Overview

overview

8

Static

static

56259aeda9...30.exe

windows7-x64

8

56259aeda9...30.exe

windows10-2004-x64

8

Analysis

  • max time kernel
    150s
  • max time network
    156s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20220812-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
  • submitted
    21-10-2022 05:24

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    56259aeda9cbd5498eab6de3a5fb8de4f7f1982d7e52de5ea11d1e45e8178230.exe

  • Size

    212KB

  • MD5

    5425fed3d805a988da16ce27dc6f6024

  • SHA1

    b5468f6eac632d25a213275c03c77702896651bb

  • SHA256

    56259aeda9cbd5498eab6de3a5fb8de4f7f1982d7e52de5ea11d1e45e8178230

  • SHA512

    66f669b24844d4416f505abd28c615203bd9205fb5e7f2a44d0240d893ea3ed1b51d507be1180b4df1e1235658f2c88f8233cb2a8339c17807078e2b99f8a8c2

  • SSDEEP

    6144:dcyyU/A5rZRLEhFTnRa26s+Wdz8V7Wdfwn1nbmuSDmk:dHp/urb4A1WdBfr

Score
8/10

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Drops file in Program Files directory 2 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

  • Modifies Internet Explorer settings 1 TTPs 36 IoCs
    adwarespyware
  • Modifies registry class 60 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 8 IoCs
  • Suspicious use of WriteProcessMemory 13 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\56259aeda9cbd5498eab6de3a5fb8de4f7f1982d7e52de5ea11d1e45e8178230.exe
    "C:\Users\Admin\AppData\Local\Temp\56259aeda9cbd5498eab6de3a5fb8de4f7f1982d7e52de5ea11d1e45e8178230.exe"
    1⤵
    • Drops file in Program Files directory
    • Modifies registry class
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:5000
    • \??\c:\Program Files4MT0N6.exe
      "c:\Program Files4MT0N6.exe"
      2⤵
      • Executes dropped EXE
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:4564
      • C:\Program Files\Internet Explorer\IEXPLORE.exe
        "C:\Program Files\Internet Explorer\IEXPLORE.exe" http://dl.kanlink.cn:1287/CPAdown/vplay.php
        3⤵
        • Modifies Internet Explorer settings
        • Suspicious behavior: GetForegroundWindowSpam
        • Suspicious use of FindShellTrayWindow
        • Suspicious use of SetWindowsHookEx
        • Suspicious use of WriteProcessMemory
        PID:224
        • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
          "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:224 CREDAT:17410 /prefetch:2
          4⤵
          • Modifies Internet Explorer settings
          • Suspicious use of SetWindowsHookEx
          PID:2568
      • C:\Program Files\Internet Explorer\IEXPLORE.exe
        "C:\Program Files\Internet Explorer\IEXPLORE.exe" http://dl.kanlink.cn:1287/CPAdown/PPTV(pplive)_forjieku_977.html
        3⤵
        • Modifies Internet Explorer settings
        PID:2756
    • C:\Windows\SysWOW64\WScript.Exe
      WScript.Exe jies.bak.vbs
      2⤵
        PID:3840

    Network

    MITRE ATT&CK Enterprise v6

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Program Files4MT0N6.exe
      Filesize

      36KB

      MD5

      a39072ae25391c08392af74ac9a6d5fd

      SHA1

      8f520e2f7b3cc35ea0ca10b606379945d7db2034

      SHA256

      058c92e4867bf3b244216786b9c0fadf861956b87ebd32154f0afdd95cc00a03

      SHA512

      c84f8871f0086e5e590e41cee5fcace70492d6ad2d1a35aa9ff88c21a89e1365308da0dce77df1914a0f075a32ed4e5939414e89c6f52a72803c594d83b478d0

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776
      Filesize

      471B

      MD5

      7550b85aee4221c59808672005ed8855

      SHA1

      aeb269eff06f518132b9ecea824523fa125ba2d2

      SHA256

      2b1c1e36c5419b7b3351aad8a08fee019473c832fe242ec2bf438b160d5eb8b2

      SHA512

      216d401cb461099f7d2f3626957800cba77308b790ec181e2affb97339570bb9e168a56f3264cad79cd60589637679728fb2a87199a91667dc3ccfd4117f2bab

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776
      Filesize

      434B

      MD5

      5dd3d37963b7862633d1cb5c034df47e

      SHA1

      824637b78800f121c857283f535972b451ca1e2b

      SHA256

      ffa10a1df4bd6248242263c29e0a13625ac570d6d4376335c0bd2e427663f40b

      SHA512

      b32260d8665efe09a235720c92a881ccf12086c0b24484848147ffe0997b425f293ca12d1b7c7616c0edd0c5fe2117ae1d71a1c91b1794c9ac4fedae0527e859

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\jies.bak.vbs
      Filesize

      486B

      MD5

      340efa9ce90a8c057178d1295e999354

      SHA1

      7bcbeef550d74b554d84b166d72de5a66a4afd21

      SHA256

      55eb47aa67a4ef38cc7ed97fcb70a511892a2dcc8fb1e7580083f7af5a621e6d

      SHA512

      4a12a3e0f9b189dc61df965ac1b1a8a03e53ac05bff9368b21f05c73c612ee763a9b4312cc630bbeb951fd379eb8852507ea6d87eeb94cde87990fd0c3fca105

      Download Submit

    • \??\c:\Program Files4MT0N6.exe
      Filesize

      36KB

      MD5

      a39072ae25391c08392af74ac9a6d5fd

      SHA1

      8f520e2f7b3cc35ea0ca10b606379945d7db2034

      SHA256

      058c92e4867bf3b244216786b9c0fadf861956b87ebd32154f0afdd95cc00a03

      SHA512

      c84f8871f0086e5e590e41cee5fcace70492d6ad2d1a35aa9ff88c21a89e1365308da0dce77df1914a0f075a32ed4e5939414e89c6f52a72803c594d83b478d0

      Download Submit