Analysis
-
max time kernel
150s -
max time network
128s -
platform
windows7_x64 -
resource
win7-20240708-en -
resource tags
-
submitted
18-10-2024 03:59
General
-
Target
e0dda239dd4cf24ec7015ecca493eede2dc7eadf0dc70c7b9501bf756f14300f.exe
-
Size
3.6MB
-
MD5
7c3b6a7c2de1cc8c037818a6c2dc3ce2
-
SHA1
2a32e017d73cc9af9ae56ac5d68deeb684b8429e
-
SHA256
e0dda239dd4cf24ec7015ecca493eede2dc7eadf0dc70c7b9501bf756f14300f
-
SHA512
bf19b68384a4cea0693412d7dfded2dc9cdb15e1632f538a8c83cc7f4a6b54b29fbeacd01162d9dda0243d6872477a90278a9e6beadf97bd397c9d4318134132
-
SSDEEP
768:m/raHM782f9rvs2Zg5nicskQzTGfxgzh3emu4v/eB4z7VP7LdGSu2HyTAzfMgTAM:m/roM7ZJfUQWgY54vqy
Malware Config
Signatures
-
Modifies visibility of file extensions in Explorer 2 TTPs 2 IoCs
-
Executes dropped EXE 1 IoCs
-
Loads dropped DLL 2 IoCs
-
Adds Run key to start application 2 TTPs 2 IoCs
-
Enumerates connected drives 3 TTPs 3 IoCs
Attempts to read the root path of hard drives other than the default C: drive.
-
Drops file in System32 directory 7 IoCs
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
System Location Discovery: System Language Discovery 1 TTPs 5 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
-
Modifies Internet Explorer settings 1 TTPs 38 IoCs
-
Modifies registry class 37 IoCs
-
Suspicious behavior: EnumeratesProcesses 64 IoCs
-
Suspicious behavior: GetForegroundWindowSpam 1 IoCs
-
Suspicious use of FindShellTrayWindow 1 IoCs
-
Suspicious use of SetWindowsHookEx 8 IoCs
-
Suspicious use of WriteProcessMemory 19 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\e0dda239dd4cf24ec7015ecca493eede2dc7eadf0dc70c7b9501bf756f14300f.exe"C:\Users\Admin\AppData\Local\Temp\e0dda239dd4cf24ec7015ecca493eede2dc7eadf0dc70c7b9501bf756f14300f.exe"1⤵
- Modifies visibility of file extensions in Explorer
- Loads dropped DLL
- Adds Run key to start application
- Drops file in System32 directory
- System Location Discovery: System Language Discovery
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\explorer.exe"C:\Windows\System32\explorer.exe" C:\Users\Admin\AppData\Local\Temp\e0dda239dd4cf24ec7015ecca493eede2dc7eadf0dc70c7b9501bf756f14300f2⤵
- System Location Discovery: System Language Discovery
-
-
C:\Windows\SysWOW64\msng.exe"C:\Windows\system32\msng.exe" fuckystart2⤵
- Modifies visibility of file extensions in Explorer
- Executes dropped EXE
- Adds Run key to start application
- Enumerates connected drives
- Drops file in System32 directory
- System Location Discovery: System Language Discovery
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\explorer.exeexplorer.exe http://www.OpenClose.ir3⤵
- System Location Discovery: System Language Discovery
-
-
