Overview

overview

7

Static

static

415542d935...fb.exe

windows7-x64

7

415542d935...fb.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    92s
  • max time network
    149s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20220812-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
  • submitted
    02/10/2022, 10:24

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    415542d93576ac474c197ec101078370eb1eb156791f56de0e837a460aabaafb.exe

  • Size

    44KB

  • MD5

    5b783c88b9d4fa31b543c77c22fb5dc0

  • SHA1

    4073034be7f30a128874664085fd8e270a66cfff

  • SHA256

    415542d93576ac474c197ec101078370eb1eb156791f56de0e837a460aabaafb

  • SHA512

    cb73b41c89edff44ef2d07d50edd77cf41c3d1ea7bc90ce85949ea1e812deabf6016b5fd8baec9fc93d5079dd67388344d8100fb9d7484ba3f48ac41f0119db2

  • SSDEEP

    768:u3R3H3HWkMS7zAYK8zboqOa/bSADndMYT+tM7N0/W63jUeD53yRG/wNKmGN:u3R3H3HTY8z8a/bSAGYTuzjUiy2wmN

Score
7/10
persistence

Malware Config

Signatures

  • Checks computer location settings 2 TTPs 2 IoCs

    Looks up country code configured in the registry, likely geofence.

  • Loads dropped DLL 1 IoCs
  • Adds Run key to start application 2 TTPs 2 IoCs
    persistence
  • Drops file in System32 directory 2 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

  • Modifies Internet Explorer settings 1 TTPs 47 IoCs
    adwarespyware
  • Suspicious use of FindShellTrayWindow 2 IoCs
  • Suspicious use of SetWindowsHookEx 8 IoCs
  • Suspicious use of WriteProcessMemory 22 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\415542d93576ac474c197ec101078370eb1eb156791f56de0e837a460aabaafb.exe
    "C:\Users\Admin\AppData\Local\Temp\415542d93576ac474c197ec101078370eb1eb156791f56de0e837a460aabaafb.exe"
    1⤵
    • Loads dropped DLL
    • Adds Run key to start application
    • Drops file in System32 directory
    • Suspicious use of WriteProcessMemory
    PID:4996
    • C:\Windows\SysWOW64\cmd.exe
      cmd /c start iexplore -embedding
      2⤵
      • Checks computer location settings
      • Suspicious use of WriteProcessMemory
      PID:2080
      • C:\Program Files\Internet Explorer\iexplore.exe
        "C:\Program Files\Internet Explorer\iexplore.exe" -embedding
        3⤵
        • Modifies Internet Explorer settings
        • Suspicious use of FindShellTrayWindow
        • Suspicious use of SetWindowsHookEx
        • Suspicious use of WriteProcessMemory
        PID:4032
        • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
          "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:4032 CREDAT:17410 /prefetch:2
          4⤵
          • Modifies Internet Explorer settings
          • Suspicious use of SetWindowsHookEx
          PID:1284
    • C:\Windows\SysWOW64\cmd.exe
      cmd /c start iexplore -embedding
      2⤵
      • Checks computer location settings
      • Suspicious use of WriteProcessMemory
      PID:4432
      • C:\Program Files\Internet Explorer\iexplore.exe
        "C:\Program Files\Internet Explorer\iexplore.exe" -embedding
        3⤵
        • Modifies Internet Explorer settings
        • Suspicious use of FindShellTrayWindow
        • Suspicious use of SetWindowsHookEx
        • Suspicious use of WriteProcessMemory
        PID:2700
        • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
          "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2700 CREDAT:17410 /prefetch:2
          4⤵
          • Modifies Internet Explorer settings
          • Suspicious use of SetWindowsHookEx
          PID:3700
    • C:\Windows\SysWOW64\cmd.exe
      C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\tweE600.bat"
      2⤵
        PID:3840
      • C:\Windows\SysWOW64\cmd.exe
        C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\415542d93576ac474c197ec101078370eb1eb156791f56de0e837a460aabaafb.bat"
        2⤵
          PID:236

      Network

            MITRE ATT&CK Enterprise v6

            Replay Monitor

            Loading Replay Monitor...

            Downloads

            • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776
              Filesize

              471B

              MD5

              fd70739fca5345a28f924f9102ae10ee

              SHA1

              6ce3f92183544f3bf52cb76364591589cb940a19

              SHA256

              f238404cc643efddef8ff430f128cdc8ec1513969eaac24b5e5bce81248a91e7

              SHA512

              a787d3a2bceeaed2f2a29f357df6ae17d5b9f66a3c561550d5f83c308ad26a1ddf876488151ff5e51ce93bfb9d0c7b8ca812d595e8d3ebdda7d805707ac1b278

              Download Submit

            • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776
              Filesize

              471B

              MD5

              fd70739fca5345a28f924f9102ae10ee

              SHA1

              6ce3f92183544f3bf52cb76364591589cb940a19

              SHA256

              f238404cc643efddef8ff430f128cdc8ec1513969eaac24b5e5bce81248a91e7

              SHA512

              a787d3a2bceeaed2f2a29f357df6ae17d5b9f66a3c561550d5f83c308ad26a1ddf876488151ff5e51ce93bfb9d0c7b8ca812d595e8d3ebdda7d805707ac1b278

