Overview

overview

8

Static

static

555dc14f5a...be.exe

windows7-x64

8

555dc14f5a...be.exe

windows10-2004-x64

8

Analysis

  • max time kernel
    144s
  • max time network
    152s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20220901-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20220901-enlocale:en-usos:windows10-2004-x64system
  • submitted
    23/11/2022, 20:59

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    555dc14f5aeba87cf79fc6d76fbc70362e69b33fdb3507460c1704249e9d49be.exe

  • Size

    212KB

  • MD5

    531a69a299076bfda258044aef05dd9d

  • SHA1

    51c7f8554abc3f7d0380060fad13192b9bebcae2

  • SHA256

    555dc14f5aeba87cf79fc6d76fbc70362e69b33fdb3507460c1704249e9d49be

  • SHA512

    c05c0992c3db7f945ef8b656e855b8b11ed02668ed75bd270600b209e467f5035672d5da05c21d855f303e827f3db2e7c29e03ea48d963990ab73725b031b653

  • SSDEEP

    6144:dcyyU/A5rZRLEhFTnRa26s+Wdz8V7Wdfwn1nbmuSDmO:dHp/urb4A1WdBfF

Score
8/10

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Drops file in Program Files directory 2 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

  • Modifies Internet Explorer settings 1 TTPs 36 IoCs
    adwarespyware
  • Modifies registry class 60 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 8 IoCs
  • Suspicious use of WriteProcessMemory 13 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\555dc14f5aeba87cf79fc6d76fbc70362e69b33fdb3507460c1704249e9d49be.exe
    "C:\Users\Admin\AppData\Local\Temp\555dc14f5aeba87cf79fc6d76fbc70362e69b33fdb3507460c1704249e9d49be.exe"
    1⤵
    • Drops file in Program Files directory
    • Modifies registry class
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:4848
    • \??\c:\Program Files8XD4Y0.exe
      "c:\Program Files8XD4Y0.exe"
      2⤵
      • Executes dropped EXE
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:864
      • C:\Program Files\Internet Explorer\IEXPLORE.exe
        "C:\Program Files\Internet Explorer\IEXPLORE.exe" http://dl.kanlink.cn:1287/CPAdown/vplay.php
        3⤵
        • Modifies Internet Explorer settings
        • Suspicious behavior: GetForegroundWindowSpam
        • Suspicious use of FindShellTrayWindow
        • Suspicious use of SetWindowsHookEx
        • Suspicious use of WriteProcessMemory
        PID:1384
        • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
          "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1384 CREDAT:17410 /prefetch:2
          4⤵
          • Modifies Internet Explorer settings
          • Suspicious use of SetWindowsHookEx
          PID:3996
      • C:\Program Files\Internet Explorer\IEXPLORE.exe
        "C:\Program Files\Internet Explorer\IEXPLORE.exe" http://dl.kanlink.cn:1287/CPAdown/PPTV(pplive)_forjieku_977.html
        3⤵
        • Modifies Internet Explorer settings
        PID:2428
    • C:\Windows\SysWOW64\WScript.Exe
      WScript.Exe jies.bak.vbs
      2⤵
        PID:216

    Network

    MITRE ATT&CK Enterprise v6

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Program Files8XD4Y0.exe
      Filesize

      36KB

      MD5

      9e30ceb922415032d8e16f18b5c87906

      SHA1

      86cfd7aeab83b77ce298e8075d63e3e40fc0d2ac

      SHA256

      61ed9e682cd0c297a90d84d7d388e38a4024bebab7380ce022f70f0ca3258402

      SHA512

      5e1d7fa803fe4a18a8092a0d2f7ee694cd37c962fbc4581c6a78b2b7dbe41699e9207ca56deaff13a5a52c2a5889b416a5542cf1056980937d1a0261367bcb11

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776
      Filesize

      471B

      MD5

      e32d02ce684c01ef3af05fae9066160e

      SHA1

      29c7a6e8ed553ac2765634265d1db041d6d422ec

      SHA256

      b00322d178a6cfc206458c26b26d6c80596073bb3283dcc3fc4e33a4b5f29d71

      SHA512

      e4e3175fb131095e4681ecb76d14dc74d059c0beafb6340965516c6d3d0538deb314b36a3f09df03b491edac84d5c0580e764fed1d8bca9abd4e65cb56167148

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776
      Filesize

      404B

      MD5

      e4ddab0f49cec194842050e4b08b7aab

      SHA1

      1dbacfd519cc0ecea18b22d952b1bda8e6b1851f

      SHA256

      4ba001519763a1a4349536627faa77e30fbdc3499052ecc86fec9ba5cc7c5c62

      SHA512

      f52fcc52ce7f5acc61bd6accc1412892bb713fc1acee9bcae7d8f311f23951ab90c7764aae74690ce9a63068dc74722d3d4cbbf90ac0e9acc0b54d603a7bb76d

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\jies.bak.vbs
      Filesize

      486B

      MD5

      8ee8f206342c02003396077b09e65ce0

      SHA1

      2b26107975e1b74546b5eb7935fb3009940d7253

      SHA256

      aefe4611df2fce7ab05da1d50c133e33fa172a729dc02dce122512f9930d70a7

      SHA512

      b05dc3dbd5a72f5f1a7a36631270b1ac5349ab00c18ea623f34bd5dc2ff4b1be0cdcc75d5a13eeef76a80efc9a7776d46869f6d55fb3637f048bc586a881d250

      Download Submit

    • \??\c:\Program Files8XD4Y0.exe
      Filesize

      36KB

      MD5

      9e30ceb922415032d8e16f18b5c87906

      SHA1

      86cfd7aeab83b77ce298e8075d63e3e40fc0d2ac

      SHA256

      61ed9e682cd0c297a90d84d7d388e38a4024bebab7380ce022f70f0ca3258402

      SHA512

      5e1d7fa803fe4a18a8092a0d2f7ee694cd37c962fbc4581c6a78b2b7dbe41699e9207ca56deaff13a5a52c2a5889b416a5542cf1056980937d1a0261367bcb11

      Download Submit