Analysis

  • max time kernel
    122s
  • max time network
    142s
  • platform
    windows7_x64
  • resource
    win7-20241023-en
  • resource tags

    arch:x64arch:x86image:win7-20241023-enlocale:en-usos:windows7-x64system
  • submitted
    31/10/2024, 10:16

General

  • Target

    8a9130e9050d81e009d9c04885d25bac59a32662058b32e43afed381e8b33a04.exe

  • Size

    4.2MB

  • MD5

    73ff6b22a9611c18bfb03fa96fb2e3f6

  • SHA1

    1d90924c4416151abbaddd8969ca20af45e5d4d7

  • SHA256

    8a9130e9050d81e009d9c04885d25bac59a32662058b32e43afed381e8b33a04

  • SHA512

    b292425ff13a6878c9ccdf025447515775796891d76b55ea748a33d6ca113bbc4bbe3d62e427f65641d021abf554178b10db0c6f79936db772046beeb90094d0

  • SSDEEP

    98304:m5tEsszPCGTs3RAW8dYBHspDfuvmeNPLRcPyEc:TssbCGo3yW8dLfZeNjR2c

Malware Config

Signatures

  • Checks whether UAC is enabled 1 TTPs 1 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

  • Checks processor information in registry 2 TTPs 3 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Enumerates system info in registry 2 TTPs 3 IoCs
  • Modifies Internet Explorer settings 1 TTPs 34 IoCs
  • Modifies system certificate store 2 TTPs 4 IoCs
  • Suspicious behavior: EnumeratesProcesses 8 IoCs
  • Suspicious use of AdjustPrivilegeToken 2 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 8 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\8a9130e9050d81e009d9c04885d25bac59a32662058b32e43afed381e8b33a04.exe
    "C:\Users\Admin\AppData\Local\Temp\8a9130e9050d81e009d9c04885d25bac59a32662058b32e43afed381e8b33a04.exe"
    1⤵
    • Checks whether UAC is enabled
    • System Location Discovery: System Language Discovery
    • Checks processor information in registry
    • Enumerates system info in registry
    • Modifies system certificate store
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:1644
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" https://buy-download.norton.com/downloads/2024/22.24.7/DSPN360/GE/DSP-N360-ESD-22.24.7.8-GE.exe
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:2472
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2472 CREDAT:275457 /prefetch:2
        3⤵
        • System Location Discovery: System Language Discovery
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:3060

Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\ProgramData\Norton\FSDErMgt\ErrMgmt\SQCLIENT.dat

          Filesize

          2KB

          MD5

          bbe8e2f10e87919a4d83aa2cb3de700d

          SHA1

          85ccacfd611638113134a04e7fc42e65f05a6658

          SHA256

          69e94a8671d503dfde5c57e0992f4d26f25b4d96e04b3405c15b740110e0c17d

          SHA512

          bbabc19be58dc5038ffcce5f612d45426e00c68bae3bbbfbfa2a9d68ed0af20a01ef94fcb914cddcdb306caa2652d77115a8ec3b2f32a39a46b4fba2d0d64a2f

        • C:\ProgramData\Norton\FSDErMgt\ErrMgmt\SQCLIENT.dat

          Filesize

          3KB

          MD5

          b2442d9b4d22c778ebef7778b6d5d7ea

          SHA1

          f8282d24d329f4eeda93f16ec2445eeb9d2b1f4a

          SHA256

          69359c62ac9c6e01af85c96e35b727c863ef035cbb0cefe31111d02171e8f4d5

          SHA512

          5f8735f52add83d50ab0ccda8430d4462c287352a8476967bec43ddbb1c587d5d22f4c12cfbeb02229465e6d0826838dbd68ace12c8e5b9a46e8ae70ffaefd41

        • C:\ProgramData\Norton\FSDErMgt\ErrMgmt\SQCLIENT.dat

          Filesize

          4KB

          MD5

          f4a7b56ac390c1618a7db3c87e975a06

          SHA1

          eb209063cfed78c55f464b4d44ee4b30f507fb66

          SHA256

          9281527c89362c9e67050f9f19a1576a1d69a239d8e329d0555a21b367a0d0c9

          SHA512

          ac0adfdc53688df3d81221858debf770e38ad86c9e4f1617f2e07d53d823e01258dd4f64f556ea0c83bd4acd655443f78966d76f5265368fc236c46fff34a86e

