Overview

overview

8

Static

static

9447b75af4...4a.exe

windows7-x64

8

9447b75af4...4a.exe

windows10-2004-x64

8

Analysis

  • max time kernel
    151s
  • max time network
    151s
  • platform
    windows7_x64
  • resource
    win7-20220812-en
  • resource tags

    arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
  • submitted
    03/11/2022, 09:47

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    9447b75af497e5a7f99f1ded1c1d87c53b5b59fce224a325932ad55eef9e0e4a.exe

  • Size

    3.5MB

  • MD5

    24de00559463ef4103032e24c58ce35d

  • SHA1

    d61a4387466a0c999981086c2c994f2a80193ce3

  • SHA256

    9447b75af497e5a7f99f1ded1c1d87c53b5b59fce224a325932ad55eef9e0e4a

  • SHA512

    c314848a48323f0b8a8728f6aaf5dbbe1e18299fcaf6d6c24057df357b891f40a0f9d2608670ae80ee806a5abca500e22260179ca9e2d87b9378feeb934169f8

  • SSDEEP

    98304:QEbtxe9iv3M25is9fzEa0VP9b+jIGz+SBJYS+rm1myI:7t8Iv3n19fQa0995q+SB+ba1mb

Score
8/10

Malware Config

Signatures

  • Executes dropped EXE 3 IoCs
  • Loads dropped DLL 10 IoCs
  • Drops file in Program Files directory 10 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

  • Checks processor information in registry 2 TTPs 2 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Modifies Internet Explorer settings 1 TTPs 1 IoCs
    adwarespyware
  • Modifies registry class 2 IoCs
  • Modifies system certificate store 2 TTPs 2 IoCs
    evasionspywaretrojan
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of SetWindowsHookEx 64 IoCs
  • Suspicious use of WriteProcessMemory 29 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\9447b75af497e5a7f99f1ded1c1d87c53b5b59fce224a325932ad55eef9e0e4a.exe
    "C:\Users\Admin\AppData\Local\Temp\9447b75af497e5a7f99f1ded1c1d87c53b5b59fce224a325932ad55eef9e0e4a.exe"
    1⤵
    • Loads dropped DLL
    • Drops file in Program Files directory
    • Suspicious use of WriteProcessMemory
    PID:1956
    • C:\Program Files (x86)\Test.exe
      "C:\Program Files (x86)\Test.exe"
      2⤵
      • Executes dropped EXE
      • Loads dropped DLL
      • Drops file in Program Files directory
      • Modifies registry class
      PID:948
    • C:\Program Files (x86)\flashcenter_pp_ax_install_cn.exe
      "C:\Program Files (x86)\flashcenter_pp_ax_install_cn.exe"
      2⤵
      • Executes dropped EXE
      • Modifies Internet Explorer settings
      • Modifies system certificate store
      • Suspicious use of SetWindowsHookEx
      PID:1784
  • C:\ProgramData\DRM\Test\Test.exe
    C:\ProgramData\DRM\Test\Test.exe
    1⤵
    • Executes dropped EXE
    • Loads dropped DLL
    • Suspicious use of WriteProcessMemory
    PID:1592
    • C:\Program Files (x86)\Windows Media Player\wmplayer.exe
      "C:\Program Files (x86)\Windows Media Player\wmplayer.exe"
      2⤵
      • Checks processor information in registry
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of WriteProcessMemory
      PID:2028
      • C:\Windows\SysWOW64\dllhost.exe
        C:\Windows\system32\dllhost.exe
        3⤵
        • Suspicious behavior: EnumeratesProcesses
        PID:1476
      • C:\Windows\SysWOW64\dllhost.exe
        C:\Windows\system32\dllhost.exe
        3⤵
        • Suspicious behavior: EnumeratesProcesses
        • Suspicious use of SetWindowsHookEx
        PID:1932

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Program Files (x86)\Test.exe
    Filesize

    192KB

    MD5

    8a8db1e20dc508af5a81fc00b1929468

    SHA1

    32e1ebec9672ad7cc5dc36d8a1c87bbf47a4fa9f

    SHA256

    386eb7aa33c76ce671d6685f79512597f1fab28ea46c8ec7d89e58340081e2bd

    SHA512

    9c5747fd7563b29ecf43b71b5480b260b083892d37054ff77cc6c613c3db380ce2bdf990fb466edc8705f784b051dc1be208b454696e67eb0c90c20470f4ea87

