Overview

overview

7

Static

static

e2706de1fb...17.exe

windows7-x64

4

e2706de1fb...17.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    150s
  • max time network
    156s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20220901-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20220901-enlocale:en-usos:windows10-2004-x64system
  • submitted
    30/10/2022, 15:04

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    e2706de1fb70cd65825cbbec0600408741dd72842866700224cf0c98ac9fac17.exe

  • Size

    640KB

  • MD5

    82a76655f9d478df789133e5023a6c71

  • SHA1

    32060f686b335039cd06cd6aed41db169e05fa4a

  • SHA256

    e2706de1fb70cd65825cbbec0600408741dd72842866700224cf0c98ac9fac17

  • SHA512

    0867f210868114733244c9822f680639f82c1ed04aa56f0a786810400818afd7193c88a570953936f41173c5d473b8851684bd79fbb12df4543268913594dafd

  • SSDEEP

    6144:nFYFN2CESrfI067dvxzEqjC0nzHHGSukYJ2cKLERd3lhv1do8hl3Xe69Ufcky:nFMocfIv7DzEqjrn2twEj3v1PNky

Score
7/10

Malware Config

Signatures

  • Checks computer location settings 2 TTPs 1 IoCs

    Looks up country code configured in the registry, likely geofence.

  • Drops file in Program Files directory 4 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

  • Modifies Internet Explorer settings 1 TTPs 37 IoCs
    adwarespyware
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of FindShellTrayWindow 3 IoCs
  • Suspicious use of SendNotifyMessage 2 IoCs
  • Suspicious use of SetWindowsHookEx 8 IoCs
  • Suspicious use of WriteProcessMemory 11 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\e2706de1fb70cd65825cbbec0600408741dd72842866700224cf0c98ac9fac17.exe
    "C:\Users\Admin\AppData\Local\Temp\e2706de1fb70cd65825cbbec0600408741dd72842866700224cf0c98ac9fac17.exe"
    1⤵
    • Checks computer location settings
    • Drops file in Program Files directory
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:3532
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" http://www.v989.com/?xy
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:4204
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:4204 CREDAT:17410 /prefetch:2
        3⤵
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:4304
    • C:\Windows\SysWOW64\cmd.exe
      C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\tDosJ.bat
      2⤵
      • Suspicious use of WriteProcessMemory
      PID:3928
      • C:\Windows\SysWOW64\expand.exe
        expand.exe "C:\Users\Admin\AppData\Local\Temp\kingsoft.cab" -F:*.* "C:\progra~1\kingsoft"
        3⤵
        • Drops file in Program Files directory
        PID:1528

Network

        MITRE ATT&CK Enterprise v6

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776
          Filesize

          471B

          MD5

          5ddb1febcd291eb59d3d67d24a05bfd0

          SHA1

          fe957affe27cb991f332e7f5c86d3a15359bd3b9

          SHA256

          ec45a385c906b3d925ebbe6532d10adec9a14c1733c756c64db5133bd9d88dcb

          SHA512

          62d00893402fae125ae3428da2495b0eb864b125f975cd887f894f7298a4a86f361cf50aaa7c9b69f3dcb734a950c43472778ea4062b3146c3de5623d08dcd21

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776
          Filesize

          434B

          MD5

          362138704e78535b38bbac79494c0c14

          SHA1

          e048f1757d0eef32c384b47a7ad58a69b4250111

          SHA256

          b1bcd0177bf58971b31b26e33cb870f0443ad41f8a5bf845ffef9e6753df512f

          SHA512

          78512edc5627b62bf029221fb4be387a2cf86138020d0c81ddfe31bc74b58b5448bdefd0a6f9ebaeaaff93617423e8857ac3ed0e9c8e63328f71d477ed0d3f1f

          Download Submit

        • C:\Users\Admin\AppData\Local\Temp\tDosJ.bat
          Filesize

          108B

          MD5

          7e088598ce2c636b6e9ca009fed77d5d

          SHA1

          017f9745191aae8555e7ade2db926350e8a2c19e

          SHA256

          c3d87b9342ad79a44d55a953b088c43f17c4e09543d5c9da4f29065c057f0148

          SHA512

          81d3eb04f8fbac072e532e1106a301de04c415797b713b2204fe7d00ace00b272a411e112ff4b8d5c15e1afeda124a6ad3c82edd8dc1b9b5d2176f7c013531df

          Download Submit