        • C:\ProgramData\Norton\{086A63F0-6B13-4F29-9695-134E7A01E963}\LC.INI

          Filesize

          157B

          MD5

          7d5962a2be824da6ee96b1affbf8e5b2

          SHA1

          98323d861995356a5fea5ba94f663963c6a7ec1e

          SHA256

          8e896cbdd9b377f0b5db5f9a4f4a30e2f6cabcacdbf8beb6762c9f8cf07190bc

          SHA512

          86a508bb794bcf7f2fd53ae0e5b902547bbbc8befd036ca9ede95216e1efb0e9f72951db027cd79faff98c012de90f369b276a380525b2982005d5fec68ecd37

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          342B

          MD5

          99a84c7772252d1a8abf937ed96cee83

          SHA1

          a8666504f84aff4a22f229512300537fab1c03ea

          SHA256

          23c1ea925e08f3c95051e9b42e3a89bdde0943bf484029ba6cfc9a4bdd04a546

          SHA512

          722db79c34d8566734e4cdfbb6941dc184c9177ae64ede5530114b26549fc5d45369479d3aa281490fa470cac59e6fbfcd528d39a4a575e0136dce63790c61cf

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          342B

          MD5

          844ef258fa5273eea1a1c71a472b0e59

          SHA1

          596ecd66d63300487fa1d94b8418f1cec0d0c667

          SHA256

          1a3cea90c9cb56eb5c5b26a2238cc842c209f4a0f8b45300fc529763e3fc3951

          SHA512

          ec4587247dc91721c2b10dcc9a01b481e36203ee06aebeb397d9f0e795153a3c5ac446e679eb1e6dc378eef483e55eb5a30b3f467c935153f0d35a14b727d116

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          342B

          MD5

          513c9f0653d3236301326ce9797fd9fc

          SHA1

          6d8e3b3908ff5811623284c5c7a5dd2c4a3e6981

          SHA256

          c892c7c1ae6aa023e8793e5d1338789d3ce6bbb4794f695c20fe7d5764849cc1

          SHA512

          f26d5a6d0140a715069df6ab3c873594d9bb97adcd36ff6296d62e205762215d3c207d382d16dd888fcdc9d36f0f33555c69bfdc3a1ec5f6a9477e467d5877f0

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          342B

          MD5

          181ab9f0b7d50084cf70da8129af70a2

          SHA1

          7d62c516111e4231d5d940f80000de081b52cd35

          SHA256

          d56f2fee13261d9d11b24e7b3b58949ba1a2bccc32b2409f7708ac3f586663c3

          SHA512

          a4726282ef74013bb8966ed3eb35bbbcd0e6f68dcd299642eb2049e1bb4528f8703d22808d7125e085a9732c2673f90d930146f72738f7de7162466f9cef5f15

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          342B

          MD5

          35d86ba1c05f0c20e4c42ac0547b34f0

          SHA1

          127e38bd1f02ac94f032f683ad49b6823288c776

          SHA256

          c5cb7240dbe2a377afb1d9d5e88d58b594bdcd0ac2cb89712fed95dcd9c641c6

          SHA512

          9a741f4b632b34eedbb52751ad410977bccba95406976b2a77ef00b060ba95a13bc0e8459da8b3548635de859038d2081d8364059945d1bba445c21fc31ad6c2

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          342B

          MD5

          71cbd58cc8e9d1002eca5235fb070fd9

          SHA1

          808720c3a715a23cd26a89a48d51aeec47307d4a

          SHA256

          0e048b8beb66be436e5032123b95f37e81ce2fcdadc392c0f74a09e0f21c9820

          SHA512

          1b6c5e170a7af9cc5b13fa33fce596fbffc9d87bb7225e3f6b67a689aa7c05650dd22d363985cc3e04969f40dad618f40282deb5c266b9d13aa543a6407f5c91

