Overview

overview

7

Static

static

d1a2a1e22c...41.exe

windows7_x64

5

d1a2a1e22c...41.exe

windows10-2004_x64

7

Analysis

  • max time kernel
    129s
  • max time network
    145s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-en-20220113
  • submitted
    07-04-2022 19:52

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    d1a2a1e22c9667d4ff6c4a89a0e43473e79c4d89b4690176361550aaf4352941.exe

  • Size

    47KB

  • MD5

    03b7e356bdc47452c7710c566d33b12d

  • SHA1

    dd2f19962dadeba05a5299b32343fb37221af0b9

  • SHA256

    d1a2a1e22c9667d4ff6c4a89a0e43473e79c4d89b4690176361550aaf4352941

  • SHA512

    d77a717048797e9328c7cdc17eba4b32b03c84fabf8530e10dc82b3e7839f1a63487eb5f07eb9bb3aa2451abaeed3ab7b23d866c078f0161b22357e792457166

Score
7/10
googlephishing

Malware Config

Signatures

  • Checks computer location settings 2 TTPs 1 IoCs

    Looks up country code configured in the registry, likely geofence.

  • Detected potential entity reuse from brand google.
    phishinggoogle
  • Drops file in System32 directory 2 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

  • Modifies Internet Explorer settings 1 TTPs 39 IoCs
    adwarespyware
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 8 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\d1a2a1e22c9667d4ff6c4a89a0e43473e79c4d89b4690176361550aaf4352941.exe
    "C:\Users\Admin\AppData\Local\Temp\d1a2a1e22c9667d4ff6c4a89a0e43473e79c4d89b4690176361550aaf4352941.exe"
    1⤵
    • Checks computer location settings
    • Drops file in System32 directory
    • Suspicious use of WriteProcessMemory
    PID:4560
    • C:\Program Files (x86)\Internet Explorer\iexplore.exe
      "C:\Program Files (x86)\Internet Explorer\iexplore.exe" www.google.com.br
      2⤵
      • Suspicious use of WriteProcessMemory
      PID:784
      • C:\Program Files\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files\Internet Explorer\IEXPLORE.EXE" www.google.com.br
        3⤵
        • Modifies Internet Explorer settings
        • Suspicious behavior: GetForegroundWindowSpam
        • Suspicious use of FindShellTrayWindow
        • Suspicious use of SetWindowsHookEx
        • Suspicious use of WriteProcessMemory
        PID:4376
        • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
          "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:4376 CREDAT:17410 /prefetch:2
          4⤵
          • Modifies Internet Explorer settings
          • Suspicious use of SetWindowsHookEx
          PID:4720

Network

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

Query Registry

1
T1012

System Information Discovery

2
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776
    Filesize

    471B

    MD5

    e348697366720448711f9e9c1036ba3b

    SHA1

    14d8a83293b28acbd2eff3ce38a425fc4a3a2efc

    SHA256

    728076d02d5d55e603797d77e7cb186959666f836bd78d5d91f8e77fc90b7b56

    SHA512

    d4c5336f14dd68789f254ed82af3a2ae3c592b40f179092a430356ddce82a48e74e75f0833d6e5654113f3807a3b61a8031cfa2cfa37b81fc8094b49949a16e4

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776
    Filesize

    434B

    MD5

    4d8132f53119eac7ba58a6354257e287

    SHA1

    5a3e7825638280fec5f7ee147549ce6e54e0b668

    SHA256

    8b646d41271b48c55911154a338c8f549778e9874bbfd236ff61426abc8507df

    SHA512

    0b859aa78a8c8d7dd109bdf90774554a6640147e64721bfe9c2c3a61e5ee740aeb30c89be9bd15ea79370d392e822350e00607a2c9619caef6a58d70cfbac6bd

    Download Submit
  • C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\imagestore\ves0881\imagestore.dat
    Filesize

    5KB

    MD5

    15156c5e45fba782840bf405d9bb78a3

    SHA1

    8351f78bd60b7aaa625f0a5d062e09fec85f5a26

    SHA256

    1ee240d5bf94a8e12709c885b6e03b26e5d2429b5394f07ff7757958d03c54aa

    SHA512

    3a29a45db706a9e04c08031ac54b60d63bddaa9095097845aa7446ed5b60bb03c3af00cd1eca548bd454cb39308ef81c1d9a39d7739b3137400edddc955fa8c7

    Download Submit
  • memory/4560-130-0x00000000004E0000-0x00000000004E2000-memory.dmp
    Filesize

    8KB

    Download