    Download Submit

  • C:\Program Files (x86)\Test.exe
    Filesize

    192KB

    MD5

    8a8db1e20dc508af5a81fc00b1929468

    SHA1

    32e1ebec9672ad7cc5dc36d8a1c87bbf47a4fa9f

    SHA256

    386eb7aa33c76ce671d6685f79512597f1fab28ea46c8ec7d89e58340081e2bd

    SHA512

    9c5747fd7563b29ecf43b71b5480b260b083892d37054ff77cc6c613c3db380ce2bdf990fb466edc8705f784b051dc1be208b454696e67eb0c90c20470f4ea87

    Download Submit

  • C:\Program Files (x86)\flashcenter_pp_ax_install_cn.exe
    Filesize

    6.1MB

    MD5

    b82aebd7ca5c3a27e432d2939d28b913

    SHA1

    d37283e380e3e03ef192bf5fc60f4fbf681d596f

    SHA256

    7adee24593d63985270b87c858ee7a93b0411272252970fb58585729d0c21d9e

    SHA512

    01d15d8168215bb6c4a194dd44c90391c77775d4affaa9957d161700d29e59f6c3414025953c3a8381c9f7c9becae2c16fe79c5ca3999a4dbd7c9f0a74e6bd29

    Download Submit

  • C:\Program Files (x86)\flashcenter_pp_ax_install_cn.exe
    Filesize

    6.1MB

    MD5

    b82aebd7ca5c3a27e432d2939d28b913

    SHA1

    d37283e380e3e03ef192bf5fc60f4fbf681d596f

    SHA256

    7adee24593d63985270b87c858ee7a93b0411272252970fb58585729d0c21d9e

    SHA512

    01d15d8168215bb6c4a194dd44c90391c77775d4affaa9957d161700d29e59f6c3414025953c3a8381c9f7c9becae2c16fe79c5ca3999a4dbd7c9f0a74e6bd29

    Download Submit

  • C:\Program Files (x86)\log.dll
    Filesize

    109KB

    MD5

    7bbfe1ddc9f55e621350196b44139ee6

    SHA1

    918ddd842787d64b244d353bfc0e14cc037d2d97

    SHA256

    1874b20e3e802406c594341699c5863a2c07c4c79cf762888ee28142af83547f

    SHA512

    f9d6e03ba65c0df5b12123ff511a0fb73a289dbe3fead025641219ae979ea58709da39b030f745300d210c35bf7db7b9e24cdb66674cdd76b1a44a1f13fc0d8a

    Download Submit

  • C:\Program Files (x86)\log.dll.dat
    Filesize

    844KB

    MD5

    888ed598291dcec6f994caf2697d1a51

    SHA1

    0b425d56661c8ae459f1e605cf6bf4a41b831c07

    SHA256

    cb3a425565b854f7b892e6ebfb3734c92418c83cd590fc1ee9506bcf4d8e02ea

    SHA512

    5ca1b20b163ab098d86dd0e631f5179daf44230d4ee28337c0d4bd6fde0d1a0eceb7b42d73e06f4bf7db5f7402d95045e792d055b099e86a6eead5be87c1f8e9

    Download Submit

  • C:\ProgramData\DRM\Test\Test.exe
    Filesize

    192KB

    MD5

    8a8db1e20dc508af5a81fc00b1929468

    SHA1

    32e1ebec9672ad7cc5dc36d8a1c87bbf47a4fa9f

    SHA256

    386eb7aa33c76ce671d6685f79512597f1fab28ea46c8ec7d89e58340081e2bd

    SHA512

    9c5747fd7563b29ecf43b71b5480b260b083892d37054ff77cc6c613c3db380ce2bdf990fb466edc8705f784b051dc1be208b454696e67eb0c90c20470f4ea87

    Download Submit

  • C:\ProgramData\DRM\Test\log.dll
    Filesize

    109KB

    MD5

    7bbfe1ddc9f55e621350196b44139ee6

    SHA1

    918ddd842787d64b244d353bfc0e14cc037d2d97

    SHA256

    1874b20e3e802406c594341699c5863a2c07c4c79cf762888ee28142af83547f

    SHA512

    f9d6e03ba65c0df5b12123ff511a0fb73a289dbe3fead025641219ae979ea58709da39b030f745300d210c35bf7db7b9e24cdb66674cdd76b1a44a1f13fc0d8a

