Overview

overview

8

Static

static

582a39b0ed...b8.exe

windows7-x64

8

582a39b0ed...b8.exe

windows10-2004-x64

8

Analysis

  • max time kernel
    148s
  • max time network
    155s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20220901-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20220901-enlocale:en-usos:windows10-2004-x64system
  • submitted
    19-10-2022 22:50

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    582a39b0edf4482c7ad3adb71d21d77a75d5613873625e6a2e627b92571537b8.exe

  • Size

    944KB

  • MD5

    909079e82553da2fdf74e326d3a080ae

  • SHA1

    224e59ff52dc9df06fbae1432bb51ada2311e12b

  • SHA256

    582a39b0edf4482c7ad3adb71d21d77a75d5613873625e6a2e627b92571537b8

  • SHA512

    a2c93f248bf3f378174e38ac779173df4f399d7169a198d591ee6cf5d0fcfc08c28c4961b77877099f7d629d23ccb7dcbadceb7fcdc487193e41616f848db2fd

  • SSDEEP

    24576:n7abJkS1S6qy18sQBX6c+5vP5UCben8xQ:7fS1b7Cw3bCR

Score
8/10
persistence

Malware Config

Signatures

  • Executes dropped EXE 5 IoCs
  • Checks computer location settings 2 TTPs 2 IoCs

    Looks up country code configured in the registry, likely geofence.

  • Adds Run key to start application 2 TTPs 2 IoCs
    persistence
  • Drops file in Program Files directory 5 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

  • Modifies Internet Explorer settings 1 TTPs 47 IoCs
    adwarespyware
  • Suspicious behavior: EnumeratesProcesses 6 IoCs
  • Suspicious use of AdjustPrivilegeToken 6 IoCs
  • Suspicious use of FindShellTrayWindow 3 IoCs
  • Suspicious use of SetWindowsHookEx 12 IoCs
  • Suspicious use of WriteProcessMemory 24 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\582a39b0edf4482c7ad3adb71d21d77a75d5613873625e6a2e627b92571537b8.exe
    "C:\Users\Admin\AppData\Local\Temp\582a39b0edf4482c7ad3adb71d21d77a75d5613873625e6a2e627b92571537b8.exe"
    1⤵
    • Checks computer location settings
    • Adds Run key to start application
    • Drops file in Program Files directory
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:3124
    • C:\program files (x86)\internet explorer\wmpscfgs.exe
      "C:\program files (x86)\internet explorer\wmpscfgs.exe"
      2⤵
      • Executes dropped EXE
      • Suspicious use of AdjustPrivilegeToken
      PID:1492
    • C:\Program Files (x86)\Internet Explorer\wmpscfgs.exe
      C:\Program Files (x86)\Internet Explorer\wmpscfgs.exe
      2⤵
      • Executes dropped EXE
      • Checks computer location settings
      • Adds Run key to start application
      • Drops file in Program Files directory
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of WriteProcessMemory
      PID:632
      • C:\program files (x86)\internet explorer\wmpscfgs.exe
        "C:\program files (x86)\internet explorer\wmpscfgs.exe" Files (x86)\Internet Explorer\wmpscfgs.exe
        3⤵
        • Executes dropped EXE
        • Suspicious use of AdjustPrivilegeToken
        PID:4260
      • C:\program files (x86)\internet explorer\wmpscfgs.exe
        "C:\program files (x86)\internet explorer\wmpscfgs.exe" Files (x86)\Internet Explorer\wmpscfgs.exe
        3⤵
        • Executes dropped EXE
        • Suspicious use of AdjustPrivilegeToken
        PID:4500
      • C:\Program Files (x86)\Internet Explorer\wmpscfgs.exe
        C:\Program Files (x86)\Internet Explorer\wmpscfgs.exe
        3⤵
        • Executes dropped EXE
        • Suspicious use of AdjustPrivilegeToken
        PID:3484
  • C:\Program Files (x86)\Internet Explorer\ielowutil.exe
    "C:\Program Files (x86)\Internet Explorer\ielowutil.exe" -CLSID:{0002DF01-0000-0000-C000-000000000046} -Embedding
    1⤵
      PID:4336
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" -Embedding
      1⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:4700
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:4700 CREDAT:17410 /prefetch:2
        2⤵
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:2880
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:4700 CREDAT:17416 /prefetch:2
        2⤵
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:3248
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:4700 CREDAT:17424 /prefetch:2
        2⤵
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:5080

