Overview

overview

10

Static

static

8

feec2771de...80.exe

windows7-x64

10

feec2771de...80.exe

windows10-2004-x64

8

Analysis

  • max time kernel
    187s
  • max time network
    196s
  • platform
    windows7_x64
  • resource
    win7-20220812-en
  • resource tags

    arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
  • submitted
    03-10-2022 12:59

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    feec2771de44c417fcfc0cc6c2bff64e48049bac5f6d712d6bdb61a885e67080.exe

  • Size

    3.6MB

  • MD5

    677c6b71dcc39a74b8cc9945e7c0d3e4

  • SHA1

    72854ff519b280d54b2479041a8204743babafc7

  • SHA256

    feec2771de44c417fcfc0cc6c2bff64e48049bac5f6d712d6bdb61a885e67080

  • SHA512

    3dc718a22f4d200e6635b316053fb4087bc15fd8f3638ecc76d1dfb1fc989ec3801b8cc90f9956698f0aad8ad1320550ef4a6109c6eccea3396ea11631d67235

  • SSDEEP

    98304:6dDkSEKVwUiWHEeF3d1cye4hkeqRlRNAsxmChqLBdEJzQ5PPA:6FtWUDpd1cyzj0GsxmKqLB8z

Score
10/10
jokerinfostealertrojanvmprotect

Malware Config

Signatures

  • joker

    Joker is an Android malware that targets billing and SMS fraud.

    infostealertrojanjoker
  • VMProtect packed file 3 IoCs

    Detects executables packed with VMProtect commercial packer.

    vmprotect
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

  • Modifies Internet Explorer settings 1 TTPs 39 IoCs
    adwarespyware
  • Suspicious behavior: EnumeratesProcesses 1 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 10 IoCs
  • Suspicious use of WriteProcessMemory 8 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\feec2771de44c417fcfc0cc6c2bff64e48049bac5f6d712d6bdb61a885e67080.exe
    "C:\Users\Admin\AppData\Local\Temp\feec2771de44c417fcfc0cc6c2bff64e48049bac5f6d712d6bdb61a885e67080.exe"
    1⤵
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:1372
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" http://www.cfdami.com/
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:1612
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1612 CREDAT:275457 /prefetch:2
        3⤵
        • Modifies Internet Explorer settings
        • Suspicious behavior: GetForegroundWindowSpam
        • Suspicious use of SetWindowsHookEx
        PID:1068

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
    Filesize

    60KB

    MD5

    d15aaa7c9be910a9898260767e2490e1

    SHA1

    2090c53f8d9fc3fbdbafd3a1e4dc25520eb74388

    SHA256

    f8ebaaf487cba0c81a17c8cd680bdd2dd8e90d2114ecc54844cffc0cc647848e

    SHA512

    7e1c1a683914b961b5cc2fe5e4ae288b60bab43bfaa21ce4972772aa0589615c19f57e672e1d93e50a7ed7b76fbd2f1b421089dcaed277120b93f8e91b18af94

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    8709e1a0d56b26b7f45aa4932b23bb42

    SHA1

    6f87d68499e908124ef56f7339e009427cbe245f

    SHA256

    5aed335b5af170c559b3c06f762cd52c797f782caeee3302a22b082ba39e472e

    SHA512

    a9c1d4db9aebb42c6b45f8a4287e8d45f1ef557aab979a5bec8839223c78f69590f5c944bf59d9db893a32765e5dc79239a4e45d94d20f73fc2b246fcc2c0dda

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    caa71025f36402c0892019c908d7a4d1

    SHA1

    6f72fbe7eca416c54dc8e54ad85bce8e63909af1

    SHA256

    1a4c88da261afe55ff518bd17b41ac01e310eac0d9cc5f805c595b37a1daa26f

    SHA512

    65bcc9582170979ff5eaff9124c42f96c63a1dedc6c0fff08430051939f9998583aedb741bfe1d48259f5bd7c57e8b545e25aa58af12b223d5bb20a70020d4b8

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    caa71025f36402c0892019c908d7a4d1

    SHA1

    6f72fbe7eca416c54dc8e54ad85bce8e63909af1

    SHA256

    1a4c88da261afe55ff518bd17b41ac01e310eac0d9cc5f805c595b37a1daa26f

    SHA512

    65bcc9582170979ff5eaff9124c42f96c63a1dedc6c0fff08430051939f9998583aedb741bfe1d48259f5bd7c57e8b545e25aa58af12b223d5bb20a70020d4b8

    Download Submit

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\5OBLF6M4.txt
    Filesize

    608B

    MD5

    baec128400badcc9734cd29c00e1ed8c

    SHA1

    ccfa68ec045fee987e77435fa5e5d0ce4e563627

    SHA256

    2361f4f49df5c3f8d431272b037c4144940bf693c78dc35e0758c09389d6b9d2

    SHA512

    34a3f471bbcdeeed5ea39d75ef981f9361da9f48b1ac6500728f3064ab10dfe89a59e3cb837f0e3c333556f5335d25b083ab263dc134f3330eed455cda10d152

    Download Submit

  • memory/1372-54-0x0000000076261000-0x0000000076263000-memory.dmp

    Filesize

    8KB

    Download

  • memory/1372-55-0x0000000000400000-0x0000000000CDF000-memory.dmp

    Filesize

    8.9MB

    Download

  • memory/1372-58-0x0000000000400000-0x0000000000CDF000-memory.dmp

    Filesize

    8.9MB

    Download

  • memory/1372-59-0x0000000000400000-0x0000000000CDF000-memory.dmp

    Filesize

    8.9MB

    Download