Overview

overview

8

Static

static

5

55ded8c9fa...fd.exe

windows7-x64

8

55ded8c9fa...fd.exe

windows10-2004-x64

8

Analysis

  • max time kernel
    106s
  • max time network
    146s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20220901-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20220901-enlocale:en-usos:windows10-2004-x64system
  • submitted
    19/10/2022, 17:00

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    55ded8c9fad7ad666308cf944a3c8be50b3772a82a1b3e8116b228bafbc9f1fd.exe

  • Size

    674KB

  • MD5

    90b6b07cfeca444beae29075302c6a5c

  • SHA1

    982740d05dbd3aa13a584d76f55f7562416523d7

  • SHA256

    55ded8c9fad7ad666308cf944a3c8be50b3772a82a1b3e8116b228bafbc9f1fd

  • SHA512

    4b345dab7b7f57972a588c36f6caa8183740a5df2474bd6ceb6efc46003547baea4a41f83151d8466088ded7606d758d8a6b40c836c6995668542bc346851bc8

  • SSDEEP

    12288:HZjMLf11MmPQeRXEHYYS3gA0FJO1t3r6QYrOmok4:HafIiy4NwdLpQoOmok4

Score
8/10

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

  • Modifies Internet Explorer settings 1 TTPs 64 IoCs
    adwarespyware
  • Modifies registry class 1 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of FindShellTrayWindow 5 IoCs
  • Suspicious use of SendNotifyMessage 3 IoCs
  • Suspicious use of SetWindowsHookEx 10 IoCs
  • Suspicious use of WriteProcessMemory 13 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\55ded8c9fad7ad666308cf944a3c8be50b3772a82a1b3e8116b228bafbc9f1fd.exe
    "C:\Users\Admin\AppData\Local\Temp\55ded8c9fad7ad666308cf944a3c8be50b3772a82a1b3e8116b228bafbc9f1fd.exe"
    1⤵
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    • Suspicious use of WriteProcessMemory
    PID:1504
    • C:\game.exe
      C:\game.exe
      2⤵
      • Executes dropped EXE
      • Modifies registry class
      PID:3392
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" http://down.xingkongjisu.com/flashplayer.htm?52b
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:2312
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2312 CREDAT:17410 /prefetch:2
        3⤵
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:3216
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" http://www.on86.com
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious behavior: GetForegroundWindowSpam
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:3240
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:3240 CREDAT:17410 /prefetch:2
        3⤵
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:3828

Network

        MITRE ATT&CK Enterprise v6

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA
          Filesize

          1KB

          MD5

          19f6edd81276d02dd8e6deb50ad30f35

          SHA1

          e296cebefb8ae9c12681b2817dabd6e2b43f8c02

          SHA256

          40b40633767f009406c2bc70df86f5242f9ad1b698704e763f79bfd748c9dba9

          SHA512

          8d654df1de235b5a9308736e39823698bb9bfbb9ca185beda89df630bf1647e57effdfba285db454aeeb5dc64f09dfbe1a21a29e814fb14fea5322e4337020d0

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776
          Filesize

          471B

          MD5

          d3ff0edeee7d1ea5754d8a290ae01189

          SHA1

          253ee24a4776d30bac0aedd7ea213adea6acb6f9

          SHA256

          e2e542a3681c428c021d38e608dffa43da666f6f3c53f623c21dc184639b222b

          SHA512

          ab14449059ae31856026e8d8cb0ec0b4158da0fd19f2a73940a159574a9084ce6a09ac05fb80ef3ab11cd9b1395dce021872215baced48f9e8a0bf7311000db7

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776
          Filesize

          471B

          MD5

          d3ff0edeee7d1ea5754d8a290ae01189

          SHA1

          253ee24a4776d30bac0aedd7ea213adea6acb6f9

          SHA256

          e2e542a3681c428c021d38e608dffa43da666f6f3c53f623c21dc184639b222b

          SHA512

          ab14449059ae31856026e8d8cb0ec0b4158da0fd19f2a73940a159574a9084ce6a09ac05fb80ef3ab11cd9b1395dce021872215baced48f9e8a0bf7311000db7

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA
          Filesize

          724B

          MD5

          f569e1d183b84e8078dc456192127536

          SHA1

          30c537463eed902925300dd07a87d820a713753f

          SHA256

          287bc80237497eb8681dbf136a56cc3870dd5bd12d48051525a280ae62aab413

          SHA512

          49553b65a8e3fc0bf98c1bc02bae5b22188618d8edf8e88e4e25932105796956ae8301c63c487e0afe368ea39a4a2af07935a808f5fb53287ef9287bc73e1012

