Overview

overview

8

Static

static

8

9ef5d44522...65.exe

windows7-x64

8

9ef5d44522...65.exe

windows10-2004-x64

8

Analysis

  • max time kernel
    147s
  • max time network
    179s
  • platform
    windows7_x64
  • resource
    win7-20221111-en
  • resource tags

    arch:x64arch:x86image:win7-20221111-enlocale:en-usos:windows7-x64system
  • submitted
    27-11-2022 03:32

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    9ef5d445226e34dedc82b6b0d708bfd40d1c191072f4dc1840f537d56b962165.exe

  • Size

    1.3MB

  • MD5

    4d528c349a52e5e6c2895232b7aa6e2d

  • SHA1

    e948bb66219631d078d556c25442364129312044

  • SHA256

    9ef5d445226e34dedc82b6b0d708bfd40d1c191072f4dc1840f537d56b962165

  • SHA512

    e95f44f81701275b8c2a60b6980522c5ccd8d1c5f7724019f33780735cdaafae8dc6a87d5e8a03b2bbeab0b2ea7e0ba38271b07550d7162b2c0a9fe1b128e5c7

  • SSDEEP

    24576:YUU3jIP9B0ua2tdRUV5G0329TqgszJLZ5TGpszIokcF0K+QjX:cQ0x2tdmXgqgszJLbTMqhtF0PQ

Score
8/10
vmprotect

Malware Config

Signatures

  • VMProtect packed file 3 IoCs

    Detects executables packed with VMProtect commercial packer.

    vmprotect
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

  • Modifies Internet Explorer settings 1 TTPs 49 IoCs
    adwarespyware
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of FindShellTrayWindow 2 IoCs
  • Suspicious use of SetWindowsHookEx 18 IoCs
  • Suspicious use of WriteProcessMemory 24 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\9ef5d445226e34dedc82b6b0d708bfd40d1c191072f4dc1840f537d56b962165.exe
    "C:\Users\Admin\AppData\Local\Temp\9ef5d445226e34dedc82b6b0d708bfd40d1c191072f4dc1840f537d56b962165.exe"
    1⤵
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:1552
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" http://зябука.рф/
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:316
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:316 CREDAT:275457 /prefetch:2
        3⤵
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:1724
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:316 CREDAT:209939 /prefetch:2
        3⤵
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:684
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:316 CREDAT:472080 /prefetch:2
        3⤵
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:1068
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:316 CREDAT:406543 /prefetch:2
        3⤵
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:1824
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" http://зябука.рф/chity/klient-games/chity-na-warface/42-chit-na-warface.html
      2⤵
        PID:812

    Network

    MITRE ATT&CK Enterprise v6

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      fa60995ceb0673562c5774b2021f63e9

      SHA1

      4baca5003b98c7fe2d9206f1ad49a1fcab8661c7

      SHA256

      e0cf4d30a2ef5fd10342a816685ef1c85ed9535049a8731a6b8113f1242e8386

      SHA512

      ab07ced6b763069c830ec3693092a5f94b77e676450b6888c71ca360fbab372342ecc830bbd58c82317650512b53a7d7b60026b4c9c0003994409aeba301fc79

      Download Submit
    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      44528f7ee21b50cbaf854461eaaa1dbd

      SHA1

      3e99a79feccedf935be82820bba0e32e00b7a1b1

      SHA256

      3d19dda02b25c9ba073f4e844484d792c9a6de70ec3e894a63d6193e3e54ae60

      SHA512

      9f6ab98e4a8b162c9277fa3b85bc5facba0c554c0e98b7823ec271cc47f6deccc0d5be280ae24da80fb7c4e220d4648da6338b46b127d1376d7c2100aaab672e

      Download Submit
    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      44528f7ee21b50cbaf854461eaaa1dbd

      SHA1

      3e99a79feccedf935be82820bba0e32e00b7a1b1

      SHA256

      3d19dda02b25c9ba073f4e844484d792c9a6de70ec3e894a63d6193e3e54ae60

      SHA512

      9f6ab98e4a8b162c9277fa3b85bc5facba0c554c0e98b7823ec271cc47f6deccc0d5be280ae24da80fb7c4e220d4648da6338b46b127d1376d7c2100aaab672e

