Overview

overview

8

Static

static

8

8b045f40d0...dd.exe

windows7-x64

8

8b045f40d0...dd.exe

windows10-2004-x64

8

Analysis

  • max time kernel
    119s
  • max time network
    152s
  • platform
    windows7_x64
  • resource
    win7-20220812-en
  • resource tags

    arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
  • submitted
    07-11-2022 19:18

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    8b045f40d0bce83a14cd05ab408d7ae14e2c044b3141446d5bde31f6ffc9c4dd.exe

  • Size

    14KB

  • MD5

    0de95947b0c7e4515e104eef17ea4322

  • SHA1

    7926ebe1ac582c8ea7421fe4209ad2b8fe37957d

  • SHA256

    8b045f40d0bce83a14cd05ab408d7ae14e2c044b3141446d5bde31f6ffc9c4dd

  • SHA512

    f98be3d89105f296984a3232aecf27dce727d753cdff86585de94f261cde2d75123a5f494e07d6f8318b09c9bec3ae1b138b8870acf7bcb839abd8f34b7fc7d5

  • SSDEEP

    384:byi8T5ePaOaNJawcudoD7UG5A4VoeM4mK:byXTKsnbcuyD7UgVDz

Score
8/10
upx

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • UPX packed file 2 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Loads dropped DLL 2 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

  • Modifies Internet Explorer settings 1 TTPs 34 IoCs
    adwarespyware
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 20 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\8b045f40d0bce83a14cd05ab408d7ae14e2c044b3141446d5bde31f6ffc9c4dd.exe
    "C:\Users\Admin\AppData\Local\Temp\8b045f40d0bce83a14cd05ab408d7ae14e2c044b3141446d5bde31f6ffc9c4dd.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious use of WriteProcessMemory
    PID:1520
    • C:\Users\Admin\AppData\Local\Temp\F7B8.tmp\b2e.exe
      "C:\Users\Admin\AppData\Local\Temp\F7B8.tmp\b2e.exe" C:\Users\Admin\AppData\Local\Temp\F7B8.tmp\b2e.exe C:\Users\Admin\AppData\Local\Temp "C:\Users\Admin\AppData\Local\Temp\8b045f40d0bce83a14cd05ab408d7ae14e2c044b3141446d5bde31f6ffc9c4dd.exe"
      2⤵
      • Executes dropped EXE
      • Suspicious use of WriteProcessMemory
      PID:1108
      • C:\Windows\SysWOW64\cmd.exe
        cmd /c ""C:\Users\Admin\AppData\Local\Temp\F95D.tmp\batfile.bat" "
        3⤵
        • Suspicious use of WriteProcessMemory
        PID:1076
        • C:\Program Files\Internet Explorer\iexplore.exe
          "C:\Program Files\Internet Explorer\iexplore.exe" http://ads.regiedepub.com/cgi-bin/advert/getads?x_dp_id=43
          4⤵
          • Modifies Internet Explorer settings
          • Suspicious use of FindShellTrayWindow
          • Suspicious use of SetWindowsHookEx
          • Suspicious use of WriteProcessMemory
          PID:2040
          • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
            "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2040 CREDAT:275457 /prefetch:2
            5⤵
            • Modifies Internet Explorer settings
            • Suspicious use of SetWindowsHookEx
            PID:932
      • C:\Windows\SysWOW64\cmd.exe
        cmd /c ""C:\Users\Admin\AppData\Local\Temp\selfdel0.bat" "
        3⤵
          PID:1984

    Network

    MITRE ATT&CK Enterprise v6

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\Local\Temp\F7B8.tmp\b2e.exe
      Filesize

      8KB

      MD5

      6a7329f15480d4ca075dd593c7572d14

      SHA1

      cbe94a895b719efdb2309e2d3cdd469c5c5fef55

      SHA256

      50c8fe18a33985b19b5a88d9d6d94193079aea9cfaa89be9b28ec771e04e4670

      SHA512

      ba0a5b9fa41faadebe8124d44e03bb05fb5e6a9eec4052c90fc2d30852200e789b6183afd9deeea64c8aa944b8f28d6ef983dd64f1aaf581d930a98d5240f874

