Overview

overview

9

Static

static

07c4c6172f...6b.exe

windows7-x64

9

07c4c6172f...6b.exe

windows10-2004-x64

9

Analysis

  • max time kernel
    98s
  • max time network
    138s
  • platform
    windows7_x64
  • resource
    win7-20220901-en
  • resource tags

    arch:x64arch:x86image:win7-20220901-enlocale:en-usos:windows7-x64system
  • submitted
    25-11-2022 15:28

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    07c4c6172f2d35d1d6e2ee58fc835d9ec88d77e76dd767f60bf167760a362f6b.exe

  • Size

    1.4MB

  • MD5

    80463092a863fb1d17f0cf0ba8500ccc

  • SHA1

    d4c174d12e08e277c62fc5cc7049d85392ea00ad

  • SHA256

    07c4c6172f2d35d1d6e2ee58fc835d9ec88d77e76dd767f60bf167760a362f6b

  • SHA512

    e5d29a8d90e506ff984947c45ea751e8bb139733353a94dd703b41cbb8f3953ef02714189be23542a29383891bbf201d43b794b6d9f6b76c1c47ec3955047019

  • SSDEEP

    24576:fhCVHmFHgwBWSfRL0hD1wpZ2EgTzJAxiqhh1pivyM+I0GLAxEb:WiHgw5pL0hD1eMEKFQiqhAvrQG0S

Score
9/10
upx

Malware Config

Signatures

  • ACProtect 1.3x - 1.4x DLL software 1 IoCs

    Detects file using ACProtect software.

  • UPX packed file 2 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Loads dropped DLL 1 IoCs
  • Suspicious use of NtSetInformationThreadHideFromDebugger 1 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

  • Modifies Internet Explorer settings 1 TTPs 34 IoCs
    adwarespyware
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 9 IoCs
  • Suspicious use of WriteProcessMemory 8 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\07c4c6172f2d35d1d6e2ee58fc835d9ec88d77e76dd767f60bf167760a362f6b.exe
    "C:\Users\Admin\AppData\Local\Temp\07c4c6172f2d35d1d6e2ee58fc835d9ec88d77e76dd767f60bf167760a362f6b.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious use of NtSetInformationThreadHideFromDebugger
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:1768
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" http://www.499u.com/
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:1764
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1764 CREDAT:275457 /prefetch:2
        3⤵
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:884

Network

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

System Information Discovery

1
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\2UROW0JJ.txt
    Filesize

    608B

    MD5

    2c3bb1009883cb53f7c77e6cc7eabcf5

    SHA1

    d2c37eaf780fe1f9636a6c2571c685613086a991

    SHA256

    2146fb8f0c2c41007e6ba87a4f99de597fa657f3445e5823563ea1a872fa58e9

    SHA512

    072d25f76d008d402c5bf077858e65b06c488ba7515320d3e03a031cc1a65682abade1cb5cabe51a2f72b21f138e19e17d420a96fef036db4a7e9c72adeaa57e

    Download Submit
  • \Users\Admin\AppData\Local\Temp\jedata.dll
    Filesize

    86KB

    MD5

    114054313070472cd1a6d7d28f7c5002

    SHA1

    9a044986e6101df1a126035da7326a50c3fe9a23

    SHA256

    e15d9e1b772fed3db19e67b8d54533d1a2d46a37f8b12702a5892c6b886e9db1

    SHA512

    a2ff8481e89698dae4a1c83404105093472e384d7a3debbd7014e010543e08efc8ebb3f67c8a4ce09029e6b2a8fb7779bb402aae7c9987e61389cd8a72c73522

    Download Submit
  • memory/1768-54-0x0000000075931000-0x0000000075933000-memory.dmp
    Filesize

    8KB

    Download
  • memory/1768-55-0x0000000000400000-0x00000000006DE000-memory.dmp
    Filesize

    2.9MB

    Download
  • memory/1768-59-0x0000000000400000-0x00000000006DE000-memory.dmp
    Filesize

    2.9MB

    Download
  • memory/1768-60-0x0000000010000000-0x000000001003E000-memory.dmp
    Filesize

    248KB

    Download
  • memory/1768-61-0x0000000000400000-0x00000000006DE000-memory.dmp
    Filesize

    2.9MB

    Download