ec353422df8c49229be

  • SHA1

    f404417a07db34b5a3ec30e79a3991068959c259

  • SHA256

    7c032e3fb32d5ab26fe5b23d77c3cabe15a48cad292a801d01921eae10362576

  • SHA512

    28f800c452172b9958e05964d11893d46027408d79ad2ded96af6c071d30e221c7098dbfa0663622780c17c965c3a4286df6abd05bc57604feeca4cb6c65d92d

  • SSDEEP

    192:mtLuh4GMCC1D97tZoPd7TljmFaNJhLkwcud2DH9VwGfct18O:4ah4GO9MxyaNJawcudoD7Ux

Score
7/10
discoveryupx

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 2 IoCs
  • UPX packed file 2 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • System Location Discovery: System Language Discovery 1 TTPs 8 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Delays execution with timeout.exe 1 IoCs
    evasion
  • Modifies Internet Explorer settings 1 TTPs 36 IoCs
    adwarespyware
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 4 IoCs
  • Suspicious use of WriteProcessMemory 32 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\WebHook-Spammer.exe
    "C:\Users\Admin\AppData\Local\Temp\WebHook-Spammer.exe"
    1⤵
    • Loads dropped DLL
    • System Location Discovery: System Language Discovery
    • Suspicious use of WriteProcessMemory
    PID:1292
    • C:\Users\Admin\AppData\Local\Temp\9EFD.tmp\b2e.exe
      "C:\Users\Admin\AppData\Local\Temp\9EFD.tmp\b2e.exe" C:\Users\Admin\AppData\Local\Temp\9EFD.tmp\b2e.exe C:\Users\Admin\AppData\Local\Temp "C:\Users\Admin\AppData\Local\Temp\WebHook-Spammer.exe"
      2⤵
      • Executes dropped EXE
      • System Location Discovery: System Language Discovery
      • Suspicious use of WriteProcessMemory
      PID:2272
      • C:\Windows\SysWOW64\cmd.exe
        cmd /c ""C:\Users\Admin\AppData\Local\Temp\9F6B.tmp\batchfile.bat" "
        3⤵
        • System Location Discovery: System Language Discovery
        • Suspicious use of WriteProcessMemory
        PID:2068
        • C:\Windows\SysWOW64\chcp.com
          chcp 65001
          4⤵
          • System Location Discovery: System Language Discovery
          PID:2080
        • C:\Windows\SysWOW64\timeout.exe
          timeout 3
          4⤵
          • System Location Discovery: System Language Discovery
          • Delays execution with timeout.exe
          PID:2840
        • C:\Windows\SysWOW64\chcp.com
          chcp 65001
          4⤵
          • System Location Discovery: System Language Discovery
          PID:2824
        • C:\Program Files\Internet Explorer\iexplore.exe
          "C:\Program Files\Internet Explorer\iexplore.exe" https://www.youtube.com/@Impossible-m4z
          4⤵
          • Modifies Internet Explorer settings
          • Suspicious use of FindShellTrayWindow
          • Suspicious use of SetWindowsHookEx
          • Suspicious use of WriteProcessMemory
          PID:2772
          • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
            "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2772 CREDAT:275457 /prefetch:2
            5⤵
            • System Location Discovery: System Language Discovery
            • Modifies Internet Explorer settings
            • Suspicious use of SetWindowsHookEx
            PID:2880
      • C:\Windows\SysWOW64\cmd.exe
        cmd /c ""C:\Users\Admin\AppData\Local\Temp\selfdel0.bat" "
        3⤵
        • System Location Discovery: System Language Discovery
        PID:2716

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    60b13df8f7a46161122c3494f2f10cd8

    SHA1

    a9756a50d72b4879c5455f43209321835932a71b

    SHA256

    5fb6f1da19d73391c18a1d5639c6d3c15baaa00e216783da5959b0e644087d42

    SHA512

    6632da042e70c0605c020a2608534bdaa583d2d1627989a8b8c39db4ff34c0da12a9605d72984e19870161e6db85ffa68c8442050266568a1a8bf560585d17d1

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    6fa5ca53eef167eee38164798f507f16

