Overview

overview

8

Static

static

?????.exe

windows7_x64

8

?????.exe

windows10-2004_x64

8

Resubmissions

28-05-2022 04:44

220528-fc3bqshcf7 8

28-05-2022 04:40

220528-fat8cadchk 3

28-05-2022 04:28

220528-e328zsdagk 8

Analysis

  • max time kernel
    112s
  • max time network
    112s
  • platform
    windows7_x64
  • resource
    win7-20220414-en
  • submitted
    28-05-2022 04:44

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    ?????.exe

  • Size

    1.1MB

  • MD5

    50d655c1028aea459d40bf26039d17fd

  • SHA1

    eb836fc9323c52f809c8eab1b2bf925f8ecb32c7

  • SHA256

    4ced3461bf68cffbc35c50d02496235721236ad52305e874d852c7f9f00ab249

  • SHA512

    509ac8e9307a489783f396160c6343dc2a1b3306bb5e4ab8dda4580a6c411eba5160974aebe4d6aca40cf21ab1bf4b8e7f0f1056bc82e61e0a0c146883b66a81

Score
8/10
adwarepersistencestealer

Malware Config

Signatures

  • Registers COM server for autorun 1 TTPs
    persistence
  • Sets service image path in registry 2 TTPs
    persistence
  • Installs/modifies Browser Helper Object 2 TTPs

    BHOs are DLL modules which act as plugins for Internet Explorer.

    stealeradware
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

  • Modifies Internet Explorer settings 1 TTPs 55 IoCs
    adwarespyware
  • Modifies registry class 64 IoCs
  • Runs regedit.exe 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 8 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 10 IoCs
  • Suspicious use of WriteProcessMemory 8 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\_____.exe
    "C:\Users\Admin\AppData\Local\Temp\_____.exe"
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:1708
    • C:\Windows\regedit.exe
      regedit /s C:\Users\Admin\AppData\Local\Temp\6da852.tmp
      2⤵
      • Modifies Internet Explorer settings
      • Modifies registry class
      • Runs regedit.exe
      PID:468
  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe"
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:976
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:976 CREDAT:275457 /prefetch:2
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      PID:1948

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\6da852.tmp
    Filesize

    65KB

    MD5

    cde4dc3a4a0d0396b1d1b075890068ce

    SHA1

    0e20a170363991327cee99951db5fb3a342d2c0a

    SHA256

    55eebc7b3d386e6c4cda29bf1605a5867a4c69be06953058eba4a428ea63b3d6

    SHA512

    7282e417c32a2a9ead2e5e80413e02fb23e36aa7e5646994b68e14f7d06d2155b4d4b0d71e1883aa036da4b97493f0b7bacf1acccb96136d66223a06c9c0f599

    Download Submit

  • memory/468-74-0x0000000000000000-mapping.dmp

    Download

  • memory/468-75-0x000007FEFBE51000-0x000007FEFBE53000-memory.dmp

    Filesize

    8KB

    Download

  • memory/1708-54-0x00000000758D1000-0x00000000758D3000-memory.dmp

    Filesize

    8KB

    Download