Overview

overview

10

Static

static

10

Confirm_Cheque.exe

windows7_x64

3

Confirm_Cheque.exe

windows10-2004_x64

4

Analysis

  • max time kernel
    52s
  • max time network
    13s
  • platform
    windows7_x64
  • resource
    win7-en-20211208
  • submitted
    08/02/2022, 00:02

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    Confirm_Cheque.exe

  • Size

    376KB

  • MD5

    6acbe94f31ef95152e956a0b6e81c6b7

  • SHA1

    17f42b347f265d8bc8047df7ae4140e9c28792e0

  • SHA256

    b9a493df37ecf4be7f92c1da6d1422ffa38490b5fe336424f30bf095c4073d51

  • SHA512

    3ca582c20bdba7eb455be07257650840d13ec9fd06f80c35f8982b09a04fd184b84ff9b9cc60f8d04f921bc944e5c90f3dc541e61d87805cb0e6b08e5fa3b2cc

Score
3/10

Malware Config

Signatures

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

  • Modifies Internet Explorer settings 1 TTPs 1 IoCs
    adwarespyware
  • Suspicious use of SetWindowsHookEx 3 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\Confirm_Cheque.exe
    "C:\Users\Admin\AppData\Local\Temp\Confirm_Cheque.exe"
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:1340
    • C:\Windows\SysWOW64\cmd.exe
      cmd.exe /c C:\Users\Admin\AppData\Local\Temp\
      2⤵
        PID:2032

    Network

    MITRE ATT&CK Enterprise v6

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • memory/1340-56-0x0000000075CE1000-0x0000000075CE3000-memory.dmp

      Filesize

      8KB

      Download