cced7ad781092ad81548ef53175e8ee25d3262ed432ae22f3b0accf6ce48c57d

Analysis

max time kernel
43s
max time network
156s
platform
windows7_x64
resource
win7-20220901-en
resource tags

arch:x64arch:x86image:win7-20220901-enlocale:en-usos:windows7-x64system
submitted
29-10-2022 01:13

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

cced7ad781092ad81548ef53175e8ee25d3262ed432ae22f3b0accf6ce48c57d.exe
Size

918KB
MD5

0c16e792d4d6d62fb37eca6535c29480
SHA1

40f5cce898178771defcbe4ba88d9ea7d470b5b0
SHA256

cced7ad781092ad81548ef53175e8ee25d3262ed432ae22f3b0accf6ce48c57d
SHA512

b76a135765e62afad6e971b66747be730a18d8385c9a2058209bdf9960483569b97876a0e7481bb1d2ddaa1e78446a21c8a7a8f53475f0b3c2b35793fc776e3c
SSDEEP

24576:zf0/qRqCR7mityfQ6lcOM6EhmEL6a9E5arY:UqEfQ650mx5arY

Score

3^/10

Malware Config

Signatures

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

System Information Discovery
T1082

Modifies Internet Explorer settings 1 TTPs 49 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Set value (int)	\REGISTRY\USER\S-1-5-21-4063495947-34355257-727531523-1000\Software\Microsoft\Internet Explorer\DOMStorage\baidu.com\Total = "5"	cced7ad781092ad81548ef53175e8ee25d3262ed432ae22f3b0accf6ce48c57d.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4063495947-34355257-727531523-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.baidu.com\ = "89"	cced7ad781092ad81548ef53175e8ee25d3262ed432ae22f3b0accf6ce48c57d.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4063495947-34355257-727531523-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.baidu.com\ = "100"	cced7ad781092ad81548ef53175e8ee25d3262ed432ae22f3b0accf6ce48c57d.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4063495947-34355257-727531523-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "0"	cced7ad781092ad81548ef53175e8ee25d3262ed432ae22f3b0accf6ce48c57d.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4063495947-34355257-727531523-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "5"	cced7ad781092ad81548ef53175e8ee25d3262ed432ae22f3b0accf6ce48c57d.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4063495947-34355257-727531523-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "100"	cced7ad781092ad81548ef53175e8ee25d3262ed432ae22f3b0accf6ce48c57d.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4063495947-34355257-727531523-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.baidu.com\ = "5445"	cced7ad781092ad81548ef53175e8ee25d3262ed432ae22f3b0accf6ce48c57d.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4063495947-34355257-727531523-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.baidu.com\ = "5458"	cced7ad781092ad81548ef53175e8ee25d3262ed432ae22f3b0accf6ce48c57d.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4063495947-34355257-727531523-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "35"	cced7ad781092ad81548ef53175e8ee25d3262ed432ae22f3b0accf6ce48c57d.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4063495947-34355257-727531523-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.baidu.com\ = "49"	cced7ad781092ad81548ef53175e8ee25d3262ed432ae22f3b0accf6ce48c57d.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4063495947-34355257-727531523-1000\Software\Microsoft\Internet Explorer\DOMStorage\baidu.com\Total = "0"	cced7ad781092ad81548ef53175e8ee25d3262ed432ae22f3b0accf6ce48c57d.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4063495947-34355257-727531523-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.baidu.com\ = "35"	cced7ad781092ad81548ef53175e8ee25d3262ed432ae22f3b0accf6ce48c57d.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4063495947-34355257-727531523-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "49"	cced7ad781092ad81548ef53175e8ee25d3262ed432ae22f3b0accf6ce48c57d.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4063495947-34355257-727531523-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "89"	cced7ad781092ad81548ef53175e8ee25d3262ed432ae22f3b0accf6ce48c57d.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4063495947-34355257-727531523-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.baidu.com\ = "5805"	cced7ad781092ad81548ef53175e8ee25d3262ed432ae22f3b0accf6ce48c57d.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4063495947-34355257-727531523-1000\Software\Microsoft\Internet Explorer\DOMStorage\baidu.com\Total = "8"	cced7ad781092ad81548ef53175e8ee25d3262ed432ae22f3b0accf6ce48c57d.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4063495947-34355257-727531523-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.baidu.com\ = "0"	cced7ad781092ad81548ef53175e8ee25d3262ed432ae22f3b0accf6ce48c57d.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4063495947-34355257-727531523-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "3"	cced7ad781092ad81548ef53175e8ee25d3262ed432ae22f3b0accf6ce48c57d.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4063495947-34355257-727531523-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "111"	cced7ad781092ad81548ef53175e8ee25d3262ed432ae22f3b0accf6ce48c57d.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4063495947-34355257-727531523-1000\Software\Microsoft\Internet Explorer\DOMStorage\baidu.com\Total = "5445"	cced7ad781092ad81548ef53175e8ee25d3262ed432ae22f3b0accf6ce48c57d.exe
Key created	\REGISTRY\USER\S-1-5-21-4063495947-34355257-727531523-1000\Software\Microsoft\Internet Explorer\Main	cced7ad781092ad81548ef53175e8ee25d3262ed432ae22f3b0accf6ce48c57d.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4063495947-34355257-727531523-1000\Software\Microsoft\Internet Explorer\DOMStorage\baidu.com\NumberOfSubdomains = "1"	cced7ad781092ad81548ef53175e8ee25d3262ed432ae22f3b0accf6ce48c57d.exe