    Download Submit

  • \Program Files (x86)\Test.exe
    Filesize

    192KB

    MD5

    8a8db1e20dc508af5a81fc00b1929468

    SHA1

    32e1ebec9672ad7cc5dc36d8a1c87bbf47a4fa9f

    SHA256

    386eb7aa33c76ce671d6685f79512597f1fab28ea46c8ec7d89e58340081e2bd

    SHA512

    9c5747fd7563b29ecf43b71b5480b260b083892d37054ff77cc6c613c3db380ce2bdf990fb466edc8705f784b051dc1be208b454696e67eb0c90c20470f4ea87

    Download Submit

  • \Program Files (x86)\Test.exe
    Filesize

    192KB

    MD5

    8a8db1e20dc508af5a81fc00b1929468

    SHA1

    32e1ebec9672ad7cc5dc36d8a1c87bbf47a4fa9f

    SHA256

    386eb7aa33c76ce671d6685f79512597f1fab28ea46c8ec7d89e58340081e2bd

    SHA512

    9c5747fd7563b29ecf43b71b5480b260b083892d37054ff77cc6c613c3db380ce2bdf990fb466edc8705f784b051dc1be208b454696e67eb0c90c20470f4ea87

    Download Submit

  • \Program Files (x86)\Test.exe
    Filesize

    192KB

    MD5

    8a8db1e20dc508af5a81fc00b1929468

    SHA1

    32e1ebec9672ad7cc5dc36d8a1c87bbf47a4fa9f

    SHA256

    386eb7aa33c76ce671d6685f79512597f1fab28ea46c8ec7d89e58340081e2bd

    SHA512

    9c5747fd7563b29ecf43b71b5480b260b083892d37054ff77cc6c613c3db380ce2bdf990fb466edc8705f784b051dc1be208b454696e67eb0c90c20470f4ea87

    Download Submit

  • \Program Files (x86)\Test.exe
    Filesize

    192KB

    MD5

    8a8db1e20dc508af5a81fc00b1929468

    SHA1

    32e1ebec9672ad7cc5dc36d8a1c87bbf47a4fa9f

    SHA256

    386eb7aa33c76ce671d6685f79512597f1fab28ea46c8ec7d89e58340081e2bd

    SHA512

    9c5747fd7563b29ecf43b71b5480b260b083892d37054ff77cc6c613c3db380ce2bdf990fb466edc8705f784b051dc1be208b454696e67eb0c90c20470f4ea87

    Download Submit

  • \Program Files (x86)\flashcenter_pp_ax_install_cn.exe
    Filesize

    6.1MB

    MD5

    b82aebd7ca5c3a27e432d2939d28b913

    SHA1

    d37283e380e3e03ef192bf5fc60f4fbf681d596f

    SHA256

    7adee24593d63985270b87c858ee7a93b0411272252970fb58585729d0c21d9e

    SHA512

    01d15d8168215bb6c4a194dd44c90391c77775d4affaa9957d161700d29e59f6c3414025953c3a8381c9f7c9becae2c16fe79c5ca3999a4dbd7c9f0a74e6bd29

    Download Submit

  • \Program Files (x86)\flashcenter_pp_ax_install_cn.exe
    Filesize

    6.1MB

    MD5

    b82aebd7ca5c3a27e432d2939d28b913

    SHA1

    d37283e380e3e03ef192bf5fc60f4fbf681d596f

    SHA256

    7adee24593d63985270b87c858ee7a93b0411272252970fb58585729d0c21d9e

    SHA512

    01d15d8168215bb6c4a194dd44c90391c77775d4affaa9957d161700d29e59f6c3414025953c3a8381c9f7c9becae2c16fe79c5ca3999a4dbd7c9f0a74e6bd29

    Download Submit

  • \Program Files (x86)\flashcenter_pp_ax_install_cn.exe
    Filesize

    6.1MB

    MD5

    b82aebd7ca5c3a27e432d2939d28b913

    SHA1

    d37283e380e3e03ef192bf5fc60f4fbf681d596f

    SHA256

    7adee24593d63985270b87c858ee7a93b0411272252970fb58585729d0c21d9e

    SHA512

    01d15d8168215bb6c4a194dd44c90391c77775d4affaa9957d161700d29e59f6c3414025953c3a8381c9f7c9becae2c16fe79c5ca3999a4dbd7c9f0a74e6bd29

    Download Submit

  • \Program Files (x86)\flashcenter_pp_ax_install_cn.exe
    Filesize

    6.1MB

    MD5

    b82aebd7ca5c3a27e432d2939d28b913

    SHA1

    d37283e380e3e03ef192bf5fc60f4fbf681d596f

    SHA256

    7adee24593d63985270b87c858ee7a93b0411272252970fb58585729d0c21d9e

    SHA512

    01d15d8168215bb6c4a194dd44c90391c77775d4affaa9957d161700d29e59f6c3414025953c3a8381c9f7c9becae2c16fe79c5ca3999a4dbd7c9f0a74e6bd29

