Overview

overview

10

Static

static

10

88bc7b6a62...00.exe

windows7-x64

7

88bc7b6a62...00.exe

windows10-2004-x64

7

88cdf3a075...59.exe

windows7-x64

10

88cdf3a075...59.exe

windows10-2004-x64

10

89000a0d00...5b.exe

windows7-x64

10

89000a0d00...5b.exe

windows10-2004-x64

10

89270d6b49...b4.exe

windows7-x64

1

89270d6b49...b4.exe

windows10-2004-x64

1

892ac0ac36...51.exe

windows7-x64

8

892ac0ac36...51.exe

windows10-2004-x64

8

894b900bb7...92.exe

windows7-x64

8

894b900bb7...92.exe

windows10-2004-x64

8

896493118e...17.exe

windows7-x64

10

896493118e...17.exe

windows10-2004-x64

10

89652cefa9...84.exe

windows7-x64

3

89652cefa9...84.exe

windows10-2004-x64

10

897255af35...03.exe

windows7-x64

10

897255af35...03.exe

windows10-2004-x64

10

897b60be56...d4.exe

windows7-x64

6

897b60be56...d4.exe

windows10-2004-x64

6

89a1a21003...9d.exe

windows7-x64

3

89a1a21003...9d.exe

windows10-2004-x64

3

89ed231ad6...9a.exe

windows7-x64

10

89ed231ad6...9a.exe

windows10-2004-x64

10

8a4e1b5c29...83.exe

windows7-x64

10

8a4e1b5c29...83.exe

windows10-2004-x64

10

8a7ce080bb...ba.exe

windows7-x64

10

8a7ce080bb...ba.exe

windows10-2004-x64

10

8aa071d8cc...3d.exe

windows7-x64

7

8aa071d8cc...3d.exe

windows10-2004-x64

7

8acb86332d...4c.exe

windows7-x64

10

8acb86332d...4c.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    136s
  • max time network
    133s
  • platform
    windows7_x64
  • resource
    win7-20240903-en
  • resource tags

    arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
  • submitted
    22/03/2025, 06:13

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    897b60be5611091a83c5ceb48f7d2bd4.exe

  • Size

    8.5MB

  • MD5

    897b60be5611091a83c5ceb48f7d2bd4

  • SHA1

    c397499a37f458adc9afd3bb7ecf19d5893202cd

  • SHA256

    79068d9df13cad52bfbafafb7b6caf4207f9b92cb64bb78fefe839e9a73a9162

  • SHA512

    0f1786389bb0d7af71401a4826468a6f2c313fa40a56462aa88dba77f4b3a6bf648dae7a4ce9085be1a9a0ac488558689bb68ac5f978b9b2d70dae8ddefd8404

  • SSDEEP

    196608:UOW/od/SWu0VwCnYuo+JBSe7PS6O3YmOZdgkSI+:ULQMWu0VwCnzo+vSe7PEmgkSB

Score
6/10
discovery

Malware Config

Signatures

  • Legitimate hosting services abused for malware hosting/C2 1 TTPs 4 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Modifies Internet Explorer settings 1 TTPs 39 IoCs
    adwarespyware
  • Modifies system certificate store 2 TTPs 2 IoCs
    defense_evasionspywaretrojan
  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 8 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\897b60be5611091a83c5ceb48f7d2bd4.exe
    "C:\Users\Admin\AppData\Local\Temp\897b60be5611091a83c5ceb48f7d2bd4.exe"
    1⤵
    • System Location Discovery: System Language Discovery
    • Modifies system certificate store
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:2540
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" https://discord.gg/Vnq3xargTX
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:1300
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1300 CREDAT:275457 /prefetch:2
        3⤵
        • System Location Discovery: System Language Discovery
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:2756

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC
    Filesize

    914B

    MD5

    e4a68ac854ac5242460afd72481b2a44

    SHA1

    df3c24f9bfd666761b268073fe06d1cc8d4f82a4

    SHA256

    cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f

    SHA512

    5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
    Filesize

    71KB

    MD5

    83142242e97b8953c386f988aa694e4a

    SHA1

    833ed12fc15b356136dcdd27c61a50f59c5c7d50

    SHA256

    d72761e1a334a754ce8250e3af7ea4bf25301040929fd88cf9e50b4a9197d755

    SHA512

    bb6da177bd16d163f377d9b4c63f6d535804137887684c113cc2f643ceab4f34338c06b5a29213c23d375e95d22ef417eac928822dfb3688ce9e2de9d5242d10

