Overview

overview

7

Static

static

3

fb18661f83...18.exe

windows7-x64

7

fb18661f83...18.exe

windows10-2004-x64

7

$PLUGINSDI...em.dll

windows7-x64

3

$PLUGINSDI...em.dll

windows10-2004-x64

3

$TEMPLATES...up.exe

windows7-x64

7

$TEMPLATES...up.exe

windows10-2004-x64

7

$PLUGINSDI...ns.dll

windows7-x64

3

$PLUGINSDI...ns.dll

windows10-2004-x64

3

KDocks.exe

windows7-x64

3

KDocks.exe

windows10-2004-x64

3

uninst.exe

windows7-x64

7

uninst.exe

windows10-2004-x64

7

$TEMPLATES...30.exe

windows7-x64

7

$TEMPLATES...30.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    134s
  • max time network
    127s
  • platform
    windows7_x64
  • resource
    win7-20240903-en
  • resource tags

    arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
  • submitted
    27/09/2024, 23:27

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    $TEMPLATES/winar30.exe

  • Size

    349KB

  • MD5

    4c128d73f1c6028e2babd3ecace2664d

  • SHA1

    f95921cc94d2cacdfaf5494cf537f99cd86ef146

  • SHA256

    5962ef40a9bb16fcade381d4c7970c4cfb13bcd0c523520a12b822fa129358a2

  • SHA512

    51fa8e22521e6f25fcf93a0bfed4a1cc34247bcdff50f75cc2a0c2af6dfa81a7540c78ceb3f990f0831dfe26b240e42653fda666b3b250a82807555fa02a4c9d

  • SSDEEP

    6144:ye342nu/EJXAF8u1qBhGNy4909VezjiGF+nh9CUZLcb+F7HIM:SEJXs1q2N1906jidGUZLcb+F73

Score
7/10
discovery

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 4 IoCs
  • Drops file in Program Files directory 1 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • System Location Discovery: System Language Discovery 1 TTPs 4 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Modifies Internet Explorer settings 1 TTPs 33 IoCs
    adwarespyware
  • Modifies registry class 10 IoCs
  • Suspicious use of AdjustPrivilegeToken 2 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 28 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\$TEMPLATES\winar30.exe
    "C:\Users\Admin\AppData\Local\Temp\$TEMPLATES\winar30.exe"
    1⤵
    • Loads dropped DLL
    • Drops file in Program Files directory
    • System Location Discovery: System Language Discovery
    • Modifies registry class
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:1724
    • C:\Windows\SysWOW64\cscript.exe
      "C:\Windows\system32\cscript.exe" "C:\Program Files (x86)\EditPlus\kk35.icw"
      2⤵
      • System Location Discovery: System Language Discovery
      • Suspicious use of WriteProcessMemory
      PID:3032
      • C:\Windows\SysWow64\WScript.exe
        "C:\Windows\SysWow64\WScript.exe" "C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Templates\kk35.icw"
        3⤵
        • System Location Discovery: System Language Discovery
        PID:2976
    • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Templates\installstat.exe
      C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Templates\installstat.exe
      2⤵
      • Executes dropped EXE
      • Loads dropped DLL
      PID:2864
  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" -Embedding
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:2312
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2312 CREDAT:275457 /prefetch:2
      2⤵
      • System Location Discovery: System Language Discovery
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      PID:2260

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Program Files (x86)\EditPlus\kk35.icw
    Filesize

    132B

    MD5

    8e68a17e974af37f1480b122aa5e8237

    SHA1

    8af029d1f8fa964b2353207cb0a3c1459d154716

    SHA256

    8c86ad76061c05f684fe0f1fd12f172fc4082b26e075dce55b828369aaae991f

    SHA512

    9fd6dbf0e3b2c69f4e6bc941cc908d3d467c7f32ace3aa398104c2743facb16dbb137e7b6c4947685fb1ed7cba87b510129f0a76f74a5456743f768f2f497d8e

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    fda5f21fa27eadd313bfacc423b72d81

    SHA1

    a029d1384e9936c7b14beb9365a7018cbf397706

    SHA256

    fb9d26ae28deeb4865235b0681f84d8f08575fca8e8e085cec039a6c91261f17

    SHA512

    82a6b20cacd1c1e9993de92a57b78218da5d42e822ace6338db75129af8e6532c7d2f281ec304efcc913073ed9e31103c5b86aa5c11b203675047ef7572aa1ce