    Network

    MITRE ATT&CK Enterprise v6

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Program Files (x86)\Internet Explorer\wmpscfgs.exe
      Filesize

      950KB

      MD5

      52d622a01a03542cb53fbad411c421fa

      SHA1

      a73abe67bd2c5959820db6e845a5fce9e85c994d

      SHA256

      14aed43a42b10deaefcc7b9de814b2f2f5a68a2133a6086c63f9abc2c2588e73

      SHA512

      4bc784ee4e5d396d330bd04564cca6b1148756ac0e65b7fdf7dacc07d74fa786594f68bc15349c4cd7bd438cd052b9647e806e939cbbfd8e3fd134d598a5573f

      Download Submit

    • C:\Program Files (x86)\Internet Explorer\wmpscfgs.exe
      Filesize

      950KB

      MD5

      52d622a01a03542cb53fbad411c421fa

      SHA1

      a73abe67bd2c5959820db6e845a5fce9e85c994d

      SHA256

      14aed43a42b10deaefcc7b9de814b2f2f5a68a2133a6086c63f9abc2c2588e73

      SHA512

      4bc784ee4e5d396d330bd04564cca6b1148756ac0e65b7fdf7dacc07d74fa786594f68bc15349c4cd7bd438cd052b9647e806e939cbbfd8e3fd134d598a5573f

      Download Submit

    • C:\Program Files (x86)\Internet Explorer\wmpscfgs.exe
      Filesize

      950KB

      MD5

      52d622a01a03542cb53fbad411c421fa

      SHA1

      a73abe67bd2c5959820db6e845a5fce9e85c994d

      SHA256

      14aed43a42b10deaefcc7b9de814b2f2f5a68a2133a6086c63f9abc2c2588e73

      SHA512

      4bc784ee4e5d396d330bd04564cca6b1148756ac0e65b7fdf7dacc07d74fa786594f68bc15349c4cd7bd438cd052b9647e806e939cbbfd8e3fd134d598a5573f

      Download Submit

    • C:\Program Files (x86)\Internet Explorer\wmpscfgs.exe
      Filesize

      950KB

      MD5

      52d622a01a03542cb53fbad411c421fa

      SHA1

      a73abe67bd2c5959820db6e845a5fce9e85c994d

      SHA256

      14aed43a42b10deaefcc7b9de814b2f2f5a68a2133a6086c63f9abc2c2588e73

      SHA512

      4bc784ee4e5d396d330bd04564cca6b1148756ac0e65b7fdf7dacc07d74fa786594f68bc15349c4cd7bd438cd052b9647e806e939cbbfd8e3fd134d598a5573f

      Download Submit

    • C:\Program Files (x86)\Internet Explorer\wmpscfgs.exe
      Filesize

      950KB

      MD5

      52d622a01a03542cb53fbad411c421fa

      SHA1

      a73abe67bd2c5959820db6e845a5fce9e85c994d

      SHA256

      14aed43a42b10deaefcc7b9de814b2f2f5a68a2133a6086c63f9abc2c2588e73

      SHA512

      4bc784ee4e5d396d330bd04564cca6b1148756ac0e65b7fdf7dacc07d74fa786594f68bc15349c4cd7bd438cd052b9647e806e939cbbfd8e3fd134d598a5573f

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\0684275E946EA5A526A0B9446D8D1B31_8BC55A34553CE38DA9A256FD39734BE9
      Filesize

      1KB

      MD5

      1298dd13007bef0086a54e4e99e5ad5a

      SHA1

      39615e688e8662296692f7b58a4608f21f29eed4

      SHA256

      6af14ecfcbc14019a7372593e29ce9587fcb5f7d4daccef01d06543f73178d6e

      SHA512

      0a9c81ef3412eda67ca21426aa9dd3485ca437ca08466d71673fefa40d1949d3ab2664a1fc2bc8f860e18e1fcac34de039c76f31f2d3c0c6f6785103ff95e990

