Overview

overview

8

Static

static

8

c0d03163cd...f7.exe

windows7-x64

8

c0d03163cd...f7.exe

windows10-2004-x64

8

Analysis

  • max time kernel
    152s
  • max time network
    159s
  • platform
    windows7_x64
  • resource
    win7-20220812-en
  • resource tags

    arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
  • submitted
    26-11-2022 16:29

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    c0d03163cd1e1828fb2cff353ffe3bdf2cd84971e0780a49696251ff6552aaf7.exe

  • Size

    2.8MB

  • MD5

    085058177ea04280a513b60347e236f0

  • SHA1

    9b7c7507b2bf76c4ff0721eb8485dc2fb7b7ab7e

  • SHA256

    c0d03163cd1e1828fb2cff353ffe3bdf2cd84971e0780a49696251ff6552aaf7

  • SHA512

    662faaed0805566f9875b1f58c8b752f7a61d6ef6e5d68c62ebc83139b45f1b74c6af66ea3b4ad74bd26c6b797bd2b33515818b08abfe4d8346f34e0f22e0544

  • SSDEEP

    49152:KkQTA+sYMxNH5s5la6kETd4skrcqgRentDu0H+rTxEbpRdlH/C8z:Ka+nw/olVkEp4s0gRiu0erTgpRrC8

Score
8/10
vmprotect

Malware Config

Signatures

  • VMProtect packed file 3 IoCs

    Detects executables packed with VMProtect commercial packer.

    vmprotect
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

  • Modifies Internet Explorer settings 1 TTPs 64 IoCs
    adwarespyware
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of AdjustPrivilegeToken 2 IoCs
  • Suspicious use of FindShellTrayWindow 2 IoCs
  • Suspicious use of SetWindowsHookEx 10 IoCs
  • Suspicious use of WriteProcessMemory 16 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\c0d03163cd1e1828fb2cff353ffe3bdf2cd84971e0780a49696251ff6552aaf7.exe
    "C:\Users\Admin\AppData\Local\Temp\c0d03163cd1e1828fb2cff353ffe3bdf2cd84971e0780a49696251ff6552aaf7.exe"
    1⤵
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:1872
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" http://ziabyka.ru/
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:1500
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1500 CREDAT:275457 /prefetch:2
        3⤵
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:1488
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" http://goo.gl/Tw5mq8
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:1604
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1604 CREDAT:275457 /prefetch:2
        3⤵
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:1476

Network

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

System Information Discovery

1
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA
    Filesize

    1KB

    MD5

    6639eb1615140cb765d60da56623de3e

    SHA1

    4eb71b48df96868a741eb80913acb9ffd022a89d

    SHA256

    b5d1cd8dd63ac99b9c47e157187621fbf2e6566a8e6d96b9e17c16759f2846b6

    SHA512

    1156c3f805bfead9f2265b4a5c01ec7bbac8318918115fb53a0865c4857f558a411255f34a099b09b9ec9c2af8ecc2e1301efc9f7e20b63c2454fe15056902d3

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\82CB34DD3343FE727DF8890D352E0D8F
    Filesize

    7KB

    MD5

    64bd9a644bd182581368e3ce024dad9a

    SHA1

    1520bd16d65200bfa86d889eb88f4f62a65dd007

    SHA256

    5814095df174f580f08019718d2f8d05177276906620e36564588ba4b19ddfdb

    SHA512

    af1ec9959334ae377a1b199a44ec31a3cadc1273512f8a2644eb8b3b21f24d4afe1c0515a3bb685bd35a0856c2d6383504ee7e72ae67f87f3bda0a8ff91ec5db

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
    Filesize

    61KB

    MD5

    3dcf580a93972319e82cafbc047d34d5

    SHA1

    8528d2a1363e5de77dc3b1142850e51ead0f4b6b

    SHA256

    40810e31f1b69075c727e6d557f9614d5880112895ff6f4df1767e87ae5640d1

    SHA512

    98384be7218340f95dae88d1cb865f23a0b4e12855beb6e74a3752274c9b4c601e493864db777bca677a370d0a9dbffd68d94898a82014537f3a801cce839c42

