Overview

overview

8

Static

static

f07321d518...38.exe

windows7-x64

8

f07321d518...38.exe

windows10-2004-x64

8

Analysis

  • max time kernel
    151s
  • max time network
    179s
  • platform
    windows7_x64
  • resource
    win7-20221111-en
  • resource tags

    arch:x64arch:x86image:win7-20221111-enlocale:en-usos:windows7-x64system
  • submitted
    23-11-2022 19:13

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    f07321d518899920642ef12d783f600093e461afcc11c37413d3046cb53f1e38.exe

  • Size

    66KB

  • MD5

    582b1b120cb451dd3473116f6f7fc5b0

  • SHA1

    f46b118610d6f0aa91f06512e117048032bb94ca

  • SHA256

    f07321d518899920642ef12d783f600093e461afcc11c37413d3046cb53f1e38

  • SHA512

    4003dae9a7c30c2044fce07d0b5607b396b4a6a21c184fb2a1a8697886fbc988dc0aa79f3cd2939e7855ad32e36ec4fb314c641729b0226b4c5d153472482151

  • SSDEEP

    1536:sr+Fum5LMI+WTJjcXnXMcpm/zOxJXKJwa:sr+Fu2II+HXXMcI/AKJd

Score
8/10

Malware Config

Signatures

  • Drops file in Drivers directory 60 IoCs
  • Executes dropped EXE 4 IoCs
  • Loads dropped DLL 7 IoCs
  • Drops desktop.ini file(s) 35 IoCs
  • Drops autorun.inf file 1 TTPs 25 IoCs

    Malware can abuse Windows Autorun to spread further via attached volumes.

  • Drops file in System32 directory 64 IoCs
  • Drops file in Windows directory 64 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

  • Modifies Internet Explorer settings 1 TTPs 38 IoCs
    adwarespyware
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 11 IoCs
  • Suspicious use of WriteProcessMemory 24 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\f07321d518899920642ef12d783f600093e461afcc11c37413d3046cb53f1e38.exe
    "C:\Users\Admin\AppData\Local\Temp\f07321d518899920642ef12d783f600093e461afcc11c37413d3046cb53f1e38.exe"
    1⤵
    • Drops file in Drivers directory
    • Loads dropped DLL
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:2024
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" C:\Windows\AE 0124 BE.gif
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:872
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:872 CREDAT:275457 /prefetch:2
        3⤵
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:1268
    • C:\Windows\SysWOW64\drivers\winlogon.exe
      "C:\Windows\System32\drivers\winlogon.exe"
      2⤵
      • Drops file in Drivers directory
      • Executes dropped EXE
      • Loads dropped DLL
      • Drops autorun.inf file
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:1788
      • C:\Windows\AE 0124 BE.exe
        "C:\Windows\AE 0124 BE.exe"
        3⤵
        • Drops file in Drivers directory
        • Executes dropped EXE
        • Loads dropped DLL
        • Drops desktop.ini file(s)
        • Drops autorun.inf file
        • Drops file in System32 directory
        • Drops file in Windows directory
        • Suspicious use of SetWindowsHookEx
        • Suspicious use of WriteProcessMemory
        PID:276
        • C:\Windows\SysWOW64\drivers\winlogon.exe
          "C:\Windows\System32\drivers\winlogon.exe"
          4⤵
          • Drops file in Drivers directory
          • Executes dropped EXE
          • Suspicious use of SetWindowsHookEx
          PID:1692
      • C:\Windows\SysWOW64\drivers\winlogon.exe
        "C:\Windows\System32\drivers\winlogon.exe"
        3⤵
        • Drops file in Drivers directory
        • Executes dropped EXE
        • Loads dropped DLL
        • Suspicious use of SetWindowsHookEx
        PID:432

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\8Y0Q68OZ.txt
    Filesize

    608B

    MD5

    fc6a7894330bbf4f4b574f7031e56bd4

    SHA1

    313cf528fba08228b0e9a3d02ff8b256fc265fec

    SHA256

    95c6cd3309535ee46baed9711eed0f0f68ab2cdf95993aaecf094e9d4a9b4ca8

    SHA512

    5370c4a597eb89b539ca440289dba1c6adc838c4853112ae70ff67b76c678b9b35e004a0b6a85fd80f487b17e6bf3b98fcbf36d3915b32cdcc4544159a7ea1e9

