Overview

overview

7

Static

static

7

5f6e8231a6...d4.exe

windows7-x64

5

5f6e8231a6...d4.exe

windows10-2004-x64

5

Analysis

  • max time kernel
    146s
  • max time network
    144s
  • platform
    windows7_x64
  • resource
    win7-20240903-en
  • resource tags

    arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
  • submitted
    11/10/2024, 22:15

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    5f6e8231a6e5c41f2cb60598124cea2f268069a83be700ff40c7f790fbbaa5d4.exe

  • Size

    1.6MB

  • MD5

    62f538e7dea99c16dcc769ffa659f4b7

  • SHA1

    e41ef63aaaa7f3f5219c7374bb5301000e4f5136

  • SHA256

    5f6e8231a6e5c41f2cb60598124cea2f268069a83be700ff40c7f790fbbaa5d4

  • SHA512

    d901d5b9e5e03d301061538a29480866f2737e347c64eb687976f2de6836fa715bd8461cc8df37b725576e044120ce5d664e4461299ae59919f28a7ad23cba9d

  • SSDEEP

    49152:ZE5FCagyyhR9LWFCihdtMAPkMqffCxkU:ZA0agyyhR9iFbZRHwAj

Score
5/10
discoveryupx

Malware Config

Signatures

  • UPX packed file 25 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Modifies Internet Explorer settings 1 TTPs 34 IoCs
    adwarespyware
  • Suspicious behavior: EnumeratesProcesses 1 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 9 IoCs
  • Suspicious use of WriteProcessMemory 8 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\5f6e8231a6e5c41f2cb60598124cea2f268069a83be700ff40c7f790fbbaa5d4.exe
    "C:\Users\Admin\AppData\Local\Temp\5f6e8231a6e5c41f2cb60598124cea2f268069a83be700ff40c7f790fbbaa5d4.exe"
    1⤵
    • System Location Discovery: System Language Discovery
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:2560
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" http://pro854e1938.isitestar.cn/
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:3064
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:3064 CREDAT:275457 /prefetch:2
        3⤵
        • System Location Discovery: System Language Discovery
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:852

Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC
          Filesize

          914B

          MD5

          e4a68ac854ac5242460afd72481b2a44

          SHA1

          df3c24f9bfd666761b268073fe06d1cc8d4f82a4

          SHA256

          cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f

          SHA512

          5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357
          Filesize

          1KB

          MD5

          a266bb7dcc38a562631361bbf61dd11b

          SHA1

          3b1efd3a66ea28b16697394703a72ca340a05bd5

          SHA256

          df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e

          SHA512

          0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC
          Filesize

          252B

          MD5

          e686d86b236568e5e89ad1f43bccf06c

          SHA1

          4f455fec5af401b48746e5e0de53cdcfafc4b2ba

          SHA256

          faa7a4498ee4814ae996c5392ecbac93802821af42ab276755d14073339c9278

          SHA512

          14f9a2043fed63fbe54d1697c3c80523e21916b6c71d3f6ee1f4be24b8def25d1058de85fe99630858954cf50f9c2a4f3afe59ed691f18a38e9c1efc0891e623

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          342B

          MD5

          f9b2272754b9bf231cf43050dc94b460

          SHA1

          3d43ec5c8c4cdb6aec17ef02c15b90c324b6b02d

          SHA256

          ca4d704dc9f0d674218c8fcb36cc9492532cf07b4d3bdc1956f227bb2c8d71a6

          SHA512

          cc66d9c8a09a0f689b1e9fc91b3923f57a7dc4e429745ebec384ee9f17f72a3baf6b461c71dc019acd07cd93548d3ab69b5d31c77fac3138bbf38f5ef0151264

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          342B

          MD5

          6c971ff5a8746875712af946c449e4be

          SHA1

          0395c161d304a84c27fc71ad08d234a6a1421fb7

          SHA256

          e17908f8527663d8e63ee434f87e3e68e853066273017a497c272ce2f2078f05

          SHA512

          6913c5d87a9d6c59bb40be37cf4db6e3739d85610986975e087733c1d0d7ba21168315f363999cdbfc2aab71f24cc590fdc6374b38a3c8cacf31f9f77be7bb6b

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          342B

          MD5

          bbdf9fbd097adac5768c3162a924a773

          SHA1

          2296f5a734e824bd59cf9a794b0c00a85a9ab052

          SHA256

          d2e169be82266e6577f21fffb9eb55c0d3a96936c04120059756c47b2b54b569

          SHA512

          d1e861090115a70f839412f791a7070fee88ac05b342106abe3be03c914748ae058126f060906edd3f9157a17bbbcd86e846e1de439cac03b4527cc06d1510c6