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          342B

          MD5

          832b7e20e07f2b9832090e526eecc90f

          SHA1

          1af7eb0642c9b07529f4b5f0b0789be4eba9ebbc

          SHA256

          8795e0d85150902b7055b94cf5b67b3596c3f6cde10cd05545aa52d87e6b7d5d

          SHA512

          73b96a4c9df3b6e30a3316ac77772c0ba85630b4a187cc1d00ac6c938d662b97a9e76e22adfc375c5ae6ccaf60f345c855714bca917e06756b17bbe60cb846bb

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          342B

          MD5

          0cd3b0763f964b98b2497e0422e2098c

          SHA1

          dd157199208cd9657c6f7c2e9a30b3646e714638

          SHA256

          133f5b0a7d8464c45975ba4a8d0f378be98d4f0bf8dbf97408f43560da638213

          SHA512

          20316d49a413e2c255392e77a5d847286c4580a55e0e930022ad50ec86c910e8c94de5ba2c5d0a63f56c73452e9b18ff7f8eebc12757c909da89cb70a7cdf2b4

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          342B

          MD5

          87373f7ed4ba32ef6e4dde7f9d122880

          SHA1

          4abb8b664d97bb0d7310126fda2d758a9c940791

          SHA256

          3b51b5a1dbe39a6536eb622ce8789fd9c24d5627e033e879549e956bee3f2d8a

          SHA512

          98e6824451b9ce21e60f9b974eb090f732b6e8e3a00d4efbf925169aeb3654471df3f7a09f4954306ad196d5b6522363298de83acd66234fe9f1e02f4afde0a7

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          342B

          MD5

          b401f490c28cb31c97fbbbee47f4daa0

          SHA1

          c6d1e6ecedd8021c6b6646baea83ef604af52d8c

          SHA256

          0fbf8ec1fbe905dcfb15c09a1ae88b7de487a7bf8176880af584da41e64167fb

          SHA512

          3ccebc2c706fde3f7573b40a6663e3cc1447034c9db50e2ad6222b3551ef16a7840b99217ffbf64eff0e30cb2a0892ec65446e4ef585740b6425cbaf79678d5d

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          342B

          MD5

          daca3b200fb9e054e1203978934e2096

          SHA1

          b3c52867c8c47a38708999db109046f277789dc3

          SHA256

          5e87395aed60c0b425ba188fa71c371ca214c8b2c798e15facc997415c3d2365

          SHA512

          ade659df4530729d44889c8679fe18621e735cf90ce10df969d4900245bbcb2cb6dd5ce255b7332b57dceb9a424e905479e71a7b7b61f0003e6a1097ca012904

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          342B

          MD5

          a5384947e84fb5e9779beb0858cecc99

          SHA1

          41e132c5679c6cc57d17572f99a9447dcc75c447

          SHA256

          ed901a6a5cfe312b01ab672378513e0cc5f4a07b2c8dc3444bccda716a09d624

          SHA512

          b2085a392e1042ddb8e6999dc815a9e656c7bc4c0f83fbee70bc6be1815d8e918646817d72c31781fd5c49e3f018cc73f306f2c2e41af081ba9f9ae2226f62dd

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          342B

          MD5

          4a4ee15e8ea8d67b9b88d43f6b998e15

          SHA1

          f8f038d4fe3244d84edfe2bac4f71e2a86c034bd

          SHA256

          009a311996fce2d03b8dafbc2ff09fd8061b5d5f5195e3b70e6ae81670c5ef62

          SHA512

          2c6e89585cfd7902b86a273ebed780ec861b4580538acbbc0f101099adde149345d9f0f6c55bd8e5ba179075d81fa9dbac27281267ad4240d593be08ee8964c6

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          342B

          MD5

          be50d1614636774e1fe6f6e6dc1661f6

          SHA1

          3635ba97d4a7986d3ce3537e12ccc26c27c35940

          SHA256

          0920d7e9d5dcb41ab4a5467010176eb0a985f50d3104db63586cfa7b8be3be88

          SHA512

          6e8ef133fd7ae0fc7cfa37bba5646d1a27ff8001c38a28939e58e685078a196d2c14fbf006febd210199d8be8824a2a21b72cacb0d659e9cc4b5fba5892c2e85

