Analysis

  • max time kernel
    121s
  • max time network
    143s
  • platform
    windows7_x64
  • resource
    win7-20240903-en
  • resource tags

    arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
  • submitted
    31/10/2024, 10:30

General

  • Target

    5008162c5d33450078a0e6af1af5abbee3b00569b51e315d8ba8fa9572df448f.exe

  • Size

    4.2MB

  • MD5

    406645e4bd71f96ce8d67a1408a3c541

  • SHA1

    5cbfd462a16fe6472d063866cd228924061a1005

  • SHA256

    5008162c5d33450078a0e6af1af5abbee3b00569b51e315d8ba8fa9572df448f

  • SHA512

    dcdda72507bba327c00430b9cb5459186753f19bf743fcf3a542369a893fe1e86acca401de05d892228b9e9e2ad680908548e974bab75af93b1f4fbe6e340c3f

  • SSDEEP

    98304:m5tEsszPCGTs3RAW8dYBHspDfuvmeNPLRcPyEc:TssbCGo3yW8dLfZeNjR2c

Malware Config

Signatures

  • Checks whether UAC is enabled 1 TTPs 1 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

  • Checks processor information in registry 2 TTPs 3 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Enumerates system info in registry 2 TTPs 3 IoCs
  • Modifies Internet Explorer settings 1 TTPs 34 IoCs
  • Modifies system certificate store 2 TTPs 2 IoCs
  • Suspicious behavior: EnumeratesProcesses 8 IoCs
  • Suspicious use of AdjustPrivilegeToken 2 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 8 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\5008162c5d33450078a0e6af1af5abbee3b00569b51e315d8ba8fa9572df448f.exe
    "C:\Users\Admin\AppData\Local\Temp\5008162c5d33450078a0e6af1af5abbee3b00569b51e315d8ba8fa9572df448f.exe"
    1⤵
    • Checks whether UAC is enabled
    • System Location Discovery: System Language Discovery
    • Checks processor information in registry
    • Enumerates system info in registry
    • Modifies system certificate store
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:2780
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" https://buy-download.norton.com/downloads/2024/22.24.7/DSPN360/US/DSP-N360-ESD-22.24.7.8-EN.exe
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:1472
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1472 CREDAT:275457 /prefetch:2
        3⤵
        • System Location Discovery: System Language Discovery
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:2352

Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\ProgramData\Norton\FSDErMgt\ErrMgmt\SQCLIENT.dat

          Filesize

          2KB

          MD5

          1452a63e958b526a1bd2aded17944609

          SHA1

          de4cc6596c36a6311d14b87ce188da915f8066c7

          SHA256

          385abfeddeca5cde3a87d18047f86210bf80a5944cb71b6373af74139eca90da

          SHA512

          12335731547ef84fc0702c767c2c88e2dbc757e8da8c5979be92a8eaa60dc974c5253dbd8bc8188d6b5b304f1a2073b9478c83a1d7077644f80586fffacbe3c5

        • C:\ProgramData\Norton\FSDErMgt\ErrMgmt\SQCLIENT.dat

          Filesize

          3KB

          MD5

          2dd6ea665f708cc8829f8c3e04f0d3de

          SHA1

          a785ef79beaa8b448a671b09cd05b5f31920854e

          SHA256

          6d81afb978b81625b6a4eabfd6f86d3cc47c4daf6d0c3c42335fbce45173ec91

          SHA512

          db8933102a80af23123555ab37c49678c6e4bd3bb4d3698263e0ae9159527f4e6919d5384c9c779a49bfbc7f2e44ae3f8d08e977a6ec2cde5d4ecf76a2fa6200

