Overview

overview

10

Static

static

8

30bc4934d7...f0.exe

windows7-x64

6

338fdf3626...13.exe

windows7-x64

1

342933cb4c...20.exe

windows7-x64

9

343ace5874...03.exe

windows7-x64

8

34818CE171...49.dll

windows7-x64

8

360390_crypt.exe

windows7-x64

4

360390_tree.cmd

windows7-x64

7

3896f8a370...e_.exe

windows7-x64

7

3a061ee07d...8c.dll

windows7-x64

3

3af4fa2bff...d1.dll

windows7-x64

3

3bb691982d...21.exe

windows7-x64

9

3e3f980ab6...95.exe

windows7-x64

7

3e3f980ab6...26.exe

windows7-x64

7

3e75e8238a..._2.exe

windows7-x64

6

400cad56ff...9a.exe

windows7-x64

9

40b3cb2a21...0c.exe

windows7-x64

9

425c42d610...5F.exe

windows7-x64

7

425c42d610...FF.exe

windows7-x64

7

42d77128db...e7.exe

windows7-x64

7

4561647.exe

windows7-x64

9

457C9141EC...C8.exe

windows7-x64

10

46a9660c57...83.exe

windows7-x64

3

46ca6b1972...FB.exe

windows7-x64

7

46ca6b1972...FC.exe

windows7-x64

7

4e60f3c8ea...5b.exe

windows7-x64

8

4f0b660543...B3.exe

windows7-x64

7

4f0b660543...BB.exe

windows7-x64

7

4f5bff6416...09.exe

windows7-x64

7

Versamento...__.exe

windows7-x64

9

4fda5e7e8e...00.exe

windows7-x64

7

5 Rules for Snort.doc

windows7-x64

7

502de64ee4...c2.exe

windows7-x64

9

Analysis

  • max time kernel
    1800s
  • max time network
    1564s
  • platform
    windows7_x64
  • resource
    win7-20240903-en
  • resource tags

    arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
  • submitted
    22-11-2024 02:21

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    34818CE171EA150B91429AC1DD6FBE49.dll

  • Size

    170KB

  • MD5

    34818ce171ea150b91429ac1dd6fbe49

  • SHA1

    765f7cea9ae6e126181e5a78b897304913530d4d

  • SHA256

    502386cb2288ce85af522da55916b5a05c71d9a32a80cec396bc4cdd0e0ac665

  • SHA512

    e44b009eef9710787ddf63d5038e15112969ef5ac952520f772b5ab78dfe57c42f7562044642f573c9480c76569ef9a7912cc5cd1b0472e4d61c25e79a03bfb0

  • SSDEEP

    3072:xUiScf7Taa44mVg6zMe4sfPZfE8dreM9aSW3OKojVbc7n4CRWLvSFlp6+qvv1:xUUm4mG6zwQLaM9aKjRg0SLlK1

Score
8/10
discoveryevasion

Malware Config

Signatures

  • Disables Task Manager via registry modification
    evasion
  • Drops file in Program Files directory 5 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • System Location Discovery: System Language Discovery 1 TTPs 5 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Modifies Internet Explorer Protected Mode 1 TTPs 15 IoCs
  • Modifies Internet Explorer Protected Mode Banner 1 TTPs 3 IoCs
  • Modifies Internet Explorer settings 1 TTPs 40 IoCs
    adwarespyware
  • Modifies registry class 5 IoCs
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of FindShellTrayWindow 12 IoCs
  • Suspicious use of SetWindowsHookEx 4 IoCs
  • Suspicious use of WriteProcessMemory 28 IoCs

