Overview

overview

6

Static

static

cfd1e06353...14.exe

windows7_x64

5

cfd1e06353...14.exe

windows10-2004_x64

6

Analysis

  • max time kernel
    141s
  • max time network
    150s
  • platform
    windows7_x64
  • resource
    win7-20220414-en
  • submitted
    20-04-2022 15:01

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    cfd1e063534828852d5ca5d29618fa940032f65eb27adce501912f8d6c2e6414.exe

  • Size

    54KB

  • MD5

    ea1dc4ec0feabcbd4996ca8bc6ff488b

  • SHA1

    d9b57717f9e84612a76f5f4d74df781f8d504ab0

  • SHA256

    cfd1e063534828852d5ca5d29618fa940032f65eb27adce501912f8d6c2e6414

  • SHA512

    302975a201c8f7fdb2c6b87621d47c42230863b738703fa83df35a5c443668e8dffd78abcaa65bf31a968fa9815a3a65ea54025a1fea3047689dbb4a9d341216

Score
5/10
googlephishing

Malware Config

Signatures

  • Detected potential entity reuse from brand google.
    phishinggoogle
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

  • Modifies Internet Explorer settings 1 TTPs 36 IoCs
    adwarespyware
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 8 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\cfd1e063534828852d5ca5d29618fa940032f65eb27adce501912f8d6c2e6414.exe
    "C:\Users\Admin\AppData\Local\Temp\cfd1e063534828852d5ca5d29618fa940032f65eb27adce501912f8d6c2e6414.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:1464
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" http://www.google.com.br/
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:1100
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1100 CREDAT:275457 /prefetch:2
        3⤵
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:1740

Network

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

System Information Discovery

1
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    34287e44af4a8c8e98f3ec60041464cf

    SHA1

    a5e171b814302e6f6f0aaac2de74fcf75ebd5ab8

    SHA256

    68ca1f7b15bb57c9715b436f7484a8e28e627009e20d34dc4a155eec7d7fcec6

    SHA512

    6f93fac68e6d38da419b2c0e703b125b0bc071522a58a2a5d11a869cd86688a883e45e8fdd7dddd62a3388a6118ba4c2e21b578c375efd474fce1d83378f07bf

    Download Submit
  • C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\imagestore\1b4wh1e\imagestore.dat
    Filesize

    9KB

    MD5

    3e1798459693533c123a3208f7e0023d

    SHA1

    0911128849b6f31025d1bf44cabd3ca0fe34be45

    SHA256

    86f8f90487d066710570f6ff0f9fd5ec513b17c243dc6a3dc7806c594c069d01

    SHA512

    a1e3a290862180868ca04ed7e94d4ef7ece72e8b38a54371a6f1a55c3726e2fb15eee85d731ee989d34014dc989d71c687b9310e989cca8eae1da1295f4044d7

    Download Submit
  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\9FOP67XM.txt
    Filesize

    607B

    MD5

    ad8bc5c881cc6b9ce8b1ac26fedec637

    SHA1

    4a29ed4df0a944233889d678809922926ffcf62d

    SHA256

    f598a4c1e614d32884bef80640438e737ee199c9c92eb014714681fcd744e243

    SHA512

    1edf26d8148fb36f840c89cc89ef1d26be730736e43a0630ba2ac9ca9b44aa4417306330f14587644fd9140e687f44b13b6e01e7aefb797b4855c5bfbc975392

    Download Submit
  • memory/1464-54-0x0000000075381000-0x0000000075383000-memory.dmp
    Filesize

    8KB

    Download