Overview

overview

8

Static

static

8

5441911ce2...02.dll

windows7-x64

8

5441911ce2...02.dll

windows10-2004-x64

8

Analysis

  • max time kernel
    161s
  • max time network
    196s
  • platform
    windows7_x64
  • resource
    win7-20220812-en
  • resource tags

    arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
  • submitted
    02/10/2022, 06:13

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    5441911ce27cf0c88a7c3a4694ddedc1072b270c53c4c481e40f9a0aa604a302.dll

  • Size

    154KB

  • MD5

    71d3291d570dc5bf91120b15ff56dc84

  • SHA1

    a7425b8abed1d8163bf682b510ad0f62954b31d8

  • SHA256

    5441911ce27cf0c88a7c3a4694ddedc1072b270c53c4c481e40f9a0aa604a302

  • SHA512

    c5b051f7f746eab6db2c00709fdb740e2983a9c3cf78fc3d3041398a6f6605d12649bb8af063f8eeb5a55855a229022cbe724e7a28d453c0a3476cd5742df8c1

  • SSDEEP

    3072:H5SukrhEEr8bldysJ+W+M7FKW1GXQlK22x1aC1d1FykJ:ZSukxr8SsXQ2Cy

Score
8/10
vmprotect

Malware Config

Signatures

  • VMProtect packed file 2 IoCs

    Detects executables packed with VMProtect commercial packer.

    vmprotect
  • Suspicious use of NtSetInformationThreadHideFromDebugger 1 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

  • Modifies Internet Explorer settings 1 TTPs 64 IoCs
    adwarespyware
  • Suspicious use of FindShellTrayWindow 2 IoCs
  • Suspicious use of SetWindowsHookEx 10 IoCs
  • Suspicious use of WriteProcessMemory 23 IoCs

Processes

  • C:\Windows\system32\rundll32.exe
    rundll32.exe C:\Users\Admin\AppData\Local\Temp\5441911ce27cf0c88a7c3a4694ddedc1072b270c53c4c481e40f9a0aa604a302.dll,#1
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:1636
    • C:\Windows\SysWOW64\rundll32.exe
      rundll32.exe C:\Users\Admin\AppData\Local\Temp\5441911ce27cf0c88a7c3a4694ddedc1072b270c53c4c481e40f9a0aa604a302.dll,#1
      2⤵
      • Suspicious use of NtSetInformationThreadHideFromDebugger
      • Suspicious use of WriteProcessMemory
      PID:1732
      • C:\Program Files\Internet Explorer\iexplore.exe
        "C:\Program Files\Internet Explorer\iexplore.exe" http://9reyes.net/
        3⤵
        • Modifies Internet Explorer settings
        • Suspicious use of FindShellTrayWindow
        • Suspicious use of SetWindowsHookEx
        • Suspicious use of WriteProcessMemory
        PID:1568
        • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
          "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1568 CREDAT:275457 /prefetch:2
          4⤵
          • Modifies Internet Explorer settings
          • Suspicious use of SetWindowsHookEx
          PID:1060
      • C:\Program Files\Internet Explorer\iexplore.exe
        "C:\Program Files\Internet Explorer\iexplore.exe" http://cheatrakion.blogspot.com/
        3⤵
        • Modifies Internet Explorer settings
        • Suspicious use of FindShellTrayWindow
        • Suspicious use of SetWindowsHookEx
        • Suspicious use of WriteProcessMemory
        PID:1528
        • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
          "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1528 CREDAT:275457 /prefetch:2
          4⤵
          • Modifies Internet Explorer settings
          • Suspicious use of SetWindowsHookEx
          PID:1728

Network

        MITRE ATT&CK Enterprise v6

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\103621DE9CD5414CC2538780B4B75751
          Filesize

          717B

          MD5

          ec8ff3b1ded0246437b1472c69dd1811

          SHA1

          d813e874c2524e3a7da6c466c67854ad16800326

          SHA256

          e634c2d1ed20e0638c95597adf4c9d392ebab932d3353f18af1e4421f4bb9cab

          SHA512

          e967b804cbf2d6da30a532cbc62557d09bd236807790040c6bee5584a482dc09d724fc1d9ac0de6aa5b4e8b1fff72c8ab3206222cc2c95a91035754ac1257552

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
          Filesize

          60KB

          MD5

          d15aaa7c9be910a9898260767e2490e1

          SHA1

          2090c53f8d9fc3fbdbafd3a1e4dc25520eb74388

          SHA256

          f8ebaaf487cba0c81a17c8cd680bdd2dd8e90d2114ecc54844cffc0cc647848e

          SHA512

          7e1c1a683914b961b5cc2fe5e4ae288b60bab43bfaa21ce4972772aa0589615c19f57e672e1d93e50a7ed7b76fbd2f1b421089dcaed277120b93f8e91b18af94

