Overview

overview

8

Static

static

5

55ded8c9fa...fd.exe

windows7-x64

8

55ded8c9fa...fd.exe

windows10-2004-x64

8

Analysis

  • max time kernel
    116s
  • max time network
    154s
  • platform
    windows7_x64
  • resource
    win7-20220812-en
  • resource tags

    arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
  • submitted
    19-10-2022 17:00

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    55ded8c9fad7ad666308cf944a3c8be50b3772a82a1b3e8116b228bafbc9f1fd.exe

  • Size

    674KB

  • MD5

    90b6b07cfeca444beae29075302c6a5c

  • SHA1

    982740d05dbd3aa13a584d76f55f7562416523d7

  • SHA256

    55ded8c9fad7ad666308cf944a3c8be50b3772a82a1b3e8116b228bafbc9f1fd

  • SHA512

    4b345dab7b7f57972a588c36f6caa8183740a5df2474bd6ceb6efc46003547baea4a41f83151d8466088ded7606d758d8a6b40c836c6995668542bc346851bc8

  • SSDEEP

    12288:HZjMLf11MmPQeRXEHYYS3gA0FJO1t3r6QYrOmok4:HafIiy4NwdLpQoOmok4

Score
8/10

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

  • Modifies Internet Explorer settings 1 TTPs 64 IoCs
    adwarespyware
  • Modifies registry class 1 IoCs
  • Suspicious use of FindShellTrayWindow 5 IoCs
  • Suspicious use of SendNotifyMessage 3 IoCs
  • Suspicious use of SetWindowsHookEx 10 IoCs
  • Suspicious use of WriteProcessMemory 20 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\55ded8c9fad7ad666308cf944a3c8be50b3772a82a1b3e8116b228bafbc9f1fd.exe
    "C:\Users\Admin\AppData\Local\Temp\55ded8c9fad7ad666308cf944a3c8be50b3772a82a1b3e8116b228bafbc9f1fd.exe"
    1⤵
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    • Suspicious use of WriteProcessMemory
    PID:1512
    • C:\game.exe
      C:\game.exe
      2⤵
      • Executes dropped EXE
      • Modifies registry class
      PID:1528
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" http://www.on86.com
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:2012
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2012 CREDAT:275457 /prefetch:2
        3⤵
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:1812
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" http://down.xingkongjisu.com/flashplayer.htm?52b
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:1952
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1952 CREDAT:275457 /prefetch:2
        3⤵
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:1284

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA
    Filesize

    1KB

    MD5

    19f6edd81276d02dd8e6deb50ad30f35

    SHA1

    e296cebefb8ae9c12681b2817dabd6e2b43f8c02

    SHA256

    40b40633767f009406c2bc70df86f5242f9ad1b698704e763f79bfd748c9dba9

    SHA512

    8d654df1de235b5a9308736e39823698bb9bfbb9ca185beda89df630bf1647e57effdfba285db454aeeb5dc64f09dfbe1a21a29e814fb14fea5322e4337020d0

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA
    Filesize

    1KB

    MD5

    19f6edd81276d02dd8e6deb50ad30f35

    SHA1

    e296cebefb8ae9c12681b2817dabd6e2b43f8c02

    SHA256

    40b40633767f009406c2bc70df86f5242f9ad1b698704e763f79bfd748c9dba9

    SHA512

    8d654df1de235b5a9308736e39823698bb9bfbb9ca185beda89df630bf1647e57effdfba285db454aeeb5dc64f09dfbe1a21a29e814fb14fea5322e4337020d0

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA
    Filesize

    1KB

    MD5

    19f6edd81276d02dd8e6deb50ad30f35

    SHA1

    e296cebefb8ae9c12681b2817dabd6e2b43f8c02

    SHA256

    40b40633767f009406c2bc70df86f5242f9ad1b698704e763f79bfd748c9dba9

    SHA512

    8d654df1de235b5a9308736e39823698bb9bfbb9ca185beda89df630bf1647e57effdfba285db454aeeb5dc64f09dfbe1a21a29e814fb14fea5322e4337020d0

