0becf48a34167fa4aacbd772ec0665e87ed0f9fdab05e4454725ab160578d28a

Analysis

max time kernel
4s
max time network
8s
platform
windows7_x64
resource
win7-20220901-en
resource tags

arch:x64arch:x86image:win7-20220901-enlocale:en-usos:windows7-x64system
submitted
04/10/2022, 07:18

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

0becf48a34167fa4aacbd772ec0665e87ed0f9fdab05e4454725ab160578d28a.exe
Size

130KB
MD5

4f5b2823ee627ec0568d687669b5c14f
SHA1

5001cdd19642054bc039328578f8e7761ec50f5f
SHA256

0becf48a34167fa4aacbd772ec0665e87ed0f9fdab05e4454725ab160578d28a
SHA512

6d320e5e802cc5f14b1ca2da67ab78a4e83653a67915ab671daf325497865acd302a4c0ae40f3fdbf0e8547f3f615228c09ab38c5044fe8bbd5e7377262cf5d4
SSDEEP

3072:KGkXu56Mm+GfIsF7P6Mm+GfIsF7QLfVSM+J9xjm16Mm+GfIsF7D:RB3GfI8PB3GfI8Af+9tGB3GfI8D

Score

3^/10

Malware Config

Signatures

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

System Information Discovery
T1082

Modifies Internet Explorer settings 1 TTPs 13 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-4063495947-34355257-727531523-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-4063495947-34355257-727531523-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-4063495947-34355257-727531523-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-4063495947-34355257-727531523-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-4063495947-34355257-727531523-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-4063495947-34355257-727531523-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-4063495947-34355257-727531523-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-4063495947-34355257-727531523-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-4063495947-34355257-727531523-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-4063495947-34355257-727531523-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-4063495947-34355257-727531523-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-4063495947-34355257-727531523-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-4063495947-34355257-727531523-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 1740 wrote to memory of 1764	1740	0becf48a34167fa4aacbd772ec0665e87ed0f9fdab05e4454725ab160578d28a.exe	27
PID 1740 wrote to memory of 1764	1740	0becf48a34167fa4aacbd772ec0665e87ed0f9fdab05e4454725ab160578d28a.exe	27
PID 1740 wrote to memory of 1764	1740	0becf48a34167fa4aacbd772ec0665e87ed0f9fdab05e4454725ab160578d28a.exe	27

C:\Users\Admin\AppData\Local\Temp\0becf48a34167fa4aacbd772ec0665e87ed0f9fdab05e4454725ab160578d28a.exe
"C:\Users\Admin\AppData\Local\Temp\0becf48a34167fa4aacbd772ec0665e87ed0f9fdab05e4454725ab160578d28a.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1740
- C:\Program Files\Internet Explorer\iexplore.exe
  "C:\Program Files\Internet Explorer\iexplore.exe" http://fileme.us/file/03MBa
  2⤵
  - Modifies Internet Explorer settings
  PID:1764

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1740-54-0x000007FEF35E0000-0x000007FEF4003000-memory.dmp

Filesize
10.1MB

Download
memory/1740-55-0x000007FEF2540000-0x000007FEF35D6000-memory.dmp

Filesize
16.6MB

Download