Overview

overview

10

Static

static

10

ScreenCapt...r1.exe

windows7-x64

1

ScreenCapt...r2.exe

windows7-x64

1

ScreenCapt...rt.exe

windows7-x64

1

ScreenCapt...er.exe

windows7-x64

1

ScreenCapt...ck.exe

windows7-x64

1

ScreenCapt...k1.exe

windows7-x64

1

ScreenCapt...k2.exe

windows7-x64

1

Setup (5).exe

windows7-x64

7

Setup (6).exe

windows7-x64

7

Supplement...16.scr

windows7-x64

3

T1.exe

windows7-x64

10

T1_b7afca7...b5.exe

windows7-x64

10

TeenTube_90767.exe

windows7-x64

10

Trojan-Ran....a.exe

windows7-x64

3

Tuyen bo c...ed.doc

windows7-x64

4

Tuyen bo c...ed.doc

windows7-x64

4

UNPACKED.exe

windows7-x64

9

Uninstall (2).exe

windows7-x64

3

Uninstall.exe

windows7-x64

3

Upx.exe

windows7-x64

5

screenshot2016.exe

windows7-x64

7

sidacertification.exe

windows7-x64

3

spora.exe

windows7-x64

10

svhost.exe

windows7-x64

10

sys100s.exe_.exe

windows7-x64

9

tordll.dll

windows7-x64

3

uacbypass.exe

windows7-x64

3

unpack.exe

windows7-x64

10

unpacked.ex_.exe

windows7-x64

9

unpacked.mem.exe

windows7-x64

10

upd.exe

windows7-x64

6

verhdiehndi.bat

windows7-x64

8

Analysis

  • max time kernel
    251s
  • max time network
    187s
  • platform
    windows7_x64
  • resource
    win7-20240903-en
  • resource tags

    arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
  • submitted
    22-11-2024 03:39

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    sidacertification.exe

  • Size

    1020KB

  • MD5

    172aa496b7f2331fa20180b887cf4893

  • SHA1

    5b2780dca42fdbd5ac695981ae60a37d1225e809

  • SHA256

    f3e87cdbb12c555be95f8c60c3b36b64671e5241db9241644b795ed3b203bb60

  • SHA512

    033565913156af4becf18d1fef70df5644b808b4c4610e9ea8783b4b6e5c923b6fa89e62af4c5d79014510f729005a99b2408ddce71a28865ffd2efbe09690af

  • SSDEEP

    12288:H1nFG9yNghVwv2gAqeQTyiS62zV+vBOSyfWFp9/4wwTeM+jtH+Y888888888888B:G9yNgY+4eySXSBOSyfWFf/4dTPke

Score
3/10
discovery

Malware Config

Signatures

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Modifies Internet Explorer settings 1 TTPs 29 IoCs
    adwarespyware
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 8 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\sidacertification.exe
    "C:\Users\Admin\AppData\Local\Temp\sidacertification.exe"
    1⤵
    • System Location Discovery: System Language Discovery
    • Modifies Internet Explorer settings
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:2508
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe"
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:2304
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2304 CREDAT:275457 /prefetch:2
        3⤵
        • System Location Discovery: System Language Discovery
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:1696

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    2e09b16b9b3a6d5e406ec8a4c0a97664

    SHA1

    e74ed55b440768dc06d98b89106142768e11182a

    SHA256

    0bf433baa5e995c8a2614a6bcd06dbbce796a80f03682ea4753be5d26b8d1f1c

    SHA512

    c509192ae143b445d8047e3d084a3405ca2aefc6b9c556d8f3ca06229f3068fb705673c3339441fdfa5031627fa1e61d7b1af58f37e298c9b6d5c3b2b16bd8f4

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    65961613449d696376cff8cb2a617599

    SHA1

    28064e64da49086f96869fa01bae93c028cfb90f

    SHA256

    bc41045b5975ad38bd6960b6d0ec32f534a34d0339d353961031554c9e20bf25

    SHA512

    7964b18738dd900861bacbcb4ffc86ac4545978ac5515b2fafd707ede2abd8f8fc3a7243bc7659c63469450975bc93ac9a269d77ba5d15fd4a91c59bdaf8f8e5

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    4c9ed35b030a354912e3e2965325bde0

    SHA1

    ebaf6d8eb3ac2db73acbcf9ad451f5711caa8400

    SHA256

    36acdbce60bf6159037c26263ec6d89bea786c2c11b3a6eb0177fd142dab118a

    SHA512

    d69eaca0ef5aec5ff75a3f503d9c3926e3ad249bafb35a849f34ae4019dfbe7696fc23b749a597e4bf9129186fd2cbd2f28dd987212b637b355204efbf8ef74a