              Download Submit

            • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776
              Filesize

              404B

              MD5

              cd78e3935a8fad72884c7af2c81e6d55

              SHA1

              a161f9e8eabf32bbe025028a038cdcf808aff0e6

              SHA256

              700887b48326572971789bebe4f0cd790b5a201dc0b29acdd036f1a42bb4e7e4

              SHA512

              dd571593748c056e184fb1b3e52b6f51b7c2ab9cf33651a77fe9144c4eaa072f89c04ad6e38d50756564ad8acc93e2e40a44b7d053d753b95249494ea24e0d31

              Download Submit

            • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776
              Filesize

              404B

              MD5

              286fbb101e1a7a2f99cd7167e183eb55

              SHA1

              013d62052907cb6d998d3ed2ec0280f46c66adf2

              SHA256

              69f24b28fc214286d7bb7b75003683e3f2be5154843c614e9cd0caa0736b6a14

              SHA512

              176da0ccb7404236ffbb27c240701c17a8cec2763ecd5ebf641ee9e2671f7343b18b8e8c9e0e94d0bfa39c140e843831b60d13db61d3a01067b1c2cdc78ae491

              Download Submit

            • C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{96BAD89A-4264-11ED-AECB-7ED4F7B3352B}.dat
              Filesize

              5KB

              MD5

              9806128da3d35d253ccb9872656018ad

              SHA1

              d12d8c3e6eca79a4c8f50dd4a60e41236c75a127

              SHA256

              9348c81cf5ec6cd4993181709c09bcb62bee14c4f49cf52a5776a6b614e50701

              SHA512

              b356f0d09a01156dcaaf450ab0ea703750c40f01b2e3282b034061e8b222322916203bb49ff5076dde00dec8fca2e28b570533cccbf59596522a66f2a32b4aea

              Download Submit

            • C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{96BAFFAA-4264-11ED-AECB-7ED4F7B3352B}.dat
              Filesize

              5KB

              MD5

              f3b7750a46a12dd58ea1229be22c8123

              SHA1

              76910804f477702e0d6523b89d267719d6ccd148

              SHA256

              910a2575a841187617cdce0a9b05c3b80d4d86b5017ee753f1fb9fdfa5fc9e75

              SHA512

              44f33d946d0cd0a5810d0a07f7d261b55d254ce4491a130e512282a8cd03f28b6900d9c4409d0fa9e99e78653654f766695cd91c37630c2a297898999d51e1f4

              Download Submit

            • C:\Users\Admin\AppData\Local\Temp\415542d93576ac474c197ec101078370eb1eb156791f56de0e837a460aabaafb.bat
              Filesize

              267B

              MD5

              bcad07df8656b4fa048386a21353bbc6

              SHA1

              f07915c5d96dd3a56ce1c9b6903bc0dde0b062e7

              SHA256

              e3bb0a9dedaa6d716b0ffeb7cfd62978cde526e079fc2103c3718fecf48532c3

              SHA512

              a539f9a0cb58ce9fa92e1144a149e9048229405eec9c03b167cb40c787b9ecafe1fde029054c8c0ce64fd61c6e07859eda3db9b777ecd3b8ae7913b2a30c82cc

              Download Submit

            • C:\Users\Admin\AppData\Local\Temp\tweE600.bat
              Filesize

              188B

              MD5

              9926bca4a9df25504e3cb8e891e10e09

              SHA1

              a7e365b7900ba6dec6e6d25e017f29254b0554a8

              SHA256

              92643ecdf017ac8b210413ce49075e9732d8ec1aa6d0d1ebc69f0bf817672351

              SHA512

              3853ec9f1cc85ca99bd318088d70acdaa6e9067d8dae8189f04c0fba7fa2fb30c0d97912a606a1648b7f75f8d5408443b9cfd136d074d9b486dcb59bfa74d9f1

              Download Submit

            • C:\Users\Admin\AppData\Local\Temp\tweE600.tmp
              Filesize

              31KB

              MD5

              b27dfec949a8490bb82901d4f4223ee6

              SHA1

              fdebf31f0d200693cd49a55b544c53de27980021

              SHA256

              8aff375969670c7b528ddc05dc3401ada7c8d4b45c6e47c9945ffb879edf9454

              SHA512

              1d446d2e86cea1f144153acd9fbd18b2cfa52751871dcf45dbcba060f557b9a729ed8e77ccffbb5058d5a9db4dce8c6bdbba59a33c10de4ded50e65c61f95765

              Download Submit

            • C:\Users\Admin\AppData\Local\Temp\tweE600.tmp
              Filesize

              31KB

              MD5

              b27dfec949a8490bb82901d4f4223ee6

              SHA1

              fdebf31f0d200693cd49a55b544c53de27980021

              SHA256

              8aff375969670c7b528ddc05dc3401ada7c8d4b45c6e47c9945ffb879edf9454

              SHA512

              1d446d2e86cea1f144153acd9fbd18b2cfa52751871dcf45dbcba060f557b9a729ed8e77ccffbb5058d5a9db4dce8c6bdbba59a33c10de4ded50e65c61f95765

              Download Submit