Analysis

  • max time kernel
    96s
  • max time network
    183s
  • platform
    windows7_x64
  • resource
    win7-20220331-en
  • submitted
    02-04-2022 18:44

General

  • Target

    bbe7f26bcc02ee60e972c1b094be7944146a53f886b249b3f977a8f871a22510.exe

  • Size

    24KB

  • MD5

    0d9cdf4a04cbd4ad7d58d777f5cdd5cf

  • SHA1

    3e4909844bfe19cd4a239052e3f4a043c915d269

  • SHA256

    bbe7f26bcc02ee60e972c1b094be7944146a53f886b249b3f977a8f871a22510

  • SHA512

    905cff6972682d02afad4c7decc680004f82ac1bdbef686a03414055dace8eaaf4a1c080af7afd8dffe61412046bdbf3e76cf77132a9afef5dfd47f6787e0e41

Score
3/10

Malware Config

Signatures

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

  • Modifies Internet Explorer settings 1 TTPs 54 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 4 IoCs
  • Suspicious use of WriteProcessMemory 8 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\bbe7f26bcc02ee60e972c1b094be7944146a53f886b249b3f977a8f871a22510.exe
    "C:\Users\Admin\AppData\Local\Temp\bbe7f26bcc02ee60e972c1b094be7944146a53f886b249b3f977a8f871a22510.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:1480
    • C:\Windows\SysWOW64\wscript.exe
      "C:\Windows\system32\wscript.exe" //B "C:\Users\Admin\AppData\Local\Temp\OLbPoNJH.js" "C:\Users\Admin\AppData\Local\Temp\bbe7f26bcc02ee60e972c1b094be7944146a53f886b249b3f977a8f871a22510.exe"
      2⤵
        PID:1764
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" -Embedding
      1⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:1600
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1600 CREDAT:275457 /prefetch:2
        2⤵
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:1840

    Network

    MITRE ATT&CK Matrix ATT&CK v6

    Defense Evasion

    Modify Registry

    1
    T1112

    Discovery

    System Information Discovery

    1
    T1082

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\Local\Temp\OLbPoNJH.js
      Filesize

      6KB

      MD5

      3055ff6048a60e79a704001c8b7a0cdd

      SHA1

      c793381bcc5ae2e1da599352eb74131a6790c224

      SHA256

      6f739f14f1d4dec5d4a62f91cd63caa98766874e9b25cae430990137ad812f37

      SHA512

      e4ee9df4b1c7ee75feb331fa2a597b6dfdf83ed714a753a9278b22eabc389ca78aad48609811ce913ebbb7d7ac01c02f7f495aba7d9c244fa31e7f367d906fc1

    • memory/1480-54-0x0000000076E21000-0x0000000076E23000-memory.dmp
      Filesize

      8KB

    • memory/1764-55-0x0000000000000000-mapping.dmp
    • memory/1764-58-0x0000000000230000-0x0000000000232000-memory.dmp
      Filesize

      8KB