Analysis

  • max time kernel
    119s
  • max time network
    142s
  • platform
    windows7_x64
  • resource
    win7-20240903-en
  • resource tags

    arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
  • submitted
    31/10/2024, 10:27

General

  • Target

    bf5555d6466e3d90234292bf04bdad2c08dc2adc620107c8f4de91f53f2684d3.exe

  • Size

    4.2MB

  • MD5

    89df346c0daab94e62d34a9bb9f36b33

  • SHA1

    d8a1ca62dd6dae42481c76961bbd88a1234dd925

  • SHA256

    bf5555d6466e3d90234292bf04bdad2c08dc2adc620107c8f4de91f53f2684d3

  • SHA512

    84a0f6c7ac320294a636312ac432dd645d5afb593dfb533fa04b52c9675cfaf998a8c965d1a8b696408f212b49b8505fb08a6ab48ac4d3d98c45d887c66767e1

  • SSDEEP

    98304:m5tEsszPCGTs3RAW8dYBHspDfuvmeNPLRcPyEY:TssbCGo3yW8dLfZeNjR2Y

Malware Config

Signatures

  • Checks whether UAC is enabled 1 TTPs 1 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

  • Checks processor information in registry 2 TTPs 3 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Enumerates system info in registry 2 TTPs 3 IoCs
  • Modifies Internet Explorer settings 1 TTPs 34 IoCs
  • Modifies system certificate store 2 TTPs 2 IoCs
  • Suspicious behavior: EnumeratesProcesses 8 IoCs
  • Suspicious use of AdjustPrivilegeToken 2 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 8 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\bf5555d6466e3d90234292bf04bdad2c08dc2adc620107c8f4de91f53f2684d3.exe
    "C:\Users\Admin\AppData\Local\Temp\bf5555d6466e3d90234292bf04bdad2c08dc2adc620107c8f4de91f53f2684d3.exe"
    1⤵
    • Checks whether UAC is enabled
    • System Location Discovery: System Language Discovery
    • Checks processor information in registry
    • Enumerates system info in registry
    • Modifies system certificate store
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:2052
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" https://buy-download.norton.com/downloads/2024/22.24.7/DSPN360/US/DSP-N360-ESD-22.24.7.8-EN.exe
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:2860
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2860 CREDAT:275457 /prefetch:2
        3⤵
        • System Location Discovery: System Language Discovery
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:1704

Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\ProgramData\Norton\FSDErMgt\ErrMgmt\SQCLIENT.dat

          Filesize

          2KB

          MD5

          ea97ca8780a58d320a2435a0196f695b

          SHA1

          03291fa7f84be7fa5324358d84f29aa3d1689f88

          SHA256

          4348b273bb8ffb68e0e2cb0c39d730119ae6eb1046522fdce25e37ac429436cc

          SHA512

          430c9c15cbb8a38da8d57ad65d8bf93e270a299ec233f5833fd30aa02f15947f11b40d4646f6b4bfc3a56c42c18f2ba3878507f5ca48cbf2d11d4c7575d82417

        • C:\ProgramData\Norton\FSDErMgt\ErrMgmt\SQCLIENT.dat

          Filesize

          3KB

          MD5

          b55d5e1c3860337177b9df16cc9d8a64

          SHA1

          2f9e382a52c9259966cecf375081f18bb80a6ef0

          SHA256

          f7c699816d8a716f84cbaba14b95d90932b3f97e04d2b80bdb0d701bfa7e6746

          SHA512

          381987d138e5f299ae4bb0f71ec0da6d7d8212e9772db2de3283eec8ef59dc185acbce0add5147d9e399865be907f9e309014290f04893ed12663912a5ec73a5

        • C:\ProgramData\Norton\FSDErMgt\ErrMgmt\SQCLIENT.dat

          Filesize

          4KB

          MD5

          00917bdb73c5596e30eb1f7e947afd1b

          SHA1

          3a63d3fb0cfc5b1db91e7808bcbec08aefa466d7

          SHA256

          69275802dfadb3a4a7606b171645907bea8d31a06ecb4e01f08da3e89b90a05e

          SHA512

          658c38cdf7dcee9fce2c91bd183a535e0f8dd2fbf3163cb0eca068966026bc16a8d208aeb3c7b0f2a3bae21c5a63d8a063793409f16715a36b348c8d7c9354b0

        • C:\ProgramData\Norton\FSDErMgt\ErrorInstances\A67AD9B2\6C8FA706-BFA6-488A-A9C7-284FB14BC5D0.dat

          Filesize

          235KB

          MD5

          942846a35294b861c3b75083164cb872

          SHA1

          2e7e143c8f97b41a3152868197c711a62dea9a5c

          SHA256

          50ab98102f2b7052cedec47d314298b7d84636cf16286c15721465f565f9e464

          SHA512

          0af4becaad72a203d2cc8fd96ab7461cfb5ac6767b63d95fba33e716c3e279b792f3c258845bbe7ce5511992bd91818b1f74fd6244d15f46f3b4f5a93d52990e