    Download Submit

  • C:\Windows\AE 0124 BE.exe
    Filesize

    130KB

    MD5

    4027bf9b2bf3265f1da3f5aa9e4ec2c1

    SHA1

    c104f6f780032aa1592d9b1e309477e127f16067

    SHA256

    82177bfcb6ee47409884d33a0c4794b8536913e4be21c7badb2c375535587a3f

    SHA512

    32bf1999d8ad128e24b55b404a5b69102f386a1bbbec2d3077c1b28e3c90b2ea94d5ed072d3e401801c202a6f8c424fcb82ba9f3f1e9745e3f3452824c175c7e

    Download Submit

  • C:\Windows\AE 0124 BE.exe
    Filesize

    130KB

    MD5

    4027bf9b2bf3265f1da3f5aa9e4ec2c1

    SHA1

    c104f6f780032aa1592d9b1e309477e127f16067

    SHA256

    82177bfcb6ee47409884d33a0c4794b8536913e4be21c7badb2c375535587a3f

    SHA512

    32bf1999d8ad128e24b55b404a5b69102f386a1bbbec2d3077c1b28e3c90b2ea94d5ed072d3e401801c202a6f8c424fcb82ba9f3f1e9745e3f3452824c175c7e

    Download Submit

  • C:\Windows\AE 0124 BE.gif
    Filesize

    66KB

    MD5

    0d357db753e66654668e939fb9414b58

    SHA1

    4fd2aa7c70d4bd74e46d0e8ff90ea5961f77ec9a

    SHA256

    a6a20802a87d726a4b69faded5a0ee8814eceb0335ddd26401da6c88397e546c

    SHA512

    872a8bf82a4813db78aa52edd79b86a103f0ce54260f1a06bdc19409baebde55d02e620027eb4b7d83fd0c9f74495816f3162cd390097366369b4492fbfeea70

    Download Submit

  • C:\Windows\AE 0124 BE.gif
    Filesize

    131KB

    MD5

    7751fc6df40c72feb08fa58ab5d6c7ca

    SHA1

    8846ea17927bc1f8b30566efc5185a8b9e216271

    SHA256

    d09b2a9177500f933794d83b18e8b3ec527e61df1bb63af9dcbcb1ee8e4943bd

    SHA512

    8f92a60d59cd20f22d1bf2a32a642fafeb6331e6e7529033e48fbbed0afe7aeb23b5fd9a3ba57a3a7e9a716f8461c4c3e3a1d90ffc5918ca4d521bc1ed8de6da

    Download Submit

  • C:\Windows\Msvbvm60.dll
    Filesize

    1.3MB

    MD5

    5343a19c618bc515ceb1695586c6c137

    SHA1

    4dedae8cbde066f31c8e6b52c0baa3f8b1117742

    SHA256

    2246b4feae199408ea66d4a90c1589026f4a5800ce5a28e583b94506a8a73dce

    SHA512

    708d8a252a167fa94e3e1a49e2630d07613ff75a9a3e779a0c1fcbec44aa853a68c401f31a2b84152f46a05f7d93f4e5e502afc7a60236a22ac58dea73fa5606

    Download Submit

  • C:\Windows\SysWOW64\drivers\MSVBVM60.DLL
    Filesize

    1.3MB

    MD5

    5343a19c618bc515ceb1695586c6c137

    SHA1

    4dedae8cbde066f31c8e6b52c0baa3f8b1117742

    SHA256

    2246b4feae199408ea66d4a90c1589026f4a5800ce5a28e583b94506a8a73dce

    SHA512

    708d8a252a167fa94e3e1a49e2630d07613ff75a9a3e779a0c1fcbec44aa853a68c401f31a2b84152f46a05f7d93f4e5e502afc7a60236a22ac58dea73fa5606

    Download Submit

  • C:\Windows\SysWOW64\drivers\winlogon.exe
    Filesize

    130KB

    MD5

    4027bf9b2bf3265f1da3f5aa9e4ec2c1

    SHA1

    c104f6f780032aa1592d9b1e309477e127f16067

    SHA256

    82177bfcb6ee47409884d33a0c4794b8536913e4be21c7badb2c375535587a3f

    SHA512

    32bf1999d8ad128e24b55b404a5b69102f386a1bbbec2d3077c1b28e3c90b2ea94d5ed072d3e401801c202a6f8c424fcb82ba9f3f1e9745e3f3452824c175c7e

