Overview

overview

9

Static

static

8

30bc4934d7...f0.exe

windows7-x64

6

30bc4934d7...f0.exe

windows10-2004-x64

6

338fdf3626...13.exe

windows7-x64

1

338fdf3626...13.exe

windows10-2004-x64

1

342933cb4c...20.exe

windows7-x64

7

342933cb4c...20.exe

windows10-2004-x64

9

343ace5874...03.exe

windows7-x64

3

343ace5874...03.exe

windows10-2004-x64

8

34818CE171...49.dll

windows7-x64

8

34818CE171...49.dll

windows10-2004-x64

8

360390_crypt.exe

windows7-x64

1

360390_crypt.exe

windows10-2004-x64

3

360390_tree.cmd

windows7-x64

7

360390_tree.cmd

windows10-2004-x64

7

3896f8a370...e_.exe

windows7-x64

8

3896f8a370...e_.exe

windows10-2004-x64

7

3a061ee07d...8c.dll

windows7-x64

3

3a061ee07d...8c.dll

windows10-2004-x64

3

3af4fa2bff...d1.dll

windows7-x64

3

3af4fa2bff...d1.dll

windows10-2004-x64

3

3bb691982d...21.exe

windows7-x64

1

3bb691982d...21.exe

windows10-2004-x64

9

3e3f980ab6...95.exe

windows7-x64

7

3e3f980ab6...95.exe

windows10-2004-x64

7

3e3f980ab6...26.exe

windows7-x64

7

3e3f980ab6...26.exe

windows10-2004-x64

3

3e75e8238a..._2.exe

windows7-x64

6

3e75e8238a..._2.exe

windows10-2004-x64

6

400cad56ff...9a.exe

windows7-x64

9

400cad56ff...9a.exe

windows10-2004-x64

9

40b3cb2a21...0c.exe

windows7-x64

7

40b3cb2a21...0c.exe

windows10-2004-x64

9

Resubmissions

28/03/2025, 16:52

250328-vdc6kazry9 9

24/03/2025, 22:22

250324-2aphra1jx7 10

Analysis

  • max time kernel
    149s
  • max time network
    128s
  • platform
    windows7_x64
  • resource
    win7-20240903-en
  • resource tags

    arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
  • submitted
    28/03/2025, 16:52

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    34818CE171EA150B91429AC1DD6FBE49.dll

  • Size

    170KB

  • MD5

    34818ce171ea150b91429ac1dd6fbe49

  • SHA1

    765f7cea9ae6e126181e5a78b897304913530d4d

  • SHA256

    502386cb2288ce85af522da55916b5a05c71d9a32a80cec396bc4cdd0e0ac665

  • SHA512

    e44b009eef9710787ddf63d5038e15112969ef5ac952520f772b5ab78dfe57c42f7562044642f573c9480c76569ef9a7912cc5cd1b0472e4d61c25e79a03bfb0

  • SSDEEP

    3072:xUiScf7Taa44mVg6zMe4sfPZfE8dreM9aSW3OKojVbc7n4CRWLvSFlp6+qvv1:xUUm4mG6zwQLaM9aKjRg0SLlK1

Score
8/10
defense_evasiondiscovery

Malware Config

Signatures

  • Disables Task Manager via registry modification
    defense_evasion
  • Drops file in Program Files directory 5 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • System Location Discovery: System Language Discovery 1 TTPs 5 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Modifies Internet Explorer Protected Mode 1 TTPs 15 IoCs
  • Modifies Internet Explorer Protected Mode Banner 1 TTPs 3 IoCs
  • Modifies Internet Explorer settings 1 TTPs 40 IoCs
    adwarespyware
  • Modifies registry class 5 IoCs
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of FindShellTrayWindow 12 IoCs
  • Suspicious use of SetWindowsHookEx 4 IoCs
  • Suspicious use of WriteProcessMemory 28 IoCs