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    179c1188caa3e32d3e74f8e072fca160

    SHA1

    05bad282338634093789a39a202abadca99dc09e

    SHA256

    e1bf3fcf025c9f975ffea73eb5a7468c67b69224a91405f49e333d4b4e7bbd13

    SHA512

    f7f43aa451fa4f0f0f5791c1da40e5f24be51c04d54d41d78119c154e3a860241369863dbe83ea287c7746ea4521cfd10e71aecc995726f321014b30f7323992

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    63a409562e9dc6d3c6298ad0eda537ec

    SHA1

    f1449963858c55797311e80aba9b3af009942ce9

    SHA256

    28f44e9e179131f127e958c11b192e497383627a4135234ff14e1a62ade4ab45

    SHA512

    c3da9abec76eac650400613170720d5436ecd8bb90567361fcdb57914ae247796434f49d2d3af4f7c6cda0eae7cc1963bb5af17500b62acaca684ae724372b68

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    375af8d3920f2c4667678b66156836f2

    SHA1

    cff9e22737b66fc8ca4a7a16d884bdf56736c20e

    SHA256

    cd83f005701707200c6526f06d85b44c5194d458340ae093585ad2faa4984817

    SHA512

    95a7f4141d94bdbcbf6e8143f6c3426a81d38861eb624c8b76b2100b836c17ef6862ea3e78f23ecf854def48ca90323c3486745aafc6601ed048fc6e9cc948be

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    eef3f246aec1d57373920d0fdf4b6ee7

    SHA1

    0602613d3c4157e012951154cb9e3372791821cc

    SHA256

    2876ae66631700146b1114024107ec6cc61933cc9e1cab502eda666545cc1b16

    SHA512

    80078942b0e13e49f30b54b07904ca89741e4b51c49119f371b1e04176ac24111296c0e10b2ec5b77e918d828d9ffbaf3e5308d95fad70f4affac3f30bfd01ae

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    092de061d08ce2eca153814a47e8c82b

    SHA1

    37c23a7155955e7fda3421691fc58ab9e20883f0

    SHA256

    4e9a31040298024792f8d2082788463bfd076f747cde2db9a75f9a3cbfc917d1

    SHA512

    705c6fc9c9a347e31d4fa8c79a566cf80ba6dac2ec4745fe4e2ecfb0993124f5797ff86e45848c57c565842916e213313de1ae245c078d2f7baceb84e617a705

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    f10c104615bff24bad5ba661e02dbbe7

    SHA1

    239397147d5fe1b3099deb113fbf6a6ae09961fb

    SHA256

    0399949eb6707be3cb819b25b1d2a728ec47832a2f6086f4f611ee1e1a340629

    SHA512

    c041fdab7ee0d827a8356ccb29871f4d2042879fa6f8d052f1378d69788d43def2c890a14b8fe315243b047b2ff8c88b4bd0d96da3db170c6dbf0cf45cfdb6d2

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    0b626a8ee311b8e256b9c6c3f6e8189b

    SHA1

    eb6a28a0aec55e13a4b7da47de0c1d658f4f5c3a

    SHA256

    a5bfeecc1af3882fb881cdc2393b91468a6f57e9c0f971d8d26ca3d9c840dc0c

    SHA512

    10df72dd4770ed333122b24e814fb055000b13d5fe0bd5cd2245a8c1942fabc49982848c6453e16b3bdb333454bc389c1b6c642d4b602d7b58ac661092a8f4fc

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    5a9d791573bbf99322e223bb79b5731c

    SHA1

    3553c593614e63017d7f87d48e4e8f66057b40f8

    SHA256

    953cc5998018dc0dc109512fa74252b7820525a19dda99678030a07ea9b0b86e

    SHA512

    36ffcdc30f9e62d3ec19551f900be373c433f1792bb61a5bff5e47428a687a600f94e741575a8e3fa0ef2e0a4cd949e73f18273bbe0885eb1976254442def583

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    33b1f6b96a3ceff6599c5fb0374a720b

