Overview

overview

4

Static

static

4

78033e74ed...b5.exe

windows7_x64

3

78033e74ed...b5.exe

windows10-2004_x64

3

Analysis

  • max time kernel
    4294207s
  • max time network
    157s
  • platform
    windows7_x64
  • resource
    win7-20220310-en
  • submitted
    19-03-2022 16:12

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    78033e74ed996845b50335f09ac669af486cd3089776c9bf26804c808fa479b5.exe

  • Size

    2.4MB

  • MD5

    791da1c01b6b87bb3d5ec4673f4546e2

  • SHA1

    c6700c5494f1658f3059bc9872609e6e9e8694bb

  • SHA256

    78033e74ed996845b50335f09ac669af486cd3089776c9bf26804c808fa479b5

  • SHA512

    33861f68d2dce833f6dd290a1e277afb3923c1f7e501198ca58c8ed76bce5a505812723bdcccabad9ba83f95ee21da819c6c76599e98a79446fafc63f67c8f64

Score
3/10

Malware Config

Signatures

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

  • Modifies Internet Explorer settings 1 TTPs 34 IoCs
    adwarespyware
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 7 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\78033e74ed996845b50335f09ac669af486cd3089776c9bf26804c808fa479b5.exe
    "C:\Users\Admin\AppData\Local\Temp\78033e74ed996845b50335f09ac669af486cd3089776c9bf26804c808fa479b5.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:1652
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" https://aka.ms/dotnet-core-applaunch?missing_runtime=true&arch=x64&rid=win7-x64&apphost_version=5.0.1&gui=true
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:1752
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1752 CREDAT:275457 /prefetch:2
        3⤵
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:1444

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\6BADA8974A10C4BD62CC921D13E43B18_711ED44619924BA6DC33E69F97E7FF63
    MD5

    7d4d0a79e5f9021448cf3263c613b23b

    SHA1

    2a396871fd8379dd36dbfd19d216f7dbbce8c260

    SHA256

    14d9538d97987aba2ca9ae6acc58b2054f4719f85779d6776a3b0769de5438a9

    SHA512

    cd8be4bb90a23575890e30f0db30956477606ea4de4aec3ccde8a85d44fff513f6799bfceaa458ec4cca40f79e123cee4e30864c9f147bc3518b3d88e511ea16

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\6BADA8974A10C4BD62CC921D13E43B18_711ED44619924BA6DC33E69F97E7FF63
    MD5

    f991424e80315b3ec78a0307bd744441

    SHA1

    6d9d9c914d642696a112e2a499de344cabaaf17b

    SHA256

    306cc6edc7356905ec448c21fd20a649449c0ac3c5ec8b542951f0e253270aa1

    SHA512

    7a8bae8c00af52925c1417f235d23d9b2719f4e7139154e3daca9d5147168e9d2ef5fc5dbb0917b6d6cc4f101c41f7db944a96031dc6cdb5eff9e4e66ae88e94

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    MD5

    8afc55192a5397d790765790a26ed60d

    SHA1

    3789c8911d441b60b861e322407cd6fa306e3418

    SHA256

    7468297a43b00d84cebe242de04c3f0074cfc08f9feb39d9d942934cb05e61e4

    SHA512

    3b9bb07eaee9daee96227b60972cfdbda984892f54de93a32256287408521bcfbba0b3bb3c3fbbe08fa2188351a6879e3b5269ab6a625db574e0b29b21272cb3

    Download Submit
  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\48DZ56VS.txt
    MD5

    d07aaca21cda48a0c6f67a525e80bce6

    SHA1

    8b72c783856cc2ed314f7d036dae5481d57e8172

    SHA256

    a668bb640abfb5ebadb49367a1cba43b432fbf9132d4cf200fa92faad936c3d4

    SHA512

    595919d98a160692abdb1fb428b25b8f935adc5a20b90a370adf294a35dc57f057b1d884a9632565304e0dbf9121ae5d3769ee771e22213f745e21d00fd5fecc

    Download Submit
  • memory/1652-54-0x000007FEFB831000-0x000007FEFB833000-memory.dmp
    Filesize

    8KB

    Download