Processes

  • C:\Windows\system32\rundll32.exe
    rundll32.exe C:\Users\Admin\AppData\Local\Temp\34818CE171EA150B91429AC1DD6FBE49.dll,#1
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:1316
    • C:\Windows\SysWOW64\rundll32.exe
      rundll32.exe C:\Users\Admin\AppData\Local\Temp\34818CE171EA150B91429AC1DD6FBE49.dll,#1
      2⤵
      • Drops file in Program Files directory
      • System Location Discovery: System Language Discovery
      • Modifies Internet Explorer Protected Mode
      • Modifies Internet Explorer Protected Mode Banner
      • Modifies Internet Explorer settings
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of WriteProcessMemory
      PID:2244
      • C:\Windows\SysWOW64\explorer.exe
        explorer.exe
        3⤵
        • System Location Discovery: System Language Discovery
        PID:2728
      • C:\Windows\SysWOW64\notepad.exe
        notepad.exe
        3⤵
        • Drops file in Program Files directory
        • System Location Discovery: System Language Discovery
        • Modifies Internet Explorer Protected Mode
        • Modifies Internet Explorer Protected Mode Banner
        • Modifies Internet Explorer settings
        • Suspicious behavior: EnumeratesProcesses
        PID:2932
      • C:\Windows\SysWOW64\notepad.exe
        notepad.exe
        3⤵
        • Drops file in Program Files directory
        • System Location Discovery: System Language Discovery
        • Modifies Internet Explorer Protected Mode
        • Modifies Internet Explorer Protected Mode Banner
        • Modifies Internet Explorer settings
        • Suspicious behavior: EnumeratesProcesses
        PID:592
  • C:\Windows\explorer.exe
    C:\Windows\explorer.exe /factory,{682159d9-c321-47ca-b3f1-30e36b2ec8b9} -Embedding
    1⤵
    • Modifies Internet Explorer settings
    • Modifies registry class
    • Suspicious use of WriteProcessMemory
    PID:2784
    • C:\Windows\system32\ctfmon.exe
      ctfmon.exe
      2⤵
      • Suspicious use of FindShellTrayWindow
      PID:2860
  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" -Embedding
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:3004
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:3004 CREDAT:275457 /prefetch:2
      2⤵
      • System Location Discovery: System Language Discovery
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      PID:1216

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\PROGRA~3\NOTEPAD.EXE-x.txt
    Filesize

    545B

    MD5

    3fd638e5c953ee30af01a3637e10f7d4

    SHA1

    a7401136459e9957948cac9290ec74eeba87a99d

    SHA256

    a968ec58762f8325e15a6aed0b2160f417104b19721ad2b04088854d0ef0028f

    SHA512

    cb177ca588d5fc3aff6f54e4729b3284c50d15436204fa9e3155a4e0de314c6a19359d1c687014fc6959b81869ebe093e5e988aaeee7f2ac67bb9a088a06269f

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
    Filesize

    71KB

    MD5

    83142242e97b8953c386f988aa694e4a

    SHA1

    833ed12fc15b356136dcdd27c61a50f59c5c7d50

    SHA256

    d72761e1a334a754ce8250e3af7ea4bf25301040929fd88cf9e50b4a9197d755

    SHA512

    bb6da177bd16d163f377d9b4c63f6d535804137887684c113cc2f643ceab4f34338c06b5a29213c23d375e95d22ef417eac928822dfb3688ce9e2de9d5242d10

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    8e58c7fada0c778c8b0cff3d68c7f74b

    SHA1

    4a59e17d726f7f009ecf7d2896ebcca5a472fe06

    SHA256

    57924968aaa1f8aea91ae29c84838803f23956e45e09129bcaff6408e0422b68

    SHA512

    fc0dafa3e803d1a5d5bc46c41d7194ec0b74db607ad021fa97794e0097140eea9d6475b58974a61bfd04ceb528226cedc654fd8912c6b52d2e6edd98d34314f0

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    da53fa3a92cf6cbdcb3a3d5842dfc7fc

    SHA1

    ef222517f9baa3173744e55beeb5c80c5ff3b5a6

    SHA256

    1b5c970420078b26a6906da3dd297c709654ff657b3c642a5f02bbe33fae2206

    SHA512

    4af6d984f773a4253c87d8a06f2355b2086c3e8252c67357baefd8c7c4b96c2574a4b93a72d34f67c91b5c9fd7efa26b3e43a269bc0f61ada305502164df6e16

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    2ed8837b17e1ab21354c9a22c478b23a

    SHA1

    d2539caa259b0306b50217390e95936ec08b8571

    SHA256

    042c42873a87cddaae8b6bad84a9fa90b09129dd334a38dd1dec39b376cf8549

    SHA512

    264f5096d5ea83b0de3710b00f43e65f0c06bb36a6094befe5cd5801ea81d2e1cce0ac151f75f871b286059b1b1be3db056c94d5e8afc12aadbf7c68c41ed364