Processes

  • C:\Windows\system32\rundll32.exe
    rundll32.exe C:\Users\Admin\AppData\Local\Temp\34818CE171EA150B91429AC1DD6FBE49.dll,#1
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2364
    • C:\Windows\SysWOW64\rundll32.exe
      rundll32.exe C:\Users\Admin\AppData\Local\Temp\34818CE171EA150B91429AC1DD6FBE49.dll,#1
      2⤵
      • Drops file in Program Files directory
      • System Location Discovery: System Language Discovery
      • Modifies Internet Explorer Protected Mode
      • Modifies Internet Explorer Protected Mode Banner
      • Modifies Internet Explorer settings
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of WriteProcessMemory
      PID:2080
      • C:\Windows\SysWOW64\explorer.exe
        explorer.exe
        3⤵
        • System Location Discovery: System Language Discovery
        PID:2804
      • C:\Windows\SysWOW64\notepad.exe
        notepad.exe
        3⤵
        • Drops file in Program Files directory
        • System Location Discovery: System Language Discovery
        • Modifies Internet Explorer Protected Mode
        • Modifies Internet Explorer Protected Mode Banner
        • Modifies Internet Explorer settings
        • Suspicious behavior: EnumeratesProcesses
        PID:2752
      • C:\Windows\SysWOW64\notepad.exe
        notepad.exe
        3⤵
        • Drops file in Program Files directory
        • System Location Discovery: System Language Discovery
        • Modifies Internet Explorer Protected Mode
        • Modifies Internet Explorer Protected Mode Banner
        • Modifies Internet Explorer settings
        • Suspicious behavior: EnumeratesProcesses
        PID:2868
  • C:\Windows\explorer.exe
    C:\Windows\explorer.exe /factory,{682159d9-c321-47ca-b3f1-30e36b2ec8b9} -Embedding
    1⤵
    • Modifies Internet Explorer settings
    • Modifies registry class
    • Suspicious use of WriteProcessMemory
    PID:2672
    • C:\Windows\system32\ctfmon.exe
      ctfmon.exe
      2⤵
      • Suspicious use of FindShellTrayWindow
      PID:2580
  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" -Embedding
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:1272
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1272 CREDAT:275457 /prefetch:2
      2⤵
      • System Location Discovery: System Language Discovery
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      PID:2120

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\PROGRA~3\NOTEPAD.EXE-x.txt
    Filesize

    553B

    MD5

    54616112552342526cd2d4b3f1ea3503

    SHA1

    82f15e2744c02d6df464dae79098295cd00e4705

    SHA256

    8f2e8f4813b0373b09bc727f11db3c03b66507e0c422533f99e18635d3b857fb

    SHA512

    ffb9d07600331877a5b3c8c3af90a99281114b065c9b58e14b9264edf90ba558607de53907e4ff01afd75b1fcb5680b41575fbcde227e7f208b89bedd6e2f376

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    5bbe68a8908e62475f5b23de3bb924b9

    SHA1

    caf43eb5a10afae02c59137cda2d25beb1a0ebcd

    SHA256

    dbb649f0892a16a7f32d563cca9c7752d401916af644fff1a0663a19f0df4d22

    SHA512

    0780782e7235463fd7b496e463bc9280e6832008ebd0bb5377c29199b1a0984d2552cab19e65fb5bde41de52618a583aeabc5d2ce19db2402645a96608228474

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    f12b59268fad010a4e843412753c1e1b

    SHA1

    536b94828491e6c71254167017d20cf65e683a14

    SHA256

    dfa81f45fdf7f2f5ba8e9fe237e9168cf0efdad59d6e17c06075a3e9779a61aa

    SHA512

    431dda881d4fe44674aa68afe2a58db3a0b1ab2b9258db0f8fa20fee6346821514e29d9576b6f52f9c5eeb0b6ed1fdd62e29162d51994a26c0710f80d97f468f

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    c0014bc73c20bdc760d29668737c0b91

    SHA1

    870c1e05e07e165a6ed3cb760643958e0bf52401

    SHA256

    196545373652599029a8205c75548c5709c6311fb27798f289ec6f0a33df1db3

    SHA512

    d3e86bd2fcec04312c1f50f769858c5fbb242fe939bb85e0d75f100652412668d88b4240f493d31ef4c36653b35907244a7600bd78ad75a05dce4868fe80fbb4

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    9b438cfb1a39571fe760420594378baf

    SHA1

    69ce1b2a612ecaf64c4c24b2526acd67dd8ccad2

    SHA256

    6f6b6a0099f15080e38b29aea6c57b84f83ea759f624c1b62bebb9ad3dc59d35

    SHA512

    2bf74a07da61ed83a0b6d7e373211c4b3f5b9ce0f6c2fe69d6703482cc9ff883b6223296c9580c10fcde9f4d0b368212f200b3921b3231c0eb23a77daa2cc8b8

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    fa7eef75c347ff7dee8a5d849cf4423d

    SHA1

    84197f05de0f9877f67dd30040fe703ec2559cd0

    SHA256

    c36d37cca6c1bc9357121d39aa5f0d936257e2f1cf6f06611dbb9ec1f171e7c7

    SHA512

    b9f4c776f2c7a5d39e75a8aca404f5c47d7a8c2be210fc2ff3d0ab62a6616105ed8399c14c26cdb2ae84008021e53fde35e6e7957ae3b853b5163db36631f522

