Overview

overview

8

Static

static

b1fc90cbed...3c.exe

windows7-x64

8

b1fc90cbed...3c.exe

windows10-2004-x64

8

Analysis

  • max time kernel
    147s
  • max time network
    158s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20220812-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
  • submitted
    29-10-2022 20:39

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    b1fc90cbed47c7c7e8db6ca4c567b23a3a2d783f4f88778da5492620f2b79f3c.exe

  • Size

    212KB

  • MD5

    5413dcbdbb2bd0d88776a31b83b11037

  • SHA1

    6e1f42b7256b8f5567154a320e2d8407a055ba4f

  • SHA256

    b1fc90cbed47c7c7e8db6ca4c567b23a3a2d783f4f88778da5492620f2b79f3c

  • SHA512

    821eb0886078520af1059529d92d820a58aee8c1f647198418fa09d569da2b6d8faf60c19bc558ac17d4aafa7ce4105ccc8e5f82c8320bd1393889578bca9161

  • SSDEEP

    6144:dcyyU/A5rZRLEhFTnRa26s+Wdz8V7Wdfwn1nbmuSDm3:dHp/urb4A1WdBfU

Score
8/10

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Drops file in Program Files directory 2 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

  • Modifies Internet Explorer settings 1 TTPs 33 IoCs
    adwarespyware
  • Modifies registry class 60 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 8 IoCs
  • Suspicious use of WriteProcessMemory 13 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\b1fc90cbed47c7c7e8db6ca4c567b23a3a2d783f4f88778da5492620f2b79f3c.exe
    "C:\Users\Admin\AppData\Local\Temp\b1fc90cbed47c7c7e8db6ca4c567b23a3a2d783f4f88778da5492620f2b79f3c.exe"
    1⤵
    • Drops file in Program Files directory
    • Modifies registry class
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:848
    • \??\c:\Program Files1136EH.exe
      "c:\Program Files1136EH.exe"
      2⤵
      • Executes dropped EXE
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:4832
      • C:\Program Files\Internet Explorer\IEXPLORE.exe
        "C:\Program Files\Internet Explorer\IEXPLORE.exe" http://dl.kanlink.cn:1287/CPAdown/vplay.php
        3⤵
        • Modifies Internet Explorer settings
        • Suspicious use of FindShellTrayWindow
        • Suspicious use of SetWindowsHookEx
        • Suspicious use of WriteProcessMemory
        PID:4044
        • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
          "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:4044 CREDAT:17410 /prefetch:2
          4⤵
          • Modifies Internet Explorer settings
          • Suspicious use of SetWindowsHookEx
          PID:4288
      • C:\Program Files\Internet Explorer\IEXPLORE.exe
        "C:\Program Files\Internet Explorer\IEXPLORE.exe" http://dl.kanlink.cn:1287/CPAdown/PPTV(pplive)_forjieku_977.html
        3⤵
        • Modifies Internet Explorer settings
        PID:3012
    • C:\Windows\SysWOW64\WScript.Exe
      WScript.Exe jies.bak.vbs
      2⤵
        PID:872

    Network

    MITRE ATT&CK Enterprise v6

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Program Files1136EH.exe
      Filesize

      36KB

      MD5

      5cde50eb9ec1f82f94d6b66080b9d594

      SHA1

      bebe644200a53fc69c73105fe7ca2c43af636dff

      SHA256

      f31ef65e3e2a89a9c87ed0145d5c0ce85a33b033e30f8e74bf0ef3c6d59d893e

      SHA512

      b52484ce740cf74a0f76661562858dec6e29b5119c69b22ed1ff918c287a6c63b8b2a782823c8f21e92a5b0f21b37f750c843d277d7373d4e684392a0e5bf309

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\jies.bak.vbs
      Filesize

      486B

      MD5

      daa9cfa3312a0b4dc5e2db91a9aff4d7

      SHA1

      f5415f2e5e05042fa58db71a4b854c94d310c098

      SHA256

      bec9a0016f0a4ed336e28efaba8fcbe2216b62d59808f4c12cf74f6d4819fa2d

      SHA512

      75f70350a5e5f3ef62a539a094ebc9f3de38673a9080aa0c9c28bbe91ad9ecc6a6550f9ea1080314d86fba336c82b8de494ea01452ef77b54660187c716b5483

      Download Submit

    • \??\c:\Program Files1136EH.exe
      Filesize

      36KB

      MD5

      5cde50eb9ec1f82f94d6b66080b9d594

      SHA1

      bebe644200a53fc69c73105fe7ca2c43af636dff

      SHA256

      f31ef65e3e2a89a9c87ed0145d5c0ce85a33b033e30f8e74bf0ef3c6d59d893e

      SHA512

      b52484ce740cf74a0f76661562858dec6e29b5119c69b22ed1ff918c287a6c63b8b2a782823c8f21e92a5b0f21b37f750c843d277d7373d4e684392a0e5bf309

      Download Submit