Overview

overview

8

Static

static

8

bb814bca0e...41.exe

windows7-x64

7

bb814bca0e...41.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    152s
  • max time network
    149s
  • platform
    windows7_x64
  • resource
    win7-20220812-en
  • resource tags

    arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
  • submitted
    30/10/2022, 12:11

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    bb814bca0edbe26fc7422236f625935911be8fc65a415cbb4b3255b2fbaaa641.exe

  • Size

    385KB

  • MD5

    5cd6bb4299e2a438132615b8cab4eb90

  • SHA1

    800e65db5819dbdd5da3ae75110173b03715c52b

  • SHA256

    bb814bca0edbe26fc7422236f625935911be8fc65a415cbb4b3255b2fbaaa641

  • SHA512

    1ca9a85b0b256c047c11658848d9d22703bc5b2701f8cc0e2f22186ed7078b3fb1dd9a126afc27094cd4de1bfb594a523fe7958831c293fb6baea217dcf4e360

  • SSDEEP

    6144:NFtapk++Tnge/Xv/X4MUiC974HvHvGK1q9hCsxwesy18NoMejQvJvLlSrXbL:N3a+T3/X4Mk+vtnPy18WoTYrX

Score
7/10

Malware Config

Signatures

  • Loads dropped DLL 8 IoCs
  • Legitimate hosting services abused for malware hosting/C2 1 TTPs
  • Drops file in System32 directory 5 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

  • Modifies Internet Explorer settings 1 TTPs 34 IoCs
    adwarespyware
  • Modifies registry class 64 IoCs
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 5 IoCs
  • Suspicious use of WriteProcessMemory 8 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\bb814bca0edbe26fc7422236f625935911be8fc65a415cbb4b3255b2fbaaa641.exe
    "C:\Users\Admin\AppData\Local\Temp\bb814bca0edbe26fc7422236f625935911be8fc65a415cbb4b3255b2fbaaa641.exe"
    1⤵
    • Loads dropped DLL
    • Drops file in System32 directory
    • Modifies registry class
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:1976
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" http://www.pekalongan-kommunity.com/
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:1616
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1616 CREDAT:275457 /prefetch:2
        3⤵
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:1432

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    340B

    MD5

    0ae2f69e2af70cb8c88fbe337094b404

    SHA1

    09ff2f33b5cf79fc33c43d094c0e394981ce3246

    SHA256

    d8951999cb5c36471ee3e07f3aaed3abfb275c567aae1d0f8196ec1a006f557f

    SHA512

    82f07d530827a28c391b53b23b5b9269810f2f6bb687f7f61a57d69c26bb4f278b81e24d4d2ea08f392b019ab51896c3028bcd484790e5b9653130e3f8a1de34

    Download Submit

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\R1783OF8.txt
    Filesize

    601B

    MD5

    ff096e194ee9b81d5e0b0352d31e1ad4

    SHA1

    968dae213b8b555c4a62cae81bd4b008bc608484

    SHA256

    efd74c4fffdb079336c3e2fc79e4c08c3d0d693a458fb8dcc0566bae26da2f0a

    SHA512

    dd85f3bd8292d2a6a9a81322e258d25eb696997a51bd04367a97ff49e10cbfa87452009e87b0dd49c59f4e78f4ae2416bcc2c19208145f313377f3e684b0d6b7

    Download Submit

  • \Windows\SysWOW64\COMDLG32.OCX
    Filesize

    149KB

    MD5

    ab412429f1e5fb9708a8cdea07479099

    SHA1

    eb49323be4384a0e7e36053f186b305636e82887

    SHA256

    e32d8bbe8e6985726742b496520fa47827f3b428648fa1bc34ecffdd9bdac240

    SHA512

    f3348dbc3b05d14482250d7c399c00533598973f8e9168b4082ee5cbb81089dfaefcfda5a6a3c9f05b4445d655051b7a5170c57ee32d7a783dc35a75fee41aa9

    Download Submit

  • \Windows\SysWOW64\COMDLG32.OCX
    Filesize

    149KB

    MD5

    ab412429f1e5fb9708a8cdea07479099

    SHA1

    eb49323be4384a0e7e36053f186b305636e82887

    SHA256

    e32d8bbe8e6985726742b496520fa47827f3b428648fa1bc34ecffdd9bdac240

    SHA512

    f3348dbc3b05d14482250d7c399c00533598973f8e9168b4082ee5cbb81089dfaefcfda5a6a3c9f05b4445d655051b7a5170c57ee32d7a783dc35a75fee41aa9

