Overview

overview

8

Static

static

8

8dc952f6a2...03.exe

windows7-x64

8

8dc952f6a2...03.exe

windows10-2004-x64

8

Analysis

  • max time kernel
    93s
  • max time network
    176s
  • platform
    windows7_x64
  • resource
    win7-20220812-en
  • resource tags

    arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
  • submitted
    19-09-2022 14:28

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    8dc952f6a2a8f63028b259b243e6c36e0a21fc25ec81b757d93c46c15049b203.exe

  • Size

    1012KB

  • MD5

    f8beac0e01d18f8f99dc17ee812231f7

  • SHA1

    19b9d587e78e0f9e795bed431554de65d005f914

  • SHA256

    8dc952f6a2a8f63028b259b243e6c36e0a21fc25ec81b757d93c46c15049b203

  • SHA512

    dc4a43a95bafe4ea2ad8b2bcb4c38c22fbd5a3ef7958a7817016d5ddf6e6363c319ceb5b5b1adae65f28811707c2e3b4cdfbd36e4c634584db3e3cf4ece3de25

  • SSDEEP

    24576:8PatCg7EPimZG63cCEpshK9pnCmkm/30bCv/usIKc7af5fuU8:vtV7EPimD3c8dmw6TVTRfu

Score
8/10
upx

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • UPX packed file 7 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Loads dropped DLL 1 IoCs
  • AutoIT Executable 4 IoCs

    AutoIT scripts compiled to PE executables.

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

  • Modifies Internet Explorer settings 1 TTPs 35 IoCs
    adwarespyware
  • Suspicious behavior: EnumeratesProcesses 2 IoCs
  • Suspicious use of FindShellTrayWindow 7 IoCs
  • Suspicious use of SendNotifyMessage 6 IoCs
  • Suspicious use of SetWindowsHookEx 4 IoCs
  • Suspicious use of WriteProcessMemory 11 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\8dc952f6a2a8f63028b259b243e6c36e0a21fc25ec81b757d93c46c15049b203.exe
    "C:\Users\Admin\AppData\Local\Temp\8dc952f6a2a8f63028b259b243e6c36e0a21fc25ec81b757d93c46c15049b203.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    • Suspicious use of WriteProcessMemory
    PID:980
    • C:\Users\Admin\AppData\Local\Temp\FGSetup.exe
      C:\Users\Admin\AppData\Local\Temp\FGSetup.exe "DE"
      2⤵
      • Executes dropped EXE
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SendNotifyMessage
      PID:272
  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" -Embedding
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:624
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:624 CREDAT:275457 /prefetch:2
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      PID:584

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    340B

    MD5

    6b21a2b5bb19744d0ba46269c650769d

    SHA1

    592d547c8c47f53ec55da3f05878294fee6a1c12

    SHA256

    c4a798fd0828571ecd183ec88da655c5eb0fed75568002dbea6898c7fa05f516

    SHA512

    0ad276503f68fcea233a15c1831a1ff26d1875626b86dc26ea83df30266ec3e3ca22940a2e34511c6584535d413627f6cc09b78c3c424f896e50b6fd547a674b

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\FGSetup.exe
    Filesize

    757KB

    MD5

    adc0ad8828846de3c6ae5cca1c545b18

    SHA1

    40806f0616ea44553e1d5a5e3a545bac3ebac3b9

    SHA256

    0bbe59f2023d06ebb69cecfe207aaa25d02473f3838ab43e96b2a47024c47c53

    SHA512

    27f5b3a941568669d29c991cbf9e3ccf7bc64ccac36b90d54c5a9b2365b60f0c6c22370fd0d8fedf7532a7617d62be5a4f20f77399f7a8c60c2ddbe3bf4ef032

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\FGSetup.exe
    Filesize

    757KB

    MD5

    adc0ad8828846de3c6ae5cca1c545b18

    SHA1

    40806f0616ea44553e1d5a5e3a545bac3ebac3b9

    SHA256

    0bbe59f2023d06ebb69cecfe207aaa25d02473f3838ab43e96b2a47024c47c53

    SHA512

    27f5b3a941568669d29c991cbf9e3ccf7bc64ccac36b90d54c5a9b2365b60f0c6c22370fd0d8fedf7532a7617d62be5a4f20f77399f7a8c60c2ddbe3bf4ef032

    Download Submit

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\FLH9G6F8.txt
    Filesize

    608B

    MD5

    f2ee14cafc0fdb5b9890c07ffd7a2807

    SHA1

    34800c0a7b248570d23ee8ed14a64d6f380efe69

    SHA256

    0cee7f5b08d86d9230956bf263d77177ea49df72ef30fea1b84c40486d8ad94c

    SHA512

    74fd1f0164de1ce2feb4dee50b3755acff74cefa96dc1276ffc1e34d517e633be62151ef0873ec292ffa0f89cf2a4ee67717cc7761f024db86f6b7f78bbc3c84

    Download Submit

  • \Users\Admin\AppData\Local\Temp\FGSetup.exe
    Filesize

    757KB

    MD5

    adc0ad8828846de3c6ae5cca1c545b18

    SHA1

    40806f0616ea44553e1d5a5e3a545bac3ebac3b9

    SHA256

    0bbe59f2023d06ebb69cecfe207aaa25d02473f3838ab43e96b2a47024c47c53

    SHA512

    27f5b3a941568669d29c991cbf9e3ccf7bc64ccac36b90d54c5a9b2365b60f0c6c22370fd0d8fedf7532a7617d62be5a4f20f77399f7a8c60c2ddbe3bf4ef032

    Download Submit

  • memory/272-65-0x0000000000400000-0x00000000004A2000-memory.dmp

    Filesize

    648KB

    Download

  • memory/272-57-0x0000000000000000-mapping.dmp

    Download

  • memory/272-62-0x0000000000400000-0x00000000004A2000-memory.dmp

    Filesize

    648KB

    Download

  • memory/980-61-0x0000000003720000-0x00000000037C2000-memory.dmp

    Filesize

    648KB

    Download

  • memory/980-64-0x0000000003720000-0x00000000037C2000-memory.dmp

    Filesize

    648KB

    Download

  • memory/980-63-0x0000000000400000-0x00000000004A2000-memory.dmp

    Filesize

    648KB

    Download

  • memory/980-54-0x0000000075811000-0x0000000075813000-memory.dmp

    Filesize

    8KB

    Download

  • memory/980-55-0x0000000000400000-0x00000000004A2000-memory.dmp

    Filesize

    648KB

    Download