Analysis

  • max time kernel
    141s
  • max time network
    155s
  • platform
    windows7_x64
  • resource
    win7-20240729-en
  • resource tags

    arch:x64arch:x86image:win7-20240729-enlocale:en-usos:windows7-x64system
  • submitted
    09-11-2024 20:26

General

  • Target

    004884feeda649ced31f5285a5faae245d1a72bf1fdfe7f1d8636e9e2339b70f.exe

  • Size

    10.0MB

  • MD5

    53e7d13e35275d5f45f824a159a40339

  • SHA1

    4fa1a45500f2da8b1631f67a4aa1258082cd83b2

  • SHA256

    004884feeda649ced31f5285a5faae245d1a72bf1fdfe7f1d8636e9e2339b70f

  • SHA512

    4d53be3bd8ad287fb47e17d06df9d5e3133fc25149a39154a6af00241d27788a0988f266051e20fb96e4cccb7c1a57312ff4e60f7d6050ab9715e0edae372758

  • SSDEEP

    196608:jZAMKn7gJUDzwzILSSWR4tA+NVRDPImrRz2k/IRrhBRFzL2bBsoQB:jZdwcILSbRN+NVmmrRSk/erRFzLA6oQB

Malware Config

Signatures

  • Downloads MZ/PE file
  • Checks for any installed AV software in registry 1 TTPs 4 IoCs
  • Checks installed software on the system 1 TTPs

    Looks up Uninstall key entries in the registry to enumerate software on the system.

  • Writes to the Master Boot Record (MBR) 1 TTPs 1 IoCs

    Bootkits write to the MBR to gain persistence at a level below the operating system.

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

  • Modifies Internet Explorer Phishing Filter 1 TTPs 2 IoCs
  • Modifies Internet Explorer settings 1 TTPs 36 IoCs
  • Suspicious behavior: EnumeratesProcesses 25 IoCs
  • Suspicious use of AdjustPrivilegeToken 2 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 4 IoCs
  • Suspicious use of WriteProcessMemory 8 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\004884feeda649ced31f5285a5faae245d1a72bf1fdfe7f1d8636e9e2339b70f.exe
    "C:\Users\Admin\AppData\Local\Temp\004884feeda649ced31f5285a5faae245d1a72bf1fdfe7f1d8636e9e2339b70f.exe"
    1⤵
    • Checks for any installed AV software in registry
    • Writes to the Master Boot Record (MBR)
    • System Location Discovery: System Language Discovery
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:2604
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" http://down.360safe.com/setupbeta.exe
      2⤵
      • Modifies Internet Explorer Phishing Filter
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:2940
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2940 CREDAT:275457 /prefetch:2
        3⤵
        • System Location Discovery: System Language Discovery
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:2836

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    74ec2dc4d9844ede2731c345ca46f308

    SHA1

    dfa6d873272e4465131cefdd39b1b2a8348a9655

    SHA256

    69bbdc79bbc22eaaaf2cfae7bbe4e60a40db4a0cb4befcf6d43bf74406373e7d

    SHA512

    aa7749f8da000e8bbbeb6cc95311fa96f91bde542017016d47cce991f6f27ff5fd0603384f271fead393e8e45c7a65156a37da0db8431d22b9f1ffa0a46583ec

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    124fd579054b36fc59e32d5880142d65

    SHA1

    3cc852602219a92f35447145c06a8dc028a601d9

    SHA256

    13429ac0519ebb174c0ca8c1a6baaea7a47159cedfa096f4bc002f35c6c7aae6

    SHA512

    528bd9de1712b9f88a0d35e45f800ab192b53b23a5b4339f774146a82f038a5c4bb8801e9aa3b5a40047f3232985bd145c1cff47307add02df177f670da815ec

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    600d2224d97c7eb3dfc0abf224954044

