Overview

overview

8

Static

static

8

1e01831b5d...d1.exe

windows7-x64

7

1e01831b5d...d1.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    150s
  • max time network
    146s
  • platform
    windows7_x64
  • resource
    win7-20220812-en
  • resource tags

    arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
  • submitted
    19/10/2022, 23:24

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    1e01831b5d65e0d68dd805efa7b9e99c8879b01b5becd887536afc0dea3a3ed1.exe

  • Size

    385KB

  • MD5

    82917b114d69f543c50e240bab277f50

  • SHA1

    05df43cc3f5b674c586fbb58c6d0440be80f6c75

  • SHA256

    1e01831b5d65e0d68dd805efa7b9e99c8879b01b5becd887536afc0dea3a3ed1

  • SHA512

    57ea9528d87c626fc3a608f7dc026a6b7f888a787060c188dc16ed5ac46894d9d3830fd86042da7b90d015fcb98f39e166feccb9874f5f1befcdd290c1476dfb

  • SSDEEP

    6144:ihEZTkcx3Udi053oLCi9Aug6SaTQgVZPDV5cFZvCgg4dWY0+bL:fZoWMLNyxTJVZPfcFZrgWbB

Score
7/10

Malware Config

Signatures

  • Loads dropped DLL 8 IoCs
  • Legitimate hosting services abused for malware hosting/C2 1 TTPs
  • Drops file in System32 directory 5 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

  • Modifies Internet Explorer settings 1 TTPs 34 IoCs
    adwarespyware
  • Modifies registry class 64 IoCs
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 5 IoCs
  • Suspicious use of WriteProcessMemory 8 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\1e01831b5d65e0d68dd805efa7b9e99c8879b01b5becd887536afc0dea3a3ed1.exe
    "C:\Users\Admin\AppData\Local\Temp\1e01831b5d65e0d68dd805efa7b9e99c8879b01b5becd887536afc0dea3a3ed1.exe"
    1⤵
    • Loads dropped DLL
    • Drops file in System32 directory
    • Modifies registry class
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:968
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" http://www.pekalongan-kommunity.com/
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:1996
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1996 CREDAT:275457 /prefetch:2
        3⤵
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:1112

Network

        MITRE ATT&CK Enterprise v6

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          340B

          MD5

          64d04150b9c63b4f61204d8f6472f7b6

          SHA1

          b1ee9c1413859f6861feb26cc1ca6b49eb3ed5f6

          SHA256

          a8da5ee0bfbef72616cf78d2461b94c1d0cf1bfded7c8dfc3279bb7e6384496f

          SHA512

          ba8e6d8ffb35e563e441abf97b84b5116b8d96f9feb829f04f36eea46eb449ee54f21a2eee6f0f834871b46ca76e7ef04f178ec24e85ecec03127499b23daa4c

          Download Submit

        • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\4K8VZ5LC.txt
          Filesize

          608B

          MD5

          0b6ad36bc2525a0e5fbcabc534b34a48

          SHA1

          52d17ea92d2a023d44b9dd5457bedc5eafe05de6

          SHA256

          b33475cb0586ce4a91e036f9132329810c08b0ba53cee72de615f78af47311be

          SHA512

          2932439d764dcb8304ca24167fa806f95deb89aceaeff226efda33ef2e0745c9345f9d290e6357c54609ba46910b0ea7b621ad0b0153642026ee0ca28df77a37

          Download Submit

        • \Windows\SysWOW64\COMDLG32.OCX
          Filesize

          149KB

          MD5

          ab412429f1e5fb9708a8cdea07479099

          SHA1

          eb49323be4384a0e7e36053f186b305636e82887

          SHA256

          e32d8bbe8e6985726742b496520fa47827f3b428648fa1bc34ecffdd9bdac240

          SHA512

          f3348dbc3b05d14482250d7c399c00533598973f8e9168b4082ee5cbb81089dfaefcfda5a6a3c9f05b4445d655051b7a5170c57ee32d7a783dc35a75fee41aa9

          Download Submit

        • \Windows\SysWOW64\COMDLG32.OCX
          Filesize

          149KB

          MD5

          ab412429f1e5fb9708a8cdea07479099

          SHA1

          eb49323be4384a0e7e36053f186b305636e82887

          SHA256

          e32d8bbe8e6985726742b496520fa47827f3b428648fa1bc34ecffdd9bdac240

          SHA512

          f3348dbc3b05d14482250d7c399c00533598973f8e9168b4082ee5cbb81089dfaefcfda5a6a3c9f05b4445d655051b7a5170c57ee32d7a783dc35a75fee41aa9