    Download Submit

  • \Windows\SysWOW64\COMDLG32.OCX
    Filesize

    149KB

    MD5

    ab412429f1e5fb9708a8cdea07479099

    SHA1

    eb49323be4384a0e7e36053f186b305636e82887

    SHA256

    e32d8bbe8e6985726742b496520fa47827f3b428648fa1bc34ecffdd9bdac240

    SHA512

    f3348dbc3b05d14482250d7c399c00533598973f8e9168b4082ee5cbb81089dfaefcfda5a6a3c9f05b4445d655051b7a5170c57ee32d7a783dc35a75fee41aa9

    Download Submit

  • \Windows\SysWOW64\COMDLG32.OCX
    Filesize

    149KB

    MD5

    ab412429f1e5fb9708a8cdea07479099

    SHA1

    eb49323be4384a0e7e36053f186b305636e82887

    SHA256

    e32d8bbe8e6985726742b496520fa47827f3b428648fa1bc34ecffdd9bdac240

    SHA512

    f3348dbc3b05d14482250d7c399c00533598973f8e9168b4082ee5cbb81089dfaefcfda5a6a3c9f05b4445d655051b7a5170c57ee32d7a783dc35a75fee41aa9

    Download Submit

  • \Windows\SysWOW64\MSINET.OCX
    Filesize

    129KB

    MD5

    90a39346e9b67f132ef133725c487ff6

    SHA1

    9cd22933f628465c863bed7895d99395acaa5d2a

    SHA256

    e55627932120be87c7950383a75a5712b0ff2c00b8d18169195ad35bc2502fc2

    SHA512

    0337817b9194a10b946d7381a84a2aeefd21445986afef1b9ae5a52921e598cdb0d1a576bdf8391f1ebf8be74950883a6f50ad1f61ff08678782c6b05a18adbf

    Download Submit

  • \Windows\SysWOW64\MSINET.OCX
    Filesize

    129KB

    MD5

    90a39346e9b67f132ef133725c487ff6

    SHA1

    9cd22933f628465c863bed7895d99395acaa5d2a

    SHA256

    e55627932120be87c7950383a75a5712b0ff2c00b8d18169195ad35bc2502fc2

    SHA512

    0337817b9194a10b946d7381a84a2aeefd21445986afef1b9ae5a52921e598cdb0d1a576bdf8391f1ebf8be74950883a6f50ad1f61ff08678782c6b05a18adbf

    Download Submit

  • \Windows\SysWOW64\MSINET.OCX
    Filesize

    129KB

    MD5

    90a39346e9b67f132ef133725c487ff6

    SHA1

    9cd22933f628465c863bed7895d99395acaa5d2a

    SHA256

    e55627932120be87c7950383a75a5712b0ff2c00b8d18169195ad35bc2502fc2

    SHA512

    0337817b9194a10b946d7381a84a2aeefd21445986afef1b9ae5a52921e598cdb0d1a576bdf8391f1ebf8be74950883a6f50ad1f61ff08678782c6b05a18adbf

    Download Submit

  • \Windows\SysWOW64\MSINET.OCX
    Filesize

    129KB

    MD5

    90a39346e9b67f132ef133725c487ff6

    SHA1

    9cd22933f628465c863bed7895d99395acaa5d2a

    SHA256

    e55627932120be87c7950383a75a5712b0ff2c00b8d18169195ad35bc2502fc2

    SHA512

    0337817b9194a10b946d7381a84a2aeefd21445986afef1b9ae5a52921e598cdb0d1a576bdf8391f1ebf8be74950883a6f50ad1f61ff08678782c6b05a18adbf

    Download Submit

  • memory/1976-59-0x0000000000550000-0x0000000000560000-memory.dmp

    Filesize

    64KB

    Download

  • memory/1976-67-0x0000000002671000-0x00000000026E6000-memory.dmp

    Filesize

    468KB

    Download

  • memory/1976-55-0x0000000000400000-0x000000000051B000-memory.dmp

    Filesize

    1.1MB

    Download

  • memory/1976-71-0x00000000005B0000-0x00000000005C7000-memory.dmp

    Filesize

    92KB

    Download

  • memory/1976-58-0x00000000762B1000-0x00000000762B3000-memory.dmp

    Filesize

    8KB

    Download

  • memory/1976-54-0x0000000000400000-0x000000000051B000-memory.dmp

    Filesize

    1.1MB

    Download

  • memory/1976-75-0x0000000000400000-0x000000000051B000-memory.dmp

    Filesize

    1.1MB

    Download