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\E87CE99F124623F95572A696C80EFCAF_7DD59375F5F188E24150CF26FFD79104
          Filesize

          472B

          MD5

          cd396ed18da096e2dc38545a57749359

          SHA1

          546cea0bd9b6b27b3050f84525a0fcdf02d9627b

          SHA256

          020df93337b25383ccc3d4dfc35944cdfe8139deb36a72b950ae41274e521e42

          SHA512

          57c7ae8431e7fff259846cae7a1b7dc8c07b1f98376e3953dfe5b43e39258917cd29ea7562a270042389a24584ea83b4e15aa5d5d9f24365dbb4dcbcedb7de25

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\E87CE99F124623F95572A696C80EFCAF_871E11B76822F93FE2DBF907A5A1D9A8
          Filesize

          472B

          MD5

          d5fb2bb3183bdfca2229aed607409df3

          SHA1

          38a419a7a186a78ff8a07be3321947f846ebf958

          SHA256

          7ed2d84b138292743f14fa88fd204c5bb02155cba62bbc59ee4358f27f9b96a1

          SHA512

          1b778899aed9a4aea5c4ca9f80088527694465cd20157584fb6f834b2b66ee179bfb4f91e7a2484f47a24aa92ad745877d6753f091a3a800c989df22b1efdebe

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA
          Filesize

          410B

          MD5

          b1ba882c099ed5d14776d2e8e8f068f8

          SHA1

          28fd2f4d30815edfb5ce741e3be49ed4f5e7e64a

          SHA256

          11cf2fcfc65fb8a400d2ae2f143de355377b87b497f9c2ab20d539465973314c

          SHA512

          d53a41c74e802292eb685404a1660cb880e5d26e5a6a48ee5d87a9fb2b5776c313c982f19b0795bb936a6fda059f7a14ccd0d35e021909c5a1fee314741a97a3

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776
          Filesize

          434B

          MD5

          a4fec397be6c2b5b923ae42815365aab

          SHA1

          f6a5ae03269160f89bd07ae522ac7f4943c02f1d

          SHA256

          ae779de85538150302146172e11c9159a224644a7c948f2bfff12139f6d96f36

          SHA512

          a17ca69d899b5109ed9d8f71d8a8659aa70a7972cb92b155e6fbb71ca36181a99e1619c991ded95a34e8c71e7f3bef31a738b64bf041fa0300f452f72aa15ea0

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776
          Filesize

          434B

          MD5

          45435c123cdb0da6a8f3ca11549ec253

          SHA1

          b7d8e1e64f2414d3baccf2ccdb9c9c7c53ac4141

          SHA256

          39b687b4d848b6a530884ed67b018170c485e55c528d6377ef7c45785044c09d

          SHA512

          0d9fd31fab0bcb1b11fbbd85fb07c5c0bfa9471daa865eea82bd4525457af9bd38f3e97fdd1a3cc569dbe581d6c85d68c750fecc0c12ee84f92c7fd8c8aaceac

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA
          Filesize

          392B

          MD5

          210292ddf7f44fe95034eff220e2275b

          SHA1

          e8b14eebe4bdffbe266c6edeae0a92272579b0b7

          SHA256

          7a67ce468e43db5b1f50ced7e2b8fa579c40ab5709aff8b5e10354d30a521810

          SHA512

          33fe7bcfe493812ac77a64f0c024877734d2c9d2886999026a4a48a49e28b8f140469f23b56f2b22969cf1d0986a361d75642c21947e4aefa309319fb1505d53

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\E87CE99F124623F95572A696C80EFCAF_7DD59375F5F188E24150CF26FFD79104
          Filesize

          402B

          MD5

          063fdb2b2c423c9fa94449744532c24a

          SHA1

          dd94c087ea7ceceba321a64080cecbc68c162422

          SHA256

          6faa04b60ef0ed56b9778decdc115267424a0d2f340feca40c025d184996b1a3

          SHA512

          d47b0a293f602470231c3d20438872a7f2eb141389c7b7cd5ef3fe796c7ddfd86e63af31d6433abc4237787422dc44d3eef1c5e9aa3be6e640891eb3489844c7

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\E87CE99F124623F95572A696C80EFCAF_871E11B76822F93FE2DBF907A5A1D9A8
          Filesize

          402B

          MD5

          1e736956ad1f59ea61fad4a074a8a0f5

          SHA1

          893661e9cf9ff671ccc827d7b6675242e20deb37

          SHA256

          b10f728ecf5fdfb933635f6be37de552cf6e11ab530e4b4d0c242d3a9861c1d9

          SHA512

          dedcf8e4e4c0548c1fc97714392e2de1c4128d8ea282ed982275882fd6b0eab3bc6ddd6f68007926a4bfd74c22fb2818d3bcee5566bd69f49ca478d2502eb764

