Overview

overview

9

Static

static

ʮ·...��.exe

windows7-x64

9

ʮ·...��.exe

windows10-2004-x64

9

Analysis

  • max time kernel
    148s
  • max time network
    148s
  • platform
    windows7_x64
  • resource
    win7-20220901-en
  • resource tags

    arch:x64arch:x86image:win7-20220901-enlocale:en-usos:windows7-x64system
  • submitted
    25/11/2022, 18:54

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    ʮ·ٶɲɼ.exe

  • Size

    1.5MB

  • MD5

    c25db52ae51bf4a6e841d6a668f932e3

  • SHA1

    2d2b306591c6fedcd83364559bfc65b5d888b1b8

  • SHA256

    77712379fe96bb3620bd4e9bf1baf5044235e6ddeaa1bcdd1ab1b7734268efc8

  • SHA512

    03407fd8650f0773cc60aa332b39ae614e4ffb8e83094c5d85908e4f45d2ab2c121967e57ae40fda8f01ac882ec1672daf2f94d9580b24950d4fb520c61e909c

  • SSDEEP

    24576:HtPuAvj4hqebXCEFXSpTZaqdiXSp0c02uFG6dAk3CMs/:HL74PRdYTZaqdwk0c05HGiy

Score
9/10
upx

Malware Config

Signatures

  • ACProtect 1.3x - 1.4x DLL software 1 IoCs

    Detects file using ACProtect software.

  • UPX packed file 2 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Loads dropped DLL 1 IoCs
  • Drops file in Windows directory 1 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

  • Modifies Internet Explorer settings 1 TTPs 64 IoCs
    adwarespyware
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 7 IoCs
  • Suspicious use of WriteProcessMemory 8 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\ʮ·ٶɲɼ.exe
    "C:\Users\Admin\AppData\Local\Temp\ʮ·ٶɲɼ.exe"
    1⤵
    • Loads dropped DLL
    • Drops file in Windows directory
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:1204
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" http://www.2345.com/?k562040
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:1776
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1776 CREDAT:275457 /prefetch:2
        3⤵
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:1224

Network

        MITRE ATT&CK Enterprise v6

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\0DA515F703BB9B49479E8697ADB0B955_4136D3715888E22D65EBE484B233D81B
          Filesize

          1KB

          MD5

          196d693c4529469ae0297cbb2d823b6e

          SHA1

          da900c9dbc819ebf28305a5a91443a7a032a044a

          SHA256

          9ab78352aeda106a653a0c1c8a573d4be1918a6630fee89bc9319b207fc8b8b9

          SHA512

          1a41c35b4ad16246c1c281f10d90022db9d64520c902704cb46c589b639eb68b84c98b76cb4de9b6add100d2009f5d2f80fcc176a1840781a242e14c09d031c0

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\349D186F1CB5682FA0194D4F3754EF36_97A2CB43E01F27293633B7B57353C80B
          Filesize

          1KB

          MD5

          343effca80725ca522829afc8e25d729

          SHA1

          dcfb6bb45ac25564a3d25e632690301ee5de02a9

          SHA256

          00e631b30488edba54cc10e4be643c594b29aa7e900c524d867ae9cf432ad994

          SHA512

          35b2dca55fc9e718b1c2016c9eb8e84b25127d8937a32da3b99991dfc366ef336a03400604ec410b24dfd2f6fb89098ebdeda49e1cb3e57097addc50379218d2

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
          Filesize

          61KB

          MD5

          3dcf580a93972319e82cafbc047d34d5

          SHA1

          8528d2a1363e5de77dc3b1142850e51ead0f4b6b

          SHA256

          40810e31f1b69075c727e6d557f9614d5880112895ff6f4df1767e87ae5640d1

          SHA512

          98384be7218340f95dae88d1cb865f23a0b4e12855beb6e74a3752274c9b4c601e493864db777bca677a370d0a9dbffd68d94898a82014537f3a801cce839c42

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\B039FEA45CB4CC4BBACFC013C7C55604_50D7940D5D3FEDD8634D83074C7A46A3
          Filesize

          1KB

          MD5

          eb878311cec239354ba1d18287131d9e

          SHA1

          a19d9bcb3ff652500dcd8125c76c21fe5ef06295

          SHA256

          3a8785fe119c1a806cd0dac0c207fcb256aa02ff03f146ac592a832acf6dd436

          SHA512

          18931ceba5dd92ebe25884ef35ab5c6ab92d00922aa3edb2b049188df756b1529380b604d691de8d334146d78d5bce9e8dab48dc3e2ee63697ea543370e9e7e3

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\0DA515F703BB9B49479E8697ADB0B955_4136D3715888E22D65EBE484B233D81B
          Filesize