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\E0F5C59F9FA661F6F4C50B87FEF3A15A
          Filesize

          893B

          MD5

          d4ae187b4574036c2d76b6df8a8c1a30

          SHA1

          b06f409fa14bab33cbaf4a37811b8740b624d9e5

          SHA256

          a2ce3a0fa7d2a833d1801e01ec48e35b70d84f3467cc9f8fab370386e13879c7

          SHA512

          1f44a360e8bb8ada22bc5bfe001f1babb4e72005a46bc2a94c33c4bd149ff256cce6f35d65ca4f7fc2a5b9e15494155449830d2809c8cf218d0b9196ec646b0c

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\103621DE9CD5414CC2538780B4B75751
          Filesize

          192B

          MD5

          695e1fd2a79d81bc27eea8c7133ddb7d

          SHA1

          2f905010aaffa3f614c40efc1d687342c2938a97

          SHA256

          d0f4f7e91545d8f35691d1416241131b389a45f5baec3457ae1199a71ef38c51

          SHA512

          7a85f4ff1b07fb2eb19edd7320f5fcaa190bd00d11caa1fc830145da5f741c30965e1f8b854dfd8da4bc20c53fc9a7a466deed7cc2cf3464f2586fce032d0e20

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          342B

          MD5

          9dde2624ae38bd1272e50b4312e7f698

          SHA1

          7393dcbc2eb86b19036339b456beeef159aa5d79

          SHA256

          d4e4ce3880143a97d98ed2b5a2b327f14c090d0d8234776914de7945fcb1ca00

          SHA512

          f8ad2d62a31888ed27282a25b771683bb9c247667516ff3a2ce15c57810c39c68f16a696148b7e0cb22f74c42d5f54e0ac36c838e36671c1b3187395bfa0d3f7

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          342B

          MD5

          9dde2624ae38bd1272e50b4312e7f698

          SHA1

          7393dcbc2eb86b19036339b456beeef159aa5d79

          SHA256

          d4e4ce3880143a97d98ed2b5a2b327f14c090d0d8234776914de7945fcb1ca00

          SHA512

          f8ad2d62a31888ed27282a25b771683bb9c247667516ff3a2ce15c57810c39c68f16a696148b7e0cb22f74c42d5f54e0ac36c838e36671c1b3187395bfa0d3f7

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          342B

          MD5

          070a16cda5f544d63bf892480beda7b3

          SHA1

          6bdaa53b289b08bec5046a997e7d1efa1d3827da

          SHA256

          f99284684b69e45b7e4412d4e3a4d296101429587355be8f3e4b810eaeae1076

          SHA512

          d66e5187eed8208c50148497a44c1f7d1e08c678623261d890e81ba647631b67bfb4431cb0e80b17ab5b7eee12705e364f4972575b5134cf42d61aa46b0a8873

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          342B

          MD5

          7b0d84571fe4eddf497fd99676dff1d4

          SHA1

          11f3b262666b76d72f3ead5df395f9856db0b2b1

          SHA256

          604872d1f741eccb0d9acc3ecbaf985b3c288b73b930a01980315dec031f2da9

          SHA512

          c0a54d9739f1390a23b1a12e0361963bd4c48772e6e28b6105c5d1308fa62b391fe7b9e1e99a198706c46c114213af56a41623266ab66a11423313893983d7d2

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          342B

          MD5

          a7068e716e6543640638d77da8b35e75

          SHA1

          f84db1b353735bd3d72f999f2742032ad9ba8f0e

          SHA256

          e87ef764bf83247c4ad8d97634545d2dc055c8d15122e582c4c696047adcf394

          SHA512

          809abb4689ba4db497d7b91f1980bb8526ef02edfa2f91f92424d756953012dde53aa2304485537fcca0ebd25d5e27249e6e9e63b866bdde266f17ad1ac779c2

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          342B

          MD5

          98fec9f763de5fb9e06c059c32128d7e

          SHA1

          447567893dfc2b7f4c0eb5501c6650ff8c9538e0

          SHA256

          793b3650eeb402088c918699fb2000924918757c9145dc126ac851e1e413074c

          SHA512

          f12ab4c7dd3092c7287b551e8df3a4170dc630a1d6b80e0b7cad69f6cd2950a3b11cdf54793503a1ded24a26ea6b52f7f667536eb2d7bfa54bdfba850de1e198