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          342B

          MD5

          18a93543fea202f1ac3a7c1cdfb0f8ed

          SHA1

          3173ca4dc3727ffbb9a0f2e99e500a6db8964b9d

          SHA256

          9237bb196a56e2ed31d5e504b91f0f5125a7f49e1d1712afc75cce691c1a75e4

          SHA512

          b6ae533ebf66d6347421fbc80003ce4a5445300ae08b6a3b3527f96d4e3e160e8c31da47813b237bb05cd99059784cd20abbb39c3602469b0adb7a1a0a184e66

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          342B

          MD5

          ddcf96b1f634916ded8181df7833de5e

          SHA1

          b5cd9c1f133781505f90d4ac5ce75cf33fd1d378

          SHA256

          56ea0d07683c66477fb2e1dfff34a20e8d35e5f1491c6b90944f9b8ab8c97d2b

          SHA512

          ae75bf2c67a6d692085c600fd49dd9b66e149ff3850ea0187e1c0d6ec404df77be89e2a99cc272b57844c24cdff535ef6ef804420666a4f7bcb89348076f476a

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          342B

          MD5

          c055245e3bea5e56bb949afe9c233432

          SHA1

          41f0025248be0e80d2f1352a7790ab19399af3d3

          SHA256

          fc34dbbe509ae49459a221700a8bc581985434adf74b88bcf2c620c087dfedb9

          SHA512

          1fd4f6af18c99fb5c6390ad347dc25f49e6849cb4e02a7460a7196d8ec66675cbd012b021a07c54546f02f36ffd78cbbf92bc062b7e04fd35c53e81950707041

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          342B

          MD5

          c9a39d8bddf278dad39bd447359f4f26

          SHA1

          f68cf11840744536374332c74f4154b0e443fe15

          SHA256

          f731894af0f50073619c1837ea1099ced736fac17007664f6a44982b4ac7ca9e

          SHA512

          0d96679416eae2b71efa5e95840ec31bac0638ff5715b10f81866f0288cdaeba7f1fcb7cc3078e3877ebaaafdcf98b6c920f4f1afeebf975a165cc163d05de50

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          342B

          MD5

          d05d02ec353ebcbbcd67acdad2c4313f

          SHA1

          b1780ed7dd9b29f6cdb8938eabe7ea576875f819

          SHA256

          47222c75caa898f523c609592026445fecb929e70949b0fc45dadb5b7163f6c6

          SHA512

          be3f06fac0cae7931ccb675c63e7c1c6f1a51879c87a95110a399a1dc47f41479419a1e9f919391b40c3d75077cd704186e04ab88e8ff9569b722dfda928f8bd

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          342B

          MD5

          62f8a35d695091d25cbe2fc01a4c43ae

          SHA1

          a3f99fa8937b54d48ff3d3051e6d307389991449

          SHA256

          7e372ba04ca8544723dcb1ca7cb784a4bfcb12fe7827f8148b7fe12cb64a04b6

          SHA512

          d7cda872b75784c0ade0c52979d5f57a89a909032457602087fd94ac7cbdebd6697f68316db61f92c100a176bdaf1e2c71703c3791fdfa450460fcefd325e59c

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          342B

          MD5

          9071f00f21f8194df54c27d0137acefe

          SHA1

          6488a580f917984c0a940321fb0bcd7f501f9fa4

          SHA256

          dfdb52c22ea5caba6c74fdc70cb4f491c33b7d2239ad7d79a9eac17b4a314a73

          SHA512

          5cd9387e62d7e949b6cb06ed38c8ebde0d370bc5ab6da44422bb4d20a76861a5ede1e24f668c7be8609ec1e7cf492603205e4775dbde354a77c09063c50fa645

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          342B

          MD5

          21b90aebbdd1852faed70f474cdba147

          SHA1

          4825caf44feace27fc216a14f482590355166181

          SHA256

          88dc713d8cb307544b48c20150b3bd6cc124d354a6bc20a04d5a6e2e09d60661

          SHA512

          6828144f45805d9be89b60180c93a2ce685438902e266cf0c074c562acb2f4e4983f9d016894a109f5ac0f3f2ee183f6e68beddacae4d83880209eef2d9a1656