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\223DE96EE265046957A660ED7C9DD9E7_EFF9B9BA98DEAA773F261FA85A0B1771
      Filesize

      1KB

      MD5

      ff66093efe58fade3c2bf4560820c345

      SHA1

      4cc87b4d3c8ba2d6c86becc1decba7df26d3ae90

      SHA256

      f737f1bf6a70089c1025524a26a271080e3767be910facbac3b493b7bc568474

      SHA512

      a1cf45721de5ff6deaa396435e11d997e7b3f6bdb4ff70b1c210453278775968d55f9b885389e3f4f0b810e0bc2df34a87fbf698438e131bda9199950ed6aacd

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA
      Filesize

      1KB

      MD5

      1d098255a63d9b3c0f9d02a30a9c2884

      SHA1

      2d108db0eaea286147c6dfd078063d3b6b2a9cfb

      SHA256

      3d14d5299b60dd090c9d4ec92f24e1bb1d2059e4495398edd83ca0b3d2e142f3

      SHA512

      e3e6da4f0e3623de908c825b045ce7021584f76a0f27551e19cd757f4b5f85f493ea7ea41f3969672e44bdcefb8ff0cd60ce7305daa18021110f8e4fa730ce2e

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA
      Filesize

      724B

      MD5

      f569e1d183b84e8078dc456192127536

      SHA1

      30c537463eed902925300dd07a87d820a713753f

      SHA256

      287bc80237497eb8681dbf136a56cc3870dd5bd12d48051525a280ae62aab413

      SHA512

      49553b65a8e3fc0bf98c1bc02bae5b22188618d8edf8e88e4e25932105796956ae8301c63c487e0afe368ea39a4a2af07935a808f5fb53287ef9287bc73e1012

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\E87CE99F124623F95572A696C80EFCAF_7DD59375F5F188E24150CF26FFD79104
      Filesize

      472B

      MD5

      891dcd676f5a41f8f5ec98ea8c60592b

      SHA1

      474dac82dd2c818fe63055bdba7e715c0d9d32fe

      SHA256

      53afbf41908f20707746b5df8819067747374c47bfedcea13916d106989df34f

      SHA512

      a7025f093f48e5ada1e6ad778ad7f49c526ac006768e05a02d9cb1921c0fbb6fc109f12d6306d0f911c0c8aa08c7b0e5a8c6c4385d76b961b6e635e8b452f32c

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\E87CE99F124623F95572A696C80EFCAF_871E11B76822F93FE2DBF907A5A1D9A8
      Filesize

      472B

      MD5

      d3bd8bc0b77639c72e6566716b7fc31e

      SHA1

      967b1da7fbb4a5272d68401fb8772e0b1f893e2d

      SHA256

      f25481873c253ccfb163d8b193c150906b37b3f680fd904545d112acbf14edd1

      SHA512

      b48bc20b62b80be82a9134a233dc0d34f7654276a888235791eab154de468f04f10fcadd28714091c1f710351c92383f29e3a5f8155e45412fbee3b04bb40525

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\0684275E946EA5A526A0B9446D8D1B31_8BC55A34553CE38DA9A256FD39734BE9
      Filesize

      458B

      MD5

      a1562c7f82fe946a998d52d563a0af58

      SHA1

      581a761777f2cbb0dd0304637bfb09d200b1ff0d

      SHA256

      9f80044b84a6c754e4df597f6e030630fc37fbe294655517617f87df0a27b5c0

      SHA512

      09ef2239a209320f774d814f94cfe405ecc88b8e9c34387e9253f7e15481122f4926e7a82a8c5ea311ac7b974b6dbd9c679e003bdfd657ca8385a9dc1643fb2b

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\223DE96EE265046957A660ED7C9DD9E7_EFF9B9BA98DEAA773F261FA85A0B1771
      Filesize

