Analysis
-
max time kernel
245s -
max time network
251s -
platform
windows7_x64 -
resource
win7-20220812-en -
resource tags
-
submitted
21-11-2022 17:51
General
-
Target
BABB5BC09EFE7D42910D7504AC7F688F.exe
-
Size
8.6MB
-
MD5
babb5bc09efe7d42910d7504ac7f688f
-
SHA1
a31961b8d0788212653815b897461b27b28760ae
-
SHA256
4125defe095eee3c1811a62a83c559602d0041d300a8e73ac0bb43b6e9de1db3
-
SHA512
d3bd647cfed02f6efbd3fa9a85fd27b2e86d8c678a256f23a007af08597657793790e37c4fbd00e22a0d4e864361ff589532ea5f38f1590cc6b5b723a7d461ab
-
SSDEEP
196608:28RdIDarx4UQ3tYMkZfn90quXSlnz8eryfu5m0iJ0VOLAwu:5etY/Zf90quXSljrH5mPJJAb
Malware Config
Signatures
-
Detected phishing page
-
Identifies VirtualBox via ACPI registry values (likely anti-VM) 2 TTPs 1 IoCs
-
Checks BIOS information in registry 2 TTPs 2 IoCs
BIOS information is often read in order to detect sandboxing environments.
-
Checks whether UAC is enabled 1 TTPs 1 IoCs
-
Suspicious use of NtSetInformationThreadHideFromDebugger 1 IoCs
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.
-
Modifies Internet Explorer settings 1 TTPs 39 IoCs
-
Suspicious behavior: EnumeratesProcesses 4 IoCs
-
Suspicious use of FindShellTrayWindow 1 IoCs
-
Suspicious use of SetWindowsHookEx 15 IoCs
-
Suspicious use of WriteProcessMemory 12 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\BABB5BC09EFE7D42910D7504AC7F688F.exe"C:\Users\Admin\AppData\Local\Temp\BABB5BC09EFE7D42910D7504AC7F688F.exe"1⤵
- Identifies VirtualBox via ACPI registry values (likely anti-VM)
- Checks BIOS information in registry
- Checks whether UAC is enabled
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe" http://www.asys.co.za/2⤵
- Modifies Internet Explorer settings
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1880 CREDAT:275457 /prefetch:23⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
-
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1880 CREDAT:668685 /prefetch:23⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
Network
MITRE ATT&CK Enterprise v6
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
61KB
MD53dcf580a93972319e82cafbc047d34d5
SHA18528d2a1363e5de77dc3b1142850e51ead0f4b6b
SHA25640810e31f1b69075c727e6d557f9614d5880112895ff6f4df1767e87ae5640d1
SHA51298384be7218340f95dae88d1cb865f23a0b4e12855beb6e74a3752274c9b4c601e493864db777bca677a370d0a9dbffd68d94898a82014537f3a801cce839c42
-
Filesize
342B
MD5c9bc2e1eff075f91680edacc4d2db477
SHA167311e4a92fa397abf554ffeb9b631c317ea5d36
SHA2564a3db50adfa8599b9eaae60475cdeb98e7bc7f630d2b3e355b07faece974bc4e
SHA512b96021c378bf4fe1773df2a59264567fbd5cfb60a35e7dba1b5afa2dbbf35b04d296ebd102f8928bacc61e8e4b6bc425829e7dcc20bc303960aabdb56d33bce7
-
Filesize
4KB
MD585f79396b248a4a96236dc969f831f0f
SHA1b6a16298f5141bac77a0a474abf17c148fa98c9b
SHA256e662fa43a86dedead19746e55bad99608eb0048f456841552a507bb0cd6a2904
SHA512301bf9f3e1a337426f05cbdfd2e13fad50c82c04a2a11578d6a63970bda35b4b29071885e97689ca661457d1f88309cba3bc5f8941b941693e5f58d991abb4da
-
Filesize
608B
MD5678c56277801d7073562a38d78af0a4a
SHA166942fa59e3dbe4918f52eca50c40cd570b64dbe
SHA256396b0f82d2e99a0c4d11c7e247e2f0058a6eea20fa0c42a6d8c14dbb6f19bf3f
SHA512b68920d385055a0159354b95f324f6d0eb092fef6618ca8a9b0f836d8fc454075c014c2a4cf5be3823f380965668ecb0ca3fb0bca81ebfe08625d3932e69fbb9
-
Filesize
31.1MB
-
Filesize
31.1MB
-
Filesize
8KB
-
Filesize
31.1MB
-
Filesize
31.1MB
-
Filesize
31.1MB
-
Filesize
31.1MB
-
Filesize
31.1MB
-
Filesize
31.1MB
-
Filesize
1.5MB
-
Filesize
31.1MB