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357
    Filesize

    1KB

    MD5

    a266bb7dcc38a562631361bbf61dd11b

    SHA1

    3b1efd3a66ea28b16697394703a72ca340a05bd5

    SHA256

    df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e

    SHA512

    0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC
    Filesize

    252B

    MD5

    b1428163c3698ab4eb72eba6cd43e2f7

    SHA1

    cd3002addf0b18e5ea5fb97ff0555af0827c814d

    SHA256

    79a683bfa6576f09d7fa52c43906aa2c706f48ccb4b52d455c589801d49960b2

    SHA512

    90aeeffc7ed5c95c7c1313e8042f13e1eccafb5b2aac8cc012f9c11a8368f954dc53c6555c900d6f8f385c99d776fcdeba774004a06cc7793d2b29c5457cb579

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    40574d75ae1130330b8c3aaee1fff720

    SHA1

    8ab2fff9117fc7f2bce97f6358fa0330a7eaf539

    SHA256

    7602e64207c15a9aac247466ff0eaa68cec0ef6da042e2205202e4a73f60ef39

    SHA512

    65494410fc9dca38c9dfbdddf890e175d77521cad4589fb1eba106379b563daa4ebf70727a64bda0c26b1a77f0418b95c2c98f6c14bc6e7c14516cda0ba7c3e7

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    3cc8bd0981cc926f8f78b4d4aa3ad13d

    SHA1

    2348526823f55e0da0dfc942e02ddc7fbf766667

    SHA256

    1989f8fbecdae5479448aa0fd12bc7e28608dcd525952141a8fac2932fff5e54

    SHA512

    55c13fde29072b401d588055466b4dfeeee8d56fb90050f9d0c48f04e488ae3cddefb6f5b60e9174881c520d3ef284ab0ada5c842b92d8c40b5eba6010fee53b

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    f1023cf0ff32411f7db8a2f99f665ea2

    SHA1

    fee34e0d6313aa6950d761ebe7ad332650b42074

    SHA256

    89109b1f207c7e02e9e4efe838821ce76f246b201832f87d1ba1b3cf464b1258

    SHA512

    f7f4947a627a09ea3f8daa624ddf514bc68196ad5874832f752a7ae34faf773f04cdd1b7c6e394f8b4bc2815ffe4ba441b637c8f57f20b1654bb431125caef79

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    92c514531c82a31bb8af387969e165da

    SHA1

    7398d6094f3d9fffdb036602f7aa7a0e08e2848f

    SHA256

    4a521acc3de92cf452329a500146241c06011dd88ef2c9db081e04a729248e5f

    SHA512

    e1a8abd00af3c58fc33d46c217e7da35e2e15b3e61aac6851e72dd7ea48bef14dea8792feeeebe53a213302ab0d28900de7689e6d0a5ed8f4f520d7e86ca8c98

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    5a299f681206b97b9266bed11640249d

    SHA1

    d0fbedcbfa62915aa93a0be6832ca185ce2edebf

    SHA256

    faad086597dc5cead1590f2c7f28043ecd055b7fcb57b17075c89d59960395b9

    SHA512

    37b488a9da4a299a9f79e34be08bf51cd2adbae6385e0d76ca329e496b93a0d444064e31d7f1359ba2d74518e3ad4ca73fae46051e6713d0aa470be224a4cc8f

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    5a981acc979f91d8822ddd13965088b8

    SHA1

    b7b8c6e7e6932998195623661d2941c38da484c6

    SHA256

    784b97e551dec2e4a37768ec9f87e0fd32ce6a70c95a2a683d7846cc7d3a0e16

    SHA512

    c1c1bf83e66997e29a20f5c742dfa351aeb32a56957bba794ca61bd5ad0ce5ee13ff2cede00de4edb161d149cd32cab64009f60b519c09c6020e0689102123ca

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    ab4652d05b4c636b0f57cc03d895f92f

    SHA1

    ba4d9b8c9ba667e28c52bb2018d5516f8584599b

    SHA256

    22c99026be1b45e5bb84dea294ea8ccfb40234f503f70cf89d5407ec4f379365

    SHA512

    ae2bbfc48ab43634c052c11cae8c856220771148986e9967ab968c611b1738ad7faa481e2287d98c3ab72caae0b535a29b14d39449e37a55b982c42264d3e7ba

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    e82d79f98f83f0b84050f9d611b3f9f4

    SHA1

    c3a141a5475527676386494f87845ab14692e814

    SHA256

    e50a4194869cda09cc4e8cd74f952724e872bb6f3bd9264f9df6a3f2950a95f8

    SHA512

    bc7c288117b2c530070777ba47b51d122379ca7a93ce10b50f4d0859b03a67edc7c1ec9c5ddfc046318b55afc5f96245f7b56d80cc7e7ba9e16dbf6f1b4eec87

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    729aa34c586721750dc234f5203054d2

    SHA1

    e6bd261e88613857ba1b37e9d0f7ef3cfe25e600

    SHA256

    4584e9891a9d5831b01b7694c8aa1fc855bbd2bb5095c248a7bab5c1463a7cdb

    SHA512

    7f3377abecf06ff54501bd060b3f25af46349e0158d5eb065e96cdd030e1eb651c923763d8cbe4dceea8a2dfdc3c0512074d3e3ce031318cbfa2ca018b39856d