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    0e084c441909734579c104be7264b972

    SHA1

    0df61faace8cfefcd778d9db6d8c29e9be3af0c3

    SHA256

    0215b9d4ea1ccf5749bbd61ec9a2e6bea23e1c6f33e8fed60576157fd30f17f7

    SHA512

    61e1e38a54807a87f675ec1e85af588bef68bef6201bc04373157cd6469f8466e6a711a6161bd77665d9e14b3b808d12bb562fa46c4ed28cc8c9a2685eda972d

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    dad7ab00e93d96c43e7b726361f3ef26

    SHA1

    49131dd990e94dd365acc8df3e293548088b9509

    SHA256

    78f32dd6ce2b01a5121db2d4c32b0e4539c23f50e049210c5adebce36cbd896a

    SHA512

    30f7f59444982d11dbf263617f0da2102e7532f6b072bc51a5fd235c789f925322624838cd5fcd9e460f4ad7c9dcf674c7ecd826b46739236517f3cbeb67f959

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    f123b44725d7d941db61902aa198e894

    SHA1

    cadeb00a1c809a161f2d0a1bd1c036b57cf1380f

    SHA256

    5d1be7f002ab837e62fac50658db07b290212df7498dfe3992470aa1a9002393

    SHA512

    ed915060ff1ce2ce130aa0446dff5fff18504437f01c3ab7591f3a59f9442999020651538892ada770ede75c227cac262f1840261ce0226573472b26cda77172

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    c5c2c310fc155817af1a9c673a5268d2

    SHA1

    c13d73b08c6e290e56d65dda2282a2dba70c9fec

    SHA256

    efc753e725ec3a3776e0385c1723d09925f3686b3d3278952abfcc7c006ceb53

    SHA512

    17e3796cb9b21e883ed0c5c30bb2fafd4cef7191fbe5eaa47112207408a8069050ba77d310fc578f2db50175f98ab2b74c6e64ffe319f160fcb9e653bbf4db69

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    9fa2c6ac32e37a494df95040ddc32fe1

    SHA1

    8bcc0c5c68c55c82925429c8a2fe56763de6d74e

    SHA256

    83c6a9f8d112cf27e4f2b986f31f46b522e400998b738edbdf70156074346c16

    SHA512

    8cc52f00b08cb9a96bc0c8de47eb6b300dad63c64a5055ab1a0cf22464c50d47228b9de35415e114aaa6fb57ea4afa4e67f0b31615d0c7ec141b95765e16c612

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    e2f6ea44cdffe394168c0f9faeb62f14

    SHA1

    09cdd8ad74fc5708c38d5251c1d496a9f3b0479d

    SHA256

    c86232483ab98c0102b486fd32e8b77a3a530a146309ce7d2581914736fdf641

    SHA512

    3e4f8962cd30b3b81f75afd03becf27cb46fe6884d731ecd7c8693ee33a913ded271d85ef2327cd277a7eda1e6ba5de4839b36fe6eaa755539117636961021be

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    c06948088d05bf7a4c27e26f8ea82c90

    SHA1

    b4c3d89a54a1b520f8bbf29977bba0d6386c571a

    SHA256

    fdfafef40ba0d6f1056e7ac0afe1c3d26251677047139b71981eb013cb527e8f

    SHA512

    81727c82841c510b95307707df83705fd0d29f02abc3ce1154df5f0e7488f6147bf598e4877d3db3a11d60e7e4e92d59c70ba99f27e4ee8f4593e50659e7fcbd

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    e11b84ac98958b66515181f50e633a1b

    SHA1

    602086d3a42003016ab52eeb4b4e88b2d22cfa77

    SHA256

    88b19e8a14ada53690165ca058f3f4f36bdb56f11a3fcb69d4b4daf46dcc32b6

    SHA512

    ed72f3622f9c2e89b087412d82d6206a9f2e2ea3be34619b0f66a11c2f1959b6cf39ba29e4cd9d23d7d2bf88e8b89829f9d9596df0ecf277e9f67eac7b0c033b

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    39edc4b6de584723d24a3c4d5f312283

    SHA1

    8df29ac82579d2214c69b2bcbb2c78b63489b07e

    SHA256

    2bf57edeb3ffe742e06e9fcc1e07a4bb25f884feb867c7d86c40dcc1c0a29653

    SHA512

    f0f12e9d9f9353a7627cdfd1e6d05e3f9eadb6b7c263534ca5572d9ac48ea01dc2db33b17d57fda05906bf0b2ae99b6dd6e70de819dbadfdc2a1d03e59bf2853

