Overview

overview

8

Static

static

8

一键火�...��.exe

windows7-x64

8

一键火�...��.exe

windows10-2004-x64

8

一键火�...��.url

windows7-x64

1

一键火�...��.url

windows10-2004-x64

1

Analysis

  • max time kernel
    141s
  • max time network
    160s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20221111-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20221111-enlocale:en-usos:windows10-2004-x64system
  • submitted
    27-11-2022 05:33

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    一键火线/CF大米绿色方框透视12.30-10子弹穿墙完美版.exe

  • Size

    1.1MB

  • MD5

    119bbf453482a070cd9b01b7ffffe148

  • SHA1

    df9de659252fa5436acc27e0024dc9b067f47417

  • SHA256

    c131f9b0c5c85c454b4dc3ff0bb4ecf0bc99768086ae09cb74e403e599fd8f96

  • SHA512

    465e0fedd34e65854b9316aad2e0253d2ed4707989271ce0f6967c27260200bf97027108b5590bbd03f627a49082eb4b24e6d8601f0e91e33f459266f0247db6

  • SSDEEP

    24576:/AU+/xrn/+WzFPR02wW/atRJUEjmdCfXZHt6SD/1H7lcY6qpQ7W/m:/d+Zrn/dPoLmAXFt6SD/1H7lb6qp6Km

Score
8/10
vmprotect

Malware Config

Signatures

  • VMProtect packed file 5 IoCs

    Detects executables packed with VMProtect commercial packer.

    vmprotect
  • Checks computer location settings 2 TTPs 1 IoCs

    Looks up country code configured in the registry, likely geofence.

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

  • Modifies Internet Explorer settings 1 TTPs 57 IoCs
    adwarespyware
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 10 IoCs
  • Suspicious use of WriteProcessMemory 5 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\一键火线\CF大米绿色方框透视12.30-10子弹穿墙完美版.exe
    "C:\Users\Admin\AppData\Local\Temp\一键火线\CF大米绿色方框透视12.30-10子弹穿墙完美版.exe"
    1⤵
    • Checks computer location settings
    • Modifies Internet Explorer settings
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:3328
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" http://www.cfdami.com/
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious behavior: GetForegroundWindowSpam
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:3868
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:3868 CREDAT:17410 /prefetch:2
        3⤵
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:4588

Network

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

Query Registry

1
T1012

System Information Discovery

2
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\0766DB9AB186806BB9A6B6802D3BA734
    Filesize

    1KB

    MD5

    7658c2e2521adda5fc2e4a610b4d5994

    SHA1

    ea9e16813003ee1f8db8e9e0ede0e29cd036e091

    SHA256

    de2f1b5fa786d296fc8b75865db71f6ed1752540171a4e65444fbceec45ff68b

    SHA512

    722957ffceb6945d8b605dc08a99bac5b88ffe280455daa36737e62827a97a660b9219096431431315ff6b6e3cdf1378c24b2fd28983a785a65fb737aedf79f1

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\0DA515F703BB9B49479E8697ADB0B955_4136D3715888E22D65EBE484B233D81B
    Filesize

    1KB

    MD5

    b0f04c15215be06ce7ba7b52413491b7

    SHA1

    94346cfca652e29cd812b4af18666bb441e6bc52

    SHA256

    b54eeca77299309c5d92b32b665f83d70aafea170a8cdbcf4d3b248c104979bb

    SHA512

    3f171f98fba8586af666f1a8c081eca39a66c4e5e2f74da8d6f1e93ab6fc3a53e9be7be816ff391639fcdc68b9fbc51db2026f9805d60136f1d7e58dbd7fb532

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\0766DB9AB186806BB9A6B6802D3BA734
    Filesize

    192B

    MD5

    764b427ede880fbf57ef8d12301c93c3

    SHA1

    6f8eb5d33704a42a6d8a27293722f953dfed48d5

    SHA256

    4d1d861322d4f41f295db2bd245b8ddd35c420d056f1b5b6ba2ef748eeb927f7

    SHA512

    b619acb15ea39744769c26655be52e4808ea53483cc3ce54d11d08865dba1ae9de36c3910daee8db6c66ff0e9d2c9d923d99c89d57435d1b664bd3c5a150cf54