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    5687300c9435bb7ea8c1d0e877a03748

    SHA1

    8c6f8852587343404c4f8bc132ac7f1c0d2608b6

    SHA256

    e3a165a89aa95245bd007630ea11acbcb904642373717ebbc5f34da265a06736

    SHA512

    8d28c82139dbffa99df9c21c69750d92e477f96dfd4667e5110a01d7d331e394d2b425e250f10083168dbb37fd6b5a10dca25d2175f2bf56dc1be67418ef4db4

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357
    Filesize

    242B

    MD5

    dba16d6e51639ccfdddc562df6445508

    SHA1

    530146c559cfaf662dec9e3c5a54b4fe3f15cc99

    SHA256

    24168ee76c695e3e3413eb4cb9b5edac0ea4b2c167ee6a4795dbc6146b009e69

    SHA512

    b5f4ebb8884820279308b38eef6d176571a957a8843fcca26489daf7ad58a331400f2675352cc0caf4b014b4321df1c16496d777cabca62c120348e2117b7c07

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\imagestore\njqq61f\imagestore.dat
    Filesize

    24KB

    MD5

    e3dfd211022a3f356fdc58a63dd92a65

    SHA1

    bfa9f0931a2e4af99e1e301b616a4f1a030cf50d

    SHA256

    d2141b691382a102ecefaf52bdaadca827d1d3e206ad03ce45f7b58ccc15eeff

    SHA512

    2848b066b203b28cad5dc7df9a769c27db94de150704a1b4f23478ce3208eacd0f1370ae3838277bfcd61d5e469e6d23e3fa5e88d90a8c324c55ff71f73e2fdc

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\M4TQDAHL\favicon[1].ico
    Filesize

    23KB

    MD5

    ec2c34cadd4b5f4594415127380a85e6

    SHA1

    e7e129270da0153510ef04a148d08702b980b679

    SHA256

    128e20b3b15c65dd470cb9d0dc8fe10e2ff9f72fac99ee621b01a391ef6b81c7

    SHA512

    c1997779ff5d0f74a7fbb359606dab83439c143fbdb52025495bdc3a7cb87188085eaf12cc434cbf63b3f8da5417c8a03f2e64f751c0a63508e4412ea4e7425c

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\CabFC7A.tmp
    Filesize

    70KB

    MD5

    49aebf8cbd62d92ac215b2923fb1b9f5

    SHA1

    1723be06719828dda65ad804298d0431f6aff976

    SHA256

    b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

    SHA512

    bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\TarFC7B.tmp
    Filesize

    181KB

    MD5

    4ea6026cf93ec6338144661bf1202cd1

    SHA1

    a1dec9044f750ad887935a01430bf49322fbdcb7

    SHA256

    8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

    SHA512

    6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\TarFDCA.tmp
    Filesize

    183KB

    MD5

    109cab5505f5e065b63d01361467a83b

    SHA1

    4ed78955b9272a9ed689b51bf2bf4a86a25e53fc

    SHA256

    ea6b7f51e85835c09259d9475a7d246c3e764ad67c449673f9dc97172c351673

    SHA512

    753a6da5d6889dd52f40208e37f2b8c185805ef81148682b269fff5aa84a46d710fe0ebfe05bce625da2e801e1c26745998a41266fa36bf47bc088a224d730cc

    Download Submit

  • memory/2540-8-0x0000000074190000-0x000000007487E000-memory.dmp

    Filesize

    6.9MB

    Download

  • memory/2540-61-0x0000000074190000-0x000000007487E000-memory.dmp

    Filesize

    6.9MB

    Download

  • memory/2540-26-0x000000007419E000-0x000000007419F000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2540-9-0x0000000074190000-0x000000007487E000-memory.dmp

    Filesize

    6.9MB

    Download

  • memory/2540-0-0x000000007419E000-0x000000007419F000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2540-6-0x000000000B8F0000-0x000000000B9A2000-memory.dmp

    Filesize

    712KB

    Download

  • memory/2540-5-0x0000000000490000-0x00000000004A4000-memory.dmp

    Filesize

    80KB

    Download

  • memory/2540-4-0x0000000005B90000-0x0000000005CDE000-memory.dmp

    Filesize

    1.3MB

    Download

  • memory/2540-2-0x0000000074190000-0x000000007487E000-memory.dmp

    Filesize

    6.9MB

    Download

  • memory/2540-3-0x00000000057B0000-0x0000000005B86000-memory.dmp

    Filesize

    3.8MB

    Download

  • memory/2540-1-0x0000000000CA0000-0x000000000152A000-memory.dmp

    Filesize

    8.5MB

    Download