    SHA1

    190a718e1f6f659c5e41e5f3729902b4061b2078

    SHA256

    382af7f8a45b77edf254e9d4d88845ba781ea1000a65704a7287c27205c21fca

    SHA512

    43ad5aa37b278d06119479034948958c8293a68cb7620cf6e40a6a2ebf0eef628e29fc9b838489c51e43d53d5e5fe49fb575edc41a8acbe4a15d4825e3d4216a

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    61e7531eee88e812368d00f129b8579e

    SHA1

    38d419c0454c5ddfd8c3737549f9567ef1cb8c39

    SHA256

    e8869111bfeb7d7e0734e7d897811df0c9e8d60ac194c67c2f3003d614ffecf9

    SHA512

    2ff886bbfbfca4c7d703bc1eb5219caf1d842ff71fbee4a4c10bc75b118a0547d834d9c412273e8836d4fe27acd81232933f8c771fc1c82c1f00db9a32756a24

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    48a109bc9d3e7b98ab2b6b4157af966f

    SHA1

    7ae0a5b3fa4fa9ef6d12edc080061578418d73e6

    SHA256

    e25d87a1a680454b4890d29ab9e4930ae19992a458349f4300449449901dca52

    SHA512

    6590d8202571138d5d35aa56e3b7efe54a6d1cdbe6733a645b2f273738f5aa8eab0b4356cbf9c80b07964811816636fb4d509a492f266472a33929cc01cf0da0

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    c3b7715e1e7b623a83090d88896c3499

    SHA1

    1a8dae28cbcbe6906299002b2112231f2538eb60

    SHA256

    d95612f133dc729ec52ecbfe427b8243082f9a4076f9a81913828648e60a66ff

    SHA512

    a4a98c5ace3cc2363402504cd0e2eb62f58caf7ed22db505d557cf1a16323d68d82e29aea0b73d60269073201228d1c1c23590ac6c8f6de8a2aec9942907829a

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    0867158b6a100159265f55e8e47a2d99

    SHA1

    a2a6f198fb7e0002edba302906a64f0c527f2552

    SHA256

    79a7fe8f7010f856f08af07efc8b7556449f07b9089600083db8ebef14401871

    SHA512

    42ce13003f3e66b49372b40d42b788fc96e1d7165b2024baa32afb754250652e72bff76968729f1a36303b05a61287811c7b30772ef6afe2ec1a6bcc387acd69

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    c2762c381626e961c97626c90edd9ca2

    SHA1

    28e87728a758ba397020d5a80ed2d78aa0da9f7f

    SHA256

    ba3089656a384ac45a86733ba73edf2f4cf4f07c6cede907873f8aee01c1cd97

    SHA512

    c69d9d8e745bd8f73442bc818d3a41fcb19a3c4f00af84bf8abc9230c49d9d9a4c92644c1bbd350ca4360ad7ac2b2d0653a053edff2beb8cc8a7972b7e2269c5

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    36f4be462df8275892f313d9758a8262

    SHA1

    9323fd3c18424b29c4ff00f8b5a23313efdc1c83

    SHA256

    1aa638369352d1e10351847f1dbb37a033396d7aa0b8d039c88c5b9732c1d89a

    SHA512

    ad1466a52697cab8c599a720b2417d3d2338c495f5c146cc4308f11da23407a8f459061c6627ed4158eb6e376b94b339282babbf7d2a57adf91534aa4939b603

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    ecd904540e98dfc52fda49fa4d78516b

    SHA1

    0d120f96513b81e693f25a44ea702ec0c90097b1

    SHA256

    61e0ca7390a4f0a6e706ac5cd5f255719c6ce1827bb962d16cc262315033f476

    SHA512

    dfa8f6ac232154bafe068e206b87ba10810ad62303d824cfa93f19995b07386c1cdc5e1e80ca58a019d242d1eef75e46fc5b759594dc996f4548c1c79c02d4f9

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    ee5709e31c32179b9c6c7e3786b4eb20