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          342B

          MD5

          65f52d3b1b9ff17a6f7195d6374c5cd4

          SHA1

          7ff248a7de0feecacccace997a52944da96951e2

          SHA256

          659afa80526d5653ed95f0d50ba2e63324013f32005b6dbce7f1f662c45bbd5e

          SHA512

          7a124e6bc6e4830f8b951803366660a015bde244a5768cfa3eb2e03cf3e6a4075f490b871a0ed47360fec1fa8a9f6d242d34fe2df35952df3893e7261f1ce5dd

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          342B

          MD5

          d3699ac0b03794b682fd6299eddcf2a6

          SHA1

          a22d20d2a288e5742890349bf29b58bcf6c44acf

          SHA256

          62aa476800331dccbca20315e5aac1c4fe72f8e4701878d9200184ba5d859370

          SHA512

          c03633834e5bfe02a3575d0e87fb4953c56f8f5d4412bbe3d2213c781ccb1253a37bab51d669833e17a76051d995321fff3396d372d08e8b5b6672f47cec4305

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          342B

          MD5

          78369fc9d3723666559ef10f4d121684

          SHA1

          417b40645fd5f2c2eb6fec8020252793eb959d4f

          SHA256

          4e496fd8811d3a4f27692759cb3e2a69c05bc4fe5eb52109b57535fa1fc0ea61

          SHA512

          7e8357b772e8c9b113dd72a88e473f1173e9f83e845dd25e7d694c8b7e0f35ceaed4093b8a08b0a48c4d0e05837311efbcf49c5068ec288c27e51c7700850323

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          342B

          MD5

          58beeaec43698f5c5e784d588a0e612c

          SHA1

          9abee7ce0e6a28b00bb6c730d97aad139c83e688

          SHA256

          bcae393aa9d4ebc9919eb5d359ceee21639f077100a02a25bb5eaa046ce83ad8

          SHA512

          df7c7b53a264bf600bbdf8d9d54055bb0667aa61de0130bc958226e1503c016c87979342643edc475e8f63273296315374db1e94d26ef2ceeae950a9149193f2

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          342B

          MD5

          c670d23656ed094b87105d996e49b2af

          SHA1

          16aa5df30863999f5f136097a69bc22798ddc3f2

          SHA256

          dd474fd7652f0d98f91f03675a3d589eeec2f6d3c8fa5ed8533417931a02061d

          SHA512

          2b965381dd0af8eac96fe695d3f806abdcd22b55b8b0114146a797603a17c22152b7c585f745e44ab62da0922d878534f1f37ea99278989946638a53987254c2

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          342B

          MD5

          265f3b5ce2ac927cd942e04dea8c0fae

          SHA1

          2b5734b1078dc1be8b2d58a157dd3dda0fc5787e

          SHA256

          db852577edfaedbc865ebe5d6c5d6d0f58f025b3ff32d3d3201424c1e8c0ea24

          SHA512

          34d3f1c0f300eb83a2100041b66d5ae72c3ba71d3ea2ef43997733b3f727dec43ba02af9b63e9ea1d85700d02807fdac9564ffcd4df91d708ecfadef2b0d1681

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          342B

          MD5

          38b87429a0584ffc2ba96deaffa18819

          SHA1

          94d5b39314ef1aeb906e144342a22f4a83ca7291

          SHA256

          5e2da0010c6f4b33efe5dfd6d3ee267b38db7d9a53c306f681d9eb03b90cc838

          SHA512

          1bb1fda60261f4aa4efd892bf031389e89d7856177f1ad72f34ac07d938e2264ed39644d70f445a425c9d5ef4dcc207ba7e10d69c162233db4ceb48e79f623f2

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357
          Filesize

          242B

          MD5

          378c50fe97fe91839c1a9f77ad281e27

          SHA1

          a42ccb79fc60a9f458fddc50e88f744359340c2f

          SHA256

          c5150b8c99cb343c7726b38b1384b196e2aac865daddef2c44bc1298be73a46f

          SHA512

          531918967aadc758fc3898f92579fd1d10539384ba1be77cb81459af27928b5e5e37ff680736d1dd824b4aff3f9526294c0a0c56e979bf5becfd803662a38b8d

