Analysis
-
max time kernel
110s -
max time network
108s -
platform
windows7_x64 -
resource
win7-20220812-en -
resource tags
-
submitted
02-10-2022 15:24
General
-
Target
dd3449650d2ffc0a3f66fe92693c5de66de7983b356819e9ec34567f81e396c2.exe
-
Size
1MB
-
MD5
650b624d0ef2f2293049adcb28c9ebae
-
SHA1
7704d2a2cb4888e160094b5121956917bfbe0f69
-
SHA256
dd3449650d2ffc0a3f66fe92693c5de66de7983b356819e9ec34567f81e396c2
-
SHA512
fbcb3794ef11f10397258b56ba851fb2e18ae1aae937886147b38b94745dfebbf7b9414901ceb530fc2db4a251b46b70d4f5e45c810fe76185d993e9b185c7d2
-
SSDEEP
24576:8RmJkcoQricOIQxiZY1iaNMKvX8rSFl2F1tbJMiU0TAW6:pJZoQrbTFZY1iaNMBR7TMFkAN
Malware Config
Signatures
-
Suspicious use of SetThreadContext 1 IoCs
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.
-
Modifies Internet Explorer settings 1 TTPs 34 IoCs
-
Suspicious use of FindShellTrayWindow 1 IoCs
-
Suspicious use of SetWindowsHookEx 6 IoCs
-
Suspicious use of WriteProcessMemory 14 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\dd3449650d2ffc0a3f66fe92693c5de66de7983b356819e9ec34567f81e396c2.exe"C:\Users\Admin\AppData\Local\Temp\dd3449650d2ffc0a3f66fe92693c5de66de7983b356819e9ec34567f81e396c2.exe"
- Suspicious use of SetThreadContext
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\dd3449650d2ffc0a3f66fe92693c5de66de7983b356819e9ec34567f81e396c2.exeC:\Users\Admin\AppData\Local\Temp\dd3449650d2ffc0a3f66fe92693c5de66de7983b356819e9ec34567f81e396c2.exe
- Suspicious use of WriteProcessMemory
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe" http://go.microsoft.com/fwlink/?prd=11324&pver=4.5&sbp=AppLaunch2&plcid=0x409&o1=SHIM_NOVERSION_FOUND&version=(null)&processName=dd3449650d2ffc0a3f66fe92693c5de66de7983b356819e9ec34567f81e396c2.exe&platform=0009&osver=5&isServer=0&shimver=4.0.30319.0
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1764 CREDAT:275457 /prefetch:2
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
Network
MITRE ATT&CK Matrix ATT&CK v6
Replay Monitor
Downloads
-
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\F3ZBIXXR.txtFilesize
608B
MD55ddddcc837fcace18544a6dbf1fdc196
SHA17bb1023ac723d06b7b60d55fa5545637f43f7126
SHA256f1ba09e1192048d800e6d5b08da8ed56af5cf7e99eba6da71f70b6ea43a66765
SHA512f3bf5c0b47324db623f0f405aabe55ecc665f69914d4b0792bf335c88d04b2533e4f71d593f49a4dc72b6195b13de1a8a0f06afc4b53b8b4770dc05f9532d3be
-
memory/1080-54-0x0000000076411000-0x0000000076413000-memory.dmpFilesize
8KB
-
memory/1692-55-0x00000000000C0000-0x0000000000102000-memory.dmpFilesize
264KB
-
memory/1692-58-0x00000000000FD99E-mapping.dmp
-
memory/1692-57-0x00000000000C0000-0x0000000000102000-memory.dmpFilesize
264KB
-
memory/1692-60-0x00000000000C0000-0x0000000000102000-memory.dmpFilesize
264KB
-
memory/1692-62-0x00000000000C0000-0x0000000000102000-memory.dmpFilesize
264KB