    Download Submit

  • C:\Windows\SysWOW64\drivers\winlogon.exe
    Filesize

    130KB

    MD5

    4027bf9b2bf3265f1da3f5aa9e4ec2c1

    SHA1

    c104f6f780032aa1592d9b1e309477e127f16067

    SHA256

    82177bfcb6ee47409884d33a0c4794b8536913e4be21c7badb2c375535587a3f

    SHA512

    32bf1999d8ad128e24b55b404a5b69102f386a1bbbec2d3077c1b28e3c90b2ea94d5ed072d3e401801c202a6f8c424fcb82ba9f3f1e9745e3f3452824c175c7e

    Download Submit

  • C:\Windows\SysWOW64\drivers\winlogon.exe
    Filesize

    130KB

    MD5

    4027bf9b2bf3265f1da3f5aa9e4ec2c1

    SHA1

    c104f6f780032aa1592d9b1e309477e127f16067

    SHA256

    82177bfcb6ee47409884d33a0c4794b8536913e4be21c7badb2c375535587a3f

    SHA512

    32bf1999d8ad128e24b55b404a5b69102f386a1bbbec2d3077c1b28e3c90b2ea94d5ed072d3e401801c202a6f8c424fcb82ba9f3f1e9745e3f3452824c175c7e

    Download Submit

  • C:\Windows\SysWOW64\drivers\winlogon.exe
    Filesize

    130KB

    MD5

    4027bf9b2bf3265f1da3f5aa9e4ec2c1

    SHA1

    c104f6f780032aa1592d9b1e309477e127f16067

    SHA256

    82177bfcb6ee47409884d33a0c4794b8536913e4be21c7badb2c375535587a3f

    SHA512

    32bf1999d8ad128e24b55b404a5b69102f386a1bbbec2d3077c1b28e3c90b2ea94d5ed072d3e401801c202a6f8c424fcb82ba9f3f1e9745e3f3452824c175c7e

    Download Submit

  • \??\c:\B1uv3nth3x1.diz
    Filesize

    21B

    MD5

    9cceaa243c5d161e1ce41c7dad1903dd

    SHA1

    e3da72675df53fffa781d4377d1d62116eafb35b

    SHA256

    814649b436ea43dd2abb99693e06019d4079ee74d02a0395913add0ba92d0189

    SHA512

    af9b75dc9a0b39d12d48bf6d40eb7d778eb9dd976302792271d8d4245a916027cf4e705d6cd7a5e6582ba94953346f291122f27d377b2c1a86e45f49e92efb5b

    Download Submit

  • \??\c:\B1uv3nth3x1.diz
    Filesize

    21B

    MD5

    9cceaa243c5d161e1ce41c7dad1903dd

    SHA1

    e3da72675df53fffa781d4377d1d62116eafb35b

    SHA256

    814649b436ea43dd2abb99693e06019d4079ee74d02a0395913add0ba92d0189

    SHA512

    af9b75dc9a0b39d12d48bf6d40eb7d778eb9dd976302792271d8d4245a916027cf4e705d6cd7a5e6582ba94953346f291122f27d377b2c1a86e45f49e92efb5b

    Download Submit

  • \Windows\SysWOW64\drivers\Msvbvm60.dll
    Filesize

    1.3MB

    MD5

    5343a19c618bc515ceb1695586c6c137

    SHA1

    4dedae8cbde066f31c8e6b52c0baa3f8b1117742

    SHA256

    2246b4feae199408ea66d4a90c1589026f4a5800ce5a28e583b94506a8a73dce

    SHA512

    708d8a252a167fa94e3e1a49e2630d07613ff75a9a3e779a0c1fcbec44aa853a68c401f31a2b84152f46a05f7d93f4e5e502afc7a60236a22ac58dea73fa5606

