Overview

overview

7

Static

static

1

ae81d99d28...44.exe

windows7-x64

7

ae81d99d28...44.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    117s
  • max time network
    152s
  • platform
    windows7_x64
  • resource
    win7-20220812-en
  • resource tags

    arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
  • submitted
    06/11/2022, 12:19

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    ae81d99d2833de1f4d64b579ceef51c2a17155f648c129c2fa2ea8ba74afdc44.exe

  • Size

    681KB

  • MD5

    0dd8a4305a7d22b2cb9472bba95bb3c5

  • SHA1

    551c467515af3d25bb4686557d05bf16169f26aa

  • SHA256

    ae81d99d2833de1f4d64b579ceef51c2a17155f648c129c2fa2ea8ba74afdc44

  • SHA512

    0cc4109a86e2f508eee91a4eea5dcb0531bb99d426646b2c4b4efceb77012900d03f8cf2e71e4c8b1eacc8ea0f4fbf18ef1d1f31897357703fa7039a63198c1c

  • SSDEEP

    12288:v0aOMEz2DmXYj1F9n5TBT3SXW3YoJ06N2xOqkaAqeUe532rGzduuSK:cEEbXYzogatKuGzduuSK

Score
7/10

Malware Config

Signatures

  • Loads dropped DLL 3 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

  • Modifies Internet Explorer settings 1 TTPs 34 IoCs
    adwarespyware
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 8 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\ae81d99d2833de1f4d64b579ceef51c2a17155f648c129c2fa2ea8ba74afdc44.exe
    "C:\Users\Admin\AppData\Local\Temp\ae81d99d2833de1f4d64b579ceef51c2a17155f648c129c2fa2ea8ba74afdc44.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious use of WriteProcessMemory
    PID:1184
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" http://plugin.chameleontom.com/?aff=1
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:1648
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1648 CREDAT:275457 /prefetch:2
        3⤵
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:1960

Network

        MITRE ATT&CK Enterprise v6

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\7MILERSN.txt
          Filesize

          601B

          MD5

          67e8b18b8db7c163f6b53593fe567ffd

          SHA1

          e2f9d4e1851f862957e0bb980ec4bb406b6fd134

          SHA256

          da6ae7ef27a4f3bc5fa9367f5ee20f74166aafb0268476654171151d151eb7d6

          SHA512

          32222c549be431c31cf3f54346fec5e8b19999b8ad13fdb0447a9da62f42b30139a483a71f2cfe5602006bcfb9549a6a5673b087a895d7ead5f91c90d6e2af7a

          Download Submit

        • \Users\Admin\AppData\Local\Temp\nst54D7.tmp\System.dll
          Filesize

          11KB

          MD5

          c17103ae9072a06da581dec998343fc1

          SHA1

          b72148c6bdfaada8b8c3f950e610ee7cf1da1f8d

          SHA256

          dc58d8ad81cacb0c1ed72e33bff8f23ea40b5252b5bb55d393a0903e6819ae2f

          SHA512

          d32a71aaef18e993f28096d536e41c4d016850721b31171513ce28bbd805a54fd290b7c3e9d935f72e676a1acfb4f0dcc89d95040a0dd29f2b6975855c18986f

          Download Submit

        • \Users\Admin\AppData\Local\Temp\nst54D7.tmp\blowfish.dll
          Filesize

          60KB

          MD5

          926e4475c00fb5254c32c876921b77d0

          SHA1

          8a55bc8b6e49021a4abbd441783c41d5e019798b

          SHA256

          d54c8582863c079996c4f1113b1c106204773ad9ea2ae831ba2b33b45bafdfa8

          SHA512

          53f389e1a967c123ed591c7650cf6d3140abf1012dcac90faf2327e68558949eb2b19905098bd14ab3a9811d23f98466f88418d992ca6373f94afae56a285bd8

          Download Submit

        • \Users\Admin\AppData\Local\Temp\nst54D7.tmp\nswebgui.dll
          Filesize

          157KB

          MD5

          dcf180c820c7eca0409eca7c32e12cb2

          SHA1

          655984847eb8c4a244742ce99316bae8a0cc7515

          SHA256

          204199949dabc9708cd1e8f0fa40f37d7889f04b0b1b072599a8481bd97bede0

          SHA512

          9efbe1af3488278f9888708503d4cb2b505d57e63626c4261583d870ae7a04d1002ac24599fc7cfeb3bf7a718177d5645e8227ea48f63e98e540340b3ab7f420

          Download Submit

        • memory/1184-54-0x0000000074BB1000-0x0000000074BB3000-memory.dmp

          Filesize

          8KB

          Download

        • memory/1184-58-0x00000000003D0000-0x00000000003FC000-memory.dmp

          Filesize

          176KB

          Download