          508B

          MD5

          0e19091c96876a8153c88fcf44b1cb40

          SHA1

          56500c1ed0733bff682ebb0aefaaeea100a47d6b

          SHA256

          676ca6c29898438c1b256dbc3465665337a70ae2e3064beb008cae3e909bd4ae

          SHA512

          1e6e818917dea71d2544a890c7fbaf75951c1b42fa04b052cca60bf431547d2a04b0f4c6ea621696934d42be25b5e3e4eeaedba70884981bcfa9d5530e27b70d

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\349D186F1CB5682FA0194D4F3754EF36_97A2CB43E01F27293633B7B57353C80B
          Filesize

          532B

          MD5

          e678857e914b28ffca434c8fd06d5652

          SHA1

          56caabd5d465f69897b8d0dced4dda5ada34ce43

          SHA256

          304e4266215dafad2e4c371f25cf6762843a26a897c6bdce30e2700e0ff0eb83

          SHA512

          e4daf73aaeecc630629c0ba8226bcb1bfe0d3abe2d78f2d3f71069468721f0c4a13d4c6985916da62535db1e74bdb4885da4698790ae40ff4976a8146c7dd743

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          342B

          MD5

          555ad4dc8dbe90b7f33387d14e78bf30

          SHA1

          f3d9cb3c68cc5cb51e5e590c3cc04e87afe2853d

          SHA256

          318dcc699b99ecc6af6ff57f4d595a6ffe6098260332f762398ff26da8aa0ffc

          SHA512

          72c5019793fffd6af31fcfe4f4a619b0f8a4d55444d5e584582163918b29ad09e9cfe5d5f8100f43d40e40067f2c904c61074ea06f1e8ac7b31b19b824e92036

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          342B

          MD5

          7c6724d29c33c27904b54b1122db3a26

          SHA1

          9c23c357d884feaf456d3809b15a162a2ec52a78

          SHA256

          406e68dfe0936fe7731c0e9b538b3bc3a04ac77ff5d3607cb4c62a3507910e7e

          SHA512

          ba6f387a9ec7b8218c1a9571aba62f915c66200160d0724e73bf6db33675b2d1725d4c3e801741efb38ad8655be1014d62776fc346fd1323db4fc19e33d02e17

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\B039FEA45CB4CC4BBACFC013C7C55604_50D7940D5D3FEDD8634D83074C7A46A3
          Filesize

          506B

          MD5

          459656542b6bcfa6a091b647249ab267

          SHA1

          49e698d44fffb8ddb713a241077470c09e27b97e

          SHA256

          a3e6ff1e7e9fc4c26a6064086c062a5920fe1bc074bcfa4eabec1214e50ffe6e

          SHA512

          980446cf12ac80864c2fc7a629f5a5a894861510d96e27323b2b40a71c8baf0e6872722f8ca90a66b6be7bf56f3437dd34583feee5b22aae55e8130746249996

          Download Submit

        • C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\imagestore\309axvf\imagestore.dat
          Filesize

          4KB

          MD5

          b0afe9c8b7fe3a512ef61a2b6e9b1610

          SHA1

          162c5b7ae825686b719bfa59ea96e7c7e3af2c2c

          SHA256

          dd100dd1d6d70852b8642200a6300c5c07330892dabbf0e0e39e874fbe406564

          SHA512

          a403f72be6ec877bcea95f93e086c4efdbd3af3e2bdc9e4b887f972690eaad03918135d3e7286ce94171f82c55a82bc27bde485dc61d30a9b3286d736841e8f7

          Download Submit

        • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\OAO0HZVM.txt
          Filesize

          598B

          MD5

          0b142cbb6faec90930f51892815ecc30

          SHA1

          9b7fc400410073968a9afa6c36461f14eb97979f

          SHA256

          580b611bb6493a62a82613cf763a7739757af3ac85996e1e66bf394a94bbb603

          SHA512

          e79e779ecef4fb57c0d1e6f34b182dba7f12c8c7e69762e79aa04cf37029442d23944efc5dd5d3857fc92229737c92ca252c268b5f93bbe9a54fc97edc01238b

          Download Submit

        • \Users\Admin\AppData\Local\Temp\SkinH_EL.dll
          Filesize

          86KB

          MD5

          147127382e001f495d1842ee7a9e7912

          SHA1

          92d1ed56032183c75d4b57d7ce30b1c4ae11dc9b

          SHA256

          edf679c02ea2e170e67ab20dfc18558e2bfb4ee5d59eceeaea4b1ad1a626c3cc

          SHA512

          97f5ae90a1bbacfe39b9e0f2954c24f9896cc9dca9d14364c438862996f3bbc04a4aa515742fccb3679d222c1302f5bb40c7eaddd6b5859d2d6ef79490243a4d

          Download Submit

        • memory/1204-54-0x0000000074DE1000-0x0000000074DE3000-memory.dmp

          Filesize

          8KB

          Download

        • memory/1204-56-0x0000000010000000-0x000000001003D000-memory.dmp

          Filesize

          244KB

          Download