Key created	\REGISTRY\USER\S-1-5-21-4063495947-34355257-727531523-1000\Software\Microsoft\Internet Explorer\TypedURLs	cced7ad781092ad81548ef53175e8ee25d3262ed432ae22f3b0accf6ce48c57d.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4063495947-34355257-727531523-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "57"	cced7ad781092ad81548ef53175e8ee25d3262ed432ae22f3b0accf6ce48c57d.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4063495947-34355257-727531523-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "8"	cced7ad781092ad81548ef53175e8ee25d3262ed432ae22f3b0accf6ce48c57d.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4063495947-34355257-727531523-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.baidu.com\ = "8"	cced7ad781092ad81548ef53175e8ee25d3262ed432ae22f3b0accf6ce48c57d.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4063495947-34355257-727531523-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.baidu.com\ = "5"	cced7ad781092ad81548ef53175e8ee25d3262ed432ae22f3b0accf6ce48c57d.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4063495947-34355257-727531523-1000\Software\Microsoft\Internet Explorer\DOMStorage\baidu.com\Total = "89"	cced7ad781092ad81548ef53175e8ee25d3262ed432ae22f3b0accf6ce48c57d.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4063495947-34355257-727531523-1000\Software\Microsoft\Internet Explorer\DOMStorage\baidu.com\Total = "5458"	cced7ad781092ad81548ef53175e8ee25d3262ed432ae22f3b0accf6ce48c57d.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4063495947-34355257-727531523-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "5805"	cced7ad781092ad81548ef53175e8ee25d3262ed432ae22f3b0accf6ce48c57d.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-4063495947-34355257-727531523-1000\Software\Microsoft\Internet Explorer\Main\Disable Script Debugger = "yes"	cced7ad781092ad81548ef53175e8ee25d3262ed432ae22f3b0accf6ce48c57d.exe
Key created	\REGISTRY\USER\S-1-5-21-4063495947-34355257-727531523-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total	cced7ad781092ad81548ef53175e8ee25d3262ed432ae22f3b0accf6ce48c57d.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4063495947-34355257-727531523-1000\Software\Microsoft\Internet Explorer\DOMStorage\baidu.com\Total = "111"	cced7ad781092ad81548ef53175e8ee25d3262ed432ae22f3b0accf6ce48c57d.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4063495947-34355257-727531523-1000\Software\Microsoft\Internet Explorer\DOMStorage\baidu.com\Total = "100"	cced7ad781092ad81548ef53175e8ee25d3262ed432ae22f3b0accf6ce48c57d.exe
Key created	\REGISTRY\USER\S-1-5-21-4063495947-34355257-727531523-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	cced7ad781092ad81548ef53175e8ee25d3262ed432ae22f3b0accf6ce48c57d.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-4063495947-34355257-727531523-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	cced7ad781092ad81548ef53175e8ee25d3262ed432ae22f3b0accf6ce48c57d.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4063495947-34355257-727531523-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "5445"	cced7ad781092ad81548ef53175e8ee25d3262ed432ae22f3b0accf6ce48c57d.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4063495947-34355257-727531523-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "5458"	cced7ad781092ad81548ef53175e8ee25d3262ed432ae22f3b0accf6ce48c57d.exe
Key created	\REGISTRY\USER\S-1-5-21-4063495947-34355257-727531523-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.baidu.com	cced7ad781092ad81548ef53175e8ee25d3262ed432ae22f3b0accf6ce48c57d.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4063495947-34355257-727531523-1000\Software\Microsoft\Internet Explorer\DOMStorage\baidu.com\Total = "57"	cced7ad781092ad81548ef53175e8ee25d3262ed432ae22f3b0accf6ce48c57d.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4063495947-34355257-727531523-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.baidu.com\ = "3"	cced7ad781092ad81548ef53175e8ee25d3262ed432ae22f3b0accf6ce48c57d.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4063495947-34355257-727531523-1000\Software\Microsoft\Internet Explorer\DOMStorage\baidu.com\Total = "3"	cced7ad781092ad81548ef53175e8ee25d3262ed432ae22f3b0accf6ce48c57d.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4063495947-34355257-727531523-1000\Software\Microsoft\Internet Explorer\DOMStorage\baidu.com\Total = "35"	cced7ad781092ad81548ef53175e8ee25d3262ed432ae22f3b0accf6ce48c57d.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4063495947-34355257-727531523-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.baidu.com\ = "57"	cced7ad781092ad81548ef53175e8ee25d3262ed432ae22f3b0accf6ce48c57d.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4063495947-34355257-727531523-1000\Software\Microsoft\Internet Explorer\DOMStorage\baidu.com\Total = "49"	cced7ad781092ad81548ef53175e8ee25d3262ed432ae22f3b0accf6ce48c57d.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4063495947-34355257-727531523-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.baidu.com\ = "111"	cced7ad781092ad81548ef53175e8ee25d3262ed432ae22f3b0accf6ce48c57d.exe
Key created	\REGISTRY\USER\S-1-5-21-4063495947-34355257-727531523-1000\Software\Microsoft\Internet Explorer\DOMStorage\baidu.com	cced7ad781092ad81548ef53175e8ee25d3262ed432ae22f3b0accf6ce48c57d.exe
Key created	\REGISTRY\USER\S-1-5-21-4063495947-34355257-727531523-1000\Software\Microsoft\Internet Explorer\DOMStorage	cced7ad781092ad81548ef53175e8ee25d3262ed432ae22f3b0accf6ce48c57d.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4063495947-34355257-727531523-1000\Software\Microsoft\Internet Explorer\DOMStorage\baidu.com\Total = "5805"	cced7ad781092ad81548ef53175e8ee25d3262ed432ae22f3b0accf6ce48c57d.exe

