Overview

overview

6

Static

static

15b250c6a5...f3.exe

windows7_x64

3

15b250c6a5...f3.exe

windows10-2004_x64

6

Analysis

  • max time kernel
    149s
  • max time network
    149s
  • platform
    windows7_x64
  • resource
    win7-20220414-en
  • submitted
    20-05-2022 17:58

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    15b250c6a5dba64cdda1abf3edf75d401333408894b5ea33800547cf4b6d9ef3.exe

  • Size

    1.0MB

  • MD5

    6147c92355c4b9bcbb7cf708dcf492ba

  • SHA1

    23e1f78d9a29c88324e3ac5e9ce7c186a247b08f

  • SHA256

    15b250c6a5dba64cdda1abf3edf75d401333408894b5ea33800547cf4b6d9ef3

  • SHA512

    5bde522904576ad9375889ba935ffd5a8e762a60f0e7d8a4c071c6f4df0cfe63a2e14e010bac15240ba2e4dc6363678c896a7b6844406c953b5f65f775105412

Score
3/10

Malware Config

Signatures

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

  • Modifies Internet Explorer settings 1 TTPs 36 IoCs
    adwarespyware
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 7 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\15b250c6a5dba64cdda1abf3edf75d401333408894b5ea33800547cf4b6d9ef3.exe
    "C:\Users\Admin\AppData\Local\Temp\15b250c6a5dba64cdda1abf3edf75d401333408894b5ea33800547cf4b6d9ef3.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:784
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" http://go.microsoft.com/fwlink/?prd=11324&pver=4.5&sbp=AppLaunch2&plcid=0x409&o1=SHIM_GOTO_CONTROLPANEL&version=v2.0&processName=15b250c6a5dba64cdda1abf3edf75d401333408894b5ea33800547cf4b6d9ef3.exe&platform=0009&osver=5&isServer=0&shimver=4.0.30319.0
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:2012
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2012 CREDAT:275457 /prefetch:2
        3⤵
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:972

Network

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

System Information Discovery

1
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
    Filesize

    60KB

    MD5

    b9f21d8db36e88831e5352bb82c438b3

    SHA1

    4a3c330954f9f65a2f5fd7e55800e46ce228a3e2

    SHA256

    998e0209690a48ed33b79af30fc13851e3e3416bed97e3679b6030c10cab361e

    SHA512

    d4a2ac7c14227fbaf8b532398fb69053f0a0d913273f6917027c8cadbba80113fdbec20c2a7eb31b7bb57c99f9fdeccf8576be5f39346d8b564fc72fb1699476

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    7b4206aa7bb86b712d1411bb2ee2c8cf

    SHA1

    18a4289d2eb5e504ba5ca2bed8c2efdf8dcd678c

    SHA256

    84e452c8384a70b524f9fc2cada245f496674297e4156c1b0e41b2bcdc19ca06

    SHA512

    69468d5755cb730faec8c9a1b5a0e1f647c8d1e2b3c023126c19701d7470f47872ccdfeaaad7b5527e55d87c548d28ed91e74606c5ba48351dc53c2033d1cb0e

    Download Submit
  • C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\imagestore\1b4wh1e\imagestore.dat
    Filesize

    21KB

    MD5

    b20f31730f850eb54154c2f21c3800bf

    SHA1

    6fe8d6a8c585c4eb898624210da0e704f8ad30b8

    SHA256

    7fdf8486f14118f0975558508900655a3ee28a8b535a7b8267117f9a559ffd69

    SHA512

    c8b327d1696a0e62a160aafc30971c9fc7707b4b041289c4a66883bacc2b4bf93afae5e6c311f57579ca985e5fc7ab7c9ca425ebe8775b689b46f185f55191a1

    Download Submit
  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\BF216FWG.txt
    Filesize

    599B

    MD5

    f311eaab9c0b3c23ea6cc9a29c755978

    SHA1

    65da654146174ae331ef6bf7c58d357ccac540ad

    SHA256

    e55a5acb6debaaba8127780ec582d6c08cc503c56c54250b1b79aa49bdc3c7d3

    SHA512

    ed157286c565472e986b62833b5ccaa9eacf64a0ff038654aed06a23af9bcdd4710096bd7855b1d827e15eea0a8e74f34ffcbfe0aae2392429c514b888b248c3

    Download Submit
  • memory/784-54-0x000007FEFC061000-0x000007FEFC063000-memory.dmp
    Filesize

    8KB

    Download