        • C:\ProgramData\Norton\FSDErMgt\ErrMgmt\SQCLIENT.dat

          Filesize

          4KB

          MD5

          6f04250419ba6545da18a28e601c12d6

          SHA1

          be8836144487ec6062733f3032d55ba3fb6bc94b

          SHA256

          a307200e980dd7054127b612bc2cba707ddcb58bf5f670610e33e554961c3eb7

          SHA512

          92c18793f53867eb76b3fa948909864277a3f65b5085aab7f2b7f3512ceaf87560a4468c7d28cd25f468c46a34928055fb145aeda1c4906e681c9150f05140ea

        • C:\ProgramData\Norton\{086A63F0-6B13-4F29-9695-134E7A01E963}\LC.INI

          Filesize

          157B

          MD5

          49a01e95742ca14b639c32e4529e0897

          SHA1

          b37e6bd7a17f7bc2721327c4301aebaad2886abf

          SHA256

          479050b0a74a09f1d725b83a42a81d2adf22e46f2ce060efbdc80f9ff4ae1bd7

          SHA512

          18c7b20fa50c68f2bc1679cd260b6867bf02b5dd95b42ac82f57094feca46751025706fad9e681c06e05a62554d5899355c2ab68db20ad208bc846125a598ca8

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          342B

          MD5

          2424fe44ec8a895179b2545f969ae31b

          SHA1

          36d5460ad5615141693b2c2dab5fe11500dfadd8

          SHA256

          cc2e0658a69228c6a10e321a9dcc71f7614b751fda7d5976689f1a498c446dbd

          SHA512

          625282b70907a8fe1933aa35b7e9c18a1b69be85ef1a739d3d417e959527cbd60d05fcba9184b91da513e9e947af7b310827cb10669f99d609e23d431d16f94d

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          342B

          MD5

          c13c296608ef767275fb1cbe59fcc3f7

          SHA1

          f32f8e88344e53302267598aa9a99fd41f126a39

          SHA256

          2cdc16a48d9c45a5dd45d01f9cf12c63614cc2494548bbad62c9e1eb85178830

          SHA512

          f47f65c27b582b98b8ef2ef4bc143a2fbae9907c701654ff08402847e3cbdd4c769714c2110e7406e7551658835180e2ca213ed46e783790010012147a2302cd

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          342B

          MD5

          d21b1d9a85a109d572389a55a54ca339

          SHA1

          d505c1364e892cb7450ec2aa88ad311c97e99887

          SHA256

          13963a23cd86fccd053a498ce7f772e42c448e1e07bdfe24272386303075cc2c

          SHA512

          609eb46cd3f37d795e1f0d217fcd959bae368dc6f167e8ad99415561815f184472a0cb925eaf05f98036f08334e23dd1c9ff48438c9157e55d934ca79c760f9d

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          342B

          MD5

          1b1fe3e4be8be234c2e3522df53f377a

          SHA1

          ccc3aaea65160fe1127dc62293c2cc1c8edb6a9f

          SHA256

          21c3f50a43e574ff993ff4ad9bcbe4cd663f13a38065abc6c72c1517379bab69

          SHA512

          fadb9a7822a54913b27bd95d58eee5296a7b823260d172291f2cf75183e90e26118f32854f68e1e7165e3f7a06dfd1f2189e2addcb6a7d5a43c3e28d17ea2498

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          342B

          MD5

          eeaccca8cd054f0131208d6014bc4d73

          SHA1

          2ef4707a93221754e49267e79f245775900e1c12

          SHA256

          9e33169ce3116c855f7443a95dff0b192f96ef7fae7e79876c76219ce99e458e

          SHA512

          d87d1e37ee869731e84a1495d03c265c46384aff3aaa8450806720babbdf50969ef9ec245364eb40c722f8de8e55aa162badf0b88f0ca49438209a104059b735

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          342B

          MD5

          7b8e61ea370266ea145ef86a17f6eb62

          SHA1

          044f762a2270ade8974761ba2f6b2ad01d732874

          SHA256

          404df5a9f08d82072c9c148c86391e6a471b5052ca785dbfb97cecdb4e48a64b

          SHA512

          e61c5b71431d476f02c7af5b8bccbcf2d124b7e51405e53764a6200f5cfaccd86ff4c0c17820e8f1dc1a456648808dbbb777039ab4181d87cac2feedff602f91