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA
    Filesize

    724B

    MD5

    f569e1d183b84e8078dc456192127536

    SHA1

    30c537463eed902925300dd07a87d820a713753f

    SHA256

    287bc80237497eb8681dbf136a56cc3870dd5bd12d48051525a280ae62aab413

    SHA512

    49553b65a8e3fc0bf98c1bc02bae5b22188618d8edf8e88e4e25932105796956ae8301c63c487e0afe368ea39a4a2af07935a808f5fb53287ef9287bc73e1012

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357
    Filesize

    1KB

    MD5

    a266bb7dcc38a562631361bbf61dd11b

    SHA1

    3b1efd3a66ea28b16697394703a72ca340a05bd5

    SHA256

    df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e

    SHA512

    0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA
    Filesize

    410B

    MD5

    69e5af1f5933a57233944837dd36757b

    SHA1

    82cb056007762cea9f4403eb0bdef3b2dd95b0cb

    SHA256

    4f987a864ad572f9dd59ce126b3a2e234972b2d1efa593947646066f30d897bc

    SHA512

    fe9376772ea3290f0ce6f0512355e7ee8127b5a41e43b4673bff508218b0cfce30ea95f1b93193fe4a3e70e786da928e241643d1cd079f198f0ebd53b1e80912

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\82CB34DD3343FE727DF8890D352E0D8F
    Filesize

    232B

    MD5

    e44df53dd6913207eaed1fe1b6c4232d

    SHA1

    fd1c02b6f0b2205b8fd4e93eed2e71b871bea435

    SHA256

    689fc7c6fd7031309633bf2337547ec635c049740cf8f25d5b87c6757adea210

    SHA512

    d339be2b6952fa872fc743eafcd7835f1b928ff0ae603c75f991633209a29dea6da6c14124493e7d681912dee0f3f2e7a0d3f3174b8ae37eed78ba5674634afc

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    340B

    MD5

    ae4e8f57adad4bb11f5253477e6d4f7b

    SHA1

    e1da3e70a5b0376d3928a42aed5b77cbd109d21c

    SHA256

    10628fb5a68292ece9df6bdc2daec292a4028df4829ac62747936a6b2b52bbd4

    SHA512

    54f57e89b60d88bf88e4be39ae6456f794335f3bc7801a2a647e37e41c9756fda35e7a6b185074d8656fe5c4d5d5244451965d4ec13a757962fac1d5c045568b

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    06e97a69de08c33966640529c13bf03d

    SHA1

    37a65239172e4934dac1638a8eebe8acb7b71099

    SHA256

    b43f4b5e94bfc1e496fd0ed245daec309deaca0430fa67a91a08b4055c764666

    SHA512

    dcd91d425388f37f6e6129b8d77b76644f473e77130a18e3725d06a200970da7be7348704ca8c8d700d5492f1a2d1594b21f36113b46575c3463a6333f3e9bc2

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA
    Filesize

    392B

    MD5

    ee4a2b26bd1e9dd4943c2f076f9a3a2b

    SHA1

    a4b82d83affaa1a2db874ee54a777943cbbd5d15

    SHA256

    b9a0442b4b653248ebfeae14b269020be250feaa459fd0bd541319c62f0634a0

    SHA512

    bdd39a1fdeca5e0b1816587dd2a8c159836053b781bbedce50252d11e95f18700c68fb62129cd9b978864635260d74ff82ab3f4406c5a97952110a6b378081d4

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357
    Filesize

    242B

    MD5

    f98235270384edc9f664cb45ef8ea378

    SHA1

    38e433a40ba81bb97dc1efb19894dabd1d238b81

    SHA256

    b33a16305ef945c7593068ce82f98223e34b62df4e17f39913f7dd3dee4f012b

    SHA512

    585ba2d5f99159faee75c31958bfe3257e7a934c60556434d75b91b94adebaa24e887ff2765d953d52a0b01643e1cbdbebb153e84e5cf62ef3c0d9bc571d67c2

    Download Submit
  • C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{88B57FC1-6E29-11ED-A503-626C2AE6DC56}.dat
    Filesize