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          342B

          MD5

          d43998bafcee733aaba0aea1d85fadea

          SHA1

          b65db0cbe38e46d97a8ddc122b3894a44775a39a

          SHA256

          8bba496dd54b57dfb3ffd633ec92801b6234e3510afe3096ef443ec0b1b5baac

          SHA512

          bdffc3c9ab1abd08e2ed0827d25ac83cb4d77f7b6c562fcb92d02c47ec53604ca1b57f4248ca82b2b326dd87eff75866299e739088289ded9bc93a2fa5ccc849

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          342B

          MD5

          4642b68932f95c17f61e1af3e83a9401

          SHA1

          9507859ae4876445aac5095a29e70fab42d0b7a8

          SHA256

          467f6ac9a3544196a82bcbc4a565f672de6ff822009a80b16b426640355c3500

          SHA512

          9f2d00a76a8e8578c9957b646447411bdfb3e098530e924e8bd16f00f2c61d1da18035d1e2f2d810d977ee8e90f5a5c859d8f8fe8289ff05bb6811a086dad00e

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          342B

          MD5

          4756d01e488de19926d168ac3c7011f2

          SHA1

          512e2ef33f6fcea39671ed37d3f990c43f0e4aa4

          SHA256

          2454ea1a25793a6f8630588bfdf2d379fa66d23fba1a9b98debd3810818671dc

          SHA512

          e7a01ed0dbc90079b6445be0c97c53484f37e60d5a8bdc704f9553c3c430d65a031f1b7e6cf9615f9aa1541c9680ba8c2a77022292c4c029931ec7d68b8d875a

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          342B

          MD5

          491f111e9269990cbe57a1f60d5fee9e

          SHA1

          191f6b2b66bef106dbe63e6e8c3c5398961745a4

          SHA256

          7be437fcc314e0c4ab4b503e329f81829bc5a0f17354f985abdfcb4a276fe06b

          SHA512

          fe4e58aeb81928e7ef383571f82bcfb15780d88b094dce06a82abfc01f5ec95f757b0e72b097847dcd35b18bd454d968ed72f3c0f51d01d08b2b017e81840e7e

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          342B

          MD5

          152f0a6b25fb8536bc1c79bd3c9c5b66

          SHA1

          a575d1d60202199cee9b047fe8b5108e8b560178

          SHA256

          d13e05632a3a330424ac70f54ac04bdf3843c6cc1d6b9bf2f652d914d0711e1b

          SHA512

          5730905b04973d1ad8e67f2f7c8dac749cedc0556cc12423d06d60fbc36874188ab965b5b159b01651d07442e8ec1ded839b00ef4347e6cfbe6119d83f3313b5

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          342B

          MD5

          ec044fdc685ed3fd6c5ad0b16b0061b5

          SHA1

          1fb0d2244f6385b2ffca5a9588f0dc35362ea324

          SHA256

          57aa89de2a50e97057f2dcbd18de471a14b94768ae071cb227543437c9137296

          SHA512

          35d42ff09d0a4c80355043f3eae1a14ebb5e5cc7eaa369e1d597579b030bb0774e5cd21b00d0646b8d80c7c97e6a187628692438f177c175c9d375a54d9f7f14

        • C:\Users\Admin\AppData\Local\Temp\CabC86F.tmp

          Filesize

          70KB

          MD5

          49aebf8cbd62d92ac215b2923fb1b9f5

          SHA1

          1723be06719828dda65ad804298d0431f6aff976

          SHA256

          b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

          SHA512

          bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

        • C:\Users\Admin\AppData\Local\Temp\Tar16AE.tmp

          Filesize

          181KB

          MD5

          4ea6026cf93ec6338144661bf1202cd1

          SHA1

          a1dec9044f750ad887935a01430bf49322fbdcb7

          SHA256

          8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

          SHA512

          6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

        • memory/1644-25-0x00000000008E0000-0x00000000008E1000-memory.dmp

          Filesize

          4KB