Overview

overview

8

Static

static

8

d12e0f4e2a...b1.exe

windows7-x64

8

d12e0f4e2a...b1.exe

windows10-2004-x64

8

Analysis

  • max time kernel
    129s
  • max time network
    186s
  • platform
    windows7_x64
  • resource
    win7-20221111-en
  • resource tags

    arch:x64arch:x86image:win7-20221111-enlocale:en-usos:windows7-x64system
  • submitted
    23-11-2022 20:45

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    d12e0f4e2a1279a25233ee9fc957024153ec5372955e53426bfc352d887db4b1.exe

  • Size

    2.6MB

  • MD5

    288919c82b6ba6df332a71fd70ae0bc2

  • SHA1

    e0a83a58809ab4ffe0f48bf6ce69b2e2a0faebdd

  • SHA256

    d12e0f4e2a1279a25233ee9fc957024153ec5372955e53426bfc352d887db4b1

  • SHA512

    61797d26bd164d2a413521b932a195fce21dd1c1880c7ac3dbf734b48a3be445a74609deb0d99ac98559edf0c24ca1c5f7a9005e26663b9818c13ceef29b0a6a

  • SSDEEP

    49152:2jKxFXDxXQeUqmBjbygbKWkEC2J0yz+6lewP4xEc5nlpbKKjDI:22xnXeBfHbKWkEz0yKuDAxZ5nyKjDI

Score
8/10
vmprotect

Malware Config

Signatures

  • VMProtect packed file 4 IoCs

    Detects executables packed with VMProtect commercial packer.

    vmprotect
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

  • Modifies Internet Explorer settings 1 TTPs 38 IoCs
    adwarespyware
  • Suspicious behavior: EnumeratesProcesses 1 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 10 IoCs
  • Suspicious use of WriteProcessMemory 8 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\d12e0f4e2a1279a25233ee9fc957024153ec5372955e53426bfc352d887db4b1.exe
    "C:\Users\Admin\AppData\Local\Temp\d12e0f4e2a1279a25233ee9fc957024153ec5372955e53426bfc352d887db4b1.exe"
    1⤵
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:2044
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" http://www.x5tl.com/
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:1868
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1868 CREDAT:275457 /prefetch:2
        3⤵
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:1220

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    967d11f54581f41608574f50a45bab75

    SHA1

    0e0a362b980a0006f15d9539e128757638447f91

    SHA256

    1609c0cdeb00e4f65905a9e60996b908d9d3e18316eff7928aed60b031d26e5e

    SHA512

    683bd1d9c4e292dd763b20e8d85ee0e598a7e15f5a3bac9d8e29e82b24f943c4a1920da31f6fe338d0c45de338edd6170a943173f6a91f674e5c4997a1da215e

    Download Submit
  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\MPYQ48IV.txt
    Filesize

    601B

    MD5

    ab2962d8f2bb4de13ae79bfed0d60a2e

    SHA1

    64d25819a37b8214ee0fa2aee700bb22474b144f

    SHA256

    9842e44b047d8b3c9dc8e029ce4101dec943a9b8c57c82c6c6a9092f6c3281d8

    SHA512

    9d0e0d3aa2cdfa8df3b471eacd78d3be31c1e320b6fa22685efc1c878468c9f10bb28428187d6721ce3a079903f88354f15973997de375105cb3e209a931b384

    Download Submit
  • memory/2044-54-0x0000000000400000-0x00000000009AC000-memory.dmp
    Filesize

    5.7MB

    Download
  • memory/2044-55-0x0000000075531000-0x0000000075533000-memory.dmp
    Filesize

    8KB

    Download
  • memory/2044-56-0x0000000000400000-0x00000000009AC000-memory.dmp
    Filesize

    5.7MB

    Download
  • memory/2044-58-0x0000000000400000-0x00000000009AC000-memory.dmp
    Filesize

    5.7MB

    Download
  • memory/2044-59-0x0000000000400000-0x00000000009AC000-memory.dmp
    Filesize

    5.7MB

    Download