      450B

      MD5

      7300b8777d7d1472c65797e6ff35daa5

      SHA1

      53adbf7ba5173fa46c4eb96e0e1aaa5508f1f4b8

      SHA256

      425b31faf6522f913e00c73799e8e160cea35233b0921e270135c9a5ad852c6d

      SHA512

      9c85169d6a9079ecb26fc482bbc0078bc90c65b49954dc37eea7b5a71497f2ccbd88446fb288908d07167d7805439933f9d6940f33d75063b6efdb0e357d06d0

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA
      Filesize

      410B

      MD5

      139c9f15e86824cf8b223d1395848104

      SHA1

      67f1610889802bf82fee4d48a960778051c3d1d4

      SHA256

      2a339bf36393411869527156c68c67ca150b94a0d7541641d5f5efd0ee3189da

      SHA512

      ef72fb679287b5b493bd27346e80a91c26874764fd216d2d57a9c0e169e93f3514a3f033940e10921c09548f0a54255ed3934e7936fcd69269fa3c0c2b8b8009

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA
      Filesize

      392B

      MD5

      e00755a522ff457ea26a5aea693627cd

      SHA1

      28c333ff2661d500de1d0ce06900da9bd8e485c5

      SHA256

      aba3ffe6ea4c0bfd7c9946bdf2efee06fc19bb2d2ecf8b0d8954fe86983d4387

      SHA512

      560ad3dc906a36fa31a8117b61f637c29b6e4099ea76954386b09dfb4fb174c8c4b14a1447f41bd4cd7fca63f533834d9a43a8eccf8a20679379b306be49480c

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\E87CE99F124623F95572A696C80EFCAF_7DD59375F5F188E24150CF26FFD79104
      Filesize

      402B

      MD5

      9557071f00b4e1234118daade59ccd56

      SHA1

      99380e410cb4d4a3552ed1a8e7fd0815bcd67702

      SHA256

      90dd09075af7bbad3911cc6a9b7e2c4d4f46ae73c19b6ce6e4bec1c366f856eb

      SHA512

      353b31136b97f22b20c4d6ec7bdd5981f577ef8e4ebf5f59f793fb8798bd42cbed924d09fedee8da4636f4cb09dbcbb35b5b70f2168d455af1b52494d0aa5ec2

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\E87CE99F124623F95572A696C80EFCAF_871E11B76822F93FE2DBF907A5A1D9A8
      Filesize

      402B

      MD5

      7c034596b2be00702fe4c38501364336

      SHA1

      3f47bb8fa7f61e839c4977f0d2b34c1426878a23

      SHA256

      b891943047892ac88a850de2a95b93588320d8da47441d796b02f6b1469a6ccd

      SHA512

      1c9eda256aeaa02654aa2e63232d892c81e4d75e1f618b272d1cbddc7690834b0b0e64e0e3d41aa115813229067c383f831cbcfd7fe9f7c84e1808e95415ee89

      Download Submit

    • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\MBR7CLLA\2.5940ae1c.chunk[1].js
      Filesize

      418KB

      MD5

      04bb6e8d9135d976f28e9ba68fbc6f67

      SHA1

      fe386efd5e23414c48e37d3dbfe340f1ae5d4d4a

      SHA256

      b81d40ef3e5928c7bee6ec287ecebfea17f6d62b277916f0b70d223fa4881d18

      SHA512

      aa21f0744d9e6d286506e425af6f1ea091ebcbe3c671fe339d5c3c18e541323cada2182fae79e3c910aabf4d225142b2bd8458b890322e07f4f9084cf686fbd5

      Download Submit

    • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\MBR7CLLA\caf[1].js
      Filesize

      146KB

      MD5

      4e1f9fcf003821e2dd92739990df136c

      SHA1

      244a0952c521e5eeb30e1114938a10ecd1708ea7

      SHA256

      5026cffb4b37c4909e845d4bc74877aaf3ea76c6b14053d5737e8d5ad2da9ffc

      SHA512

      616b5e061edd6592f721d075ba0cc6050de4fc07d64f6156394cae2c8c6fe2dcd5f09fc4d2d57aa4dc33c5d2fb4c1a8db3125b5a40f805544d5939fadd223645

