Overview

overview

5

Static

static

c8cdae3ef5...e1.exe

windows7_x64

5

c8cdae3ef5...e1.exe

windows10-2004_x64

3

Analysis

  • max time kernel
    91s
  • max time network
    145s
  • platform
    windows7_x64
  • resource
    win7-20220414-en
  • submitted
    20-04-2022 15:14

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    c8cdae3ef562a690983698c801fdd4173ad8d79fdd7a01ec30de07e18ec706e1.exe

  • Size

    332KB

  • MD5

    3cfb06ec70201cbdb3012291044b88c6

  • SHA1

    3b6db0c3b49ecc22e78e7ead5e4d1f9c6d51b6a7

  • SHA256

    c8cdae3ef562a690983698c801fdd4173ad8d79fdd7a01ec30de07e18ec706e1

  • SHA512

    d7b33f554bc465b5ed13f2c4640e6098d5c680cc89e5185cb9d00a13a0759c67856e94360f70273d4d7674536145cab62054fc4fae3acebda1b12251a76bd3b2

Score
5/10
googlephishing

Malware Config

Signatures

  • Detected potential entity reuse from brand google.
    phishinggoogle
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

  • Program crash 1 IoCs
  • Modifies Internet Explorer settings 1 TTPs 36 IoCs
    adwarespyware
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 12 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\c8cdae3ef562a690983698c801fdd4173ad8d79fdd7a01ec30de07e18ec706e1.exe
    "C:\Users\Admin\AppData\Local\Temp\c8cdae3ef562a690983698c801fdd4173ad8d79fdd7a01ec30de07e18ec706e1.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:632
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" http://www.google.com.br/
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:1956
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1956 CREDAT:275457 /prefetch:2
        3⤵
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:1696
    • C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 632 -s 700
      2⤵
      • Program crash
      PID:364

Network

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

System Information Discovery

1
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    790bbb5bf9e9688c5585942268b27332

    SHA1

    e2c27046cdbe137a133a59ff6d3954f2df153ae8

    SHA256

    9245568dda8143c4bb1e20ac384b6d2f7dc2e3b649f527468265272d7e450c20

    SHA512

    96dd601d24c179c11caf545f9041eb1f3f9d75f3f8e64ff1eb860bc9dd8fc10ca50ff7ad91a60ce351d73c168e7c5ce080888ee38b1a27769e23a3420578f8ba

    Download Submit
  • C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\imagestore\ezmz917\imagestore.dat
    Filesize

    9KB

    MD5

    14342c202ed2fa31e8284ea764576fc0

    SHA1

    169708e0ce76198444f39b70e389c4faf3b8ecca

    SHA256

    52682a0d15a597c15d271bc95b9f66cfbe9c0dc370c344c5179729e9b4ee534e

    SHA512

    803dfb8b0b2589b7539ee1e348d8ec35c870781aedbe30a324256f4f198d8fb713b96dff2fa3e9dc5f63f85eeb74e1065d76acf4dec94d737a0b519359ee5037

    Download Submit
  • C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0O8D7KIM\favicon[1].ico
    Filesize

    5KB

    MD5

    f3418a443e7d841097c714d69ec4bcb8

    SHA1

    49263695f6b0cdd72f45cf1b775e660fdc36c606

    SHA256

    6da5620880159634213e197fafca1dde0272153be3e4590818533fab8d040770

    SHA512

    82d017c4b7ec8e0c46e8b75da0ca6a52fd8bce7fcf4e556cbdf16b49fc81be9953fe7e25a05f63ecd41c7272e8bb0a9fd9aedf0ac06cb6032330b096b3702563

    Download Submit
  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\FZ4TTWDF.txt
    Filesize

    602B

    MD5

    057a8bf1abcfaca73a4a27d8affa277d

    SHA1

    c8b14af7b1f398be1151304f6400cf09d85cc4f4

    SHA256

    7d15d821c93477eda47d4f63cc0d897720e73bf7893611dc9fc1d80ef3acf488

    SHA512

    c9cbba7f28acba461b135132ab345a4c4d3ac8ebf8da7eb197dea75095c679e75a7839adcd2bb99a68cb0d7a7c9e114c4803301bf27cdf55eb4474a444ee4aec

    Download Submit
  • memory/364-65-0x0000000000000000-mapping.dmp
    Download
  • memory/632-58-0x000000007EF50000-0x000000007EFAC000-memory.dmp
    Filesize

    368KB

    Download
  • memory/632-60-0x0000000075391000-0x0000000075393000-memory.dmp
    Filesize

    8KB

    Download
  • memory/632-62-0x000000007EF50000-0x000000007EFAC000-memory.dmp
    Filesize

    368KB

    Download
  • memory/632-61-0x000000007EF50000-0x000000007EFAC000-memory.dmp
    Filesize

    368KB

    Download
  • memory/632-63-0x000000007EF50000-0x000000007EFAC000-memory.dmp
    Filesize

    368KB

    Download
  • memory/632-64-0x0000000000400000-0x0000000000461000-memory.dmp
    Filesize

    388KB

    Download
  • memory/632-59-0x000000007EF50000-0x000000007EFAC000-memory.dmp
    Filesize

    368KB

    Download
  • memory/632-54-0x000000007EF50000-0x000000007EFAC000-memory.dmp
    Filesize

    368KB

    Download
  • memory/632-57-0x000000007EF50000-0x000000007EFAC000-memory.dmp
    Filesize

    368KB

    Download
  • memory/632-56-0x000000007EF50000-0x000000007EFAC000-memory.dmp
    Filesize

    368KB

    Download
  • memory/632-55-0x000000007EF50000-0x000000007EFAC000-memory.dmp
    Filesize

    368KB

    Download