Overview

overview

7

Static

static

d1a2a1e22c...41.exe

windows7_x64

5

d1a2a1e22c...41.exe

windows10-2004_x64

7

Analysis

  • max time kernel
    95s
  • max time network
    153s
  • platform
    windows7_x64
  • resource
    win7-20220331-en
  • submitted
    07-04-2022 19:52

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    d1a2a1e22c9667d4ff6c4a89a0e43473e79c4d89b4690176361550aaf4352941.exe

  • Size

    47KB

  • MD5

    03b7e356bdc47452c7710c566d33b12d

  • SHA1

    dd2f19962dadeba05a5299b32343fb37221af0b9

  • SHA256

    d1a2a1e22c9667d4ff6c4a89a0e43473e79c4d89b4690176361550aaf4352941

  • SHA512

    d77a717048797e9328c7cdc17eba4b32b03c84fabf8530e10dc82b3e7839f1a63487eb5f07eb9bb3aa2451abaeed3ab7b23d866c078f0161b22357e792457166

Score
5/10

Malware Config

Signatures

  • Drops file in System32 directory 2 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

  • Modifies Internet Explorer settings 1 TTPs 36 IoCs
    adwarespyware
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 12 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\d1a2a1e22c9667d4ff6c4a89a0e43473e79c4d89b4690176361550aaf4352941.exe
    "C:\Users\Admin\AppData\Local\Temp\d1a2a1e22c9667d4ff6c4a89a0e43473e79c4d89b4690176361550aaf4352941.exe"
    1⤵
    • Drops file in System32 directory
    • Suspicious use of WriteProcessMemory
    PID:1796
    • C:\Program Files (x86)\Internet Explorer\iexplore.exe
      "C:\Program Files (x86)\Internet Explorer\iexplore.exe" www.google.com.br
      2⤵
      • Suspicious use of WriteProcessMemory
      PID:808
      • C:\Program Files\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files\Internet Explorer\IEXPLORE.EXE" www.google.com.br
        3⤵
        • Modifies Internet Explorer settings
        • Suspicious use of FindShellTrayWindow
        • Suspicious use of SetWindowsHookEx
        • Suspicious use of WriteProcessMemory
        PID:1416
        • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
          "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1416 CREDAT:275457 /prefetch:2
          4⤵
          • Modifies Internet Explorer settings
          • Suspicious use of SetWindowsHookEx
          PID:1916

Network

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

System Information Discovery

1
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    68c1395cf6359ef556a43626081a1831

    SHA1

    f29940a1b066a7f977515479aa3fcde6b357f71b

    SHA256

    357de816e7796dd7e9a441a980388611ce78cb7acdbc9edb923616c7aa6ef868

    SHA512

    487eab1afa9e44f724af74d8eeb5f56e94ba8493dcb0ebb8b1052691544de41734c7e80331006cfdad2880313f6b9adae30aa647556e4f81912bd65e8d0901fc

    Download Submit
  • C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\imagestore\b1rou5u\imagestore.dat
    Filesize

    9KB

    MD5

    d7dfeb4fd89dac7ee7785ff7783482d3

    SHA1

    37e5780b3d45f3cb4e1d61f0e68d33f727f2a90b

    SHA256

    13739f20d2850d570828ec336a75c5a40faad0b3f3e3b6add9a32d1d84192552

    SHA512

    3cf11e3341c6a11ba5b99ec6bb32e81b635e00a1c00ed2917e56bcf2d094c344f04a31cc01819372498200094af5d7ad93ac020a920efce7016f3a91b293d0d1

    Download Submit
  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\T56ZV2EU.txt
    Filesize

    595B

    MD5

    a60d8d1f97c7b95223c6433bc21eb355

    SHA1

    62712e596a3a1d846c676dceef4c3722049c74bc

    SHA256

    9ff146c6c3701d1d966748b6a3ebfc8b5f36f015aa5a49324b1c4debf3c1a87a

    SHA512

    e4cf8808faee6abbac00f0db5aeb47c3709714ab9a2881ccc9e11b199eabd564b31d70d8cbffd38fd24fe374350bbe4feabc88e1444e93c8536ff55a13639f90

    Download Submit
  • memory/1796-54-0x0000000075A51000-0x0000000075A53000-memory.dmp
    Filesize

    8KB

    Download
  • memory/1796-55-0x00000000002A0000-0x00000000002A2000-memory.dmp
    Filesize

    8KB

    Download