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    66e70e529e5ec31584c55404156bf2ca

    SHA1

    2f1608987e8ed8a9e43dbdea414a0f72a172d2ca

    SHA256

    d3d9722cf0e75e2f3ccbe57b716028b7bfd3ece85897c29833f4005efe7ade17

    SHA512

    ecf2338574e184e27a37a02c6a5aa4bdcf6c802d6dbe03cdef65d6247b8694b6232eefb5e0dac434cb6d0972bf757ebabaae719da52c6c6fc36e9492ca7be09d

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    75e814a67f9d02bd45dff584a77828a9

    SHA1

    10209e647449d6d7008592c9346683102c920a0d

    SHA256

    2f159f1083b2a0d6c7ddca19b6831a36a64bb7a453c900a72a5b4729dc608a03

    SHA512

    555e27fea5ff9f5626c8c7bf32ce2170b7e5504f1aee85aec7b7068dcd7863e1f05634c5675fb9b430859c57539b70a228b2c2da210c4c0a0a82b12078259f51

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    6ef1b990e844e49d6d43a0cc5c96f32e

    SHA1

    4f352d5a8381c6b1b87a1c7023a8894fd5dd8c2d

    SHA256

    bf1d755402cec533c1ef303eda7decf0a0e67bb5fb7dd92000a4c166cc70a57d

    SHA512

    453d90a4b33a0595e5e1b860efb73d9bb5ddd39b5f986735f2b935492aa632161cfdf191c244c3154ff1bc8e62026b017f36513b96b8da02979f4b312e656194

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    3ab689fc44c43c24a505ddca58a117d0

    SHA1

    1cf6fe1d045fe33d63a7a70544631a276f5d47af

    SHA256

    2d3c8db4f16781824a583c07516eb1027fe4ebc4092c6b0f0b2c5fae87d282e6

    SHA512

    3768c3cdcf6823467526211b53a429f58069fc9636f6106d820f026b7d66991c0d024211a9832ce66190406417436afb2c6778eb303089b48e7844fd8c0f54d5

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    b202fecfba2e3edb7e3d389786fdb51a

    SHA1

    2ee2968b271691a108f4c789006278808e4a72f7

    SHA256

    1a831fd7e29eaab10ebcd563ff9c7b326ed9989ca3ed86440e088a644fb8d54b

    SHA512

    0ab4e0585753e1ec1b44cb40b9fc67b08e8b5be45fbd4ba1c6e386505ab35c974915e6a228796651150c6fbe0ad2d4de66315951d5516a8fc91a4f672edaa8f9

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    69a64b5839d2ba4f9011913e3de6da67

    SHA1

    377c0772177c189f652cddfcd029955deda0763b

    SHA256

    832ab78e7a746116572293245ce39b78c88edcc9d58cc202cf62d96b42e28437

    SHA512

    ed498ad42391ed4bb3260f45ce6748aff8de93b7d43be503654400d962f2d8353916d6641e6394cba1ecca90429f40fb2f33ef0df1c067026175cc6ad5bfe5b7

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    6e9b12c9086eb7b5341b0da41a54f224

    SHA1

    5b079788e052aecf3881cc0e86d0a064ee1c5d8d

    SHA256

    9a134408e9455cebcbb6e16e92749c7ddcbaa9462a38a212cb033842be79964f

    SHA512

    0930ac795cf7c8a001b5a506999049b1a484e7e0fa4bd9aa10a2f076d8eb63156709993f6494812c747ef6ffd6db8edc7a6a04ae2f0d691a23a33e0115c2793a

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    b47f6e4974753eb92671b9e8f845761a

    SHA1

    cba219000dda2b28850a22bae591b8fa77c83282

    SHA256

    51316f31a89967605017cac2ab09a78458fd37149056b8657cc0b13d742773f1

    SHA512

    03d94f96f34afa70509470c3de6cf9dc192a7944ef3b19c10cc1c85018bd309507489093204d6031e9233ac17fa4795f8af940a5cb4b2531eb40a51db82fbcba

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    387c67c69debbfe88dcec823b89ca99b