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          342B

          MD5

          706436f59c592d8f16303b94b2fb3d0e

          SHA1

          5baf4ad431b34af150ea9b5b696ead1e21959a32

          SHA256

          4a23e0fd5f8d462100ff3689abf573fa182752a94534a2663e8e7ac52a813be6

          SHA512

          ef732ec298f27ad30a8d58fd90f188fe0a49ccf826e1649289a2a09d7b913908319e42daa8477cea6d02eced7b8f6e6d511e365f473811ffae996339fbcca870

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          342B

          MD5

          43ca9e9f05befa8a63ecca5c4b5dbaa6

          SHA1

          b336883eb0a9ef28eb343622deae493d1a401278

          SHA256

          098b84f5ac1bc49a10d770fa2dd7842418aa281aa59d0b2b03c12aeb4d3cbea8

          SHA512

          809b92a855d9184c58aa015ce5ab70c77b4bd13ff5868a7d26ce9c97fa316238fac4c4abd9fb1964b041744efe7cee11064426b7761aa5c8bf95f9ae181632b8

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          342B

          MD5

          b291bc67343261751bef4e94b3ae6ced

          SHA1

          4661600c4b570f350037d062dd8b5117f484b68f

          SHA256

          17a4e0c1c59d14a6c0a60ccf73d12c67987ecdb36321758cb64d683b42193ec5

          SHA512

          039d88c53d3833b55db55e9d677ef1e7f6310b3c0742cd7d3a2b81ac6146f112197368e8dabb6832e9a03e33da18ba971eede8399f59c989ab23380206ab9307

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          342B

          MD5

          a9b4a20ce4e0e46c30e8632e78fd60c7

          SHA1

          07266060ebe70b7d426ac06ed30e3dcfcd7250db

          SHA256

          98df03e5b9d143a70d46ea50ef4976e09150983493a55fbb457252967c65d784

          SHA512

          d737f3007c8d88599bc72b0e7f6e824fb5111f191275ed5b954be5ea44325859dadb4888aa75d364ce1d18eb3228afd6f86eb7fe4db7e49b20278850697418fe

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          342B

          MD5

          5bf1f130e08fb6a421b91412fc92747a

          SHA1

          4d27c016a5096620627cce95f5980bef19e20d5c

          SHA256

          0934716e24ab7cecd92669babcde75391d7b3504b0068a03fab202f862fcd24b

          SHA512

          f772ec5125fe1b5680b220bf0d48954412189b3a89ee12b1bdf01e4a953adf153624b15747614164049a2b3b54bc19a6dadbb48515566db27c57598239b3bc08

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          342B

          MD5

          d7a45028260e315886ef5e87b4497bfd

          SHA1

          090327989b97057f4ee1616f88e19b988b6c072e

          SHA256

          7316868e90c00e5e4149851c70a4adc1fb9e5355b1ccc259a683ddc34fe8d3bd

          SHA512

          c1b4a43184b618774b06525bedd3342b6f861ab3d8cfe5d3da6727cc5db68fe640e130497d025c241ef8b4fc6619e5d5c5fa7a19e4bba23f7d9eb1038e8c7628

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          342B

          MD5

          4eee39efa75dadd7336a7966dd7c6770

          SHA1

          ef44e26057fe9e0ad9efdf57e337c33bb873f142

          SHA256

          f19c367e6a1f308309dd0ee438016b11dd61c4b3b11092c5bf7c6186f36b8186

          SHA512

          7228f19ca00be3f9081ca9fdd49fc53d96f8a68e0b0dd68b2cd96525d60ded0d0d666027a973b3fc2ee1e618504192bf39c8416386e0a60ec769fdfed175ee7e

