a7ae75846588a2b332721dccc30183878c3270cad06e972ad9ce591167afbed8

Analysis

max time kernel
110s
max time network
229s
platform
windows7_x64
resource
win7-20221111-en
resource tags

arch:x64arch:x86image:win7-20221111-enlocale:en-usos:windows7-x64system
submitted
26-11-2022 16:56

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

a7ae75846588a2b332721dccc30183878c3270cad06e972ad9ce591167afbed8.exe
Size

4.9MB
MD5

b7bb507f32fbfb5ca183e3560d22b312
SHA1

5e8a3f6de12c572343819aa5f39a0c739c446e43
SHA256

a7ae75846588a2b332721dccc30183878c3270cad06e972ad9ce591167afbed8
SHA512

199c8f594ec5c413c9fd60508691229d413ba0fd6ba5a0bac8f7b5faf390f4afd6ea07daa9785bf5ab9aa38feb43a0bfc44e667b05583a3955c54c037e7b63df
SSDEEP

98304:SdrEJwslQol/v4WrJrHkckyplq3pdYH+MsGQwY0Vmj/:OGQol/Br5pkyplgMH+M//Y0U/

Score

7^/10

Malware Config

Signatures

Loads dropped DLL 16 IoCs

Processes:

a7ae75846588a2b332721dccc30183878c3270cad06e972ad9ce591167afbed8.exe

pid	process
868	a7ae75846588a2b332721dccc30183878c3270cad06e972ad9ce591167afbed8.exe
868	a7ae75846588a2b332721dccc30183878c3270cad06e972ad9ce591167afbed8.exe
868	a7ae75846588a2b332721dccc30183878c3270cad06e972ad9ce591167afbed8.exe
868	a7ae75846588a2b332721dccc30183878c3270cad06e972ad9ce591167afbed8.exe
868	a7ae75846588a2b332721dccc30183878c3270cad06e972ad9ce591167afbed8.exe
868	a7ae75846588a2b332721dccc30183878c3270cad06e972ad9ce591167afbed8.exe
868	a7ae75846588a2b332721dccc30183878c3270cad06e972ad9ce591167afbed8.exe
868	a7ae75846588a2b332721dccc30183878c3270cad06e972ad9ce591167afbed8.exe
868	a7ae75846588a2b332721dccc30183878c3270cad06e972ad9ce591167afbed8.exe
868	a7ae75846588a2b332721dccc30183878c3270cad06e972ad9ce591167afbed8.exe
868	a7ae75846588a2b332721dccc30183878c3270cad06e972ad9ce591167afbed8.exe
868	a7ae75846588a2b332721dccc30183878c3270cad06e972ad9ce591167afbed8.exe
868	a7ae75846588a2b332721dccc30183878c3270cad06e972ad9ce591167afbed8.exe
868	a7ae75846588a2b332721dccc30183878c3270cad06e972ad9ce591167afbed8.exe
868	a7ae75846588a2b332721dccc30183878c3270cad06e972ad9ce591167afbed8.exe
868	a7ae75846588a2b332721dccc30183878c3270cad06e972ad9ce591167afbed8.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

System Information Discovery
T1082

Modifies Internet Explorer settings 1 TTPs 1 IoCs

adware spyware

Modify Registry

T1112

Processes:

a7ae75846588a2b332721dccc30183878c3270cad06e972ad9ce591167afbed8.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-21-3385717845-2518323428-350143044-1000\Software\Microsoft\Internet Explorer\Main	a7ae75846588a2b332721dccc30183878c3270cad06e972ad9ce591167afbed8.exe

Suspicious use of SetWindowsHookEx 2 IoCs

Processes:

a7ae75846588a2b332721dccc30183878c3270cad06e972ad9ce591167afbed8.exe

pid	process
868	a7ae75846588a2b332721dccc30183878c3270cad06e972ad9ce591167afbed8.exe
868	a7ae75846588a2b332721dccc30183878c3270cad06e972ad9ce591167afbed8.exe

C:\Users\Admin\AppData\Local\Temp\a7ae75846588a2b332721dccc30183878c3270cad06e972ad9ce591167afbed8.exe
"C:\Users\Admin\AppData\Local\Temp\a7ae75846588a2b332721dccc30183878c3270cad06e972ad9ce591167afbed8.exe"
1⤵
- Loads dropped DLL
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:868

Network

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

\Users\Admin\AppData\Local\Temp\nsj56F9.tmp\Banner.dll
Filesize
4KB

MD5
aea3ac67fa68fd3f00edfbf9b43a2770

SHA1
aa59d1a4311c42b612ee66a027f224261beebbc3

SHA256
f4530c734e3ce6253ffa6e5d755d61e4709ab9fc3b0eee3d4cdb89ec89c48bd2

SHA512
ffb6abc624d50ae8bc9c83ff518cb532dfd076f107077dceaf0e23d11c186a18671a5f538270be8b0b986e41ad1981a3606995046a6ee7b6b64a33c83ed72df9