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
    Filesize

    60KB

    MD5

    d15aaa7c9be910a9898260767e2490e1

    SHA1

    2090c53f8d9fc3fbdbafd3a1e4dc25520eb74388

    SHA256

    f8ebaaf487cba0c81a17c8cd680bdd2dd8e90d2114ecc54844cffc0cc647848e

    SHA512

    7e1c1a683914b961b5cc2fe5e4ae288b60bab43bfaa21ce4972772aa0589615c19f57e672e1d93e50a7ed7b76fbd2f1b421089dcaed277120b93f8e91b18af94

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA
    Filesize

    724B

    MD5

    f569e1d183b84e8078dc456192127536

    SHA1

    30c537463eed902925300dd07a87d820a713753f

    SHA256

    287bc80237497eb8681dbf136a56cc3870dd5bd12d48051525a280ae62aab413

    SHA512

    49553b65a8e3fc0bf98c1bc02bae5b22188618d8edf8e88e4e25932105796956ae8301c63c487e0afe368ea39a4a2af07935a808f5fb53287ef9287bc73e1012

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\E87CE99F124623F95572A696C80EFCAF_871E11B76822F93FE2DBF907A5A1D9A8
    Filesize

    472B

    MD5

    d5fb2bb3183bdfca2229aed607409df3

    SHA1

    38a419a7a186a78ff8a07be3321947f846ebf958

    SHA256

    7ed2d84b138292743f14fa88fd204c5bb02155cba62bbc59ee4358f27f9b96a1

    SHA512

    1b778899aed9a4aea5c4ca9f80088527694465cd20157584fb6f834b2b66ee179bfb4f91e7a2484f47a24aa92ad745877d6753f091a3a800c989df22b1efdebe

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA
    Filesize

    410B

    MD5

    6000a2e12b570920be3d602666f7c9c8

    SHA1

    09bd75d008e1df4c2a03069a855cc2e2c030df8f

    SHA256

    0fd53413620f5df5fb96c5189ecfcb31cd1c1e5223c19de702cf1fb127b9867b

    SHA512

    7533e044d4e1ecf8b9e60e59d13d3932b3be856fbd13019c108b98a93a607ec0eff3a568e3f647905ad5b24c587f973dffb7432936767db0a55f917fa6e151bb

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA
    Filesize

    410B

    MD5

    a33e92825de682410bd4da1899dcc72d

    SHA1

    1991a6924a94d41d6894cfec5f084961a6492b60

    SHA256

    e8c6bc5204df2f8ba51e4a5bc0de237d8995144721f2de12cb446b13b5e62691

    SHA512

    b5a5aa2e0bbf93b7833ddb66bafcc6c78b5d4d7f6bcc6584c68b2a1b5e5a6786c8c1693fc91f490b57e20da5d024a967650992da74c68c15af8646cb3ded8fe3

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA
    Filesize

    410B

    MD5

    0cd5eff35f6ce162892fd64fd4b41b3b

    SHA1

    46125a521cd251438023844e4bf0af8b1c16e2cd

    SHA256

    2ca3be4a109fc56782f729a3bdbd1678f152300b0d3381a26d14cb2121397a67

    SHA512

    8ed3121eca2f8b4ef0fe75d45bae2f235bbe012727e67272dbdc2bdc4678454767dbb4843c7e4bd82aa5e9f25c0a7b5a7c8f6c0c054067908fa5f0ad66f2990a

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    ee7a3c3f0605c843f32daddfea6ac43f

    SHA1

    b8f031e849b1c6aa169ac3c536b6382febe2d8b7

    SHA256

    8fce88b529770e3813f9b1062023f7832a6730cd67f46b71f35004cdb63e7175

    SHA512

    c4fcfda6c6862ccedcb6961582c55ab6b2bacfecdc300e2812f5ec6382717202ee4f7243257f2415a0b6caea08c0f20aafc1b159d0836a31a968e735e76e70b1

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    f0cdf46d7dea2258b0173b24e53df580

    SHA1

    a1ed66578707686aa5dace14f582f15774c2ea92

    SHA256

    41fb98be9ced15da16b2347739a379ab53a740185dcb773cbb23a6db74eb6794

    SHA512

    c5b560893c8ae17c3a4485afd5cf92b7a963cd2d4cf1380ab466037512b11546576a817bed0ece786096963ccca11584526a9c961d4ca7bd4ebea54cbe64586b