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    83e4c2a3c5122c97d72bfde215857a51

    SHA1

    215e94566fa997742910468118b666211151cb97

    SHA256

    8c57b053282649ca4c4bd1b5179611274935c990d193b221f98ecdd0a3c48925

    SHA512

    be6692a2733264f84a9019e174690d065324687e6de8cd408bcb5d48feb329be0b93368939c4ef32c5ef89af103e08405d9f1d7a0cd377aa66a688eaaeff56a2

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    9983973677a9917f1c38e369035a6672

    SHA1

    2421f084a84929461d417dd1f46246f9b1586924

    SHA256

    f2e3e008e1dd13f2231b7a6037a70495de80d8a13991eaf4338321c7b317e012

    SHA512

    50bdfd6192e5dda4c6632327e7d4249346d48b6c15fefd41a9d6f46a75df57a5c03a35e322781808a66da7ee7c36f0ae0cdd893f031fbfb04f19a93fa2a52d24

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    b1c280b0eb2fa366d8cfc456bccd7d65

    SHA1

    8bc66d2b52b0e956408e0064b933eb35e68848bf

    SHA256

    f086055e0882d7f19adc9d37a4e484fa8987f24aec0c273a189eb5b93001e1ad

    SHA512

    c731846f222a9954ca80965daaf02b594a091b8e625b7f964d89a252a1897f932db0de8876daa7e94a583ec5fa36276adab079364fb7bac7013ed1fbc3575ba7

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    158e22f63e36760ce371ccb230d4e281

    SHA1

    51c3cc70328a27cd45363d7983c85eaf54508df0

    SHA256

    4e601853a22cd12e3527e22602d04617a7832542c32c4b3d25b38367899bd59d

    SHA512

    4c5da0fa7a4cda148ef5b4e2349e8d08138cc5f1ddfa534777e1dfb62f14221146d123af26f0ab541f57847414a2824845c58d3854d87512016baff66d1ee806

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    173002c980f8f1345fb6a35ef808a1af

    SHA1

    acd6169a080e94356239a4a95120222d6b1b8132

    SHA256

    b8259d3843f927828d0808ef4cb247dc176653108628e71d12999fcaabc3596d

    SHA512

    bf81863b88385907264a913dac1d86efa8ae95888f14023840465a070babde887e4f5d5d97520768e604e275600137278df59d1e39f3c515870270743ffc9c83

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    b5ed3cc735e2077ad78359e0a90c178d

    SHA1

    c559342e5e2ed8ea44edf6bc760a0d935d63cf4a

    SHA256

    50a709290591dd3bfd11a6a33f094caff7e08d31583d6a863b5bfb8bffaeca37

    SHA512

    eb2f1bed1042a4aa0d8ca9e5ce67938e9f28f0799f029ce87a283051a84c2da751eb015ae43d830d1073aef35ec77226d742c9a27cf6304e8cdf7c18faffd51b

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    5b24e5c8587d463bbf9a0be638138ac5

    SHA1

    47faef74c15406f4e00c943a864d971e7cd87c60

    SHA256

    77edddfba5feae5f2fa0b11ffb6ffce22cca8bd3d8b15227ecbbd8ec3ae0e604

    SHA512

    83ca856f62c0db56d35d2673941162263662e6a95e5db864b9af75a093195a25ac59a5099786c0eb2f9fb20e130d188b1dd0e46b2af5649cf47ca124fadd6c30

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    76732b6716bf375fef8c6723633b163f

    SHA1

    d3113be9648578d1bd41ef5c45d29ce0c4c1b0eb

    SHA256

    7e5e42312602620a13bf9080d05a81ee97f33cc35a6f97403861ffa96d6efde2

    SHA512

    4a31c19042be97b1465243724c4362246474bdd01b5da876d2f280eaff8dfcb4dc4048522cd67a04b774025a55c35addcb0f3b826e44180be294663d8e3de1f5

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    9d610e59044163134153765d42e01334

    SHA1

    4c35752023c6a7e38197bdefefb84e9e9be087a6

    SHA256

    5253094cd674de591e0ae683067f166f72a350ed8a8e2ab32c4d36e02eed240e

    SHA512

    4149e1445945adeef705b02bfd91f1771de2d9f831419486972d4fd520c561edadcc8ec3fb64b97e806fa8c001c853db9502b796bdab1f98b797f6fa127bc047