          Download Submit

        • C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{2C6E0922-4FE5-11ED-A0EE-E6C35CACCF0B}.dat
          Filesize

          3KB

          MD5

          45ec5e85ca2c36fd0a12d60728a5cd4b

          SHA1

          378467987483b65533e90aabb63f56b60f03c5a0

          SHA256

          200a83d03e48aca8fab12979a24fb63a7c12598c6369fe394f91b7c187476437

          SHA512

          1b2bf1a9bf0a11bb0d08d4d3f36b0cee0ef08374a5facbb541be825cbc252c973ba340a56a0bdae8d377f9423629e4fdf1fb895bb0c39f586ce0cd62992a2772

          Download Submit

        • C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{2C6E3032-4FE5-11ED-A0EE-E6C35CACCF0B}.dat
          Filesize

          5KB

          MD5

          fbe8f3ca233f9e72193bc60d707f4c8b

          SHA1

          df81f4f20f36cc1a18b3d1e154f0d265d0369bc2

          SHA256

          3757727f2bfb89baf760221a4191fbe517113e99c1945d4bc1b5f22301031b62

          SHA512

          d1599a828b63522f9db56a9dbfef84f753ca4c816847dbb053f0de78251f111988c93008e861ee45d6f2080c1c6a4b05de01eead8a6ffa0bd52f19c4565608fb

          Download Submit

        • C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\imagestore\ckj4gk4\imagestore.dat
          Filesize

          15KB

          MD5

          3d8cce73355577ca7ef4a70d4197a18d

          SHA1

          8bddd194cdba6bbc2ae6c45eb74e6a69291c1c62

          SHA256

          cdc4f59f19945261a8a177789aff704a56dd45197f387e129429a086d825cd9c

          SHA512

          bf86d30deee5d70b6529d2b7fa86322e6fa3d3856a7855d2c5fb83cca31a4676bcc657e12483d69eaf9ae4144a8cf6debb4b33e69487e9a04e83089cb4ad9714

          Download Submit

        • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\ZX6MAMIN\chevron[1].svg
          Filesize

          200B

          MD5

          11b3089d616633ca6b73b57aa877eeb4

          SHA1

          07632f63e06b30d9b63c97177d3a8122629bda9b

          SHA256

          809fb4619d2a2f1a85dbda8cc69a7f1659215212d708a098d62150eee57070c1

          SHA512

          079b0e35b479dfdbe64a987661000f4a034b10688e26f2a5fe6aaa807e81ccc5593d40609b731ab3340e687d83dd08de4b8b1e01cdac9d4523a9f6bb3acfcba0

          Download Submit

        • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\ZX6MAMIN\search[1].svg
          Filesize

          391B

          MD5

          a6ad6e65373db8c1b1f154c4c83f8ce5

          SHA1

          84cc007d6d682c589e1e1f87482a5278830f3000

          SHA256

          920a378947204498c122722933b3a4b67788a2b6fade8bd0d47cf830eeee0563

          SHA512

          09b6d4711c284b1a04c9c4d874f3d1ddfc876c1491fb2aa283a13505bcdbfe90b02731d0b7ad5f492b1dda2161a4afe20040801ea634d2727cde84319adfb1d2

          Download Submit

        • C:\game.exe
          Filesize

          135KB

          MD5

          22d32aa8429775b3abc47291a3883851

          SHA1

          3b39345aa462af03b868c94a674886c0a995db48

          SHA256

          b2f96bb0befdcf0a6adc0875517f31670582fd8ba2d2eb643be966c7834bd925

          SHA512

          7ddf9f5f900026cfdead2272bb8ae69571053adf829f199ffc35fb009ef9c8dd11cd61f14c46f3235781405899d5363159cc9f02d05cd60b97614452ad219a07

          Download Submit

        • C:\game.exe
          Filesize

          135KB

          MD5

          22d32aa8429775b3abc47291a3883851

          SHA1

          3b39345aa462af03b868c94a674886c0a995db48

          SHA256

          b2f96bb0befdcf0a6adc0875517f31670582fd8ba2d2eb643be966c7834bd925

          SHA512

          7ddf9f5f900026cfdead2272bb8ae69571053adf829f199ffc35fb009ef9c8dd11cd61f14c46f3235781405899d5363159cc9f02d05cd60b97614452ad219a07

          Download Submit