Overview

overview

4

Static

static

1

x360ce.exe

windows7-x64

4

x360ce.exe

windows10-2004-x64

4

Resubmissions

18/10/2024, 22:48

241018-2q63qsvbqk 4

19/05/2024, 15:48

240519-s89rxadh6w 10

Analysis

  • max time kernel
    42s
  • max time network
    24s
  • platform
    windows7_x64
  • resource
    win7-20240903-en
  • resource tags

    arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
  • submitted
    18/10/2024, 22:48

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    x360ce.exe

  • Size

    14.7MB

  • MD5

    be80f3348b240bcee1aa96d33fe0e768

  • SHA1

    40ea5de9a7a15f6e0d891cd1ba4bca8519bb85ed

  • SHA256

    74faf334cb0bdd3e9dfab8c323d4eb3b9b089bcaadc7dbd639d9aa93a4f6f829

  • SHA512

    dfb3b191152981f21180e93597c7b1891da6f10b811db2c8db9f45bbecc9feb54bc032bdd648c7ad1134e9b09e5e2b9705d5e21294e1ae328a4390350745536a

  • SSDEEP

    196608:n+/7/fO/vBSVnf+viDyJBwhsCArf+viDyJBQhsCAaIF/f+viDyJBaF9hsCA6EJ0k:nX/vu0Bwhs8vu0BQhsvFOvu0BaF9hsR

Score
4/10
discovery

Malware Config

Signatures

  • Checks installed software on the system 1 TTPs

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Modifies Internet Explorer settings 1 TTPs 26 IoCs
    adwarespyware
  • Suspicious behavior: EnumeratesProcesses 7 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of FindShellTrayWindow 3 IoCs
  • Suspicious use of SendNotifyMessage 1 IoCs
  • Suspicious use of SetWindowsHookEx 4 IoCs
  • Suspicious use of WriteProcessMemory 7 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\x360ce.exe
    "C:\Users\Admin\AppData\Local\Temp\x360ce.exe"
    1⤵
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    • Suspicious use of WriteProcessMemory
    PID:2468
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" https://www.microsoft.com/en-us/download/details.aspx?id=46148
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:2564
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2564 CREDAT:275457 /prefetch:2
        3⤵
        • System Location Discovery: System Language Discovery
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:2604

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    895ed1bd020e36a396eeda43932f6c19

    SHA1

    a39dd0034afbc90a4ea24a177336f5f713d473b1

    SHA256

    9cf8f66bfd64ea116bd2a6b4694d9512b95be5905342a08f6a170974d37c19d5

    SHA512

    73f5d3b3bc32c7b53170b572ba28dd4d1e0baa9ee6154404dafe7001d79e3e2b5172820ba87bf32290edbda536122c1d62159c795ce1a28c379f954152c6026d

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    0ef5eb341ff88eaa34319695704992b2

    SHA1

    cda1ba08121ecf8e243f447b63401ad0884644ec

    SHA256

    60e70f87a92744598712441f206a109907bff5189da92790f96e165f0687dfc9

    SHA512

    1c4e4b97eabf91779071b09d1c615c4aeb54021ea6afd37f7906241e34c75e9553f7c67ba2323647778be7b8ba4934a3b3cad81ca6ccd7aff8f6eea77e495e9c

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    42e2ddb297abcfbc8553fc2b00453f0d

    SHA1

    d2509b1fa8b2cef7ccd9eb742dd3758f65744ce0

    SHA256

    7bc3bf8462b824668555bb5aa881b11e3a67ceb237e79ad473ac58c413a3e2d8

    SHA512

    096bf4e0210171ba7afb9cf6fde204d21526a2cbdac59aa9d08464b979916ea30cbd474fdb0749ee4e1382399d721bd9db6f0d3169338a60dac00f5369ecf123

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    ce34ea94b0fe13cb32ea350f6defeeac

    SHA1

    dd967c18752c8794f27bb99e87a4f139be28d340

    SHA256

    f2aa4b28ed0ac4dfa1158e2e0eab8847c11bbd6bf0b40c4e957ffea6d6264a11

    SHA512

    02eb3b261e1caec75b7fcfad8f33ea8aa186908796199caf2f114996a02b59cc97ed5568eb6ddbe124e461268173bcc73a4fdd86ef89e85df42ee8ec35a25181

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    f9e372432a95efe366879850bd9d33c3

    SHA1

    f54379762bc0c855406471d9607e4c3747f10460

    SHA256

    f225b3ac765fd95c434b2e835d8fe4295c8526330a02e92c2b059feae37b2c1d

    SHA512

    73a514df3b89343753ac00c36754c0bed4378164b2146ccacef41ea0cbbbd2da7bc6a1f84c7b1b0ac9dc7eb946eacb81dca1828c4dde1d463953bfe04f78ddd1

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Cab718A.tmp
    Filesize

    70KB

    MD5

    49aebf8cbd62d92ac215b2923fb1b9f5

    SHA1

    1723be06719828dda65ad804298d0431f6aff976

    SHA256

    b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

    SHA512

    bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Tar7219.tmp
    Filesize

    181KB

    MD5

    4ea6026cf93ec6338144661bf1202cd1

    SHA1

    a1dec9044f750ad887935a01430bf49322fbdcb7

    SHA256

    8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

    SHA512

    6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

    Download Submit

  • memory/2468-6-0x000007FEF5300000-0x000007FEF5CEC000-memory.dmp

    Filesize

    9.9MB

    Download

  • memory/2468-21-0x000007FEF5300000-0x000007FEF5CEC000-memory.dmp

    Filesize

    9.9MB

    Download

  • memory/2468-22-0x000007FEF5300000-0x000007FEF5CEC000-memory.dmp

    Filesize

    9.9MB

    Download

  • memory/2468-20-0x000007FEF5300000-0x000007FEF5CEC000-memory.dmp

    Filesize

    9.9MB

    Download

  • memory/2468-19-0x000007FEF5303000-0x000007FEF5304000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2468-7-0x000007FEF5300000-0x000007FEF5CEC000-memory.dmp

    Filesize

    9.9MB

    Download

  • memory/2468-0-0x000007FEF5303000-0x000007FEF5304000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2468-3-0x000007FEF5300000-0x000007FEF5CEC000-memory.dmp

    Filesize

    9.9MB

    Download

  • memory/2468-2-0x000000001BE90000-0x000000001C022000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2468-1-0x0000000000BF0000-0x0000000001AB2000-memory.dmp

    Filesize

    14.8MB

    Download