    SHA1

    10d098f1023f4b5f66ad0be5d6a6562fe7b03895

    SHA256

    c495a6fd3cde675879ad8b8e7f95e5ca2cff5ff6dec268c848d59353fdbd2021

    SHA512

    1d643b7f7410d92885c57c610f7e084457736b5b198704aeaffd93595d6ee2bfade4089aabc844c14fce61fe4c09c661ae360db87e48ab87082659047420694f

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    8b1aea010f2dac79207f7ec19b76da3e

    SHA1

    6bb77de5d3b9aa7dd50ccb0aa379623d8899cab6

    SHA256

    4e3d9543ee88358ed189d7f07d5ba18dabe8e005de262d001a4262834234efea

    SHA512

    32d6a3032845c447fef3fbf9a3e86dd5acd1f34fedd731101a4585ea06e2d8038a802769fab89100835fb6836b4c0d5e771c705932c9832374b0bd190d063c47

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    c63461e0ebc014929e7b7bc8ba246534

    SHA1

    79076937e1bfbc054704faf2c16164895a67ea29

    SHA256

    7c6631c9edb34944c78f0c7cacea6a03de40b677d7a8b255cdbbfad2399dd4b2

    SHA512

    3c0449119b17f70d8febf28a043d67f193d3bd879198c94e4875edbea9e25ec0a48b37defeefca1b0c03349a952aa50ff27be1b938618f71dd160275dae5a3fd

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\CabB11A.tmp
    Filesize

    70KB

    MD5

    49aebf8cbd62d92ac215b2923fb1b9f5

    SHA1

    1723be06719828dda65ad804298d0431f6aff976

    SHA256

    b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

    SHA512

    bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\TarB536.tmp
    Filesize

    183KB

    MD5

    109cab5505f5e065b63d01361467a83b

    SHA1

    4ed78955b9272a9ed689b51bf2bf4a86a25e53fc

    SHA256

    ea6b7f51e85835c09259d9475a7d246c3e764ad67c449673f9dc97172c351673

    SHA512

    753a6da5d6889dd52f40208e37f2b8c185805ef81148682b269fff5aa84a46d710fe0ebfe05bce625da2e801e1c26745998a41266fa36bf47bc088a224d730cc

    Download Submit

  • memory/2244-35-0x00000000003E0000-0x000000000040E000-memory.dmp

    Filesize

    184KB

    Download

  • memory/2244-4-0x0000000000770000-0x000000000079B000-memory.dmp

    Filesize

    172KB

    Download

  • memory/2244-0-0x0000000000220000-0x000000000024B000-memory.dmp

    Filesize

    172KB

    Download

  • memory/2244-34-0x0000000000770000-0x000000000079B000-memory.dmp

    Filesize

    172KB

    Download

  • memory/2244-2-0x0000000000770000-0x000000000079B000-memory.dmp

    Filesize

    172KB

    Download

  • memory/2244-33-0x0000000000220000-0x000000000024B000-memory.dmp

    Filesize

    172KB

    Download

  • memory/2244-1-0x00000000003E0000-0x000000000040E000-memory.dmp

    Filesize

    184KB

    Download

  • memory/2244-10-0x0000000000770000-0x000000000079B000-memory.dmp

    Filesize

    172KB

    Download

  • memory/2244-8-0x0000000000770000-0x000000000079B000-memory.dmp

    Filesize

    172KB

    Download

  • memory/2244-6-0x0000000000770000-0x000000000079B000-memory.dmp

    Filesize

    172KB

    Download

  • memory/2784-13-0x0000000003B10000-0x0000000003B20000-memory.dmp

    Filesize

    64KB

    Download

  • memory/2932-25-0x0000000000550000-0x000000000057B000-memory.dmp

    Filesize

    172KB

    Download

  • memory/2932-14-0x0000000000180000-0x0000000000181000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2932-19-0x0000000000550000-0x000000000057B000-memory.dmp

    Filesize

    172KB

    Download

  • memory/2932-20-0x0000000000550000-0x000000000057B000-memory.dmp

    Filesize

    172KB

    Download

  • memory/2932-24-0x0000000000330000-0x0000000000332000-memory.dmp

    Filesize

    8KB

    Download

  • memory/2932-26-0x0000000000550000-0x000000000057B000-memory.dmp

    Filesize

    172KB

    Download