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\F7B8.tmp\b2e.exe
      Filesize

      8KB

      MD5

      6a7329f15480d4ca075dd593c7572d14

      SHA1

      cbe94a895b719efdb2309e2d3cdd469c5c5fef55

      SHA256

      50c8fe18a33985b19b5a88d9d6d94193079aea9cfaa89be9b28ec771e04e4670

      SHA512

      ba0a5b9fa41faadebe8124d44e03bb05fb5e6a9eec4052c90fc2d30852200e789b6183afd9deeea64c8aa944b8f28d6ef983dd64f1aaf581d930a98d5240f874

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\F95D.tmp\batfile.bat
      Filesize

      77B

      MD5

      ba7c5c724c70ee9f04c4933b18083e49

      SHA1

      d6c6dcbe9cbfb829296dc21ff41292cac64fdc9c

      SHA256

      aad13997529ce15c8b987178057a01b5e8236f0daf5b94f29dabaa778105388c

      SHA512

      d34f0f812c72580e1c505da5dfa636e18fea800cbf36e2ed11bfc423cf7a871981991b3a7e65e45b54aeb15f3f37f8eaef2e408a03585f2c46c95fbcbf63e09b

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\selfdel0.bat
      Filesize

      158B

      MD5

      c9667a06e1d40555c4b1b232cbbb561f

      SHA1

      87c376ed2b35d9be20c2457ce748ed089d9620ac

      SHA256

      61057f44e5fb11a427742e32f4264024c08c93805155a2e33a582992680f0429

      SHA512

      a18ed36487db0e7e082b5aed504ee58defef32757d48ab44d85344df2dc70612fbb5f5e2eb0ed38595b674e0d7e9cbddc5f27cac0653e5542a957439e8571f4c

      Download Submit

    • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\JG9OAX39.txt
      Filesize

      608B

      MD5

      aa8790b75e8e394e883d97a2b20b9ac6

      SHA1

      f42d5622181e4c9d03eabd3b704d553932cc0e89

      SHA256

      f0687dd02a22d939232e725c29c4194d76c66571e565eeb881badd2c5f3e751f

      SHA512

      c286a597428d2daf0295512aba8779e6498be61a972ed2afbde98dd71f802a27513e6449e5484644e4e3b8bc1ebf5df1be7c0dc0cb7035a4efe05456e9bc9c43

      Download Submit

    • \Users\Admin\AppData\Local\Temp\F7B8.tmp\b2e.exe
      Filesize

      8KB

      MD5

      6a7329f15480d4ca075dd593c7572d14

      SHA1

      cbe94a895b719efdb2309e2d3cdd469c5c5fef55

      SHA256

      50c8fe18a33985b19b5a88d9d6d94193079aea9cfaa89be9b28ec771e04e4670

      SHA512

      ba0a5b9fa41faadebe8124d44e03bb05fb5e6a9eec4052c90fc2d30852200e789b6183afd9deeea64c8aa944b8f28d6ef983dd64f1aaf581d930a98d5240f874

      Download Submit

    • \Users\Admin\AppData\Local\Temp\F7B8.tmp\b2e.exe
      Filesize

      8KB

      MD5

      6a7329f15480d4ca075dd593c7572d14

      SHA1

      cbe94a895b719efdb2309e2d3cdd469c5c5fef55

      SHA256

      50c8fe18a33985b19b5a88d9d6d94193079aea9cfaa89be9b28ec771e04e4670

      SHA512

      ba0a5b9fa41faadebe8124d44e03bb05fb5e6a9eec4052c90fc2d30852200e789b6183afd9deeea64c8aa944b8f28d6ef983dd64f1aaf581d930a98d5240f874

      Download Submit

    • memory/1108-67-0x0000000000400000-0x0000000000405000-memory.dmp

      Filesize

      20KB

      Download

    • memory/1520-60-0x0000000000400000-0x000000000040B000-memory.dmp

      Filesize

      44KB

      Download

    • memory/1520-55-0x0000000000400000-0x000000000040B000-memory.dmp

      Filesize

      44KB

      Download

    • memory/1520-54-0x0000000074D61000-0x0000000074D63000-memory.dmp

      Filesize

      8KB

      Download