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\0DA515F703BB9B49479E8697ADB0B955_4136D3715888E22D65EBE484B233D81B
    Filesize

    508B

    MD5

    31d9fe71a7eb7d4638914ff8825a57e9

    SHA1

    6726bbd93c6716c3efcb755e8d683f07b94b23a1

    SHA256

    0230bcc4be9825d85f425d64e4d521aab5e8da0f6ddd2f0181037bdaabfbabbe

    SHA512

    c60d02e4cc3664fdd1d02098b185a00421a78459026a6c6ba77f5c02f151f8257965a3c45334539a1edb349175ed197982b445fdd9f8f67ac65618135054fe71

    Download Submit
  • C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\imagestore\zpu22o1\imagestore.dat
    Filesize

    4KB

    MD5

    9700dec76ab4b02b8c88f046d7851d7d

    SHA1

    f2b21b85f51235c8ac718701dcad73f57f9af5e7

    SHA256

    8dce78e6cebb8705db883bf8f6bf819b20dc444fc6887e5041baede6457521e3

    SHA512

    a70f1f4a306323a9414d810d2436caf3cd3051a1ea51b911b43024ad9dc271601d93050f84d299cc6540c17544bc492e01fddf98d58e447c045ab33a2d2b0ee6

    Download Submit
  • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\1TQVPNOO\dh[1].js
    Filesize

    4KB

    MD5

    e48713a5c084da6f3c1f6eb8f4122e1d

    SHA1

    fc82fcdd731d1e07998ce24e6362fdb161b3c762

    SHA256

    0b8362f27839b72b7500b897aaf71e281824cddb8ee1150c8fda2466d99b34c0

    SHA512

    752e9e5a72dda77301912b2f09b45af1b8373c02b7543cda37baa5a71ac048232bfadaabdfd02008684d3f4c79457fdf617edf5d20e1d0f30b5c2f3ab4d21444

    Download Submit
  • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\1TQVPNOO\plus[1].css
    Filesize

    557B

    MD5

    98969d45be2375d31e56549207f2dba7

    SHA1

    047b707c97319e4ae9889331fa610ca5ee182ab9

    SHA256

    4501a0dbfe5408c669c62796c5977ae80caa445993141d25d60df4105cfd6be0

    SHA512

    751432570a7594235bfb25f55acfca114942999cd6e4239a54bad33532aa9c3ed4d8dbbbcc255b9e163b02bdb0392955c191c5f3c9e04b0d5a0b53373dc70943

    Download Submit
  • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\54DSOF0M\white2[1].css
    Filesize

    1KB

    MD5

    20b0aa3ba2ba814c7e6d16cfa19f3d28

    SHA1

    66428ca19ddbcd34ddba1e22717ff26c8fc2098e

    SHA256

    9ba6eac6d8c0da502ad2ff2726acbebac161863c838f6e5eb85f155d8ce59c61

    SHA512

    25c5b27bd74b314c1b8aff6329bedc4554d49ac0bc384f5f2c0c5ca128df847f994c8dee8a7a7bc24fafea9185be4b8d22e452592161925a3289a4491a11fdf8

    Download Submit
  • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\54DSOF0M\wztg[1].js
    Filesize

    611B

    MD5

    63dfe7aafdbbea7509798a462fa93f6a

    SHA1

    03417fb2739bfdd84f98426e4972b8919033efa5

    SHA256

    3c09832c4ad7b72265fb4330b4158e28d2dbcb5b712bda8fec87e9a2a29acd76

    SHA512

    a2f001c1b9754f39cbd0084e84d97945feb5d6e0eade5738bd9fa6f873819d644aa6279a305d1bcda0a2e4164c187f40920b09c1708e3fcb164b97cd156e0f94

    Download Submit
  • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\90MK9CXD\5RM454RY.htm
    Filesize