        • C:\ProgramData\Norton\{086A63F0-6B13-4F29-9695-134E7A01E963}\LC.INI

          Filesize

          157B

          MD5

          b26f99eff65a32fba60307b7002f7e8a

          SHA1

          041840a2b183b225444990f753222176b8b9fb76

          SHA256

          a50e078a05c680421f4da4f7a08ea7ac4f9bec03073ab92d61810c7a1e8746e0

          SHA512

          48e80810434de2a605193009fbd1510826b8284b0ac1511272103138d768e75d5177801cfced222cae7a30fd1b5ce9d33b73d2b09a0a081d3acd173c7be0b99e

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          342B

          MD5

          7ced428981beae9d1f99f4406dc717a8

          SHA1

          88b4ef9074e014caf084a0a4ea3b7bf94debd00f

          SHA256

          301a653183e9a4b0a3619996c92b8efc3520c9ff882aafbc2cef587693226a87

          SHA512

          7eb3a65d3de31900d71340c6c876240fb965ca39ae03a16bd47856c001e8318f51f43fec6b964ba7a31ed3d94590a5ae233fa295cdb29f8060d980f3a905b07c

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          342B

          MD5

          c7ae1d138e78b92ec4af0c3f09a36df0

          SHA1

          bdf3a305c1bdab0684028efc5e011f709f799779

          SHA256

          aa3403cea684d603e2aa6eb2e6cdf635b82892341899c5557f49594e8abf348c

          SHA512

          f4c7ac7197eba8a8c54f03e3dfbf598b1a92133d93a7b31d4a1d73beda8a95cd5fbb1d91a24976742be801912d549058ef8b01de4e7bb6538d508872896e9b95

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          342B

          MD5

          ee6e62143e734808c4278ea9a8417a5b

          SHA1

          a7c28d3bcc5690c4a8f30378b87a81a246a03590

          SHA256

          671ddda5579d1c4a93c656c6c119f4476d439790371f4678f7216dc8423e59e4

          SHA512

          2a7fe7533591fbcb306054ed7275b393f1c073ff0451d935b52e287fc4e694fb5999aa6f2e47e88ed35ed8231c20a1487eaff7af01c42cea47748be07afc6799

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          342B

          MD5

          4b6f7188a1863af2218f24236b4a7623

          SHA1

          6fdec1ff1a4d4a8d9b7af0e3108ef1543e39e7bf

          SHA256

          79a818a5ae3358afa5b4d2aa2e632076f40cfd29660749dbd4ad141044d82abe

          SHA512

          5efad375b38483aa82e7de1302d9afe817cfdfddaa12e5a4281fa31a0b51189071c866083eca5b6040409c759dca07904f486e16f0f2823e2877ea37c3bbcea9

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          342B

          MD5

          6b9604d940d11ddb7844af48e68d0184

          SHA1

          948f5c7bf772dac640a7705f3901e7b47e8f067f

          SHA256

          03b38cace2ebc9ca247201985fb4127de04c8876b66295988eae5f0f88868259

          SHA512

          91bcc7f758caf37147f911f73343589194d15d92597dee7667095d1321a1eef809cc00a4973962c61a62a19840e94ad0ffb6a25c680183754dbb811f9cc14531

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          342B

          MD5

          64c981801c9f604eef0bf0c50d1e996a

          SHA1

          ab5c18b932ed099192a83d29681a4501eb71e13c

          SHA256

          64b85ef33d41f3f769d18c8d959135f009ce5ac64b4c502447ee83b1fc715f3e

          SHA512

          59642a442570a4b1e58b236f32050403eea2819aef1c0af0229cd60009923d1e2b7635a2caa730c68843a9bba9c6ed967033e2d31862824c9863c9be8c095e5a

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          342B

          MD5

          0e1c89d03cc9f4e468afd81b2bd787fe

          SHA1

          a1b1ceb977cb38d4a10e258961ed91eac7953535

          SHA256

          ffd91f7394386293bf350413eb16e7a9ee2f941f46d22096333af3f2d871c8aa

          SHA512

          b44113603ece4e43ddc65b6ee73655ab99f23fd4673bcbda040bfa35590ca0d2807c869917b98221595cd4e1dd7f0b014436f34e6363f96861900494b6d97449

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          342B

          MD5

          6fc0d57cfa3a52dcd882f7135b3ef13b

          SHA1

          7bc993c7fc319dbfaa720e4f4a398643e065879e

          SHA256

          c9ec373e0e716cfc4f6392e03cbdb43268e8a629fb99d3dd2d8b4de9c1c3ba3c

          SHA512

          b50830f3ae3e455c4fb47a3b926abedf4895854cc5bd23327106fc5856ad2e7be765ceb8e5d50666dd79785a9213226cff81a207a91d93724028578d99c0106a