Suspicious behavior: EnumeratesProcesses 1 IoCs

pid	Process
1184	cced7ad781092ad81548ef53175e8ee25d3262ed432ae22f3b0accf6ce48c57d.exe

Suspicious use of SetWindowsHookEx 3 IoCs

pid	Process
1184	cced7ad781092ad81548ef53175e8ee25d3262ed432ae22f3b0accf6ce48c57d.exe
1184	cced7ad781092ad81548ef53175e8ee25d3262ed432ae22f3b0accf6ce48c57d.exe
1184	cced7ad781092ad81548ef53175e8ee25d3262ed432ae22f3b0accf6ce48c57d.exe

C:\Users\Admin\AppData\Local\Temp\cced7ad781092ad81548ef53175e8ee25d3262ed432ae22f3b0accf6ce48c57d.exe
"C:\Users\Admin\AppData\Local\Temp\cced7ad781092ad81548ef53175e8ee25d3262ed432ae22f3b0accf6ce48c57d.exe"
1⤵
- Modifies Internet Explorer settings
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
PID:1184

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1184-54-0x0000000075A11000-0x0000000075A13000-memory.dmp

Filesize
8KB

Download
memory/1184-55-0x0000000035690000-0x00000000356A0000-memory.dmp

Filesize
64KB

Download