Overview

overview

8

Static

static

1

eece7f819c...b0.exe

windows7-x64

8

eece7f819c...b0.exe

windows10-2004-x64

8

Analysis

  • max time kernel
    222s
  • max time network
    306s
  • platform
    windows7_x64
  • resource
    win7-20221111-en
  • resource tags

    arch:x64arch:x86image:win7-20221111-enlocale:en-usos:windows7-x64system
  • submitted
    23-11-2022 17:01

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    eece7f819c5fdac04e65f31a3269f64721e4662eb2646cea10e287330dcd9bb0.exe

  • Size

    349KB

  • MD5

    1cd062e801e62d40d9664ce0cc651ce9

  • SHA1

    2c69e0b95127a78184ad65c000054504fe6ba763

  • SHA256

    eece7f819c5fdac04e65f31a3269f64721e4662eb2646cea10e287330dcd9bb0

  • SHA512

    5d57fdc800c7ddff8f839e6b359d933f68f566f57124502ecf86c6e3fb26b764dc66acce223a0244c65d86e545e2c84942de86ae6b48ec86166ae177bf1bfdc9

  • SSDEEP

    6144:ye34o0nu/EJXAF8u1qBhGNy4909VezjiGF+nh9CUZLcb+FPfL:VEJXs1q2N1906jidGUZLcb+FPfL

Score
8/10

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 4 IoCs
  • Drops file in Program Files directory 1 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

  • Modifies Internet Explorer settings 1 TTPs 29 IoCs
    adwarespyware
  • Modifies registry class 10 IoCs
  • Suspicious use of AdjustPrivilegeToken 2 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 28 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\eece7f819c5fdac04e65f31a3269f64721e4662eb2646cea10e287330dcd9bb0.exe
    "C:\Users\Admin\AppData\Local\Temp\eece7f819c5fdac04e65f31a3269f64721e4662eb2646cea10e287330dcd9bb0.exe"
    1⤵
    • Loads dropped DLL
    • Drops file in Program Files directory
    • Modifies registry class
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:668
    • C:\Windows\SysWOW64\cscript.exe
      "C:\Windows\system32\cscript.exe" "C:\Program Files (x86)\EditPlus\kk21.icw"
      2⤵
      • Suspicious use of WriteProcessMemory
      PID:780
      • C:\Windows\SysWow64\WScript.exe
        "C:\Windows\SysWow64\WScript.exe" "C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Templates\kk21.icw"
        3⤵
          PID:1800
      • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Templates\installstat.exe
        C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Templates\installstat.exe
        2⤵
        • Executes dropped EXE
        • Loads dropped DLL
        PID:1604
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" -Embedding
      1⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:1840
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1840 CREDAT:275457 /prefetch:2
        2⤵
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:1560

    Network

    MITRE ATT&CK Matrix ATT&CK v6

    Initial Access

    Execution

    Persistence

    Privilege Escalation

    Defense Evasion

    Modify Registry

    1
    T1112

    Credential Access

    Discovery

    System Information Discovery

    1
    T1082

    Lateral Movement

    Collection

    Exfiltration

    Command and Control

    Impact

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Program Files (x86)\EditPlus\kk21.icw
      Filesize

      132B

      MD5

      e058cfbecae7b18539fe0e001ac9155d

      SHA1

      58eae38055c4da25db4092d2dd921257c3c15ad2

      SHA256

      80551877522e3e1ed29a0ee2085700676a2a1f037fd183b27cc36e265f3b5d11

      SHA512

      01193f0e457b993557a0d3ecf96fa2d35a16d748001f7476f118d4ccae392b547696806908ca955d62e48cb85dc4b0c018120431abbc96a0d78d97afd9835be4

      Download Submit
    • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\8UMT08FF.txt
      Filesize

      608B

      MD5

      801d7885f81dac140f44f3d71ea6d440

      SHA1

      240c32f38e2614573c23d8e29928ffa6be4a2026

      SHA256

      479406d07f4a9ed60fc35ca75c1fb8108e5643dcbd817a1b4cd9505de92832b1

      SHA512

      2c2af9d5771b857cf81245b937e4f8d0ad466a8156c4d8a39cfa8483107eecdf4e1a27021b4f3c83f00c863ce9d9074963e0e9c0167e60eff5df493ee707e224

      Download Submit
    • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Templates\installstat.exe
      Filesize