          Download Submit

        • C:\Users\Admin\AppData\Local\Temp\CabA15F.tmp
          Filesize

          70KB

          MD5

          49aebf8cbd62d92ac215b2923fb1b9f5

          SHA1

          1723be06719828dda65ad804298d0431f6aff976

          SHA256

          b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

          SHA512

          bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

          Download Submit

        • C:\Users\Admin\AppData\Local\Temp\TarA1A0.tmp
          Filesize

          181KB

          MD5

          4ea6026cf93ec6338144661bf1202cd1

          SHA1

          a1dec9044f750ad887935a01430bf49322fbdcb7

          SHA256

          8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

          SHA512

          6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

          Download Submit

        • memory/2560-28-0x0000000010000000-0x000000001003E000-memory.dmp

          Filesize

          248KB

          Download

        • memory/2560-24-0x0000000010000000-0x000000001003E000-memory.dmp

          Filesize

          248KB

          Download

        • memory/2560-5-0x0000000010000000-0x000000001003E000-memory.dmp

          Filesize

          248KB

          Download

        • memory/2560-4-0x0000000010000000-0x000000001003E000-memory.dmp

          Filesize

          248KB

          Download

        • memory/2560-48-0x0000000010000000-0x000000001003E000-memory.dmp

          Filesize

          248KB

          Download

        • memory/2560-49-0x0000000000400000-0x00000000007BC000-memory.dmp

          Filesize

          3.7MB

          Download

        • memory/2560-66-0x0000000000400000-0x00000000007BC000-memory.dmp

          Filesize

          3.7MB

          Download

        • memory/2560-8-0x0000000010000000-0x000000001003E000-memory.dmp

          Filesize

          248KB

          Download

        • memory/2560-10-0x0000000010000000-0x000000001003E000-memory.dmp

          Filesize

          248KB

          Download

        • memory/2560-12-0x0000000010000000-0x000000001003E000-memory.dmp

          Filesize

          248KB

          Download

        • memory/2560-14-0x0000000010000000-0x000000001003E000-memory.dmp

          Filesize

          248KB

          Download

        • memory/2560-16-0x0000000010000000-0x000000001003E000-memory.dmp

          Filesize

          248KB

          Download

        • memory/2560-18-0x0000000010000000-0x000000001003E000-memory.dmp

          Filesize

          248KB

          Download

        • memory/2560-20-0x0000000010000000-0x000000001003E000-memory.dmp

          Filesize

          248KB

          Download

        • memory/2560-22-0x0000000010000000-0x000000001003E000-memory.dmp

          Filesize

          248KB

          Download

        • memory/2560-6-0x0000000010000000-0x000000001003E000-memory.dmp

          Filesize

          248KB

          Download

        • memory/2560-26-0x0000000010000000-0x000000001003E000-memory.dmp

          Filesize

          248KB

          Download

        • memory/2560-3-0x0000000000400000-0x00000000007BC000-memory.dmp

          Filesize

          3.7MB

          Download

        • memory/2560-30-0x0000000010000000-0x000000001003E000-memory.dmp

          Filesize

          248KB

          Download

        • memory/2560-32-0x0000000010000000-0x000000001003E000-memory.dmp

          Filesize

          248KB

          Download

        • memory/2560-34-0x0000000010000000-0x000000001003E000-memory.dmp

          Filesize

          248KB

          Download

        • memory/2560-611-0x0000000000400000-0x00000000007BC000-memory.dmp

          Filesize

          3.7MB

          Download

        • memory/2560-36-0x0000000010000000-0x000000001003E000-memory.dmp

          Filesize

          248KB

          Download

        • memory/2560-38-0x0000000010000000-0x000000001003E000-memory.dmp

          Filesize

          248KB

          Download

        • memory/2560-40-0x0000000010000000-0x000000001003E000-memory.dmp

          Filesize

          248KB

          Download

        • memory/2560-42-0x0000000010000000-0x000000001003E000-memory.dmp

          Filesize

          248KB

          Download

        • memory/2560-44-0x0000000010000000-0x000000001003E000-memory.dmp

          Filesize

          248KB

          Download

        • memory/2560-46-0x0000000010000000-0x000000001003E000-memory.dmp

          Filesize

          248KB

          Download

        • memory/2560-47-0x0000000010000000-0x000000001003E000-memory.dmp

          Filesize

          248KB

          Download

        • memory/2560-1-0x0000000000400000-0x00000000007BC000-memory.dmp

          Filesize

          3.7MB

          Download

        • memory/2560-0-0x0000000000400000-0x00000000007BC000-memory.dmp

          Filesize

          3.7MB

          Download

        • memory/2560-2-0x0000000000400000-0x00000000007BC000-memory.dmp

          Filesize

          3.7MB

          Download