Overview

overview

10

Static

static

5

7f079bf81b...67.exe

windows7-x64

10

7f079bf81b...67.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    158s
  • max time network
    180s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20220812-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
  • submitted
    03-10-2022 07:39

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    7f079bf81b50216b9af8cc7fd796d20d3a536cb3ba199ebe07164b2866129f67.exe

  • Size

    1.2MB

  • MD5

    61887c42a556c56cd3ab0bc315bb11fc

  • SHA1

    c2f8eecea1c1b11bb6ab0cca8e2e58e26bf7c016

  • SHA256

    7f079bf81b50216b9af8cc7fd796d20d3a536cb3ba199ebe07164b2866129f67

  • SHA512

    c4b8a1a831aaed92714f6b745d292138764de48660c4f4681b4fe27cb66d4f0b5772e0a34bfb7011db47b4c925ca1c1bbf344ab4f4e328de3a3c18ad602b4820

  • SSDEEP

    24576:HafIiy4NwdLpQAOmocuEZmV/cibXbWejl9LCb6ceJn:6ffy4NwrQAdoA0uaXxl9LC2h

Score
10/10
phishing

Malware Config

Signatures

  • Detected phishing page
    phishing
  • Executes dropped EXE 1 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

  • Modifies Internet Explorer settings 1 TTPs 64 IoCs
    adwarespyware
  • Modifies registry class 1 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of FindShellTrayWindow 5 IoCs
  • Suspicious use of SendNotifyMessage 3 IoCs
  • Suspicious use of SetWindowsHookEx 10 IoCs
  • Suspicious use of WriteProcessMemory 13 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\7f079bf81b50216b9af8cc7fd796d20d3a536cb3ba199ebe07164b2866129f67.exe
    "C:\Users\Admin\AppData\Local\Temp\7f079bf81b50216b9af8cc7fd796d20d3a536cb3ba199ebe07164b2866129f67.exe"
    1⤵
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    • Suspicious use of WriteProcessMemory
    PID:4508
    • C:\game.exe
      C:\game.exe
      2⤵
      • Executes dropped EXE
      • Modifies registry class
      PID:4136
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" http://www.1234.la/an.htm?game8
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:2884
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2884 CREDAT:17410 /prefetch:2
        3⤵
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:1244
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" http://www.jipinla.com
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious behavior: GetForegroundWindowSpam
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:4764
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:4764 CREDAT:17410 /prefetch:2
        3⤵
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:392

Network

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

System Information Discovery

1
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776
    Filesize

    471B

    MD5

    afc3e2584b32e1e7c23c33e9534089a5

    SHA1

    ea4e2266d010c300621d2287ea60fe3e9a9ee753

    SHA256

    61597f5f937da250a5ed7b4b82867bebc546a5a35c0029982a003b1e9cbd2e7e

    SHA512

    f0e0d20b15bc390292baf0d93d982315afc466ccd2d4e48152ed65af97aed573d5b9e65b2b50925cbcd2e736955dfec4f63de5739cdb1499eb2db5dfc3cc4fe6

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\ACF244F1A10D4DBED0D88EBA0C43A9B5_16756CC7371BB76A269719AA1471E96C
    Filesize

    1KB

    MD5

    5448fc4855f68bd3bff18b54b438ffa8

    SHA1

    aa063ed7c92fea8fe91a71749a26280c004df5e5

    SHA256

    7cfeca709878e682a3e739bf8135769b0e299e3bdd018b5b6d15d4faf7f4eaec

    SHA512

    f6870e7cc0309eac3d6a54d591af341f842b35c31ad7ac97f21aa6e61e79f8d1efddad5b3ddc80b499db6e9ba8a8f829a3e6982eed2d8c8750b7e145074296f8

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776
    Filesize

    404B

    MD5

    d93c587cc657ed407f38344d8fb3f030

    SHA1

    7b65ad8818972a661a1f4c1847fd271b9b087ea0

    SHA256

    6715fd2f0fb0355a1f7fb7bb52a01632b8c2737f24f0b61f3ce66287c7ca36ee

    SHA512

    3aa07f937d3b4714ac6eeb87821b0f99a43efd4cd156162a7a29157bd2fbbdec79a112ffd67f650b2c17ff0d31caa0213be3e965b2f384f8816c2109b4889373

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\ACF244F1A10D4DBED0D88EBA0C43A9B5_16756CC7371BB76A269719AA1471E96C
    Filesize

    492B

    MD5

    ad9d2f9f1dc6c048aa6ed24710567e05

    SHA1

    f2b57fe40ee265034c9daac4744ac6084e370a84

    SHA256

    54430e59f231fb91da2d44dcc2ee80b1713f738d2ab6271dfa8f58ca01cf1c94

    SHA512

    68d78e788e79b89a3da969c722dbed7ad5dda78f86d13e86c2876b0dcf21d724cbcafc11632357448361d9ea7c04d60499fd14ce0b3694d513989f72acbd8fdb

    Download Submit
  • C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{92104D5F-441A-11ED-89AC-520B3B914C01}.dat
    Filesize

    3KB

    MD5

    2b9dcb19f277436a68810b3a768679d5

    SHA1

    ce2d77af87b0d8262006f73439e798520cad7ff8

    SHA256

    218af9a5ff8c0587a478c048d7aa90f027c45ae957cd1d94099141549ed41669

    SHA512

    be076c1fa4ba2aaa16c6cd6b3d09a57ffb940aa95b1aeb165e5ef910ca175a85ab4dcb75925dd8587b1a109204cb9f4859dadb5e283db23ec4ffbdec6248a6c5

    Download Submit
  • C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{9B99B03D-441A-11ED-89AC-520B3B914C01}.dat
    Filesize

    3KB

    MD5

    b8b6e977beb8e2e94a2d17aeb1a08d73

    SHA1

    a0c9b76e43e5e0bc0fe61ce1d0b2076efe4fcc90

    SHA256

    bd5499df6c01adf492c3b564ab98b56d25a1a10a87c147955b0d9876aca2235a

    SHA512

    eeef08d3d89b6f72184e7a46df198f2a617a9487842690afda94098820d4ac5914ece90f4bc95ebbc4c0ef7d1719b715c41fb54fa27664cfebc46b2e1299019f

    Download Submit
  • C:\game.exe
    Filesize

    135KB

    MD5

    40666c8721d7e83075b788ae89bf0aad

    SHA1

    ec6e4e4e2766f463aea1888f06464c1bfe30e5f1

    SHA256

    5f47d10b0129cbde646bb98f6952a76c48123c41526c6508827845904082f86b

    SHA512

    169a7fe92df508b5f10222479c9c605420a5ee6862204f717beb508d337dd001ffc20740be738e3872d368bdca670b1f46529996b15bd3910d31dc832ba04845

    Download Submit
  • C:\game.exe
    Filesize

    135KB

    MD5

    40666c8721d7e83075b788ae89bf0aad

    SHA1

    ec6e4e4e2766f463aea1888f06464c1bfe30e5f1

    SHA256

    5f47d10b0129cbde646bb98f6952a76c48123c41526c6508827845904082f86b

    SHA512

    169a7fe92df508b5f10222479c9c605420a5ee6862204f717beb508d337dd001ffc20740be738e3872d368bdca670b1f46529996b15bd3910d31dc832ba04845

    Download Submit
  • memory/4136-132-0x0000000000000000-mapping.dmp
    Download