    SHA1

    fe02a42478949c3796766d0899503a60aa9f09b2

    SHA256

    b2824000243d96a08ed7fb98a68b483319ba0602790e37b3aff04f3ff549569f

    SHA512

    a477b842d0ad9fb31f8b7b39e60bd99dbecf26ab3f7c3db70e1ea2bf56b43c61c3e9a8d5f9ded6b1b059b4da0daf46f6cb77b84bdd6c4511f4b36f78a90628a6

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    65a98af6a859fa3e5fdf919c560bcb1a

    SHA1

    5c9db25dd2094cc2c1f7d1269c7a37a967a82b2a

    SHA256

    0a676258d8a742d638347cd9575903e42efbc562b9b911c876e3a580e3110fa2

    SHA512

    2f2f97d85a516c14a84529e74ec170faa50533d84847a2f05486ac1e02b2f0db5b5ac4c7eaf0dee94f173f4a91899d7aba328e51a06a56d17958a14548f038e0

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    fcec61154d9d17f2db94f8e3744df9d5

    SHA1

    641bdd1f3d5a57f202d30977d61f9d574a4e7b97

    SHA256

    1726a6d25565a8fd1d0c5a64380c27c28acb3faf6adbc7bbaea3c903e5d89212

    SHA512

    3382a14b7d2f12d80a2c66daa974ff03becb1ecdc4312a0c06552ec155776276889a7a26631b8594185abceb0a8ba0c9ca7aa849e0197a00492ef5e7b0cc52e5

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    59c8d0d34c3ba91d7408ff558c549f56

    SHA1

    432098d96a64d9a31770cd055a1b30f3c3ab425a

    SHA256

    8d7320002cb7b0bdcae162f8744d35ab7b52f27818725123424c63169565b30c

    SHA512

    b1ade1ba375e4f5e112f5c25796fbace5169546fe16886d6b85440428e07f0d3b185c3e0bfc495f5e5dbded8a125ac923fbddf83938624c80d2cda1a40ad6148

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    bc43f6ae081d04d201605bc3e676ea77

    SHA1

    d4f550e136494afe188d890c855facca4c34c9c7

    SHA256

    e8f329332c9bdc90002545212f08cf37ca906cdf76da2472bc3448670dae6b9e

    SHA512

    26175c05e88aee23bcffd88ee431b6bdda6691e19ee5355bc615dc32d6663bc317388a9e0b376367e74fee1e1029c4d70d8bad979c68f2f7b7f8744f80231246

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    2cbb42567dc2056546dce23c3084ed65

    SHA1

    aec2696f020cd92ac7e38b3e463a81c58f998771

    SHA256

    5a81104c20917a372074d05bf3f76bc7f575e5d277502ed9cc8700bb0edb02d9

    SHA512

    e6f24b2798dcf9897eb91a9ed77d9199ed66d846e48b8006bf4b0ed1b4a723b00ebda5d921f8caf60b5cae68f02382ddd73b4af8c9590fd46faf67944c82d577

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    a94f50159c5c821bd1ff97433babb0e9

    SHA1

    fae9e1834f6034cbf7c6527ac95efc81fd85207b

    SHA256

    26a3790906db4fecd79edc54d46352cebd5c8971a68c8afa4f14886275cddf1f

    SHA512

    b7d0e6b86f08e54b20f7d496b6b3879109f849178670f42336337ab6996d60cf1dbbe23849b10e5b153f03d668d0d8604f9dc458188a329ec0acd532cce6ae74

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    0bc5100a690fabff64f33493828c8ed5

    SHA1

    50ac3f7e3d253322f59722556670c46064f55c6e

    SHA256

    bc3a560ca82a5f94015948f3af466a0e0c7fee9a9a2b735fe4b84f1bcbfacaf1

    SHA512

    895279f65b05abbe0dcc2c69253f8a7246cea193397ad7f2a2c354c882a68cd7fde04773e2334247b0c6620ea3f8fd30bdc36432a947d6558390d26123aee99a

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    baba19092c43746c023cd06e53d7165e

    SHA1

    b16c7e2f1bcceef609c01d0faa51319bf252f96a

    SHA256

    53a5eb707dffc33b69b8854bb12a6994cf99c6c06aa7cc40827700272682d71f

    SHA512

    d4107df17865afce71c4f9fbf4b2be32986efd94588f45f551366ad809822de3d6d5858135fdfe567a1ead2fad7dd49cdaedf33097b24695f833d53719920611

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    d3b11d7fa014ddfcf9a8db654c05fbef

