Overview

overview

7

Static

static

b931055d97...c2.exe

windows7-x64

7

b931055d97...c2.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    131s
  • max time network
    145s
  • platform
    windows7_x64
  • resource
    win7-20220901-en
  • resource tags

    arch:x64arch:x86image:win7-20220901-enlocale:en-usos:windows7-x64system
  • submitted
    25-11-2022 12:42

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    b931055d970a6788bb158ccdb388f09c59ad1f43b289015060d9973a98f064c2.exe

  • Size

    2.0MB

  • MD5

    d5994051b570bd568d5965c8f5673881

  • SHA1

    d826c6e7b8d18574654064ab94341b0523a7ba0c

  • SHA256

    b931055d970a6788bb158ccdb388f09c59ad1f43b289015060d9973a98f064c2

  • SHA512

    d2887f691cea37bfb29d78fbd4f634659cea5eaed27510b8c78394e26aa07072255209e4b40ee1c2f3c11dcf1f1da2990efc76823e2163f685499a6f40780b5f

  • SSDEEP

    24576:FXfwN3sS1kuLkcityd6tecEXyywkE4qpT2baXuXozsORJzbDJJvSEdN9d:FXfTXMkVt70q9pT2bvaZrvSEd9

Score
7/10

Malware Config

Signatures

  • Loads dropped DLL 5 IoCs
  • Drops file in System32 directory 2 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

  • Modifies Internet Explorer settings 1 TTPs 43 IoCs
    adwarespyware
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 8 IoCs
  • Suspicious use of WriteProcessMemory 8 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\b931055d970a6788bb158ccdb388f09c59ad1f43b289015060d9973a98f064c2.exe
    "C:\Users\Admin\AppData\Local\Temp\b931055d970a6788bb158ccdb388f09c59ad1f43b289015060d9973a98f064c2.exe"
    1⤵
    • Loads dropped DLL
    • Drops file in System32 directory
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:1724
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" http://www.cfhongxing.com/
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:996
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:996 CREDAT:275457 /prefetch:2
        3⤵
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:556

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
    Filesize

    61KB

    MD5

    3dcf580a93972319e82cafbc047d34d5

    SHA1

    8528d2a1363e5de77dc3b1142850e51ead0f4b6b

    SHA256

    40810e31f1b69075c727e6d557f9614d5880112895ff6f4df1767e87ae5640d1

    SHA512

    98384be7218340f95dae88d1cb865f23a0b4e12855beb6e74a3752274c9b4c601e493864db777bca677a370d0a9dbffd68d94898a82014537f3a801cce839c42

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    c1acea3685db728019c467c76c0610d5

    SHA1

    85b50c393095c5fe918dc4159ad56721d04b671a

    SHA256

    d86d304a9f3be1259cb7ab2ddcf48e13a7d6c25899870ebce8544dfcfa159081

    SHA512

    5d8903ece40767f3bed34f3bee9d97ee611ba139020eddd1fac049328e8f51a8d28a8a7b45a65e5b1dc080cf2a3308a697eb7e588e135a2e045ee26cedc41ad9

    Download Submit
  • C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\imagestore\309axvf\imagestore.dat
    Filesize

    5KB

    MD5

    3d4729917db2e52bfaf66e8bdd7db158

    SHA1

    dd8dd43669125412dcb3f0a96602b35da0c6eaa1

    SHA256

    1d009f7c56ebe5afe000fdf064c8a636e7c874d789d053369ed6516151c74375

    SHA512

    060e2c5445f1a9427321756100b9da50f6c2d938bcd0c72dc6c76ae6be94a44c3794bb4a5a3efb5c0c9f17edd3f19bb6efa88b97ce4c081b092f6a8df2d93ee2

    Download Submit
  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\PRMEEMGT.txt
    Filesize

    603B

    MD5

    e3191ef0184af35103327c4ea7620f52

    SHA1

    f31f6e9cc02cf4cb7e237db91367a6fca0dd7c4c

    SHA256

    48fd00e58c23f6ebfb41d4b4e2c263d71bb0683eb3b26ce6b2a37ad0cdf4b15f

    SHA512

    c6ea299b03e43f9c1a293647f1b6f57e430dc84ec8d65ced58a25f46e7e2f3381535a6d5e2a968b9a0b0a5040bc69f57d6ee7509b42a608b4aebe1f239089fb5

    Download Submit
  • \Windows\SysWOW64\TAG.ime
    Filesize

    52KB

    MD5

    b60da4e2e5aceba3ce3d87ee2cd872ee

    SHA1

    9bbdbf1f3ce2c000a86e0473da756a4b1031db41

    SHA256

    b581fcc82c0462d60286a80912ab2ce5aca7d7b11c5cff0b5f74716dbb7dc453

    SHA512

    664d6f893484252b339ff8f413a4cf9da9b0ef82ed74b097ba86a5f00b4d9740eef6e8a5b81e8be7e82ae4009928097baf15e65a03f31c4b92e44f593ce39874

    Download Submit
  • \Windows\SysWOW64\TAG.ime
    Filesize

    52KB

    MD5

    b60da4e2e5aceba3ce3d87ee2cd872ee

    SHA1

    9bbdbf1f3ce2c000a86e0473da756a4b1031db41

    SHA256

    b581fcc82c0462d60286a80912ab2ce5aca7d7b11c5cff0b5f74716dbb7dc453

    SHA512

    664d6f893484252b339ff8f413a4cf9da9b0ef82ed74b097ba86a5f00b4d9740eef6e8a5b81e8be7e82ae4009928097baf15e65a03f31c4b92e44f593ce39874

    Download Submit
  • \Windows\SysWOW64\TAG.ime
    Filesize

    52KB

    MD5

    b60da4e2e5aceba3ce3d87ee2cd872ee

    SHA1

    9bbdbf1f3ce2c000a86e0473da756a4b1031db41

    SHA256

    b581fcc82c0462d60286a80912ab2ce5aca7d7b11c5cff0b5f74716dbb7dc453

    SHA512

    664d6f893484252b339ff8f413a4cf9da9b0ef82ed74b097ba86a5f00b4d9740eef6e8a5b81e8be7e82ae4009928097baf15e65a03f31c4b92e44f593ce39874

    Download Submit
  • \Windows\SysWOW64\TAG.ime
    Filesize

    52KB

    MD5

    b60da4e2e5aceba3ce3d87ee2cd872ee

    SHA1

    9bbdbf1f3ce2c000a86e0473da756a4b1031db41

    SHA256

    b581fcc82c0462d60286a80912ab2ce5aca7d7b11c5cff0b5f74716dbb7dc453

    SHA512

    664d6f893484252b339ff8f413a4cf9da9b0ef82ed74b097ba86a5f00b4d9740eef6e8a5b81e8be7e82ae4009928097baf15e65a03f31c4b92e44f593ce39874

    Download Submit
  • \Windows\SysWOW64\TAG.ime
    Filesize

    52KB

    MD5

    b60da4e2e5aceba3ce3d87ee2cd872ee

    SHA1

    9bbdbf1f3ce2c000a86e0473da756a4b1031db41

    SHA256

    b581fcc82c0462d60286a80912ab2ce5aca7d7b11c5cff0b5f74716dbb7dc453

    SHA512

    664d6f893484252b339ff8f413a4cf9da9b0ef82ed74b097ba86a5f00b4d9740eef6e8a5b81e8be7e82ae4009928097baf15e65a03f31c4b92e44f593ce39874

    Download Submit
  • memory/1724-54-0x0000000074B51000-0x0000000074B53000-memory.dmp
    Filesize

    8KB

    Download