    SHA1

    8b86261f082907175f0ca2eb25d54d9cf2695810

    SHA256

    9398a9b454610e95045fe275c8608bc6b1e7f1f0d1bac3c8e1a7779362b87e3a

    SHA512

    4bdb1eab44207f6f9d4d9fa2ed44e8bf4d86cd4b364dba0d0ffbabd7fe42977ed6b16906eae5bf2b79ecb8104c215c36fbc9dc1601e984d51447d3a8efd04283

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    63cee5527c17576d2356a020ed9a9a37

    SHA1

    dbdaab1fafd5646f4500047fc972b3324f12a78a

    SHA256

    e9a96381750d017cff1d9ea5816e449e095216898a3f516d82d07ec3e35ed70c

    SHA512

    4c4930bbf5a02289854aeea2549e1a2e94748f5325313db73b9fc4767ddd6eaf47633ecd27fc75cce19ba31a8db97e8b478379609c39dff6643d5ae14d1019ee

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    45e2ed1a93a7969c7cb809c55f5b3c0e

    SHA1

    035a24b2b9ecc29cdb358af7c3b890de846f66fe

    SHA256

    de99497089126b530d08efc8384fa725c80d3363fe902602e40a039032466a55

    SHA512

    65c4658df8297afaa4a402eff267823ef7284c40ca433136f81d88310a2bfb4ccd8ab628a5ed674b6ee2cd93b9a54cba6cdb443fa237610a66bd80ca57bf8390

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    b25c48c2601cfcdc66835bd0326a6ed8

    SHA1

    e36e736e36938019fdd30b5ea9e742941e2de7a2

    SHA256

    73a1714f4255290336796be9431f157972ed54e7d5591a86c30a06e21d25108f

    SHA512

    414a49a40714465baf95311486e50788009e44a941a5fd07e082e43aa9e305440f2a8fb58e3a21a590b7c9678c7ffe81fb59161312708d536f0867cf5c55a398

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    79721d72aa0de9522c5dfdf4f460c249

    SHA1

    c39a0c25ab6721f69b070bb09ee0a4c27e1e5f59

    SHA256

    6c595102e3b0eb8591174de69e920aa8aeafe661d847762dac268193c00b8166

    SHA512

    63f680605a7971632e09624d970658a1bcb45b948c23e46339be71b2f7bc6883aebd704c47f26c104c79cad7d61ecd3af8ca8165570f8e2dca9607a9b4e5350a

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    4483bd50cf1ffa50eaf459a0b231339e

    SHA1

    aa18f359471a25557f308db7569fa95a59703212

    SHA256

    c81a63eb895b54d504ea4960006cfa9b8ae82e8ada20105fabe37233ea3a78a6

    SHA512

    cc3fd51aa97f1f19f82512fd781a93c52091f321a3f80570b9d780a58530dd4b8414a35f8a0da48964e60c773421ff4e9ce3aa6469d14d2d4f93e77086662d3b

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    7230e2fda4887ebf693415ab30d4af7c

    SHA1

    65882aef0a363ba2054ae9758a0c65580c762463

    SHA256

    47b0ff9f8d39eb71126ef3fc68c139f888e3c74d5ceaf58fc1409de523583e9b

    SHA512

    2db355daa33f6e66229d8676667c67ffd8fcf9b9f410f5f19178fbf29a19e4ed95a8af406795233049eedda12c600ba2a7908b0eb44d025e7b0622efac0abe96

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    16061ddde2e580b1b40d7c0f669ba564

    SHA1

    e6d5e074dba478a5fd72a2fe2284534f5af89d0c

    SHA256

    82d582ab7f84ce26bf7df7dfa15eec5c1e181f2ff37b3cbc03a061a3b052510c

    SHA512

    7065be636e74970c9eecf72fbfd88a239cbcd273b3cf014664eea06a00f2ad1f6614f5dcd2dd75ae807047275b5b5f5a18ec787d05b4aeb730f75d722e77cdd6

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    013a795f43320edd7858b2fdce49b8c3

    SHA1

    017c2d4ec2b991c105e72a5171f3986b211b6c62

    SHA256

    4c2fbf93aeda82c614aa317723d72661982d01dbc2754c622bdc970ec4748acd

    SHA512

    7b4396378b584332ca720e277736eca4acf737bf986cbd7ac64397383970ac700f0124432e785aa50587223e4e5737c8a3d8ce6543046b89fa6eb93987ada191