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          342B

          MD5

          aa852ba6e3e23a08f24d0e7594363304

          SHA1

          554390556df1762dd77bf888bce06a10496baa6b

          SHA256

          025c7703b47a89663738e1ea35673a766ebe7fd86a69d48ab897f346cf0fcd11

          SHA512

          dfe5a41e797ef2979a7d036280c77e03a87556c760bcad5fcd745fefabc516cd40e2b00800c266de47ef635cf921f940d7715bc4f59fcd0c9e9af784afafeb0b

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\E0F5C59F9FA661F6F4C50B87FEF3A15A
          Filesize

          252B

          MD5

          d22eca928f6d8d1ce34124d58f3ded0e

          SHA1

          33bfad0c2b856249c1a9504e1e574e50890ca3f2

          SHA256

          22f3344f3a0e850b27d3b54a7f37b0f033d2e773fefb217b12c504ee9a4adb77

          SHA512

          84d989db496865638d18601e09ef62dee19ab826b74178a16bd5f5ad10a065596345c4b456441ab0c71751fd61bf6776a7e18f38f9bbbb15dcadcdbdf982b9aa

          Download Submit

        • C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{357FF401-4234-11ED-A50E-C6457FCBF3CF}.dat
          Filesize

          3KB

          MD5

          607a9b48ba25ba077f2838cab5686d57

          SHA1

          cac217805c6bf7d3d10da36f21cf0431645e5f62

          SHA256

          61ad620c94ca478c591c281738f0d7187a529ba121904fc8a360815b32dee46f

          SHA512

          71f63f49b6d7ae3c6797aee8e8b96f2baaa5c414e061717e814ce18c81da57d1b1a8c1c8ac24d0f56310cfad09956984707e7fdcbfb32ec5c7277806d1df42d5

          Download Submit

        • C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{35801B11-4234-11ED-A50E-C6457FCBF3CF}.dat
          Filesize

          5KB

          MD5

          40417409fd9c73aadf18dbd9a20d44b6

          SHA1

          7cbdf2a7dfcbdd54786c63b589c2e54619d6f293

          SHA256

          4bad9efdfcd1dded89c11df445f1c29c4fbe785771a10dd38ab55754b85fa915

          SHA512

          a4b3f0b75dde194a5f7cb19b020d56d417b93a63966c7d78df2b17766df4e039cbc874747d2d83423deb80df495017ddb443a57514b84380f4199704632fd5b9

          Download Submit

        • C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\imagestore\tcz8fqz\imagestore.dat
          Filesize

          7KB

          MD5

          c53d895a433f28ff5acf2a253436b1dd

          SHA1

          ae6c84cc6dd349d1d1602331c985fb3e248c689c

          SHA256

          53d624042aaf9242a88ee63a789aafaf9de523074546feb1482641cdb7fccc9a

          SHA512

          1a111b8d93de6d5814f4bca8c2b5b367fae7b70eb0738e99204789604f03da4444387428a325a2e71c00deda04fba7e00841b1689fd437d6ab0f6d2cc918af98

          Download Submit

        • C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\imagestore\tcz8fqz\imagestore.dat
          Filesize

          8KB

          MD5

          1dd4cfc5076e7916566bf8943653ab92

          SHA1

          077f5c5f315eaf6a0716b8507e732a01527649f7

          SHA256

          6e2a6ce2f608ab484d08331ab58be4294cdbf75101ea30179ba67725c6f30844

          SHA512

          619521d17248d5a3ab8501759bf4e97c665d7491b65a03a6768c3e8e427aa1f2dabc429de3d1d22b799f84cb4c7d6300873fe00246346aa6a9b0345de12e1d02

          Download Submit

        • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\V34S0D9M.txt
          Filesize

          591B

          MD5

          8b7d0fdf1d6c19e65cda9d2e303d2948

          SHA1

          1f78e2701d6b5abf12999fd887d2bc9a4307b6f0

          SHA256

          5dbbc3872f67b281d82bbf1c0312e7df3d69961468cd1c007ed039f4f9c955f7

          SHA512

          ce538a37c0416c369ec8a920c1e6edd50b5230915bac4019a5b878a8b3ba4be2e6d5ebbc0941751f136f81976c3a73a7a937944bd7190152f738827b21c37d9b

          Download Submit

        • memory/1732-55-0x00000000761F1000-0x00000000761F3000-memory.dmp

          Filesize

          8KB

          Download

        • memory/1732-57-0x0000000010000000-0x000000001005B000-memory.dmp

          Filesize

          364KB

          Download

        • memory/1732-56-0x0000000010000000-0x000000001005B000-memory.dmp

          Filesize

          364KB

          Download