-
C:\Windows\explorer.exeC:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding1⤵
- Modifies Internet Explorer settings
- Modifies registry class
-
C:\Windows\explorer.exeC:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding1⤵
- Suspicious use of WriteProcessMemory
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe" http://www.openclose.ir/2⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2968 CREDAT:275457 /prefetch:23⤵
- System Location Discovery: System Language Discovery
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
-
-
Network
MITRE ATT&CK Enterprise v15
Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Defense Evasion
Hide Artifacts
1Hidden Files and Directories
1Modify Registry
3Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
342B
MD585aac40432267dcf82c2303ebf33291e
SHA1bd04d6ef1e1d59eea5729382901cd69ddec5cbb5
SHA2569d65f845f37ae8bac34e96ef21532dd7d360b225e1f507a819015f0b2b886912
SHA5123b461e3882173481b2a5d736bcaef30a333c73541a00d5db306f406200db007d286db1ca7851bf3a3eca3c1050bb5fa1a6db8145c34e5c336ca0fccbfeecb9b1
-
Filesize
342B
MD5bb3b9abe7ac14c72e44b78d3cdfa5642
SHA1cdc2a4bb5e1f027b6710689d0abd6aa126eb4536
SHA256bd9b70b55eed5f2a9ec6de1c63145c5dc7c4c686f1d37a619937b1f25b75f984
SHA51274fe033551f62c9fa4fff869db7d2ff82761305f9febdb56166571668a1f97b601e485a928bff9c1ea9a99855443d1d76e4f0652f7bdd80e2709614ababc1e6b
-
Filesize
342B
MD581fd69eee3ba19b6dfa75a03ec18d27e
SHA12a24cc1979d2ff27dcd99d68bd2e726796f55382
SHA2560ec0765fe1d3043cd8d27e8882acedd17df842fe98020059094cefa5fe410519
SHA512c755c8818e64f1152761406f20e2f8842e7e54cc50282b07de7d46151c0e7e9157d49374f23984b76d959800db4c2614be292d7361b03e6e470e25773ceac188
-
Filesize
342B
MD594ade7d8a9ac8fad539a01169014e152
SHA13fd88de4380096805bd52f751226c6dd7a1c43ed
SHA2566e485738595f1ae258d9b4dce8bf4ff4d6a322e8cd5eed389c4ea1a92346a1c5
SHA512116588a5bf3053169c6e1aa2cd2b364fdbcd52f0573293b53ba454d7b9909c096dca2fb7a749f517b322227aebb172a7bb903163ca4719c7d2a4a5e5508891a5
-
Filesize
342B
MD59788057b065c1df4277fe9099a9dd397
SHA19a9c707ebd96146f9189963b80efcd726ca0f0da
SHA2567368c240cdb3a8e643a0fd555aa1e2d784b7e4c51bd9016f65edbdf14d40301c
SHA51247e191be26ccc6296a8f75b290c6b08887dad84366696694e2f6fdf44e6b9c47ea43bd4ecf35279a3a9d9a2ffd087c017a53bb29e5c75c4cd0a936f7b407e00f
-
Filesize
342B
MD5ce67477f143555ae23fd709afb4d6bf8
SHA1ac74f7c10a682c1c29882f9304da636ac9fcb868
SHA2568ec65e5635904c4f7d069611e3c8daeb4f1bb5e74aaad78cb98a0ef354e96988
SHA51258751a2f1d111b5b60290e7c4eaf5678672e7ba166d2cead30281b532a313e3345c1400b007e49e847e43957b33e6e867cf1965aa4f7c5f006767f88528ba584
-
Filesize
342B
MD5aee924c435b92309ca1ab7f718ce11c8
SHA168bec21d19347fdf2a8a6e1deff48eb0d00ff1d6