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    70eb3d480ee3ebc0c96e3e8ff06dad16

    SHA1

    da29962e0cc12d9709812169b714d712deabaacb

    SHA256

    c8516f898ae994905a342c23bfa14b850c8db5df22754d5be06b165ab58c91d9

    SHA512

    5f99bb2d4351fc953f6b4c8fea94e2eac34fb9788d7da87fbe19992346fd9638f8b6761fa5ec4e05f8b06a83812e1e61b2e206166738caa45bf4bf69c73e44c0

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\CabD50D.tmp
    Filesize

    70KB

    MD5

    49aebf8cbd62d92ac215b2923fb1b9f5

    SHA1

    1723be06719828dda65ad804298d0431f6aff976

    SHA256

    b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

    SHA512

    bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\TarD56E.tmp
    Filesize

    181KB

    MD5

    4ea6026cf93ec6338144661bf1202cd1

    SHA1

    a1dec9044f750ad887935a01430bf49322fbdcb7

    SHA256

    8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

    SHA512

    6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

    Download Submit

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Templates\kk35.icw
    Filesize

    842B

    MD5

    41d592d48ea217e613c70734972786a9

    SHA1

    f92d5fa0541141cb180ce2072c5c8221d9833d89

    SHA256

    5ca246ebd53c355fadef573ae06fc8cb9c668d296872e70214d5dbb942e74d74

    SHA512

    2a7eb6d04017dc552a776705142c68a9a3c9833ed6daa39cff206b8e31359c8b361d8403a913a00cbe321f9c17400f79cf449d0664df3c93753b07410f3d0c88

    Download Submit

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Templates\statistics.dll
    Filesize

    80KB

    MD5

    67eaa1579a25f7f43d07a43938b7419f

    SHA1

    b4e15c43f526fdbd493f650d9c51398197b04f7d

    SHA256

    26400a7cb09f42ed1a459ba8fff14bcc557fd58e2e05e4cde7fa9d320a8aa3bc

    SHA512

    7e64d69a9bf19a83c2fd6af3de2589a6a6f63f533183d67df0f9de6edbbd4277c425e43caa08e9d6f745092b8d6bc94ec01c0f70c05a84d6f71f699110e6fa48

    Download Submit

  • \Users\Admin\AppData\Local\Temp\nsdA16E.tmp\System.dll
    Filesize

    11KB

    MD5

    c17103ae9072a06da581dec998343fc1

    SHA1

    b72148c6bdfaada8b8c3f950e610ee7cf1da1f8d

    SHA256

    dc58d8ad81cacb0c1ed72e33bff8f23ea40b5252b5bb55d393a0903e6819ae2f

    SHA512

    d32a71aaef18e993f28096d536e41c4d016850721b31171513ce28bbd805a54fd290b7c3e9d935f72e676a1acfb4f0dcc89d95040a0dd29f2b6975855c18986f

    Download Submit

  • \Users\Admin\AppData\Local\Temp\nsdA16E.tmp\nsExec.dll
    Filesize

    6KB

    MD5

    acc2b699edfea5bf5aae45aba3a41e96

    SHA1

    d2accf4d494e43ceb2cff69abe4dd17147d29cc2

    SHA256

    168a974eaa3f588d759db3f47c1a9fdc3494ba1fa1a73a84e5e3b2a4d58abd7e

    SHA512

    e29ea10ada98c71a18273b04f44f385b120d4e8473e441ce5748cfa44a23648814f2656f429b85440157988c88de776c6ac008dc38bf09cbb746c230a46c69fe

    Download Submit

  • \Users\Admin\AppData\Roaming\Microsoft\Windows\Templates\installstat.exe
    Filesize

    44KB

    MD5

    7c30927884213f4fe91bbe90b591b762

    SHA1

    65693828963f6b6a5cbea4c9e595e06f85490f6f

    SHA256

    9032757cabb19a10e97e158810f885a015f3dcd5ba3da44c795d999ea90f8994

    SHA512

    8aadb5fd3750ab0c036c7b8d2c775e42688265b00fe75b43a6addaefc7ee20d9fa3f074dd7943570c8519943011eda08216e90551b6d6a782b9ed5ce20aa6bab

    Download Submit