Overview

overview

8

Static

static

5e205172c0...8a.exe

windows7-x64

8

5e205172c0...8a.exe

windows10-2004-x64

8

Analysis

  • max time kernel
    152s
  • max time network
    156s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20220812-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
  • submitted
    23/11/2022, 20:58

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    5e205172c0509adcead597dd7a42cacbb9e9930efa4ab38d0fcef22cebb1c08a.exe

  • Size

    212KB

  • MD5

    5248fd2249fee4a26ea4dfb1543424d3

  • SHA1

    df7755f5766a598dc158f78686fa3ca0b8070cbc

  • SHA256

    5e205172c0509adcead597dd7a42cacbb9e9930efa4ab38d0fcef22cebb1c08a

  • SHA512

    1acf4a6cc9426095493a8a143ec96cd8f216ed4458044d57c0faa2b880a1dd4cea3b6ef73b94e6c5b7aac45a5cad304201939d567e16c9b0b620910c94e3b7c8

  • SSDEEP

    6144:dcyyU/A5rZRLEhFTnRa26s+Wdz8V7Wdfwn1nbmuSDmw:dHp/urb4A1WdBfj

Score
8/10

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Drops file in Program Files directory 2 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

  • Modifies Internet Explorer settings 1 TTPs 36 IoCs
    adwarespyware
  • Modifies registry class 60 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 8 IoCs
  • Suspicious use of WriteProcessMemory 13 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\5e205172c0509adcead597dd7a42cacbb9e9930efa4ab38d0fcef22cebb1c08a.exe
    "C:\Users\Admin\AppData\Local\Temp\5e205172c0509adcead597dd7a42cacbb9e9930efa4ab38d0fcef22cebb1c08a.exe"
    1⤵
    • Drops file in Program Files directory
    • Modifies registry class
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:940
    • \??\c:\Program Files77A2UY.exe
      "c:\Program Files77A2UY.exe"
      2⤵
      • Executes dropped EXE
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:752
      • C:\Program Files\Internet Explorer\IEXPLORE.exe
        "C:\Program Files\Internet Explorer\IEXPLORE.exe" http://dl.kanlink.cn:1287/CPAdown/vplay.php
        3⤵
        • Modifies Internet Explorer settings
        • Suspicious use of FindShellTrayWindow
        • Suspicious use of SetWindowsHookEx
        • Suspicious use of WriteProcessMemory
        PID:4932
        • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
          "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:4932 CREDAT:17410 /prefetch:2
          4⤵
          • Modifies Internet Explorer settings
          • Suspicious use of SetWindowsHookEx
          PID:1108
      • C:\Program Files\Internet Explorer\IEXPLORE.exe
        "C:\Program Files\Internet Explorer\IEXPLORE.exe" http://dl.kanlink.cn:1287/CPAdown/PPTV(pplive)_forjieku_977.html
        3⤵
        • Modifies Internet Explorer settings
        PID:4804
    • C:\Windows\SysWOW64\WScript.Exe
      WScript.Exe jies.bak.vbs
      2⤵
        PID:1736

    Network

          MITRE ATT&CK Enterprise v6

          Replay Monitor

          Loading Replay Monitor...

          Downloads

          • C:\Program Files77A2UY.exe
            Filesize

            36KB

            MD5

            ad5a0b3432a042d599255b96336bdb90

            SHA1

            27d6882e9cc9d197fa4ea2b6a4066f0bdc5a4721

            SHA256

            d434eeb46eacb5662547f630935f134b88147cd4107a89c1f61c1a7a1d5f7a1b

            SHA512

            2cb0f0a643a0b86dc28986b459aca80f37a39fdc1db6578b0672ab569dbffcced71b943e7b53104051ec858de89612a7ff3ec4dada0a9c47672c8dbef17c5898

            Download Submit

          • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776
            Filesize

            471B

            MD5

            e32d02ce684c01ef3af05fae9066160e

            SHA1

            29c7a6e8ed553ac2765634265d1db041d6d422ec

            SHA256

            b00322d178a6cfc206458c26b26d6c80596073bb3283dcc3fc4e33a4b5f29d71

            SHA512

            e4e3175fb131095e4681ecb76d14dc74d059c0beafb6340965516c6d3d0538deb314b36a3f09df03b491edac84d5c0580e764fed1d8bca9abd4e65cb56167148

            Download Submit

          • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776
            Filesize

            434B

            MD5

            83faaa144912cbf43b1072b4f061c306

            SHA1

            e7889573103eed2bb40cb3de95092cec30ac41fa

            SHA256

            da38a90499195989f7154266f70dcb4caafbcfd1f4b203fc3cea26d432774b0b

            SHA512

            a8e05f4ba0424629be1012e70b48c3ee516f51737414cfa480537164e8c37cc3a2e470d41c9d7b3523cb0ea53e5578766a0b1aa6de91f5e73a5298fa660835fa

            Download Submit

          • C:\Users\Admin\AppData\Local\Temp\jies.bak.vbs
            Filesize

            486B

            MD5

            dc6748413136c415608331bd20942499

            SHA1

            ba0c115b980e81819e950fd698802a09a5fa589d

            SHA256

            6ff48303c2d9363ac36aa749b157da9da512a4d7db8be8c9ac778cb42bdaf639

            SHA512

            b2ed984d523cd87902f012e377fb343d26c944e73953e8f1c4f08f5517e57d76dc2ec27513b054f9b27d4dd25c83d0806ccfa3a6f03ac3886f879dd15e1e266a

            Download Submit

          • \??\c:\Program Files77A2UY.exe
            Filesize

            36KB

            MD5

            ad5a0b3432a042d599255b96336bdb90

            SHA1

            27d6882e9cc9d197fa4ea2b6a4066f0bdc5a4721

            SHA256

            d434eeb46eacb5662547f630935f134b88147cd4107a89c1f61c1a7a1d5f7a1b

            SHA512

            2cb0f0a643a0b86dc28986b459aca80f37a39fdc1db6578b0672ab569dbffcced71b943e7b53104051ec858de89612a7ff3ec4dada0a9c47672c8dbef17c5898

            Download Submit