    SHA1

    f53f5f8a7796fda518658553ce2eaa46372fc6b0

    SHA256

    cd7be3a7804cc1fcb8653be220f7aeb83d640b4abba405d8457d14cf145d3a59

    SHA512

    65ce48583cf94f0648273570a3eb57c996cd73e4a3488f4201eb2309becd569aab413c74f77146a5f87cdf20e2105aba2b3483d9cb46cd4c5d8ec5da623b5715

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    80613f125e3e0c418a04d65bf9e69e4b

    SHA1

    7b7dc3fc1de64028b40cb1bfac70de40d713db84

    SHA256

    1e68b428089b6dbd1a3f3eaacf8a86fd278413d0967fcf81bff7d7570e315cb8

    SHA512

    1e77e40181c5add5875ba8459463ec7b9ede8e5a2f9239755303688808f0052e873f5a88f4144f4a213287c25fe7ca2369cc8b80bfbbe00acc7489bce21aeb5b

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    46fbc548618eef14cd9a5d260c3b60c9

    SHA1

    72f21f8172505b6d80d735a6de691275a85f29f5

    SHA256

    a8f80e1425728f94a131bdb6707c087135ef6d9ea3d284782c15f8ddb15b92a7

    SHA512

    d440b70620bf64a8d4f1d56b34e48d43f745c6ac4717ae6632c99bf4c17ccb813455a440a7fa51e24d6d0ddd42edcc2962f6e88b5096305638270a92278ff9e0

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    d10654993d50f2fcf25677c3895c0fbf

    SHA1

    d7073e80640f46ae96ef0342c95b72391244ca23

    SHA256

    ceb21cddfe63bb2b08c74af538e2eeaac92a0d5e6ed1b73e96922db99639e410

    SHA512

    38e1169f1ee1d6c012476f77420b3dd0d30dbf846f7df9746f3d8788e9ff3a8c0d7f090ea5d34ace2c4c4094234ca8c33946f14039e3e99e1ac4241f73a5587f

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    50268ad1a6d8f63c1383a7d1ace0efab

    SHA1

    b4925a1ed5144e2c93072349b20951d1c036bee7

    SHA256

    66605dfa72096b3c5d540f77a019d67fb6dbd65b3082e5bd6d6f64f0ad69e1b3

    SHA512

    76ecf1c090fbeff84897c255b613efce81510423a8e992d47715c7aa5382387b166baf067d931b4c0db21a608cd2d95d243cd30cd77244db44a917a3c6559509

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    924b2e5445da871bed0a8a4671bd1a3b

    SHA1

    1167aa4d44d34f875bc841e7db5410d9bd27ffa0

    SHA256

    ae8dc343d5d0026823c9eec27c4aec68ffb910bbbb9315ceaff7441d4626721a

    SHA512

    41bb4c9eeaff2c2b821d409eada1abb6ee586fa38f20683f38c8405c9e9cfe08aee68c0c0f366e146794fbde53476a49d028507ef692ea155a72f69cae889afc

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    fe48831740c47bdce65ced1b0ac7d0c7

    SHA1

    7c946d048ea3de222b5630a20abee221d82a8dd4

    SHA256

    77e66addce8765f77f318bad18c18639db8ddea2f05a5eba85c382d051f7fdf1

    SHA512

    434c9dd790f4f66a33b5359be0309b73a54328a914399f16484e4925fafb13249a9a1ee53ed274036af31a92fc0e280f4cfedd140f15b9186f4c723dfe40d697

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    b5b6f9abceca88d9f9916d07a2709e5c

    SHA1

    ffdcd0f1e8c520b4a9f9d5632d39871c7b9faa7f

    SHA256

    789112fd620a3c511f3b219dd7bccf1b15db5fae5897fc48804ef61c946a4c9f

    SHA512

    11ace44be633b9bf3eb7dce707e661d095bba38dda653d64f2ff09385c781912301d636cb9713815929952095aefa96af6675139d8c27dbdad335f5c982c995a

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    0c73c1941f29874767cf9fc2bb087221

    SHA1

    ec3bf7fa18f976177fd0d3ab9404c6c6e6cb9bc8

    SHA256

    88d9840aafb637d5f004deaf5546f38db9280aeefc87554288d965e4f851c948

    SHA512

    6cc3a79b90e93a85b5778565f002cb1824ed629f41e18bf5db090ea077fbb482161f469f45021c7f6416d8440f87460202136ed1846dfb576990fd8465732356