          Download Submit

        • \Windows\SysWOW64\COMDLG32.OCX
          Filesize

          149KB

          MD5

          ab412429f1e5fb9708a8cdea07479099

          SHA1

          eb49323be4384a0e7e36053f186b305636e82887

          SHA256

          e32d8bbe8e6985726742b496520fa47827f3b428648fa1bc34ecffdd9bdac240

          SHA512

          f3348dbc3b05d14482250d7c399c00533598973f8e9168b4082ee5cbb81089dfaefcfda5a6a3c9f05b4445d655051b7a5170c57ee32d7a783dc35a75fee41aa9

          Download Submit

        • \Windows\SysWOW64\COMDLG32.OCX
          Filesize

          149KB

          MD5

          ab412429f1e5fb9708a8cdea07479099

          SHA1

          eb49323be4384a0e7e36053f186b305636e82887

          SHA256

          e32d8bbe8e6985726742b496520fa47827f3b428648fa1bc34ecffdd9bdac240

          SHA512

          f3348dbc3b05d14482250d7c399c00533598973f8e9168b4082ee5cbb81089dfaefcfda5a6a3c9f05b4445d655051b7a5170c57ee32d7a783dc35a75fee41aa9

          Download Submit

        • \Windows\SysWOW64\MSINET.OCX
          Filesize

          129KB

          MD5

          90a39346e9b67f132ef133725c487ff6

          SHA1

          9cd22933f628465c863bed7895d99395acaa5d2a

          SHA256

          e55627932120be87c7950383a75a5712b0ff2c00b8d18169195ad35bc2502fc2

          SHA512

          0337817b9194a10b946d7381a84a2aeefd21445986afef1b9ae5a52921e598cdb0d1a576bdf8391f1ebf8be74950883a6f50ad1f61ff08678782c6b05a18adbf

          Download Submit

        • \Windows\SysWOW64\MSINET.OCX
          Filesize

          129KB

          MD5

          90a39346e9b67f132ef133725c487ff6

          SHA1

          9cd22933f628465c863bed7895d99395acaa5d2a

          SHA256

          e55627932120be87c7950383a75a5712b0ff2c00b8d18169195ad35bc2502fc2

          SHA512

          0337817b9194a10b946d7381a84a2aeefd21445986afef1b9ae5a52921e598cdb0d1a576bdf8391f1ebf8be74950883a6f50ad1f61ff08678782c6b05a18adbf

          Download Submit

        • \Windows\SysWOW64\MSINET.OCX
          Filesize

          129KB

          MD5

          90a39346e9b67f132ef133725c487ff6

          SHA1

          9cd22933f628465c863bed7895d99395acaa5d2a

          SHA256

          e55627932120be87c7950383a75a5712b0ff2c00b8d18169195ad35bc2502fc2

          SHA512

          0337817b9194a10b946d7381a84a2aeefd21445986afef1b9ae5a52921e598cdb0d1a576bdf8391f1ebf8be74950883a6f50ad1f61ff08678782c6b05a18adbf

          Download Submit

        • \Windows\SysWOW64\MSINET.OCX
          Filesize

          129KB

          MD5

          90a39346e9b67f132ef133725c487ff6

          SHA1

          9cd22933f628465c863bed7895d99395acaa5d2a

          SHA256

          e55627932120be87c7950383a75a5712b0ff2c00b8d18169195ad35bc2502fc2

          SHA512

          0337817b9194a10b946d7381a84a2aeefd21445986afef1b9ae5a52921e598cdb0d1a576bdf8391f1ebf8be74950883a6f50ad1f61ff08678782c6b05a18adbf

          Download Submit

        • memory/968-54-0x0000000000400000-0x000000000051B000-memory.dmp

          Filesize

          1.1MB

          Download

        • memory/968-59-0x0000000001EA0000-0x0000000001EB0000-memory.dmp

          Filesize

          64KB

          Download

        • memory/968-58-0x0000000076831000-0x0000000076833000-memory.dmp

          Filesize

          8KB

          Download

        • memory/968-57-0x0000000000400000-0x000000000051B000-memory.dmp

          Filesize

          1.1MB

          Download

        • memory/968-70-0x0000000000400000-0x000000000051B000-memory.dmp

          Filesize

          1.1MB

          Download