Overview

overview

6

Static

static

cb7a566b88...be.exe

windows7-x64

6

cb7a566b88...be.exe

windows10-2004-x64

6

Analysis

  • max time kernel
    134s
  • max time network
    138s
  • platform
    windows7_x64
  • resource
    win7-20220812-en
  • resource tags

    arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
  • submitted
    19/09/2022, 01:32

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    cb7a566b889230fc6712f5125cc6d25ed0fc6f504e28b0a2d100470047e96cbe.exe

  • Size

    141KB

  • MD5

    7de91bef548111c7abdaf55aa5c91ffa

  • SHA1

    ae8c1ccc8c7df89bb041e3c4575910d34495c4a4

  • SHA256

    cb7a566b889230fc6712f5125cc6d25ed0fc6f504e28b0a2d100470047e96cbe

  • SHA512

    b6bdff3cfb61176440c6006544575ac7d9e534859993beb46ee9e658b3cef3f0b5a7aea40e08eafa08d1bec0164b236b0beedf1c6d9d3e307a5c441ec183a9b8

  • SSDEEP

    3072:Mepmq4hYt4iVRLAw0WbSBLrFCzPtOATw:MImq4hC4cRUw0OSNG4

Score
6/10
persistence

Malware Config

Signatures

  • Adds Run key to start application 2 TTPs 2 IoCs
    persistence
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

  • Modifies Internet Explorer settings 1 TTPs 33 IoCs
    adwarespyware
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 7 IoCs
  • Suspicious use of WriteProcessMemory 8 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\cb7a566b889230fc6712f5125cc6d25ed0fc6f504e28b0a2d100470047e96cbe.exe
    "C:\Users\Admin\AppData\Local\Temp\cb7a566b889230fc6712f5125cc6d25ed0fc6f504e28b0a2d100470047e96cbe.exe"
    1⤵
    • Adds Run key to start application
    • Modifies Internet Explorer settings
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:1872
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" http://www.youtube.com/watch?v=vsd3g0h_vs0
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:1744
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1744 CREDAT:275457 /prefetch:2
        3⤵
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:524

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    340B

    MD5

    170ff0af58dc4f31296493af810fe491

    SHA1

    3bef4277aca6af058609f45b5ff022f68d2527e9

    SHA256

    7b1297588e90311f3096c6a89e34f25855a6109873dc575a360d4c83b38a8c27

    SHA512

    479ebde3b2414890825a66951dc32688bead41145f57e17b10faae8014f444b8341d0a75536cd752eb12ef1a69d19b8c2dc6fb4ceedf51e325b393a4bc538cc6

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\imagestore\1evexod\imagestore.dat
    Filesize

    5KB

    MD5

    c438f324863cf2a4b55a17bd3dc15c2a

    SHA1

    fc8a2e679272ee33d1a2874a298aac8d8c9a1d0a

    SHA256

    83a3efdd97c0feef82ae8e17a2d12c8ba464516e9006af74e0d150b3be8efddc

    SHA512

    691df7503677fb2432cabd49a64131f525c1783c2ff24ebf8cd8a1458e4077b79e5c92f6d85f47002bca0a101aae1067be3e7f16ee7dcd21a03f0a547b4664e7

    Download Submit

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\MS9YQZ09.txt
    Filesize

    606B

    MD5

    e8ebfa8ee96cc7df78aefae375e1f497

    SHA1

    857ea64e808269aa4ea6f930987d924286002b1b

    SHA256

    047f151c04117c803016c28002bcc10d1301f11dd0ca694ecba2d0b00d14d7d8

    SHA512

    c3dea00ca4784be7b0fe7aabb3db8b8bc402eb3e3b173befee8abc1f8a38d1133371467cdc8e2887fb82df47380e7604dde53f7a7634cf20f56c3ecdb6d8fc63

    Download Submit

  • memory/1872-54-0x0000000000400000-0x0000000000484000-memory.dmp

    Filesize

    528KB

    Download

  • memory/1872-55-0x0000000000490000-0x00000000004D6000-memory.dmp

    Filesize

    280KB

    Download

  • memory/1872-58-0x0000000075841000-0x0000000075843000-memory.dmp

    Filesize

    8KB

    Download

  • memory/1872-60-0x0000000000490000-0x00000000004D6000-memory.dmp

    Filesize

    280KB

    Download

  • memory/1872-61-0x0000000003220000-0x0000000003CDA000-memory.dmp

    Filesize

    10.7MB

    Download

  • memory/1872-62-0x0000000000400000-0x0000000000484000-memory.dmp

    Filesize

    528KB

    Download