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    23aaa22e428c438403981d0ecb2797d8

    SHA1

    5a3adc1549187584c1fdf8c63dd19b0ad996c2e1

    SHA256

    88890f5240b25294319532c9f4d61b458c8c819dc0ac3c053daa4453d46accdb

    SHA512

    ba9bbb82fc4c04f2ee3d52e4b7b90219bd787836ef32acb624315a35ca03c19c1c0e96d9d41d623b321060220ad412bf4d08c2088b08b72b6b750ce1a0c71faf

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    f04db8fd5b1c21d1f5330dafa27f761a

    SHA1

    8fdfce2a6a8f7a77549b38da98f79973d17afec8

    SHA256

    02118aabe2053279fff83a1e6eeebab267eef31a9056deb4459c252bc23ef3f2

    SHA512

    5ebdfaf6715d8cd4c4da42e496654d596846bfe9732f1334b6d9d5bd45b50326cea288448788c4d859ad854d76200034ece5ed3bc2d0cb385217cf89ba3c9e9d

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    e9c673c1d050a0643690e654deecf146

    SHA1

    a1047e8ed5b70564d7eb2a92bdd54fa7f86fc99c

    SHA256

    4ed97ae418c49cb0fbc5048cb82aac40d06ccf609e5f25c0dfe21a281ab15a47

    SHA512

    7b6049527cabf354de9809865826baf264dde89ae054da850e31ec3ab6ca6bba1b3baae722ee810d1fdd8694825190ce79fa58b362506c575e272293d2259b2c

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    0aa9e1ea588e829441d481f52b3bc278

    SHA1

    6138b9d73addc4c651f843cf5d3f6f74080aa830

    SHA256

    c897f1bf13a93c8c73c1a17d9169e4e6bdd57f83fec534a262c868d29e0d2462

    SHA512

    eccf25e629289614d13a1786bed6f9f95dea7e1fe06b8f9132a7276a5747d74af7e6665f67a2bf04416515ad61965c179cb6486f0a6d67c06e2d8ef8b467c896

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\CabD26D.tmp
    Filesize

    70KB

    MD5

    49aebf8cbd62d92ac215b2923fb1b9f5

    SHA1

    1723be06719828dda65ad804298d0431f6aff976

    SHA256

    b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

    SHA512

    bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\TarD2DF.tmp
    Filesize

    181KB

    MD5

    4ea6026cf93ec6338144661bf1202cd1

    SHA1

    a1dec9044f750ad887935a01430bf49322fbdcb7

    SHA256

    8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

    SHA512

    6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

    Download Submit

  • memory/2080-33-0x00000000007B0000-0x00000000007DB000-memory.dmp

    Filesize

    172KB

    Download

  • memory/2080-8-0x00000000007B0000-0x00000000007DB000-memory.dmp

    Filesize

    172KB

    Download

  • memory/2080-2-0x00000000007B0000-0x00000000007DB000-memory.dmp

    Filesize

    172KB

    Download

  • memory/2080-1-0x0000000000750000-0x000000000077E000-memory.dmp

    Filesize

    184KB

    Download

  • memory/2080-0-0x0000000000280000-0x00000000002AB000-memory.dmp

    Filesize

    172KB

    Download

  • memory/2080-10-0x00000000007B0000-0x00000000007DB000-memory.dmp

    Filesize

    172KB

    Download

  • memory/2080-4-0x00000000007B0000-0x00000000007DB000-memory.dmp

    Filesize

    172KB

    Download

  • memory/2080-6-0x00000000007B0000-0x00000000007DB000-memory.dmp

    Filesize

    172KB

    Download

  • memory/2672-13-0x0000000003D90000-0x0000000003DA0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/2752-26-0x0000000000770000-0x000000000079B000-memory.dmp

    Filesize

    172KB

    Download

  • memory/2752-14-0x0000000000140000-0x0000000000141000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2752-20-0x0000000000770000-0x000000000079B000-memory.dmp

    Filesize

    172KB

    Download

  • memory/2752-19-0x0000000000770000-0x000000000079B000-memory.dmp

    Filesize

    172KB

    Download

  • memory/2752-24-0x0000000000440000-0x0000000000442000-memory.dmp

    Filesize

    8KB

    Download

  • memory/2752-25-0x0000000000770000-0x000000000079B000-memory.dmp

    Filesize

    172KB

    Download