Overview

overview

8

Static

static

73fe21449f...c4.exe

windows7-x64

8

73fe21449f...c4.exe

windows10-2004-x64

8

Analysis

  • max time kernel
    104s
  • max time network
    144s
  • platform
    windows7_x64
  • resource
    win7-20220901-en
  • resource tags

    arch:x64arch:x86image:win7-20220901-enlocale:en-usos:windows7-x64system
  • submitted
    19/09/2022, 06:37

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    73fe21449f9f2d961abf57e57834d1e8d374975ac7ce5fd76bcb18a421904ac4.exe

  • Size

    93KB

  • MD5

    2e52aaa13fbe31fdcbb1ad394b18f6f0

  • SHA1

    a01a1140e90bab785cf12d6ff360c60e50570e66

  • SHA256

    73fe21449f9f2d961abf57e57834d1e8d374975ac7ce5fd76bcb18a421904ac4

  • SHA512

    bbf82abfc41b2c9ba7f2ea4aa91aadcb5f9a38bd594114758e22326a6928d6b23384d563cf51a7013ff8ebff50fc8d22fb2c5bc582e69e5ba6300327cc3c8c8c

  • SSDEEP

    1536:dELwZu/7kSfTCEB9/gBiA3pM8fwiurBXif/j7ZQG2VWIJIxVCroXTxeQvW0CLes:ddu/HfuEBN2ToiurIr7UVWs6ArojxeQ7

Score
8/10
discoverypersistence

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Deletes itself 1 IoCs
  • Loads dropped DLL 5 IoCs
  • Adds Run key to start application 2 TTPs 2 IoCs
    persistence
  • Checks installed software on the system 1 TTPs

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  • Drops file in Program Files directory 2 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

  • Modifies Internet Explorer settings 1 TTPs 35 IoCs
    adwarespyware
  • Modifies data under HKEY_USERS 12 IoCs
  • Modifies registry class 13 IoCs
  • Suspicious use of FindShellTrayWindow 2 IoCs
  • Suspicious use of SendNotifyMessage 1 IoCs
  • Suspicious use of SetWindowsHookEx 4 IoCs
  • Suspicious use of WriteProcessMemory 8 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\73fe21449f9f2d961abf57e57834d1e8d374975ac7ce5fd76bcb18a421904ac4.exe
    "C:\Users\Admin\AppData\Local\Temp\73fe21449f9f2d961abf57e57834d1e8d374975ac7ce5fd76bcb18a421904ac4.exe"
    1⤵
    • Loads dropped DLL
    • Drops file in Program Files directory
    • Suspicious use of WriteProcessMemory
    PID:1368
    • C:\program files\vcom\dialers\sexcams\sexcams.exe
      "C:\program files\vcom\dialers\sexcams\sexcams.exe" -kill c:\users\admin\appdata\local\temp\73fe21449f9f2d961abf57e57834d1e8d374975ac7ce5fd76bcb18a421904ac4.exe /install
      2⤵
      • Executes dropped EXE
      • Deletes itself
      • Loads dropped DLL
      • Adds Run key to start application
      • Modifies data under HKEY_USERS
      • Modifies registry class
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SendNotifyMessage
      PID:896
  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" -Embedding
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:1944
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1944 CREDAT:275457 /prefetch:2
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      PID:1836

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Program Files\vcom\dialers\sexcams\sexcams.exe
    Filesize

    93KB

    MD5

    2e52aaa13fbe31fdcbb1ad394b18f6f0

    SHA1

    a01a1140e90bab785cf12d6ff360c60e50570e66

    SHA256

    73fe21449f9f2d961abf57e57834d1e8d374975ac7ce5fd76bcb18a421904ac4

    SHA512

    bbf82abfc41b2c9ba7f2ea4aa91aadcb5f9a38bd594114758e22326a6928d6b23384d563cf51a7013ff8ebff50fc8d22fb2c5bc582e69e5ba6300327cc3c8c8c

    Download Submit

  • C:\Program Files\vcom\dialers\sexcams\sexcams.exe
    Filesize

    93KB

    MD5

    2e52aaa13fbe31fdcbb1ad394b18f6f0

    SHA1

    a01a1140e90bab785cf12d6ff360c60e50570e66

    SHA256

    73fe21449f9f2d961abf57e57834d1e8d374975ac7ce5fd76bcb18a421904ac4

    SHA512

    bbf82abfc41b2c9ba7f2ea4aa91aadcb5f9a38bd594114758e22326a6928d6b23384d563cf51a7013ff8ebff50fc8d22fb2c5bc582e69e5ba6300327cc3c8c8c