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          342B

          MD5

          49798dcaccb0102dbb7016317a973e83

          SHA1

          33a4ddaf5012d41e8091c05f53068767abaa105e

          SHA256

          619d31356f3812057fed56af26722e2b0f9389f7d0a5a765a4dd8df633a77723

          SHA512

          b120f14d36069d48d2fec84aca282eb368639d0b0081d97c7685df9c34e7b90d1c927560df0a759083ca49d04d007577e06e8d4a0e7cf36f0bc889a9b73b6e91

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          342B

          MD5

          7e6a9cd0ba6de6289439e36fabebd58f

          SHA1

          c6db23fa2a5cbb8aaef3b486ac71ea3071cca870

          SHA256

          c0b3765ba2231d1f621e93cb24383575128c9f3cb1c2ca1f6555882cbe1ab632

          SHA512

          7cbbb44cc10dba051599243542407f3a191d0de82456c30aa589c51b78486f213a1b85e48e1e11722e050b4ab612eac30e1fc4b551919993eee2b2736ecc6e5f

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          342B

          MD5

          55732de0106213b4eb1c9fd1d20d4205

          SHA1

          85ee88a194b644ba7706df57e1589d0fe92abb19

          SHA256

          e18e5ba485ac7ef6944b78f0ea45f0c8f44f5cf435528b32f695ca8934831657

          SHA512

          20cc96be91bf25a9e83356b9c31fe73bed77a8eeac32218d24271f8886ee5721dd4a1468bc016d36e9d4c0e1dd2851edf9772c6155807fd1216b9b8fc723a667

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          342B

          MD5

          dae8c2fc2a74182b324ef83c8f1450bc

          SHA1

          2d1b2147f3ffa96129ac076716a3b7291ad9e5dd

          SHA256

          a3b8077a771044d4a95fe3fc87fb4f76f747460b34cee7214aef25b0437ac6fa

          SHA512

          dbc0789d2d9018d39d84699a4839871ec9a370982f9c752bfebf20c98f8ca61a951be45c3f9ad2c2de0104d318efc441805225cd7f8687747486712dc6d007bf

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          342B

          MD5

          339c21b91186fdfc20a5bed3d74f23b0

          SHA1

          c96e7c9bcdd4565312dbd11841247e19b7a79e87

          SHA256

          759f8bf93759627c0b86557dedc91c34be4019609b362d32b93db02025156214

          SHA512

          57afe7400d1bd2ea395bcbedaa081801047deee6a19885cc7cf223a2717c89272e33ebb358ab01ef2fe77e57198ecd4ada3df6a73b041b1828ad4a63c5a6f355

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          342B

          MD5

          cb0a08e207ed235ba3903954964647a0

          SHA1

          6f95c081efca4a4e6afb36aad55b351fd84ca2e3

          SHA256

          c9eb706ede6bef17cd685f7b304315a2115d607990aa5e6d0a5595e60c29f6bd

          SHA512

          b9bd9655a2494f6c4f211ce98282bd692a05a83033358d9b3f6eb4edc3db848d2fe50206956f2a61c659414d008d0e4ca32c7eac8c6f2dc527d4658b4543e3e4

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          342B

          MD5

          1aa06283264b91d14b714b5f879c97b5

          SHA1

          59f6d9fa9251cb9ca72de53f1d4c9360b00d4eb2

          SHA256

          de8915ed04c7058674b056cbdc43168bfb07b1543c3de3f2980dbec7ce337b7c

          SHA512

          0e01120d7f9af0efb301d2af33bb25c65733e960942214b8519b06db9b2b1d91af335c35b7289e0f2f2123f47039043d111da00878bfe119e96bd0232287f297

        • C:\Users\Admin\AppData\Local\Temp\Cab1AA5.tmp

          Filesize

          70KB

          MD5

          49aebf8cbd62d92ac215b2923fb1b9f5

          SHA1

          1723be06719828dda65ad804298d0431f6aff976

          SHA256

          b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

          SHA512

          bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

        • C:\Users\Admin\AppData\Local\Temp\Tar1B44.tmp

          Filesize

          181KB

          MD5

          4ea6026cf93ec6338144661bf1202cd1

          SHA1

          a1dec9044f750ad887935a01430bf49322fbdcb7

          SHA256

          8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

          SHA512

          6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

        • memory/2052-9-0x00000000020C0000-0x00000000020C1000-memory.dmp

          Filesize

          4KB

        • memory/2052-59-0x00000000020C0000-0x00000000020C1000-memory.dmp

          Filesize

          4KB