    SHA1

    3a7bb037ba73d0cb8ce4ac12d1af7a18f09f1508

    SHA256

    0f406a30b5cf6c48032c90344282a7d4949591fa6a0467c57b071e1bde0cb073

    SHA512

    1ea00f4ddc4d41a3117a7584d23e642284a5f7960e9ec28ce2d53e5f448cf593375b6006638af4ccd2e2880c51d1cc46120bdcb138fed4d6fef1054210d92ae1

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    101bf628330522b2c024b399e5088e28

    SHA1

    771447a997fc046ef9ee3dabc6b75759e127987f

    SHA256

    e443b9e4195844f88fb5551aa6f065027d7b780729b05cc6b04469f1b46b54cc

    SHA512

    d58d5b336cc7a7e82b27af3383058224ebc1cc34d9d88514ce8158c46516f5ee352585d978d6cf864e5ef6158894787fa7315b790c20fa3ea3d8c6cf66b59016

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    9c2cf110631a485304bd673b285d6f56

    SHA1

    f56ef6acff5b5b6550bf7b966b7bcf7749901fc9

    SHA256

    6739c03e71b56d1a3b1aeb7e8e8fd45193daf141b85bc98fc3dee19c4ff16065

    SHA512

    9de55614b7753be0633845860730eb76fc0a9d82858e9b845b030a0a6c58d3eb3c81d69122f434c18d74a96ee479fe2e948e52d96fd0fb09cd050b843b173abe

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    e6959ba3c594c07c65fd0df9c078fb1e

    SHA1

    fbd345dc2c33fb2b5d13b3f2d36b40e71492801b

    SHA256

    dda66c65d83d810af5e5c78d42f1005c6df8444496d517c63a7775106a1a6590

    SHA512

    2069780c3d815c5e1fd891e05800d10a9b71f1cd3ad931136f5e300638766f87e81665847b004f87b9df23e090b9bd789dd5cbc54c9b881da3b611a14fd7e2b6

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    395a0992b3b87a5fe80b3af3a699dbb1

    SHA1

    f8cf54035374bbac50523b7391a10ad9e6232464

    SHA256

    d8af78d88c0f3493d6fe8960219567330c0b9433eef5a36c142d855aeb40c7af

    SHA512

    a8cb59ec980dd31ccf567df90f0fd59fbc754f512684c42934e372ccb53226d3e9f4205329e4990c06c65173cf78d17c383d99a72d19921de5f67fa3a466280b

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    7724e3637b2301608a588b61e7381af8

    SHA1

    9abe11ab8dc52bdb32269b24fcc1ef8054a76013

    SHA256

    edbaf56116016662e46ddeb48ad515be7ebb494f807685745ecb8058f98da97f

    SHA512

    7a65441b13b593c7d93e7997505cb37876721579eaed84fbc8c2c3a9dd225a402c71e7c41f5f4020e75f7b3fe1d689277479966387ee9a82061e3d160951ba83

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    7f4c2caf0d2fdc769dc643ebafc76941

    SHA1

    540f6e168fa050273301942838ff020a2151e9e8

    SHA256

    48b24ea98d28b21429f8c372b1a00a87b538973e0bd67e908726be82ac5df9c9

    SHA512

    1c47c1b763fa75c7b5fba2c676ba9616233fd6b18cfa5d62d4768d74650555513563161dbd98c0ecd16cf00bf3a2f6dd88a4066fb5ca131437c18dd962be29b0

  • C:\Users\Admin\AppData\Local\Temp\Cab6348.tmp

    Filesize

    70KB

    MD5

    49aebf8cbd62d92ac215b2923fb1b9f5

    SHA1

    1723be06719828dda65ad804298d0431f6aff976

    SHA256

    b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

    SHA512

    bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

  • C:\Users\Admin\AppData\Local\Temp\Tar6399.tmp

    Filesize

    181KB

    MD5

    4ea6026cf93ec6338144661bf1202cd1

    SHA1

    a1dec9044f750ad887935a01430bf49322fbdcb7

    SHA256

    8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

    SHA512

    6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

  • memory/2604-0-0x0000000000480000-0x0000000000481000-memory.dmp

    Filesize

    4KB