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          342B

          MD5

          d18cb48cbdbd00f0ef8c018a531ed0d4

          SHA1

          367a3172031ff6c5354c9ba6d64649f4b5cbcb18

          SHA256

          49bc1926c94948774bf8ca208193aec066c544c9b35849ee0151f1e751d65c86

          SHA512

          a74b7784f1c8ba72c1f2cd274c36183fdc5e258251e95fa17e20e19e3c2693ca14e835f18b98b098680b5183246a4db13b698409520eafbc0bc194ad191bbbb1

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          342B

          MD5

          c34a2e7653ebf0f95e9e385f1b68c06b

          SHA1

          e47f309d648ed459b7f5ec266e614483520290d1

          SHA256

          9c1eb63ed91185a86a4aa9b52153b6a4f77ab9a57a71a58f399fc7bc9002b5d0

          SHA512

          c4d1a3b654661b44b48ce69bbd58c96bc0eefb10dbe166b7f8d2cd46633cc267431baf36db8f61663c421f6bce8f5cc9a54926b9adee541feb07c411f2cc499e

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          342B

          MD5

          839d1ca5c2e0227dfe904bf7a72833ca

          SHA1

          08925b87e9ef63ffc871108fea6ea501f97a36fa

          SHA256

          e8248ddc72981ed06d60424f34b50ba72f2831a7134acdb93cd741f24fe68848

          SHA512

          4cd778a70e65724e9675aa84861ce84e94e29e2d7935044570043338721f3d77383eabd84f1636fee5c1bdbe4c5976f7c9a01418a8cd0e291889cbc1f79cb517

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          342B

          MD5

          6a34d3fcc53c2bc4d97b55f98df88e99

          SHA1

          aa3bba809f54d00e94bd53757f2e1a38f2733235

          SHA256

          828b0f283b80e7edd0d5004b2e9cd9ff5130c8588fb93d812928280a77a73193

          SHA512

          2fc6fd95cba705c82a655664d3abb90499d30b3bcf1b5105f0303ef7a51adbe57548eaa7324f3665bbd27b78b681178538e7cc47b9c28ef9d6f361b34f00b747

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          342B

          MD5

          6099245321e3a2573ec8ef2cdddd339a

          SHA1

          178f5eb21335c118d620626f0b996652b56486f3

          SHA256

          5601e875d29f4775e81bb59652e0714e53c9c3ced32c655de59bb2984a01ff60

          SHA512

          fc47db137dd75649ac0ec2ce1aeac170bd637cbc5e2715fd6b6f1cb6b7e86dab46dd41600f27d340699cb3bae26e9d1043a62d1bb0e6966927fa69d2cd95e64e

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          342B

          MD5

          b35b697b3b371acba3a4aa313186352c

          SHA1

          6173099c0f0bf272cfa0d09f300a7f2eb3998231

          SHA256

          96717d58b5e0556ce489834fa5c2263e4c8aafe25c6800f3f43f0a314e20d789

          SHA512

          002a3df6bf85209ec5b06f4da4662151739bbc8cde183ca0bc88415296d935e3ae375fad57b6820c38ce4c69f6d8f758311b5f7e4aa69582a7835338c6501aa1

        • C:\Users\Admin\AppData\Local\Temp\Cab3F16.tmp

          Filesize

          70KB

          MD5

          49aebf8cbd62d92ac215b2923fb1b9f5

          SHA1

          1723be06719828dda65ad804298d0431f6aff976

          SHA256

          b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

          SHA512

          bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

        • C:\Users\Admin\AppData\Local\Temp\Tar3FB5.tmp

          Filesize

          181KB

          MD5

          4ea6026cf93ec6338144661bf1202cd1

          SHA1

          a1dec9044f750ad887935a01430bf49322fbdcb7

          SHA256

          8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

          SHA512

          6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

        • memory/2780-59-0x0000000000380000-0x0000000000381000-memory.dmp

          Filesize

          4KB

        • memory/2780-9-0x0000000000380000-0x0000000000381000-memory.dmp

          Filesize

          4KB