SHA256f3642412c8796218500d9062fd9ad202859ab33033c221e687b5abf7a6dffe2e
SHA5122fd4dc15e4c4b9af3f8ed9d7ced537667d21a9eac2c4467e7018cdda753180fca6c3ab18a9f628a0d36238ecde6b6b157473f73f703da15299cbeb355db95601
-
Filesize
342B
MD5431a245c21625f347985622384538812
SHA19ea7c7a1153a0acd68595c3997e6d69f60fd7372
SHA2564546b59b4bc22686ea10353e6dfac3a4821c39781951c5da4f4068f8064fb98a
SHA512103a38fd6e23038563b986f41f7bbcc68cd3ae725e28eeeed165bc29c4b02d47f2dc98dc634a25194d7a582472c28b96ae79a26ab45dcfdbc3139e23c02f3104
-
Filesize
342B
MD585be72bb6ad529e8f30472ac1906816d
SHA1969897e56eefd7be59ba8d057b4f1d25ce76c5ad
SHA2564c0aa5b09df92741907f9d0171e4c5229bbe9615ac7beb2c68c3d98087371045
SHA51224c789b03f79452d7df10aa80ece6934db63524a389b3c1827b1de74839612865f3ceb2ae5f09c09d005ff09336f92da39e37c918f66de032d675403a6be60ad
-
Filesize
342B
MD50e15fe0d190de3598480ebbfaa899182
SHA1fdac4d26d8c43749ec80291925f12f99c64054ed
SHA256e9c2231e3bdf69a3a4012276203a8b09d610d4263717a0bf7709bd80ec4079d8
SHA5120754d0a0d7f937d6d149f3d99bc85004f427964230b474bb17e134f09191ed037e3afd6c16b51cecbf57f61436c4e6ab3ac338536aa27ad4b01ed83ddc1034db
-
Filesize
342B
MD54490e46a358d055a10b8fc5cc21adaa5
SHA1fdb5f325717367d1cafbef1eb5da3b09164ba33c
SHA256c48174f55e2b31f4704e21bace74074a1e0d426f176de87c95d13de1e36e2d6c
SHA512bb6093e75e52f2382bf13b2cc0b2c1bc43af75674b27fad188353587473d0c4e784f162a58e3f07015b3caaa62095d69044e406df2b9ccb3adfaea5c1b81873e
-
Filesize
342B
MD5341888acaa07adfd480bfed0e35dea7f
SHA1a605c0893c143c2eae2c5c885da2b31a899e1f47
SHA2564f74d1943677d124b32a323e30c0ce5aae728a9792eca7d107bf672136095811
SHA5125c4cf70a8e722c6c053288fc39e969e44f207fa69e5f3dd410e1ccda07e859983657a40e6daffc78ca514e36d9e179753c78bb3e1b2b14c4c9b12b274bade8ae
-
Filesize
342B
MD5b6c1ce005d7869ed1d611b0e8fccaac6
SHA16d3e3515fd81b713d5b2b451268098aebee16476
SHA2567e25a84dff75bda53dfd3a8f3bfc59ac1762e6cc883a70e25e482404d9596626
SHA512bd40a20b3d3729b83e23f0085229ee4969a206fff8d385927f8e11a16442321bf7cef8e6b0a418fe9d57e8812bab1431aee43672a27ac2e7865483534f946964
-
Filesize
342B
MD535bdeaf1e5df4da180dc4256e52f1a8a
SHA16cae0ba57754e5416bfd53ae0b33c8b8e9f29dd0
SHA2569da84e8ee31bef16449a9423f4ccc77ab2f800fc21a53b9072d0494b9f8a6768
SHA5126dcd6e60b26fc528df134f89f0b8eb8572776392e84c6054f3472485087d9ff28d749428d1f7b5f85658bf0659a0aaec5f3edc8394681a4125f7671f2c3ebd30
-
Filesize
342B
MD57bba59d9f24a0ca3ed0e9ac50ac41504
SHA1e07c163c924aa496c96d0aa566e1e7f2e652ebe2
SHA256166c4e538db259ecf6c830ec0616a9d0c07d51d8485f678e642adeb1b38d7745
SHA512db4f8d08acc602f289fd120d91c759e8f0c340ed9a4ef98a709c93a6b751589b541b9114ed43fe7cab818c5332cee9fcc7d176e9fdded791120a21db6a27ff84
-
Filesize
342B