      Download Submit
    • C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\imagestore\try74lz\imagestore.dat
      Filesize

      10KB

      MD5

      f54f9454ce7d4c8257fd65bc0ce766f9

      SHA1

      f8a6ec34f843e97965ee765263dae5414215c040

      SHA256

      1b6f9c9e6ee8e4914a8e0d61f95a2db7f9d37157433131b66f00bb4c0aed84ed

      SHA512

      b4a9ae4660c46fe7be334b31f965f0cf85464d764aa746947fd6ed3598b2f93780c90c3c033dadb1abef21106a751ed7ff99285e097c410e6cf1b65547873a88

      Download Submit
    • C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\imagestore\try74lz\imagestore.dat
      Filesize

      10KB

      MD5

      f54f9454ce7d4c8257fd65bc0ce766f9

      SHA1

      f8a6ec34f843e97965ee765263dae5414215c040

      SHA256

      1b6f9c9e6ee8e4914a8e0d61f95a2db7f9d37157433131b66f00bb4c0aed84ed

      SHA512

      b4a9ae4660c46fe7be334b31f965f0cf85464d764aa746947fd6ed3598b2f93780c90c3c033dadb1abef21106a751ed7ff99285e097c410e6cf1b65547873a88

      Download Submit
    • C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\PULJ7CSW\favicon[1].png
      Filesize

      4KB

      MD5

      d41fa4f682279a0c77159080255b3b9e

      SHA1

      7cdf65f129f33ddf76146c9fc0bb30bb80d25065

      SHA256

      25dfe61842345c39cb13beeee5b921cfe1c16b5f774067416728f8046c56f925

      SHA512

      39539b6378a59af4bef107fdab92ab7ebbcc9c480a104c3b6389f10d427244be1d818bf4b2a06012c3d68082a91d33351ad81a4a3217423f7d142eecf44cf929

      Download Submit
    • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\J6J9XGC5.txt
      Filesize

      266B

      MD5

      0b1a687d0456d88a2d5cd7b0f69b1d40

      SHA1

      820b25dae5a33ae8cde2e5dfb60aec4114d16673

      SHA256

      bab616dda25e09999e0cf223bb7303ac7e359b75590ebf2c77d02d9aac4641eb

      SHA512

      1dada3e4a8603c6c0221e769e7d8f2cc4986d4dcaa11830adb7be67cab83ee3dec97350d6b39576cef0300dfbea3272dd150f87e4e8d8ab401dc0b13e7dfee05

      Download Submit
    • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\V2FT7MJ7.txt
      Filesize

      601B

      MD5

      63ae81e6da85ffed6e5a5c1a83dff368

      SHA1

      9bc6f1b1ee0a1d67bcf0b1ddac63470396a0e33b

      SHA256

      11136148cdc0ca63cb7816d6e0943e6ed7231a572a22d11346c81f50ce47b1a0

      SHA512

      3ea6d54b02311bfc36d9016cca1cd588215cb167c49aba5c262d3caab59aad01184b322949dfcc6df3817a0fdf45dcbbf8aed53009ea72c483054b40969a205e

      Download Submit
    • memory/1552-59-0x0000000074DA1000-0x0000000074DA3000-memory.dmp
      Filesize

      8KB

      Download
    • memory/1552-62-0x0000000000400000-0x0000000000671000-memory.dmp
      Filesize

      2.4MB

      Download
    • memory/1552-63-0x0000000004DBA000-0x0000000004DCB000-memory.dmp
      Filesize

      68KB

      Download
    • memory/1552-61-0x0000000004DBA000-0x0000000004DCB000-memory.dmp
      Filesize

      68KB

      Download
    • memory/1552-60-0x00000000026F0000-0x0000000002728000-memory.dmp
      Filesize

      224KB

      Download
    • memory/1552-54-0x0000000000400000-0x0000000000671000-memory.dmp
      Filesize

      2.4MB

      Download
    • memory/1552-58-0x0000000000400000-0x0000000000671000-memory.dmp
      Filesize

      2.4MB

      Download
    • memory/1552-57-0x0000000002380000-0x000000000241A000-memory.dmp
      Filesize

      616KB

      Download
    • memory/1552-56-0x0000000002490000-0x000000000252A000-memory.dmp
      Filesize

      616KB

      Download