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\imagestore\njqq61f\imagestore.dat
    Filesize

    5KB

    MD5

    fcbaac1e62114f09ed6324391472693b

    SHA1

    5b07d31606e8c5153d5d9c337f89aa7615003c5b

    SHA256

    6d8a4e53efb6b03918844879888d04f86022a8c0461155bb647e9938030c271e

    SHA512

    e02883185ba61179cd06858a2e3879e4bae89889f72c7f012b0ae4303daf92876097582119740ca560feaa18caac2ab4711941ff46191528d884cc8f4ff8405d

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\7CNUR30T\favicon[1].ico
    Filesize

    5KB

    MD5

    f3418a443e7d841097c714d69ec4bcb8

    SHA1

    49263695f6b0cdd72f45cf1b775e660fdc36c606

    SHA256

    6da5620880159634213e197fafca1dde0272153be3e4590818533fab8d040770

    SHA512

    82d017c4b7ec8e0c46e8b75da0ca6a52fd8bce7fcf4e556cbdf16b49fc81be9953fe7e25a05f63ecd41c7272e8bb0a9fd9aedf0ac06cb6032330b096b3702563

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\9F6B.tmp\batchfile.bat
    Filesize

    2KB

    MD5

    afe2ffb094c0d9d9d2c98eceb408e88f

    SHA1

    bea5c027c6a2d7ff8fb7d3e59dbbd93425c24bce

    SHA256

    09b5ac7b988e0f7324435dc65ccfd4ff6f53b9cc1e5d1cd4cd8e026f334b7652

    SHA512

    015398b422815e7a460ce5be3b70437a7eafcdc4cd2465c175697b1934391d4d96b71031e2ad7383d2b0b752b31f1cf281d3f2f08b2129f44a63a5b31b10969a

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\CabFC69.tmp
    Filesize

    70KB

    MD5

    49aebf8cbd62d92ac215b2923fb1b9f5

    SHA1

    1723be06719828dda65ad804298d0431f6aff976

    SHA256

    b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

    SHA512

    bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\TarFC6B.tmp
    Filesize

    181KB

    MD5

    4ea6026cf93ec6338144661bf1202cd1

    SHA1

    a1dec9044f750ad887935a01430bf49322fbdcb7

    SHA256

    8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

    SHA512

    6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\selfdel0.bat
    Filesize

    158B

    MD5

    8b825a4da8d6cbf2107cb780c1bb7c60

    SHA1

    8550bde176dacafa41f68e6c6af3796143c77174

    SHA256

    f6cb2f69b42304dae3a52429332c49b99a5f80fc57191fa4ef27e4b987fb1bcf

    SHA512

    dce155b86c54e54fb4d5d8fdd96d2ddea81ddc1ecb64f1fd60f8f8f4c266e8feb893e116bba14a44830e98a9a97e1776af623dafe84c4570840afe35a5dacf01

    Download Submit

  • \Users\Admin\AppData\Local\Temp\9EFD.tmp\b2e.exe
    Filesize

    11KB

    MD5

    ca23dbca942118449e245d27bcc75644

    SHA1

    3f3258b755e1f1c6f8ee65e92a4aebc4c74f1657

    SHA256

    386bf8e87b244a3fff741ab56d1a3e7ce910a5bdb6106a0d010466840838b1cd

    SHA512

    83bb658196264f6c6ef6a97b7da4fccedef36f175f20f9a7cf799734a2ac0adff8caa7a8c3fab491042f9cfde3fe5fad7b6640fc569656adbc21fdc54ab47fe7

    Download Submit

  • memory/1292-0-0x0000000000400000-0x000000000040A000-memory.dmp

    Filesize

    40KB

    Download

  • memory/1292-11-0x0000000000400000-0x000000000040A000-memory.dmp

    Filesize

    40KB

    Download

  • memory/1292-5-0x0000000000300000-0x0000000000305000-memory.dmp

    Filesize

    20KB

    Download

  • memory/2272-29-0x0000000000400000-0x0000000000405000-memory.dmp

    Filesize

    20KB

    Download

  • memory/2272-58-0x0000000000400000-0x0000000000405000-memory.dmp

    Filesize

    20KB

    Download