MD56541f6954c2968c4f4663123ad01f12b
SHA16d8810769295c314088382d7d8ceb5d7f44f4287
SHA256e0a71b7c3ac861dfc9afb25b1fed84b11e3050e73574f8646d955f6808e5f360
SHA512d84d0ac528e3b0ce15706bcc14bc43ffacccc12a0a7a29800dcbf81976d404d456b6b273b8a820562374720e8d2b4915508c87001aba3e8125139a633c5c51aa
-
Filesize
342B
MD5684e29c02f94a7c813319d35070f9b79
SHA161ab421ba93ed297cf0b8792432d88b21034049d
SHA256f36a0bff184fcf8839c81498113bc58416bdbfa377f91f65517e53ada9cd0727
SHA512050de73a96d5380a2680bb6eae7b8ee02835df84e5e1fb94c1b633f805e664d41e883e6b69feea065dbcdb211b3d2a8052428a8ca4acc5533512f240a9a34526
-
Filesize
342B
MD5edb76709e5678ef7165410fd7b5fd165
SHA18226cc2554b0ad02dfd6e79c12565693ded9e51c
SHA25632f033b28086c29aafdca8ce8947dfa060346bb9513c215b3b9f6bdd5d160975
SHA51212862d383ea9a0774e035a1dafbbe34b7b61c98e321c36c3f0a0e60319d2c1b6b7b23255f716b42d9677468787b805b59c06c9e6e0085b7e5e823d4a84b05292
-
Filesize
342B
MD5185f89704a5a2d98a5d840cda4e4fac4
SHA17c9f7b341ed451857db233daf542ed14608260fb
SHA2563cd6478ebb34f160399395e06cabab21ace8ca9550edf8fd9b2b6c5e0488588a
SHA512386be8dcb2dd5a9b8d4d3c02bd569ee948696ffdb83e98c943dfd07142ffc577d40f0c93f02ecb7541d841a2846b8c4458da2a2c26ffe0a3098365313d7b4840
-
Filesize
70KB
MD549aebf8cbd62d92ac215b2923fb1b9f5
SHA11723be06719828dda65ad804298d0431f6aff976
SHA256b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f
SHA512bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b
-
Filesize
181KB
MD54ea6026cf93ec6338144661bf1202cd1
SHA1a1dec9044f750ad887935a01430bf49322fbdcb7
SHA2568efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8
SHA5126c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b
-
Filesize
43KB
MD551138beea3e2c21ec44d0932c71762a8
SHA18939cf35447b22dd2c6e6f443446acc1bf986d58
SHA2565ad3c37e6f2b9db3ee8b5aeedc474645de90c66e3d95f8620c48102f1eba4124
SHA512794f30fe452117ff2a26dc9d7086aaf82b639c2632ac2e381a81f5239caaec7c96922ba5d2d90bfd8d74f0a6cd4f79fbda63e14c6b779e5cf6834c13e4e45e7d
-
Filesize
100B
MD58646e0b8e29e6dfdcaa4de203bb84bb1
SHA189504c126afc099f83b177c52cd7c001611f5dfc
SHA25667a6245b04d28668c423a1f593b8f9005ef7d74731467a546ae19e7801f52940
SHA512a7100f506477473793b12b68c0419319da7cec94fa924dbbae1c32c6402e9161e37df98409b269d9c993f278327c7f2196150cdf62fe76bfb6f947d5272a4ea5
-
Filesize
3.6MB
MD57c3b6a7c2de1cc8c037818a6c2dc3ce2
SHA12a32e017d73cc9af9ae56ac5d68deeb684b8429e
SHA256e0dda239dd4cf24ec7015ecca493eede2dc7eadf0dc70c7b9501bf756f14300f
SHA512bf19b68384a4cea0693412d7dfded2dc9cdb15e1632f538a8c83cc7f4a6b54b29fbeacd01162d9dda0243d6872477a90278a9e6beadf97bd397c9d4318134132
-
Filesize
436KB
-
Filesize
8KB
-
Filesize
64KB
-
Filesize
436KB
-
Filesize
436KB
-
Filesize
436KB
-
Filesize
436KB