      Download Submit

    • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\MBR7CLLA\main.4e219663.chunk[1].js
      Filesize

      273KB

      MD5

      87b518e8e45487e774f8d47f2dc0026f

      SHA1

      e5da4365a7867737da9b39ef021cf9f35d12cc5b

      SHA256

      1ef669d1914ecf9299396df700b34839c61c6bb24297dc6b4284820eb5f2e5d9

      SHA512

      7b8b1c87c0eb5ab34d515df4880b88dcc5bf7c6b5089349bcf05cd2bb82a0152ba7ebd21fa45fabbc460076543e7e563f881234d3b1dbe66188e98d01a8c7d4f

      Download Submit

    • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\ZX6MAMIN\chevron[1].svg
      Filesize

      200B

      MD5

      11b3089d616633ca6b73b57aa877eeb4

      SHA1

      07632f63e06b30d9b63c97177d3a8122629bda9b

      SHA256

      809fb4619d2a2f1a85dbda8cc69a7f1659215212d708a098d62150eee57070c1

      SHA512

      079b0e35b479dfdbe64a987661000f4a034b10688e26f2a5fe6aaa807e81ccc5593d40609b731ab3340e687d83dd08de4b8b1e01cdac9d4523a9f6bb3acfcba0

      Download Submit

    • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\ZX6MAMIN\search[1].svg
      Filesize

      391B

      MD5

      a6ad6e65373db8c1b1f154c4c83f8ce5

      SHA1

      84cc007d6d682c589e1e1f87482a5278830f3000

      SHA256

      920a378947204498c122722933b3a4b67788a2b6fade8bd0d47cf830eeee0563

      SHA512

      09b6d4711c284b1a04c9c4d874f3d1ddfc876c1491fb2aa283a13505bcdbfe90b02731d0b7ad5f492b1dda2161a4afe20040801ea634d2727cde84319adfb1d2

      Download Submit

    • C:\program files (x86)\internet explorer\wmpscfgs.exe
      Filesize

      950KB

      MD5

      52d622a01a03542cb53fbad411c421fa

      SHA1

      a73abe67bd2c5959820db6e845a5fce9e85c994d

      SHA256

      14aed43a42b10deaefcc7b9de814b2f2f5a68a2133a6086c63f9abc2c2588e73

      SHA512

      4bc784ee4e5d396d330bd04564cca6b1148756ac0e65b7fdf7dacc07d74fa786594f68bc15349c4cd7bd438cd052b9647e806e939cbbfd8e3fd134d598a5573f

      Download Submit

    • \??\c:\program files (x86)\adobe\acrotray .exe
      Filesize

      974KB

      MD5

      ab715608311ecf434089c2187aa96b3d

      SHA1

      dbc104cb4eea6c7621a78a99dfbf0dfdee1f31e9

      SHA256

      b3a591d40fa3a8647ac90bc81fc97eefaf41fbdecdd9de131bfae8e031985aae

      SHA512

      a94200ed74de87e8cbb317c54d6b96f011e05fb3ab31224ad1d4f0ba2c4b7b85c8c797bb1012aef46bfc6dcdca3c19d788efdcc17b0448c071dfcb969c6851b0

      Download Submit

    • \??\c:\program files (x86)\adobe\acrotray.exe
      Filesize

      960KB

      MD5

      a75d29a53c97237d55c7a25450cfe479

      SHA1

      883b7c42a0522ee589aca30bc932b096d8d05662

      SHA256

      277ab7ab93b0928d3659cb12b713c47faea041ec499536f531a8c9cc4aecad3b

      SHA512

      3799836a5cdffb5c6657b4d183e086ba43611e806bcd66e6d67e7277a0e6b4f15669ddebbaad1972470e1adae9db04ee69b85eb32962c35a98304bcbe205334f

      Download Submit

    • memory/3124-132-0x0000000010000000-0x0000000010010000-memory.dmp

      Filesize

      64KB

      Download