    Download Submit

  • \Windows\SysWOW64\drivers\winlogon.exe
    Filesize

    130KB

    MD5

    4027bf9b2bf3265f1da3f5aa9e4ec2c1

    SHA1

    c104f6f780032aa1592d9b1e309477e127f16067

    SHA256

    82177bfcb6ee47409884d33a0c4794b8536913e4be21c7badb2c375535587a3f

    SHA512

    32bf1999d8ad128e24b55b404a5b69102f386a1bbbec2d3077c1b28e3c90b2ea94d5ed072d3e401801c202a6f8c424fcb82ba9f3f1e9745e3f3452824c175c7e

    Download Submit

  • \Windows\SysWOW64\drivers\winlogon.exe
    Filesize

    130KB

    MD5

    4027bf9b2bf3265f1da3f5aa9e4ec2c1

    SHA1

    c104f6f780032aa1592d9b1e309477e127f16067

    SHA256

    82177bfcb6ee47409884d33a0c4794b8536913e4be21c7badb2c375535587a3f

    SHA512

    32bf1999d8ad128e24b55b404a5b69102f386a1bbbec2d3077c1b28e3c90b2ea94d5ed072d3e401801c202a6f8c424fcb82ba9f3f1e9745e3f3452824c175c7e

    Download Submit

  • \Windows\SysWOW64\drivers\winlogon.exe
    Filesize

    130KB

    MD5

    4027bf9b2bf3265f1da3f5aa9e4ec2c1

    SHA1

    c104f6f780032aa1592d9b1e309477e127f16067

    SHA256

    82177bfcb6ee47409884d33a0c4794b8536913e4be21c7badb2c375535587a3f

    SHA512

    32bf1999d8ad128e24b55b404a5b69102f386a1bbbec2d3077c1b28e3c90b2ea94d5ed072d3e401801c202a6f8c424fcb82ba9f3f1e9745e3f3452824c175c7e

    Download Submit

  • \Windows\SysWOW64\drivers\winlogon.exe
    Filesize

    130KB

    MD5

    4027bf9b2bf3265f1da3f5aa9e4ec2c1

    SHA1

    c104f6f780032aa1592d9b1e309477e127f16067

    SHA256

    82177bfcb6ee47409884d33a0c4794b8536913e4be21c7badb2c375535587a3f

    SHA512

    32bf1999d8ad128e24b55b404a5b69102f386a1bbbec2d3077c1b28e3c90b2ea94d5ed072d3e401801c202a6f8c424fcb82ba9f3f1e9745e3f3452824c175c7e

    Download Submit

  • \Windows\SysWOW64\drivers\winlogon.exe
    Filesize

    130KB

    MD5

    4027bf9b2bf3265f1da3f5aa9e4ec2c1

    SHA1

    c104f6f780032aa1592d9b1e309477e127f16067

    SHA256

    82177bfcb6ee47409884d33a0c4794b8536913e4be21c7badb2c375535587a3f

    SHA512

    32bf1999d8ad128e24b55b404a5b69102f386a1bbbec2d3077c1b28e3c90b2ea94d5ed072d3e401801c202a6f8c424fcb82ba9f3f1e9745e3f3452824c175c7e

    Download Submit

  • \Windows\SysWOW64\drivers\winlogon.exe
    Filesize

    130KB

    MD5

    4027bf9b2bf3265f1da3f5aa9e4ec2c1

    SHA1

    c104f6f780032aa1592d9b1e309477e127f16067

    SHA256

    82177bfcb6ee47409884d33a0c4794b8536913e4be21c7badb2c375535587a3f

    SHA512

    32bf1999d8ad128e24b55b404a5b69102f386a1bbbec2d3077c1b28e3c90b2ea94d5ed072d3e401801c202a6f8c424fcb82ba9f3f1e9745e3f3452824c175c7e

    Download Submit

  • memory/276-75-0x0000000002781000-0x0000000002CCD000-memory.dmp

    Filesize

    5.3MB

    Download

  • memory/276-67-0x0000000000000000-mapping.dmp

    Download

  • memory/432-86-0x0000000000000000-mapping.dmp

    Download

  • memory/1692-78-0x0000000000000000-mapping.dmp

    Download

  • memory/1788-61-0x0000000000000000-mapping.dmp

    Download

  • memory/2024-56-0x00000000754C1000-0x00000000754C3000-memory.dmp

    Filesize

    8KB

    Download