      44KB

      MD5

      7c30927884213f4fe91bbe90b591b762

      SHA1

      65693828963f6b6a5cbea4c9e595e06f85490f6f

      SHA256

      9032757cabb19a10e97e158810f885a015f3dcd5ba3da44c795d999ea90f8994

      SHA512

      8aadb5fd3750ab0c036c7b8d2c775e42688265b00fe75b43a6addaefc7ee20d9fa3f074dd7943570c8519943011eda08216e90551b6d6a782b9ed5ce20aa6bab

      Download Submit
    • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Templates\kk21.icw
      Filesize

      843B

      MD5

      1735110d99a186499ab20614eea7c203

      SHA1

      202e8078a2c1d420a112c6e71accfca9cde1a8df

      SHA256

      20f050bfa3ae6a445a171e10b8ef3c0b04809b320f8565ed8e0f5c9de2c18f56

      SHA512

      f6f7b8a7dc212a181d898fc747d7a7328a4a324f40a68fd4da7f8f5382741003197a17af831bc59f6a6b89665b20349aa4b5aea109a7229168d037d9fe3b6973

      Download Submit
    • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Templates\statistics.dll
      Filesize

      80KB

      MD5

      fe94d150b5af09fc4d83879bd078addd

      SHA1

      bcae33512fda9fbeceaecd18f13636681d2ce11c

      SHA256

      c573b9d439b55159540ef708f76f65b740ce0fd349e5b10af9ca78fecfbfc0d2

      SHA512

      28668c5933425a91cebf7b3f2c934f3d4dd950d47ab472e0456fa1340e19af6ae0048bb7eeaea205517139af7539f20917c998f97cc4de359de3e0748ac9e641

      Download Submit
    • \Users\Admin\AppData\Local\Temp\nse58EB.tmp\System.dll
      Filesize

      11KB

      MD5

      c17103ae9072a06da581dec998343fc1

      SHA1

      b72148c6bdfaada8b8c3f950e610ee7cf1da1f8d

      SHA256

      dc58d8ad81cacb0c1ed72e33bff8f23ea40b5252b5bb55d393a0903e6819ae2f

      SHA512

      d32a71aaef18e993f28096d536e41c4d016850721b31171513ce28bbd805a54fd290b7c3e9d935f72e676a1acfb4f0dcc89d95040a0dd29f2b6975855c18986f

      Download Submit
    • \Users\Admin\AppData\Local\Temp\nse58EB.tmp\nsExec.dll
      Filesize

      6KB

      MD5

      acc2b699edfea5bf5aae45aba3a41e96

      SHA1

      d2accf4d494e43ceb2cff69abe4dd17147d29cc2

      SHA256

      168a974eaa3f588d759db3f47c1a9fdc3494ba1fa1a73a84e5e3b2a4d58abd7e

      SHA512

      e29ea10ada98c71a18273b04f44f385b120d4e8473e441ce5748cfa44a23648814f2656f429b85440157988c88de776c6ac008dc38bf09cbb746c230a46c69fe

      Download Submit
    • \Users\Admin\AppData\Roaming\Microsoft\Windows\Templates\installstat.exe
      Filesize

      44KB

      MD5

      7c30927884213f4fe91bbe90b591b762

      SHA1

      65693828963f6b6a5cbea4c9e595e06f85490f6f

      SHA256

      9032757cabb19a10e97e158810f885a015f3dcd5ba3da44c795d999ea90f8994

      SHA512

      8aadb5fd3750ab0c036c7b8d2c775e42688265b00fe75b43a6addaefc7ee20d9fa3f074dd7943570c8519943011eda08216e90551b6d6a782b9ed5ce20aa6bab

      Download Submit
    • \Users\Admin\AppData\Roaming\Microsoft\Windows\Templates\statistics.dll
      Filesize

      80KB

      MD5

      fe94d150b5af09fc4d83879bd078addd

      SHA1

      bcae33512fda9fbeceaecd18f13636681d2ce11c

      SHA256

      c573b9d439b55159540ef708f76f65b740ce0fd349e5b10af9ca78fecfbfc0d2

      SHA512

      28668c5933425a91cebf7b3f2c934f3d4dd950d47ab472e0456fa1340e19af6ae0048bb7eeaea205517139af7539f20917c998f97cc4de359de3e0748ac9e641

      Download Submit
    • memory/668-54-0x0000000076391000-0x0000000076393000-memory.dmp
      Filesize

      8KB

      Download
    • memory/780-57-0x0000000000000000-mapping.dmp
      Download
    • memory/1604-64-0x0000000000000000-mapping.dmp
      Download
    • memory/1800-60-0x0000000000000000-mapping.dmp
      Download