Overview

overview

6

Static

static

514678b447...c6.exe

windows7-x64

3

514678b447...c6.exe

windows10-2004-x64

6

Analysis

  • max time kernel
    68s
  • max time network
    138s
  • platform
    windows7_x64
  • resource
    win7-20220901-en
  • resource tags

    arch:x64arch:x86image:win7-20220901-enlocale:en-usos:windows7-x64system
  • submitted
    26-11-2022 09:10

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    514678b447d7ca453dc5a92c1227357d78a4d803e0c9f7448cee31f1a88edec6.exe

  • Size

    281KB

  • MD5

    1c7eda40466e8e7d18af1bd904e76db3

  • SHA1

    1e1ac4a142f0a9468e8e849865cf5a020bffad38

  • SHA256

    514678b447d7ca453dc5a92c1227357d78a4d803e0c9f7448cee31f1a88edec6

  • SHA512

    6698e4feda6a2e2f251056ac2088f11a01bc5e9068c43288c45a2c9a8ade64166a2cfea8b5a12c1265f32fe250173715b6b53e628c72e1e8b5e0b368f803c398

  • SSDEEP

    6144:8IUCzQKe0cg9bmM4RF5Y4iEtooAkcJJpJpxfTm:8sO0cg9bmjZfiEeo3GvLxf

Score
3/10

Malware Config

Signatures

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

  • Modifies Internet Explorer settings 1 TTPs 36 IoCs
    adwarespyware
  • Suspicious behavior: EnumeratesProcesses 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 4 IoCs
  • Suspicious use of WriteProcessMemory 12 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\514678b447d7ca453dc5a92c1227357d78a4d803e0c9f7448cee31f1a88edec6.exe
    "C:\Users\Admin\AppData\Local\Temp\514678b447d7ca453dc5a92c1227357d78a4d803e0c9f7448cee31f1a88edec6.exe"
    1⤵
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:1672
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" http://i.imgur.com/TxNjdF8.jpg
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:1520
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1520 CREDAT:275457 /prefetch:2
        3⤵
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:1484
    • C:\Windows\Microsoft.NET\Framework\v2.0.50727\dw20.exe
      dw20.exe -x -s 1672
      2⤵
        PID:2020

    Network

    MITRE ATT&CK Matrix ATT&CK v6

    Initial Access

    Execution

    Persistence

    Privilege Escalation

    Defense Evasion

    Modify Registry

    1
    T1112

    Credential Access

    Discovery

    System Information Discovery

    1
    T1082

    Lateral Movement

    Collection

    Exfiltration

    Command and Control

    Impact

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
      Filesize

      61KB

      MD5

      3dcf580a93972319e82cafbc047d34d5

      SHA1

      8528d2a1363e5de77dc3b1142850e51ead0f4b6b

      SHA256

      40810e31f1b69075c727e6d557f9614d5880112895ff6f4df1767e87ae5640d1

      SHA512

      98384be7218340f95dae88d1cb865f23a0b4e12855beb6e74a3752274c9b4c601e493864db777bca677a370d0a9dbffd68d94898a82014537f3a801cce839c42

      Download Submit
    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      23abb35b661133e13597c8234a023967

      SHA1

      e7558f633e459857a523a78237d8ca6dc59c6fd0

      SHA256

      5e2fda6f15a44bca48b63bd650f36719dec3a6318f9362187542d79da8669259

      SHA512

      a6419ce3c0b96deb3028fdd5e51f483c9f8f2b36d185b0e1ac94d69abb5f08e5157106849451bc34bc1e67fc258a190354652ce9dd961ff2fe26108d68beb37e

      Download Submit
    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      b86c1beebd033c35e51248f4dba3f3bc

      SHA1

      503cccc5000802bf110531e09ae028464ae4e5a9

      SHA256

      48779e87ff929d798a63a64c5d3b680d833c164155dec5b802fa2abf846f843e

      SHA512

      ba52a2acdc8920660511b2cae042239f4587abf57b890e5b4f03d4bf429ab7c896c8f612a85e1123f31e95d41d74cd727b15537658c0f1740ce0e79ce97254f4

      Download Submit
    • C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\imagestore\309axvf\imagestore.dat
      Filesize

      38KB

      MD5

      fbd46264d7ebd84dea502c5a00b2ba77

      SHA1

      80583acfb92331d44bb0fa9bda8b39ab5491bd62

      SHA256

      54cf8e48ea6489d2a0dc6240cea8ac6164157392d0e57d6ca396014b6edd000c

      SHA512

      1aae97f2f12222a41446189b43c743c6ff4411355245a2262d016255a2d6c4d248afb55148e1c91501d013404eaa1b52e99f6de9590aaff9cac6eaa213549094

      Download Submit
    • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\3GDU8I26.txt
      Filesize

      603B

      MD5

      0eae2b09935b1faf1a044875c73c0463

      SHA1

      090953e3cdb3b5242f019520251ce38627c266bc

      SHA256

      af022f41713f81cf8df73e5af0df631acf4d37829894097f81754cfec8f64e7f

      SHA512

      c046be54f2effbfc25f8df6f5273f430838104baf574c13d5e178e0cb986e2acdb2e615da484609e551710acc228cd2fd75f634247d604ad9a7be0c3076dd00e

      Download Submit
    • memory/1672-54-0x0000000075111000-0x0000000075113000-memory.dmp
      Filesize

      8KB

      Download
    • memory/1672-55-0x0000000074170000-0x000000007471B000-memory.dmp
      Filesize

      5.7MB

      Download
    • memory/1672-61-0x0000000074170000-0x000000007471B000-memory.dmp
      Filesize

      5.7MB

      Download
    • memory/2020-56-0x0000000000000000-mapping.dmp
      Download