Overview

overview

8

Static

static

140c5c5f5c...5f.exe

windows7-x64

8

140c5c5f5c...5f.exe

windows10-2004-x64

8

Analysis

  • max time kernel
    144s
  • max time network
    160s
  • platform
    windows7_x64
  • resource
    win7-20220812-en
  • resource tags

    arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
  • submitted
    20/10/2022, 01:20

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    140c5c5f5c18de9627b0c5de6773be896375979c14d8eeb5f214d7cd7c46905f.exe

  • Size

    200KB

  • MD5

    4d3cd27b04757cbee353f2d695aaadd6

  • SHA1

    a60669e7cf30bd313af33f2c835851d37f5ba43d

  • SHA256

    140c5c5f5c18de9627b0c5de6773be896375979c14d8eeb5f214d7cd7c46905f

  • SHA512

    52744da35e6e6cc42a85fb80bd21b6601ab63bebcea322f6a9132f29a74b194f2f73448ff2abf15c67d180cc093d12f707f77e953aed7f5d357189cc5fe9c16d

  • SSDEEP

    3072:DyzGoDoxz/ch6pSPKAtArmLuAl5aFmCUlK3eDjyF/kPbV1P1oX1l:DySGwz0TBtArmlFhKuDOFcjCl

Score
8/10

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Drops startup file 2 IoCs
  • Loads dropped DLL 2 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

  • Modifies Internet Explorer settings 1 TTPs 36 IoCs
    adwarespyware
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 8 IoCs
  • Suspicious use of WriteProcessMemory 12 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\140c5c5f5c18de9627b0c5de6773be896375979c14d8eeb5f214d7cd7c46905f.exe
    "C:\Users\Admin\AppData\Local\Temp\140c5c5f5c18de9627b0c5de6773be896375979c14d8eeb5f214d7cd7c46905f.exe"
    1⤵
    • Drops startup file
    • Loads dropped DLL
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:576
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" http://goo.gl/5UGSXR
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:2028
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2028 CREDAT:275457 /prefetch:2
        3⤵
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:1468
    • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\¯«²§±©¾¦¾.exe
      "C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\¯«²§±©¾¦¾.exe"
      2⤵
      • Executes dropped EXE
      • Suspicious use of SetWindowsHookEx
      PID:2008

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
    Filesize

    60KB

    MD5

    d15aaa7c9be910a9898260767e2490e1

    SHA1

    2090c53f8d9fc3fbdbafd3a1e4dc25520eb74388

    SHA256

    f8ebaaf487cba0c81a17c8cd680bdd2dd8e90d2114ecc54844cffc0cc647848e

    SHA512

    7e1c1a683914b961b5cc2fe5e4ae288b60bab43bfaa21ce4972772aa0589615c19f57e672e1d93e50a7ed7b76fbd2f1b421089dcaed277120b93f8e91b18af94

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    304B

    MD5

    069d8d30a5d6cab9dee2f9dbb45bd334

    SHA1

    f3f318e636c030ad4e2f8d12b2a61345d1191da2

    SHA256

    90079043ffa0782e1ee9acb1cae90d1f2c8c7300c9a02aff301900b58bffafbb

    SHA512

    6839231f6fb47b8de8ae7d3dc9878787c14fb8c595e2cafb00a716c0dc973960669d06a3f315f534e5fd1d94e49a5aa4d50859d42b453e7145666f4c77896603

    Download Submit

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\4EJVTURD.txt
    Filesize

    606B

    MD5

    4f65e3f108526e7bf96eed7c2a76f777

    SHA1

    8ad6aabb74abdc3deddd79684586ee9ae22056d2

    SHA256

    7e2c3cdc7dfb9569615e13828492e8b8b367e93e8bbc38de54d132c384f0e5d7

    SHA512

    b5608f6c653c69351707c4b084eca2447f9f3ee89dd8bf640b61ad17ea7d8f00c2c2d80c9f4e48d70a360ad3f1fe81685ee2d83ac3c4f4163afa45fb4966934f

    Download Submit

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\¯«²§±©¾¦¾.exe
    Filesize

    200KB

    MD5

    4d3cd27b04757cbee353f2d695aaadd6

    SHA1

    a60669e7cf30bd313af33f2c835851d37f5ba43d

    SHA256

    140c5c5f5c18de9627b0c5de6773be896375979c14d8eeb5f214d7cd7c46905f

    SHA512

    52744da35e6e6cc42a85fb80bd21b6601ab63bebcea322f6a9132f29a74b194f2f73448ff2abf15c67d180cc093d12f707f77e953aed7f5d357189cc5fe9c16d

    Download Submit

  • \Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\¯«²§±©¾¦¾.exe
    Filesize

    200KB

    MD5

    4d3cd27b04757cbee353f2d695aaadd6

    SHA1

    a60669e7cf30bd313af33f2c835851d37f5ba43d

    SHA256

    140c5c5f5c18de9627b0c5de6773be896375979c14d8eeb5f214d7cd7c46905f

    SHA512

    52744da35e6e6cc42a85fb80bd21b6601ab63bebcea322f6a9132f29a74b194f2f73448ff2abf15c67d180cc093d12f707f77e953aed7f5d357189cc5fe9c16d

    Download Submit

  • \Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\¯«²§±©¾¦¾.exe
    Filesize

    200KB

    MD5

    4d3cd27b04757cbee353f2d695aaadd6

    SHA1

    a60669e7cf30bd313af33f2c835851d37f5ba43d

    SHA256

    140c5c5f5c18de9627b0c5de6773be896375979c14d8eeb5f214d7cd7c46905f

    SHA512

    52744da35e6e6cc42a85fb80bd21b6601ab63bebcea322f6a9132f29a74b194f2f73448ff2abf15c67d180cc093d12f707f77e953aed7f5d357189cc5fe9c16d

    Download Submit

  • memory/576-56-0x0000000075911000-0x0000000075913000-memory.dmp

    Filesize

    8KB

    Download