Download Submit
\Users\Admin\AppData\Local\Temp\nsj56F9.tmp\Button.dll
Filesize
7KB

MD5
92debab0caea94c3e571e892fdde60dd

SHA1
fcd1f711b3c649b5cf5cc134e19524489084e456

SHA256
508b06710e1c3d4456d14a28ffa89c42097a9388ce44a6148ee1a3a3d5a26bcd

SHA512
2169d071c0c570b236c7224141dfb460a4cd6eb6e2e7fdf081c8d88d9173f639881d0dc2e33bc4881432637fb1a7336b7815236a70cf5ee638f8142d787a94fc

Download Submit
\Users\Admin\AppData\Local\Temp\nsj56F9.tmp\EmbedWeb.dll
Filesize
22KB

MD5
2312a7ac514325c2f1efc6f4cfdecd61

SHA1
7d12b05a867ec6d40f174c797dc3b691e6fa2408

SHA256
fb9cc3565cf89cf862665003b329be514e1fbcdef83a9ed994238800156de983

SHA512
187ef38f755f1e30524e3d60d1d4188160b654f2430c0246e160d9e8971d565986010a47a9ef3c8ca99eae7e0993c8be0b2cb93345cc6f30b179206f57e54b9c

Download Submit
\Users\Admin\AppData\Local\Temp\nsj56F9.tmp\KPTool.dll
Filesize
18KB

MD5
ae60f7858d2318f81514e01b925f74ca

SHA1
292fe609aebc4f213c44d94a6c68dfb5a499f2ef

SHA256
9d7ffe7082c92d85522d82faa8767bc3ef744a85455c336f99b5e8e288a6cead

SHA512
9fb698c8f8154779e5957336eb57fb97c9bdf50f53245b353c21ae4a52b25b86f910fa6095e6ed74bf0812a4935df62903efe2079713e15c2168cdca6f0048be

Download Submit
\Users\Admin\AppData\Local\Temp\nsj56F9.tmp\NSISdl.dll
Filesize
14KB

MD5
a5a4cee2eb89d2687c05ef74299f0dba

SHA1
b9bff5987be422887f2f402357b47db2288a1a42

SHA256
cb82268b778703db75961cddef33a695a674f0dfd28b7e710b198ef2d26d3963

SHA512
f485267c6239f84d294ed4b0a82f317081e6e2e0c5613bd012bbd496b9ebccb8aca6944e80f84af51d17ac13f4d83480c34edfe37a3a9508ce0e67fc9f0b96f0

Download Submit
\Users\Admin\AppData\Local\Temp\nsj56F9.tmp\NSISdl.dll
Filesize
14KB

MD5
a5a4cee2eb89d2687c05ef74299f0dba

SHA1
b9bff5987be422887f2f402357b47db2288a1a42

SHA256
cb82268b778703db75961cddef33a695a674f0dfd28b7e710b198ef2d26d3963

SHA512
f485267c6239f84d294ed4b0a82f317081e6e2e0c5613bd012bbd496b9ebccb8aca6944e80f84af51d17ac13f4d83480c34edfe37a3a9508ce0e67fc9f0b96f0

Download Submit
\Users\Admin\AppData\Local\Temp\nsj56F9.tmp\ShellLink.dll
Filesize
4KB

MD5
aad75be0bdd1f1bac758b521c9f1d022

SHA1
5d444b8432c8834f5b5cd29225101856cebb8ecf

SHA256
d1d1642f3e70386af125ec32f41734896427811770d617729d8d5ebdf18f8aa7

SHA512
4c6e155cdf62cc8b65f3d0699c73c9032accefaa0f51e8b9a5c2f340ec8c6f5fab0ea02aad0abed476b3537292ba22d898589812850968e105ac83680d2f87d0

Download Submit
\Users\Admin\AppData\Local\Temp\nsj56F9.tmp\ShellLink.dll
Filesize
4KB

MD5
aad75be0bdd1f1bac758b521c9f1d022

SHA1
5d444b8432c8834f5b5cd29225101856cebb8ecf

SHA256
d1d1642f3e70386af125ec32f41734896427811770d617729d8d5ebdf18f8aa7

SHA512
4c6e155cdf62cc8b65f3d0699c73c9032accefaa0f51e8b9a5c2f340ec8c6f5fab0ea02aad0abed476b3537292ba22d898589812850968e105ac83680d2f87d0

Download Submit
\Users\Admin\AppData\Local\Temp\nsj56F9.tmp\ShellLink.dll
Filesize
4KB

