Overview

overview

7

Static

static

8add444fef...72.exe

windows7-x64

5

8add444fef...72.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    164s
  • max time network
    175s
  • platform
    windows7_x64
  • resource
    win7-20220812-en
  • resource tags

    arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
  • submitted
    25/11/2022, 19:45

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    8add444fef813fdc14f7f84d96eedf744d27af483d1a4e5cbae8f2e70b9a2572.exe

  • Size

    1.7MB

  • MD5

    7528fdd1b057cf66efd96bce95224bc0

  • SHA1

    0163c3c0d487eefbcd89d3498fc1e7f03b3fec17

  • SHA256

    8add444fef813fdc14f7f84d96eedf744d27af483d1a4e5cbae8f2e70b9a2572

  • SHA512

    8d34ba00be0b78be74956e1fd1269fe2e55421c74c65845a7c550cce9411464364a0815e002dc3defc3f23c2e994ef5e69654cb90f59f45b8e766a2d39eac2b2

  • SSDEEP

    24576:B9aVH768bvqKXo310XqTER8OCYbxPTQi688MT2vTaogMcN3r:rax768bvqB31iRlLNTOaoxcN3r

Score
5/10

Malware Config

Signatures

  • Drops file in System32 directory 1 IoCs
  • Suspicious use of NtSetInformationThreadHideFromDebugger 5 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

  • Modifies Internet Explorer settings 1 TTPs 55 IoCs
    adwarespyware
  • Modifies Internet Explorer start page 1 TTPs 1 IoCs
    stealer
  • Suspicious behavior: EnumeratesProcesses 12 IoCs
  • Suspicious behavior: LoadsDriver 2 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 10 IoCs
  • Suspicious use of WriteProcessMemory 9 IoCs

Processes

  • C:\Windows\Explorer.EXE
    C:\Windows\Explorer.EXE
    1⤵
      PID:1324
      • C:\Users\Admin\AppData\Local\Temp\8add444fef813fdc14f7f84d96eedf744d27af483d1a4e5cbae8f2e70b9a2572.exe
        "C:\Users\Admin\AppData\Local\Temp\8add444fef813fdc14f7f84d96eedf744d27af483d1a4e5cbae8f2e70b9a2572.exe"
        2⤵
        • Drops file in System32 directory
        • Suspicious use of NtSetInformationThreadHideFromDebugger
        • Modifies Internet Explorer start page
        • Suspicious behavior: EnumeratesProcesses
        • Suspicious use of SetWindowsHookEx
        • Suspicious use of WriteProcessMemory
        PID:1972
        • C:\Program Files\Internet Explorer\iexplore.exe
          "C:\Program Files\Internet Explorer\iexplore.exe" www.341wg.com
          3⤵
          • Modifies Internet Explorer settings
          • Suspicious use of FindShellTrayWindow
          • Suspicious use of SetWindowsHookEx
          • Suspicious use of WriteProcessMemory
          PID:804
          • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
            "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:804 CREDAT:275457 /prefetch:2
            4⤵
            • Modifies Internet Explorer settings
            • Suspicious use of SetWindowsHookEx
            PID:1900

    Network

    MITRE ATT&CK Enterprise v6

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
      Filesize

      61KB

      MD5

      3dcf580a93972319e82cafbc047d34d5

      SHA1

      8528d2a1363e5de77dc3b1142850e51ead0f4b6b

      SHA256

      40810e31f1b69075c727e6d557f9614d5880112895ff6f4df1767e87ae5640d1

      SHA512

      98384be7218340f95dae88d1cb865f23a0b4e12855beb6e74a3752274c9b4c601e493864db777bca677a370d0a9dbffd68d94898a82014537f3a801cce839c42

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      d683a5fed1ea0a520a2613786ac6d636

      SHA1

      8e39bf37dfd89bd981f3fec7589e7eb423679a79

      SHA256

      ac46d047739d1b4d5bc78d7bfa2cc3426e8dd49b487602146ae94fc3a2f60744

      SHA512

      a328fe61ec02f7f4ab02ab5ebb38d4f69fcca40a08b1373f673a1f4ae651c6e89e2165a3287df5a7ef77e3c94b044642676d9a9800a0bcbbbd1c64f0167d2567

      Download Submit

    • C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\imagestore\tcz8fqz\imagestore.dat
      Filesize

      5KB

      MD5

      54251dd079744c2050fcf52fa4eea8cc

      SHA1

      c7dd881145bf21f88bbb96807cd8a93d60645f1d

      SHA256

      a855587c3ca081719275f6de2919c5877eadf29346dc59640e760e8ed3faf4ab

      SHA512

      aaa5fd694c3a81123a90975ec8b3bdcf83d4e3bb563a6e89be8f73e0ed7750f4d26991f4c0f26b8b4a7efcd31f3d11ab8db097feee0e8feb1227f3e1ace7cefb

      Download Submit

    • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\UDIMF2UF.txt
      Filesize