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    313265e2b5be1c6c1922afd32b84e940

    SHA1

    c704e1cd3d95fa3b97178859e1dd7c007283fd41

    SHA256

    91b18beea0f2377e3fa262db4288b64ec2cbe097d0d1cf42532fe213be845863

    SHA512

    da896902aa2d96833bf15aa475ca1a381b46d079eca1b6b47f2be5d13b61f16d62c78a911a4df646ffe6eddeb5306e0eea881e6ca8d287414aa3b1e805b34cc8

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    bb6006dc311e7aa7d95cf3a7c41c27b9

    SHA1

    0b0017cce366ef578778409b685de4e50571390b

    SHA256

    fbb0043e7a50b0d48181c5b6a5a0a112f3dd097dc3f90b6b13a1993df964ee4e

    SHA512

    0fd99e4d1c13366c59dac33a20158219d2c0da98c9901c1f5a2866cc0d87b5c1934b3d7103c475473469b5a4b36e780fed54280c7ba7cca0bcbfda475ca89191

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    0286e564040af901354aba89d4c1dd0b

    SHA1

    6e187aebd9b5117fdee85c71c979a3d83dcb3e1e

    SHA256

    68b901f760e313893ee5ed5cbc121a5c9542f2d259b749728458e4d32cefbc2a

    SHA512

    63873dbeb25e9fcb3714a7176d8a86d919f4420f09d6b4e0fa08fb6cee24748d46b3f1d1083aab4fbbb2f2e07af1b7f2c0b77b3b336dbf1c6aa53bf5013891fc

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    1e29cff10fe359626897328a7d1b0151

    SHA1

    5830ea679eff816e78f30301235811aa69886ce4

    SHA256

    7c60eac401001ae7c17a44e1b8bbbad42318f35536fede1d80608ce19d562fd6

    SHA512

    2d933df3c68c2417ddcc9d0ff7be5d01eb12a26cc0c177e54312aa486a1dbf72f9d6ed9286ac5dbcbba1bddeba1e022d7227f3be2cc64d3e37e4f9dfd5412ac3

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    fd95b936fa24e519ac4a4000b0d2e7aa

    SHA1

    c539ca0e9e086799ef31eed123620e3e1263989a

    SHA256

    ccba8ac5a4ce7e77519ecc5f628f53f64e26e3f01af11730b024da531b9c99a6

    SHA512

    1be5355f6b6591c4c7c4f08f6cfea2f266a77e5b1bcd3f0147b64fa73b75a63993999c2800e76ff7f55c838a9a782c6656e668160a2ac63a691d98691954d195

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    a4335136f2af04dbdbb7be754caa16c1

    SHA1

    78c7fa08aecdc599d92a7a6f0ec75358b56fe721

    SHA256

    e668c6433c5135d9c68a7323c64ce57f6293c4b04d3e41b65d0e3a3564f2ca81

    SHA512

    b627272c578b906486ff542cba3e343f7f7eca9c77a01bafbc356104b957e8a89e21cbacccfc391e1b1743e7c63b9430174b12947f2b2d809e0f54cdcbf46936

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    c98f59c4641032103406e2868f1a2de8

    SHA1

    a5acff05c6e3193ded7be820678af476cb5bd888

    SHA256

    c3077172ab065371b0e2a7bf74e05f063525bc147dfab188decd4bec72483bb3

    SHA512

    300a8ce8a24c894ca508e451e7d62045fea99fd4794c77d0cf7ac6607f2a1156b3746ef51d5bb28b8f39801f041ae08389907dc611ebaac2fadd8f626366b63e

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Cab98E8.tmp
    Filesize

    70KB

    MD5

    49aebf8cbd62d92ac215b2923fb1b9f5

    SHA1

    1723be06719828dda65ad804298d0431f6aff976

    SHA256

    b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

    SHA512

    bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Tar9978.tmp
    Filesize

    181KB

    MD5

    4ea6026cf93ec6338144661bf1202cd1

    SHA1

    a1dec9044f750ad887935a01430bf49322fbdcb7

    SHA256

    8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

    SHA512

    6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

    Download Submit

  • memory/2508-15-0x0000000000220000-0x0000000000221000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2508-14-0x0000000000400000-0x000000000050B000-memory.dmp

    Filesize

    1.0MB

    Download

  • memory/2508-21-0x0000000000400000-0x000000000050B000-memory.dmp

    Filesize

    1.0MB

    Download

  • memory/2508-0-0x0000000000220000-0x0000000000221000-memory.dmp

    Filesize

    4KB

    Download