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA
    Filesize

    392B

    MD5

    114ac3354f4491f428d714c65d1a8800

    SHA1

    2b5a7a82e85aa896127b3166f1fe39080db07c35

    SHA256

    dcd3e2e48ca247fd09f1eb367acd02d5119cfcc7b1096e31e866bd27e9262844

    SHA512

    023bf83f099f7e8fe3ea54478d486d5a03c72aac666ebc0de048abcdaf54258d703663d2ffcd1463ad3f569e9deb3b138303f2e1850e2fe43f930b3a0fc5ee14

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\E87CE99F124623F95572A696C80EFCAF_871E11B76822F93FE2DBF907A5A1D9A8
    Filesize

    402B

    MD5

    4a121ced5125876c1b028ceb294174c1

    SHA1

    a8eb37409332a0b015bdeab2b5c8dddadf2a00da

    SHA256

    d64156b9adcbb0b0c61c4c512e8ca0d5b5ba4fea53fa03fbc6bf5e0261839f83

    SHA512

    3a43f1b1528658b30348c66d692ac5a993c0a063998ef51f88ac8f1b55b21a2f9dde3102019bef275b9c9b644bc3d9ee2292e29692f2d06cf77c7a8873899f68

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{07BDC5E1-4FF6-11ED-8FA0-42A98B637845}.dat
    Filesize

    4KB

    MD5

    4aa92ea38c479a683337ebf266a790c0

    SHA1

    6179f3aaa18a6898293157edaada6cd397de067c

    SHA256

    fea9bab9ddf7082759b1ff60e4fe43652ea1c27fe9a59495e7b2a30620e2f001

    SHA512

    8e6cf38ffe38ce01406f8f2ad615cb55e35314f5336b897dcfb0c97002ddf89ead26bb3d3a147a6b34e7e95ab1e812632b4efdfe860ae444e52c4b71f0f17397

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{07BDECF1-4FF6-11ED-8FA0-42A98B637845}.dat
    Filesize

    5KB

    MD5

    cb99499a1c73dd806a4f0643f0dd2e2c

    SHA1

    37aeb3e0129231577b9da67dea487c61723d6cd7

    SHA256

    be86fad38f4f71d2b3058af073b015d58d1b8ac07195e7b046f474297663b07a

    SHA512

    45e242cc555e304ab7a14de8cc262c40ca56668165c840c5dff567c6eb2000a5e4c6d64cf2ded95a7ade4285da6b586788dc7e66929078106a195333e0b637f0

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\imagestore\1evexod\imagestore.dat
    Filesize

    19KB

    MD5

    91246e07a71a2c2a1dea5ee89339a28d

    SHA1

    144a809b156d87d3a473d9839685755a743f9915

    SHA256

    0dc70776e594959210c8de52778fdc5b2dac61e4978ef86fbb1b658e2ea93bfa

    SHA512

    5d44fe21ca813a60f34d971e8a68c57d2f35bd4f009b59bc9c6c94281d37c50c8b6fc5fed1ce6ed1b6ff61c24ae5f15c34851d512aa880748468816be05887ad

    Download Submit

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\HG0Q532V.txt
    Filesize

    606B

    MD5

    a2ff0ef809a742c6cd0bacf92f49cb6b

    SHA1

    949fb871d092fd5797b86baafaa97683eddc95d6

    SHA256

    6cc2fa9d3da2223795a0a5c34fc2b48d7a113a2b8c9a0e7bcbe62225d13e9084

    SHA512

    f7f78d37818f5724c47b76510ce167ac83803b59e38fd76294ba56d59d48148ed28f7e5034a74f9496651ab589e53e286d6de22c8fb35bdaafbea63170335903

    Download Submit

  • C:\game.exe
    Filesize

    135KB

    MD5

    22d32aa8429775b3abc47291a3883851

    SHA1

    3b39345aa462af03b868c94a674886c0a995db48

    SHA256

    b2f96bb0befdcf0a6adc0875517f31670582fd8ba2d2eb643be966c7834bd925

    SHA512

    7ddf9f5f900026cfdead2272bb8ae69571053adf829f199ffc35fb009ef9c8dd11cd61f14c46f3235781405899d5363159cc9f02d05cd60b97614452ad219a07

    Download Submit

  • memory/1512-54-0x00000000756A1000-0x00000000756A3000-memory.dmp

    Filesize

    8KB

    Download