50ae11d0fffa97f3d3bb77a1129ff1bc48d0c6057ab587086173d6de6c38633f

Analysis

max time kernel
40s
max time network
45s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
19/09/2022, 21:02

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

50ae11d0fffa97f3d3bb77a1129ff1bc48d0c6057ab587086173d6de6c38633f.exe
Size

2.4MB
MD5

1e9911bbb20d08c07573afbf761da7b3
SHA1

fbaefc5dfb2fa9c4894d01203d0ab8ec64aaa6ca
SHA256

50ae11d0fffa97f3d3bb77a1129ff1bc48d0c6057ab587086173d6de6c38633f
SHA512

9259f50a587456307cdb16ecdb70f792dbfbf880b687ca83033c5d399565ce610df92ba39052bd7ebb549aa3feb569e02a6c2c1fd4299d6e897459e8b0d20128
SSDEEP

49152:unrrUwl3sxEIVu7M8NVnfkGIRZyH/clZcz+K5VqI6hwf+KZIjQ5xJ8ZhXzW6c:unDxoEIVmMMnfkGIRZyH/clwFVqIEwfH

Score

3^/10

Malware Config

Signatures

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

System Information Discovery
T1082

Modifies Internet Explorer settings 1 TTPs 3 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-2292972927-2705560509-2768824231-1000\Software\Microsoft\Internet Explorer\Main	50ae11d0fffa97f3d3bb77a1129ff1bc48d0c6057ab587086173d6de6c38633f.exe
Key created	\REGISTRY\USER\S-1-5-21-2292972927-2705560509-2768824231-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	50ae11d0fffa97f3d3bb77a1129ff1bc48d0c6057ab587086173d6de6c38633f.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2292972927-2705560509-2768824231-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	50ae11d0fffa97f3d3bb77a1129ff1bc48d0c6057ab587086173d6de6c38633f.exe

Suspicious use of SetWindowsHookEx 4 IoCs

pid	Process
1896	50ae11d0fffa97f3d3bb77a1129ff1bc48d0c6057ab587086173d6de6c38633f.exe
1896	50ae11d0fffa97f3d3bb77a1129ff1bc48d0c6057ab587086173d6de6c38633f.exe
1896	50ae11d0fffa97f3d3bb77a1129ff1bc48d0c6057ab587086173d6de6c38633f.exe
1896	50ae11d0fffa97f3d3bb77a1129ff1bc48d0c6057ab587086173d6de6c38633f.exe

C:\Users\Admin\AppData\Local\Temp\50ae11d0fffa97f3d3bb77a1129ff1bc48d0c6057ab587086173d6de6c38633f.exe
"C:\Users\Admin\AppData\Local\Temp\50ae11d0fffa97f3d3bb77a1129ff1bc48d0c6057ab587086173d6de6c38633f.exe"
1⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:1896

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1896-54-0x00000000763F1000-0x00000000763F3000-memory.dmp

Filesize
8KB

Download