Overview

overview

7

Static

static

1

172c80c4b2...31.exe

windows7-x64

7

172c80c4b2...31.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    79s
  • max time network
    152s
  • platform
    windows7_x64
  • resource
    win7-20220901-en
  • resource tags

    arch:x64arch:x86image:win7-20220901-enlocale:en-usos:windows7-x64system
  • submitted
    28/10/2022, 23:10

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    172c80c4b27d5de620bad47ce28da191abd6a538b59388ff02bad7055acd8031.exe

  • Size

    407KB

  • MD5

    0ac59133410a2dae4034ca65947894f7

  • SHA1

    66cc95aa2eead2b5323fd4237887d947c9365993

  • SHA256

    172c80c4b27d5de620bad47ce28da191abd6a538b59388ff02bad7055acd8031

  • SHA512

    76e65b0582ddb5c9c0e66dc5fe0c56159ec3a43ecc84c998f303b179430ef5b0791207520f0653994f244b96018acdc224b1a7b1752493261c101608108b7ca0

  • SSDEEP

    3072:vsBD6HJfcDDXJ8DRF+SKfJkuPutWiOIyZmzzu:vPpKCDRF+SKBkuPutWiOIFfu

Score
7/10

Malware Config

Signatures

  • Loads dropped DLL 4 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

  • Modifies Internet Explorer settings 1 TTPs 36 IoCs
    adwarespyware
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 11 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\172c80c4b27d5de620bad47ce28da191abd6a538b59388ff02bad7055acd8031.exe
    "C:\Users\Admin\AppData\Local\Temp\172c80c4b27d5de620bad47ce28da191abd6a538b59388ff02bad7055acd8031.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious use of WriteProcessMemory
    PID:1308
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" http://www.hopdream.com/
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:1388
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1388 CREDAT:275457 /prefetch:2
        3⤵
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:1660

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    5ca44c9f6a56b8da2f72045af8fcfdb9

    SHA1

    442262dd515b08a413f0a1b86917e742f5908194

    SHA256

    c44a41d285167e1ffeca3e669ffeef5712622c4546c5150e621ba674afe1f556

    SHA512

    f4ed58945819dda23e2195af9371572bfe85316b944ad43fafabc498b0e22328b4a964adce2ea2baf760c42232cbe5257ef3e26c3cfe9ec38186b2ce10acb12a

    Download Submit

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\S70ROGND.txt
    Filesize

    608B

    MD5

    c24d890369db761f4c6c3a8350dad078

    SHA1

    df45d807a8fba414ffbc78af3e9aecca0a8fdb76

    SHA256

    d87d86bbfc65b0d89c00fd097a94ff45977879ce5f5fbe6e69d37ce912999a02

    SHA512

    a57de6751e93fbc63bbaaef160df831fc6203671b648cdde4cae2377068ffdb733848437f31c2271a3683121d81386288d07204d3f50cdf6f6b5366cf7b752b6

    Download Submit

  • \Users\Admin\AppData\Local\Temp\nst59E.tmp\inetc.dll
    Filesize

    20KB

    MD5

    e541458cfe66ef95ffbea40eaaa07289

    SHA1

    caec1233f841ee72004231a3027b13cdeb13274c

    SHA256

    3bce87b66d9272c82421920c34b0216e12c57a437d1955c36f23c74c1a01d420

    SHA512

    0bf6313e4cb7bbdcfba828fb791540b630adc58c43aa4b5ba77790367d0f34f76077cd84cc62e2a2c98c788a88547f32a11e549873d172c5aa2753124847cd0c

    Download Submit

  • \Users\Admin\AppData\Local\Temp\nst59E.tmp\inetc.dll
    Filesize

    20KB

    MD5

    e541458cfe66ef95ffbea40eaaa07289

    SHA1

    caec1233f841ee72004231a3027b13cdeb13274c

    SHA256

    3bce87b66d9272c82421920c34b0216e12c57a437d1955c36f23c74c1a01d420

    SHA512

    0bf6313e4cb7bbdcfba828fb791540b630adc58c43aa4b5ba77790367d0f34f76077cd84cc62e2a2c98c788a88547f32a11e549873d172c5aa2753124847cd0c

    Download Submit

  • \Users\Admin\AppData\Local\Temp\nst59E.tmp\inetc.dll
    Filesize

    20KB

    MD5

    e541458cfe66ef95ffbea40eaaa07289

    SHA1

    caec1233f841ee72004231a3027b13cdeb13274c

    SHA256

    3bce87b66d9272c82421920c34b0216e12c57a437d1955c36f23c74c1a01d420

    SHA512

    0bf6313e4cb7bbdcfba828fb791540b630adc58c43aa4b5ba77790367d0f34f76077cd84cc62e2a2c98c788a88547f32a11e549873d172c5aa2753124847cd0c

    Download Submit

  • \Users\Admin\AppData\Local\Temp\nst59E.tmp\inetc.dll
    Filesize

    20KB

    MD5

    e541458cfe66ef95ffbea40eaaa07289

    SHA1

    caec1233f841ee72004231a3027b13cdeb13274c

    SHA256

    3bce87b66d9272c82421920c34b0216e12c57a437d1955c36f23c74c1a01d420

    SHA512

    0bf6313e4cb7bbdcfba828fb791540b630adc58c43aa4b5ba77790367d0f34f76077cd84cc62e2a2c98c788a88547f32a11e549873d172c5aa2753124847cd0c

    Download Submit

  • memory/1308-54-0x0000000074DA1000-0x0000000074DA3000-memory.dmp

    Filesize

    8KB

    Download