    5KB

    MD5

    ffb8353d31c2826e8fa3b2d7ab23a6ca

    SHA1

    ab09dcd7d9f66d1e46e5ab1938c9f240c2e5de2b

    SHA256

    9634310b0dc5df528285f28fae3a71605854e086b325bae19cb6beea37636c97

    SHA512

    5d78d74441b91c4e3619cb53a8567759856f0f31308cc2e39503ff998d470c7c00e8c29266a8c29c31b3d5a5243edc1ea4e80ffbfcbff999cef58de05723802d

    Download Submit
  • C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{88B5A6D1-6E29-11ED-A503-626C2AE6DC56}.dat
    Filesize

    3KB

    MD5

    6ad6c20cbc12b908b518038ef72f89ed

    SHA1

    dc176322c94751596ddb6c0299d085089da9a79d

    SHA256

    204c2e26cd97e4061835c8eaaa915f73559c3b4dd0f8a90b1e71499d25c645e6

    SHA512

    79f9f847e6c71018f64c1a1b555703c39cdf8d1f43d47dc0bd06b46da49e098cb6f0eb46e7d508f6aec128f4a7447c22102db84fd0446240009a82afa81a58bd

    Download Submit
  • C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\imagestore\1evexod\imagestore.dat
    Filesize

    9KB

    MD5

    7487b556f77bddfa7f53717406b6fd3c

    SHA1

    55b5151c4ed622d1750a3ef6ed77fa3cd087ff1c

    SHA256

    8471d1458416b93c73a2ce06078c58896f7317ec161fd8e2ecd0a86c5d3b89a0

    SHA512

    6251904706504d739bc44c6624e21cc9da8e906a4a444ff8b41ac9bd7a155d2b7b056f9d82e7f56adada04d5bbf8f66368274276fb43c2cf0d9ea29623a019d0

    Download Submit
  • C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\imagestore\1evexod\imagestore.dat
    Filesize

    43KB

    MD5

    68a172e76dc327d94d3aaf721ffabc7d

    SHA1

    c4722d6d5b07e5d09b4f90669bd087f4d233cbc6

    SHA256

    2f94545adc7fef60bb72fd14e15c40a292c63c369e7fe3fc20ebad1f32844134

    SHA512

    5ec42a2d6543ab27c73ddeb6d61f40241171917861be1b2f9ea7f31d84fabd5c8dfee6103dc588be2eac606aab76b7d44cfe5208260ec8c114c7ec255844635d

    Download Submit
  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\VKMNEOYV.txt
    Filesize

    606B

    MD5

    8548e29c7d88a0980ae2ded2e209950d

    SHA1

    68d84bd3874197f5def3d3f42123dd32b4b95d90

    SHA256

    cc7bbc5899f55755b35ed49204955ec190a9bb93c30d7a04a75c67cae8738947

    SHA512

    a8fb3d64d048d7cd52fee527d2cbfcc4de5fb4dee502b336ef0a5832d034ac2666c48a1235d4bd88d4d5f278c511cfa7312fb4dac6e9daaac97c0a3b71d738ac

    Download Submit
  • memory/1872-60-0x00000000068E0000-0x0000000006A8E000-memory.dmp
    Filesize

    1.7MB

    Download
  • memory/1872-57-0x0000000000400000-0x00000000006D2000-memory.dmp
    Filesize

    2.8MB

    Download
  • memory/1872-54-0x0000000000400000-0x00000000006D2000-memory.dmp
    Filesize

    2.8MB

    Download
  • memory/1872-56-0x0000000005E00000-0x0000000005FF8000-memory.dmp
    Filesize

    2.0MB

    Download
  • memory/1872-58-0x0000000005C00000-0x0000000005DF8000-memory.dmp
    Filesize

    2.0MB

    Download
  • memory/1872-55-0x0000000000400000-0x00000000006D2000-memory.dmp
    Filesize

    2.8MB

    Download
  • memory/1872-59-0x0000000075841000-0x0000000075843000-memory.dmp
    Filesize

    8KB

    Download
  • memory/1872-61-0x0000000005BCA000-0x0000000005BDB000-memory.dmp
    Filesize

    68KB

    Download