MD5
aad75be0bdd1f1bac758b521c9f1d022

SHA1
5d444b8432c8834f5b5cd29225101856cebb8ecf

SHA256
d1d1642f3e70386af125ec32f41734896427811770d617729d8d5ebdf18f8aa7

SHA512
4c6e155cdf62cc8b65f3d0699c73c9032accefaa0f51e8b9a5c2f340ec8c6f5fab0ea02aad0abed476b3537292ba22d898589812850968e105ac83680d2f87d0

Download Submit
\Users\Admin\AppData\Local\Temp\nsj56F9.tmp\ShellLink.dll
Filesize
4KB

MD5
aad75be0bdd1f1bac758b521c9f1d022

SHA1
5d444b8432c8834f5b5cd29225101856cebb8ecf

SHA256
d1d1642f3e70386af125ec32f41734896427811770d617729d8d5ebdf18f8aa7

SHA512
4c6e155cdf62cc8b65f3d0699c73c9032accefaa0f51e8b9a5c2f340ec8c6f5fab0ea02aad0abed476b3537292ba22d898589812850968e105ac83680d2f87d0

Download Submit
\Users\Admin\AppData\Local\Temp\nsj56F9.tmp\ShellLink.dll
Filesize
4KB

MD5
aad75be0bdd1f1bac758b521c9f1d022

SHA1
5d444b8432c8834f5b5cd29225101856cebb8ecf

SHA256
d1d1642f3e70386af125ec32f41734896427811770d617729d8d5ebdf18f8aa7

SHA512
4c6e155cdf62cc8b65f3d0699c73c9032accefaa0f51e8b9a5c2f340ec8c6f5fab0ea02aad0abed476b3537292ba22d898589812850968e105ac83680d2f87d0

Download Submit
\Users\Admin\AppData\Local\Temp\nsj56F9.tmp\ShellLink.dll
Filesize
4KB

MD5
aad75be0bdd1f1bac758b521c9f1d022

SHA1
5d444b8432c8834f5b5cd29225101856cebb8ecf

SHA256
d1d1642f3e70386af125ec32f41734896427811770d617729d8d5ebdf18f8aa7

SHA512
4c6e155cdf62cc8b65f3d0699c73c9032accefaa0f51e8b9a5c2f340ec8c6f5fab0ea02aad0abed476b3537292ba22d898589812850968e105ac83680d2f87d0

Download Submit
\Users\Admin\AppData\Local\Temp\nsj56F9.tmp\System.dll
Filesize
11KB

MD5
960a5c48e25cf2bca332e74e11d825c9

SHA1
da35c6816ace5daf4c6c1d57b93b09a82ecdc876

SHA256
484f8e9f194ed9016274ef3672b2c52ed5f574fb71d3884edf3c222b758a75a2

SHA512
cc450179e2d0d56aee2ccf8163d3882978c4e9c1aa3d3a95875fe9ba9831e07ddfd377111dc67f801fa53b6f468a418f086f1de7c71e0a5b634e1ae2a67cd3da

Download Submit
\Users\Admin\AppData\Local\Temp\nsj56F9.tmp\System.dll
Filesize
11KB

MD5
960a5c48e25cf2bca332e74e11d825c9

SHA1
da35c6816ace5daf4c6c1d57b93b09a82ecdc876

SHA256
484f8e9f194ed9016274ef3672b2c52ed5f574fb71d3884edf3c222b758a75a2

SHA512
cc450179e2d0d56aee2ccf8163d3882978c4e9c1aa3d3a95875fe9ba9831e07ddfd377111dc67f801fa53b6f468a418f086f1de7c71e0a5b634e1ae2a67cd3da

Download Submit
\Users\Admin\AppData\Local\Temp\nsj56F9.tmp\nsDialogs.dll
Filesize
9KB

MD5
8ced0b79f7b9033d0795aab3be6d627c

SHA1
90c2043ffccd068f407c624c50ac7b795db1e132

SHA256
495bddc0be6e18e981db82fab9d1de55c7e269ab4ec3ff43035193bc017a307b

SHA512
e38f63a342729f5ff6d0db607d7877b65c33ed19e2b5a97dd868ece8c2a3e829d4153624943444be2f0de885496161d54c1da9594bdc0a5a0bcc8b727e2facb0

Download Submit
\Users\Admin\AppData\Local\Temp\nsj56F9.tmp\sndsock.dll
Filesize
10KB

MD5
e9a68378671dfc74e7715b47291e141a

SHA1
3178de37b31120525bff70ab620aa3473a01edf1

SHA256
630fce9497fb76e4f72e20741593fba7c30d72e8abdc085f3848d8c3ff31603e

SHA512
c17ed60f4983d853182f8be991c0f72fae03e208640442ccea0b935cd27d860a263eb962c08d05089d0c79c0556d9d266da548bf7df981483a989acc1412b24f

Download Submit
memory/868-54-0x0000000075351000-0x0000000075353000-memory.dmp

Filesize
8KB

Download