      608B

      MD5

      d89c6a66bc0ae22bfaed89d2098d800d

      SHA1

      4c6fdf638b6d451d0ea1de73e4d296bb4887ccae

      SHA256

      7f6fa04387840868df95b16635b78c1cea7c29d60657de9b5eb7dc2bb6c07dcf

      SHA512

      01ffc0778a8f833eb8f05e10f940fd4e438139e32c11154fc2fead7022fdf14a7db5bf05cf3ff96b0972fa625dc8522d0172dc2dc2a74f3fb3405d0e95831358

      Download Submit

    • memory/1972-54-0x0000000075981000-0x0000000075983000-memory.dmp

      Filesize

      8KB

      Download

    • memory/1972-55-0x0000000000400000-0x0000000000735000-memory.dmp

      Filesize

      3.2MB

      Download

    • memory/1972-57-0x0000000074E50000-0x0000000074E97000-memory.dmp

      Filesize

      284KB

      Download

    • memory/1972-463-0x0000000002640000-0x0000000002751000-memory.dmp

      Filesize

      1.1MB

      Download

    • memory/1972-464-0x0000000002640000-0x0000000002751000-memory.dmp

      Filesize

      1.1MB

      Download

    • memory/1972-465-0x0000000002640000-0x0000000002751000-memory.dmp

      Filesize

      1.1MB

      Download

    • memory/1972-466-0x0000000002640000-0x0000000002751000-memory.dmp

      Filesize

      1.1MB

      Download

    • memory/1972-467-0x0000000002640000-0x0000000002751000-memory.dmp

      Filesize

      1.1MB

      Download

    • memory/1972-469-0x0000000002640000-0x0000000002751000-memory.dmp

      Filesize

      1.1MB

      Download

    • memory/1972-468-0x0000000002640000-0x0000000002751000-memory.dmp

      Filesize

      1.1MB

      Download

    • memory/1972-470-0x0000000002640000-0x0000000002751000-memory.dmp

      Filesize

      1.1MB

      Download

    • memory/1972-471-0x0000000002640000-0x0000000002751000-memory.dmp

      Filesize

      1.1MB

      Download

    • memory/1972-472-0x0000000002640000-0x0000000002751000-memory.dmp

      Filesize

      1.1MB

      Download

    • memory/1972-473-0x0000000002640000-0x0000000002751000-memory.dmp

      Filesize

      1.1MB

      Download

    • memory/1972-476-0x0000000002640000-0x0000000002751000-memory.dmp

      Filesize

      1.1MB

      Download

    • memory/1972-475-0x0000000002640000-0x0000000002751000-memory.dmp

      Filesize

      1.1MB

      Download

    • memory/1972-474-0x0000000002640000-0x0000000002751000-memory.dmp

      Filesize

      1.1MB

      Download

    • memory/1972-477-0x0000000002640000-0x0000000002751000-memory.dmp

      Filesize

      1.1MB

      Download

    • memory/1972-479-0x0000000002640000-0x0000000002751000-memory.dmp

      Filesize

      1.1MB

      Download

    • memory/1972-478-0x0000000002640000-0x0000000002751000-memory.dmp

      Filesize

      1.1MB

      Download

    • memory/1972-480-0x0000000002640000-0x0000000002751000-memory.dmp

      Filesize

      1.1MB

      Download

    • memory/1972-481-0x0000000002640000-0x0000000002751000-memory.dmp

      Filesize

      1.1MB

      Download

    • memory/1972-482-0x0000000002640000-0x0000000002751000-memory.dmp

      Filesize

      1.1MB

      Download

    • memory/1972-483-0x0000000002640000-0x0000000002751000-memory.dmp

      Filesize

      1.1MB

      Download

    • memory/1972-484-0x0000000002640000-0x0000000002751000-memory.dmp

      Filesize

      1.1MB

      Download

    • memory/1972-485-0x0000000002640000-0x0000000002751000-memory.dmp

      Filesize

      1.1MB

      Download

    • memory/1972-486-0x0000000002640000-0x0000000002751000-memory.dmp

      Filesize

      1.1MB

      Download

    • memory/1972-487-0x0000000002640000-0x0000000002751000-memory.dmp

      Filesize

      1.1MB

      Download

    • memory/1972-488-0x0000000002640000-0x0000000002751000-memory.dmp

      Filesize

      1.1MB

      Download

    • memory/1972-489-0x0000000002640000-0x0000000002751000-memory.dmp

      Filesize

      1.1MB

      Download

    • memory/1972-490-0x0000000002640000-0x0000000002751000-memory.dmp

      Filesize

      1.1MB

      Download

    • memory/1972-491-0x0000000002640000-0x0000000002751000-memory.dmp

      Filesize

      1.1MB

      Download

    • memory/1972-492-0x0000000002640000-0x0000000002751000-memory.dmp

      Filesize

      1.1MB

      Download

    • memory/1972-493-0x0000000002640000-0x0000000002751000-memory.dmp

      Filesize

      1.1MB

      Download

    • memory/1972-494-0x0000000002640000-0x0000000002751000-memory.dmp

      Filesize

      1.1MB