    Download Submit

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\O7WMBD4S.txt
    Filesize

    607B

    MD5

    2fbdbbcc0e07afecef658e0647e5b236

    SHA1

    5ab0f0bca66b47794f4ca98c6627dd45d84d9155

    SHA256

    82afec9be361c2a8c83f8ef6e049d687fd9e7c9837ff6a7e8451c3a23c7f9335

    SHA512

    79c8884ef51da73cc27d4fc913eb5090099524e0a9e3a1031ee9a8804568cb0b1a685323c9cecc4b90fec5f1e6bbe7f68316eb248eeefe901ada0b60d8512294

    Download Submit

  • \Program Files\vcom\dialers\sexcams\sexcams.exe
    Filesize

    93KB

    MD5

    2e52aaa13fbe31fdcbb1ad394b18f6f0

    SHA1

    a01a1140e90bab785cf12d6ff360c60e50570e66

    SHA256

    73fe21449f9f2d961abf57e57834d1e8d374975ac7ce5fd76bcb18a421904ac4

    SHA512

    bbf82abfc41b2c9ba7f2ea4aa91aadcb5f9a38bd594114758e22326a6928d6b23384d563cf51a7013ff8ebff50fc8d22fb2c5bc582e69e5ba6300327cc3c8c8c

    Download Submit

  • \Program Files\vcom\dialers\sexcams\sexcams.exe
    Filesize

    93KB

    MD5

    2e52aaa13fbe31fdcbb1ad394b18f6f0

    SHA1

    a01a1140e90bab785cf12d6ff360c60e50570e66

    SHA256

    73fe21449f9f2d961abf57e57834d1e8d374975ac7ce5fd76bcb18a421904ac4

    SHA512

    bbf82abfc41b2c9ba7f2ea4aa91aadcb5f9a38bd594114758e22326a6928d6b23384d563cf51a7013ff8ebff50fc8d22fb2c5bc582e69e5ba6300327cc3c8c8c

    Download Submit

  • \Program Files\vcom\dialers\sexcams\sexcams.exe
    Filesize

    93KB

    MD5

    2e52aaa13fbe31fdcbb1ad394b18f6f0

    SHA1

    a01a1140e90bab785cf12d6ff360c60e50570e66

    SHA256

    73fe21449f9f2d961abf57e57834d1e8d374975ac7ce5fd76bcb18a421904ac4

    SHA512

    bbf82abfc41b2c9ba7f2ea4aa91aadcb5f9a38bd594114758e22326a6928d6b23384d563cf51a7013ff8ebff50fc8d22fb2c5bc582e69e5ba6300327cc3c8c8c

    Download Submit

  • \Program Files\vcom\dialers\sexcams\sexcams.exe
    Filesize

    93KB

    MD5

    2e52aaa13fbe31fdcbb1ad394b18f6f0

    SHA1

    a01a1140e90bab785cf12d6ff360c60e50570e66

    SHA256

    73fe21449f9f2d961abf57e57834d1e8d374975ac7ce5fd76bcb18a421904ac4

    SHA512

    bbf82abfc41b2c9ba7f2ea4aa91aadcb5f9a38bd594114758e22326a6928d6b23384d563cf51a7013ff8ebff50fc8d22fb2c5bc582e69e5ba6300327cc3c8c8c

    Download Submit

  • \Program Files\vcom\dialers\sexcams\sexcams.exe
    Filesize

    93KB

    MD5

    2e52aaa13fbe31fdcbb1ad394b18f6f0

    SHA1

    a01a1140e90bab785cf12d6ff360c60e50570e66

    SHA256

    73fe21449f9f2d961abf57e57834d1e8d374975ac7ce5fd76bcb18a421904ac4

    SHA512

    bbf82abfc41b2c9ba7f2ea4aa91aadcb5f9a38bd594114758e22326a6928d6b23384d563cf51a7013ff8ebff50fc8d22fb2c5bc582e69e5ba6300327cc3c8c8c

    Download Submit

  • memory/896-65-0x00000000004E0000-0x00000000004F0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/896-66-0x00000000004E0000-0x00000000004F0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/896-67-0x0000000000400000-0x0000000000440000-memory.dmp

    Filesize

    256KB

    Download

  • memory/896-68-0x00000000004E0000-0x00000000004F0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/896-69-0x00000000004E0000-0x00000000004F0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/896-70-0x00000000004E0000-0x00000000004F0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/1368-59-0x0000000000400000-0x0000000000440000-memory.dmp

    Filesize

    256KB

    Download

  • memory/1368-54-0x0000000076461000-0x0000000076463000-memory.dmp

    Filesize

    8KB

    Download