    Download Submit

  • \Program Files (x86)\log.dll
    Filesize

    109KB

    MD5

    7bbfe1ddc9f55e621350196b44139ee6

    SHA1

    918ddd842787d64b244d353bfc0e14cc037d2d97

    SHA256

    1874b20e3e802406c594341699c5863a2c07c4c79cf762888ee28142af83547f

    SHA512

    f9d6e03ba65c0df5b12123ff511a0fb73a289dbe3fead025641219ae979ea58709da39b030f745300d210c35bf7db7b9e24cdb66674cdd76b1a44a1f13fc0d8a

    Download Submit

  • \ProgramData\DRM\Test\log.dll
    Filesize

    109KB

    MD5

    7bbfe1ddc9f55e621350196b44139ee6

    SHA1

    918ddd842787d64b244d353bfc0e14cc037d2d97

    SHA256

    1874b20e3e802406c594341699c5863a2c07c4c79cf762888ee28142af83547f

    SHA512

    f9d6e03ba65c0df5b12123ff511a0fb73a289dbe3fead025641219ae979ea58709da39b030f745300d210c35bf7db7b9e24cdb66674cdd76b1a44a1f13fc0d8a

    Download Submit

  • memory/948-72-0x0000000002300000-0x00000000023D5000-memory.dmp

    Filesize

    852KB

    Download

  • memory/948-94-0x0000000002300000-0x00000000023CE000-memory.dmp

    Filesize

    824KB

    Download

  • memory/948-76-0x0000000002300000-0x00000000023CE000-memory.dmp

    Filesize

    824KB

    Download

  • memory/948-93-0x0000000002300000-0x00000000023D5000-memory.dmp

    Filesize

    852KB

    Download

  • memory/1476-100-0x00000000000C0000-0x000000000018E000-memory.dmp

    Filesize

    824KB

    Download

  • memory/1476-110-0x00000000000C0000-0x000000000018E000-memory.dmp

    Filesize

    824KB

    Download

  • memory/1476-99-0x00000000000C0000-0x0000000000195000-memory.dmp

    Filesize

    852KB

    Download

  • memory/1476-98-0x00000000000C0000-0x0000000000195000-memory.dmp

    Filesize

    852KB

    Download

  • memory/1476-109-0x00000000000C0000-0x0000000000195000-memory.dmp

    Filesize

    852KB

    Download

  • memory/1592-82-0x0000000000460000-0x0000000000535000-memory.dmp

    Filesize

    852KB

    Download

  • memory/1592-83-0x0000000000460000-0x0000000000535000-memory.dmp

    Filesize

    852KB

    Download

  • memory/1592-89-0x0000000000460000-0x000000000052E000-memory.dmp

    Filesize

    824KB

    Download

  • memory/1592-88-0x0000000000460000-0x0000000000535000-memory.dmp

    Filesize

    852KB

    Download

  • memory/1592-84-0x0000000000460000-0x000000000052E000-memory.dmp

    Filesize

    824KB

    Download

  • memory/1932-111-0x0000000000130000-0x0000000000205000-memory.dmp

    Filesize

    852KB

    Download

  • memory/1932-112-0x0000000000130000-0x00000000001FE000-memory.dmp

    Filesize

    824KB

    Download

  • memory/1932-104-0x0000000000130000-0x0000000000205000-memory.dmp

    Filesize

    852KB

    Download

  • memory/1932-105-0x0000000000130000-0x0000000000205000-memory.dmp

    Filesize

    852KB

    Download

  • memory/1932-106-0x0000000000130000-0x00000000001FE000-memory.dmp

    Filesize

    824KB

    Download

  • memory/1956-54-0x0000000075141000-0x0000000075143000-memory.dmp

    Filesize

    8KB

    Download

  • memory/2028-90-0x0000000000080000-0x0000000000155000-memory.dmp

    Filesize

    852KB

    Download

  • memory/2028-108-0x0000000000080000-0x000000000014E000-memory.dmp

    Filesize

    824KB

    Download

  • memory/2028-107-0x0000000000080000-0x0000000000155000-memory.dmp

    Filesize

    852KB

    Download

  • memory/2028-92-0x0000000000080000-0x000000000014E000-memory.dmp

    Filesize

    824KB

    Download

  • memory/2028-85-0x0000000000080000-0x0000000000155000-memory.dmp

    Filesize

    852KB

    Download