      Download

    • memory/1972-495-0x0000000002640000-0x0000000002751000-memory.dmp

      Filesize

      1.1MB

      Download

    • memory/1972-496-0x0000000002640000-0x0000000002751000-memory.dmp

      Filesize

      1.1MB

      Download

    • memory/1972-497-0x0000000002640000-0x0000000002751000-memory.dmp

      Filesize

      1.1MB

      Download

    • memory/1972-498-0x0000000002640000-0x0000000002751000-memory.dmp

      Filesize

      1.1MB

      Download

    • memory/1972-499-0x0000000002640000-0x0000000002751000-memory.dmp

      Filesize

      1.1MB

      Download

    • memory/1972-500-0x0000000002640000-0x0000000002751000-memory.dmp

      Filesize

      1.1MB

      Download

    • memory/1972-501-0x0000000002640000-0x0000000002751000-memory.dmp

      Filesize

      1.1MB

      Download

    • memory/1972-502-0x0000000002640000-0x0000000002751000-memory.dmp

      Filesize

      1.1MB

      Download

    • memory/1972-503-0x0000000002640000-0x0000000002751000-memory.dmp

      Filesize

      1.1MB

      Download

    • memory/1972-504-0x0000000002640000-0x0000000002751000-memory.dmp

      Filesize

      1.1MB

      Download

    • memory/1972-505-0x0000000002640000-0x0000000002751000-memory.dmp

      Filesize

      1.1MB

      Download

    • memory/1972-506-0x0000000002640000-0x0000000002751000-memory.dmp

      Filesize

      1.1MB

      Download

    • memory/1972-507-0x0000000002640000-0x0000000002751000-memory.dmp

      Filesize

      1.1MB

      Download

    • memory/1972-508-0x0000000002640000-0x0000000002751000-memory.dmp

      Filesize

      1.1MB

      Download

    • memory/1972-509-0x0000000002640000-0x0000000002751000-memory.dmp

      Filesize

      1.1MB

      Download

    • memory/1972-510-0x0000000002640000-0x0000000002751000-memory.dmp

      Filesize

      1.1MB

      Download

    • memory/1972-511-0x0000000002640000-0x0000000002751000-memory.dmp

      Filesize

      1.1MB

      Download

    • memory/1972-512-0x0000000002640000-0x0000000002751000-memory.dmp

      Filesize

      1.1MB

      Download

    • memory/1972-513-0x0000000002640000-0x0000000002751000-memory.dmp

      Filesize

      1.1MB

      Download

    • memory/1972-514-0x0000000002640000-0x0000000002751000-memory.dmp

      Filesize

      1.1MB

      Download

    • memory/1972-515-0x0000000002640000-0x0000000002751000-memory.dmp

      Filesize

      1.1MB

      Download

    • memory/1972-516-0x0000000002640000-0x0000000002751000-memory.dmp

      Filesize

      1.1MB

      Download

    • memory/1972-517-0x0000000002640000-0x0000000002751000-memory.dmp

      Filesize

      1.1MB

      Download

    • memory/1972-518-0x0000000002640000-0x0000000002751000-memory.dmp

      Filesize

      1.1MB

      Download

    • memory/1972-519-0x0000000002640000-0x0000000002751000-memory.dmp

      Filesize

      1.1MB

      Download

    • memory/1972-520-0x0000000002640000-0x0000000002751000-memory.dmp

      Filesize

      1.1MB

      Download

    • memory/1972-521-0x0000000002640000-0x0000000002751000-memory.dmp

      Filesize

      1.1MB

      Download

    • memory/1972-522-0x0000000002640000-0x0000000002751000-memory.dmp

      Filesize

      1.1MB

      Download

    • memory/1972-523-0x0000000002640000-0x0000000002751000-memory.dmp

      Filesize

      1.1MB

      Download

    • memory/1972-524-0x0000000002640000-0x0000000002751000-memory.dmp

      Filesize

      1.1MB

      Download

    • memory/1972-1475-0x0000000002250000-0x0000000002350000-memory.dmp

      Filesize

      1024KB

      Download

    • memory/1972-1477-0x0000000002390000-0x0000000002511000-memory.dmp

      Filesize

      1.5MB

      Download

    • memory/1972-3726-0x0000000002250000-0x0000000002350000-memory.dmp

      Filesize

      1024KB

      Download

    • memory/1972-4810-0x0000000002640000-0x0000000002751000-memory.dmp

      Filesize

      1.1MB

      Download

    • memory/1972-4817-0x0000000000400000-0x0000000000735000-memory.dmp

      Filesize

      3.2MB

      Download

    • memory/1972-4818-0x0000000002760000-0x0000000002861000-memory.dmp

      Filesize

      1.0MB

      Download

    • memory/1972-4819-0x0000000002520000-0x00000000025C1000-memory.dmp

      Filesize

      644KB

      Download

    • memory/1972-4820-0x0000000000400000-0x0000000000735000-memory.dmp

      Filesize

      3.2MB

      Download