    278KB

    MD5

    f2b97a8421e99c2b060bd0113cb79084

    SHA1

    01e193c6c8578080640b83458c3e26ac8a73f568

    SHA256

    44c664ac76cc2c5d6ba3d1dcaa78d288d43bc49989f67eb0f614b136112ae05b

    SHA512

    a70473fdfdf0fbb73f170a14cf54c1c48341e3a810a03a8c45478726cc478293332fcc7f0fd74572f1a34363089cae5d990afc254d40d2db9ba08662dec99ec9

    Download Submit
  • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\90MK9CXD\99rav[1].js
    Filesize

    33KB

    MD5

    4ed97bb2cdebfbbad82230e53a747bbe

    SHA1

    3538b963c9d180d62d177fa8d65300b59aa32521

    SHA256

    c37fde0df6ce8153228133f1014bf32896852887a970423a058a058b77620f8d

    SHA512

    bc889eef6958f3f1202423b665a34eb65161694d574e42cf1acc38f62d5a5e6fd26bdc7ed806a6a0bfdd8ac20e11715e03d970b07c3240928e4fde2a98af4329

    Download Submit
  • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\90MK9CXD\av[1].css
    Filesize

    36KB

    MD5

    8f93e03614406339f94a0ddd7eaebb71

    SHA1

    e3869dbb4eee4a24de5f809cdf5306c42489cdea

    SHA256

    c2558ba8391736bd7237bce938e11c60750ac34a61c19a68dcbb15ce3bf14dea

    SHA512

    ab14a7ab5aad319b1f90555f9240fabf39dc77e145b85b56ef2da38f81982fc129f287adb46d5ec86d86be804d0d45d14612781199f6443566cafc6bdf5e6352

    Download Submit
  • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\CYD2NY1G\bootstrap[1].css
    Filesize

    192KB

    MD5

    62c5cae7f6038a90bbe57e32aaae70a0

    SHA1

    3b19f0b7bd0f794165f66a848d372a04d3251f0b

    SHA256

    b603a4827ca9917237f14d021d0f1c374177e7dac008e932cd95a074ac7b2a8e

    SHA512

    8ccf6943a44e03b5abcb8cde4431e8af8a24d528f928fae72e81f9ea536490aef5ec4e829428138eef34cacafc17f767f2d5bbd2daca0e75b3a9e63301fb551d

    Download Submit
  • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\CYD2NY1G\shf[1].htm
    Filesize

    281KB

    MD5

    8a9f0f0fbb82f51ad18b602ed704d3bf

    SHA1

    117172bbd74403614cae364ee682b9df59a63b78

    SHA256

    72d0ada14c02ab8d9b238e25bef1579e38fe08fa11e40455dfe8f53a333e21aa

    SHA512

    7806b546dc4e81b599473c013666d2162d960746ab76241f2c5a869879e82460dc80a8c3b9832effd2a1bf3702252682b17688e9955646c96b5df7ef4590c154

    Download Submit
  • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\CYD2NY1G\tj[1].js
    Filesize

    1KB

    MD5

    c4bc4ba9d72827c9e3c08c79fa661e4a

    SHA1

    3a21bec730896cc731f7ca338f89bf0cad9e8db6

    SHA256

    7a42cbab3c8ad39d3b655f997e35e823dc7dd8c69f810aa6799028481af023c4

    SHA512

    19da7a0225c5e2e2280cc3ecda4d96763a31e4011d647f1f3c77bfb947de10319de07fc99af8bf7173f3a7779b27de96d3d10bf326d86f1e987fb2fac2e43688

    Download Submit
  • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\CYD2NY1G\white[1].css
    Filesize

    23KB

    MD5

    055b01513eb588878e38199f0dcbae23

    SHA1

    461dccc4dd29409f8d7cc84fb065d043b18d064f

    SHA256

    7b65663be6cfa0f90450fed32a1afa2f987cd8e0fa53759f42a15c9db538a76f

    SHA512

    0119a27877349e427d680e81fc230edc5e98b4d2e914f951932eaf0d3e5e6b4171247122341dd6a25490a14e67315d5caa1ed23332068dd7404b79a6f9cbe93c

    Download Submit
  • memory/3328-132-0x0000000000400000-0x00000000006D6000-memory.dmp
    Filesize

    2.8MB

    Download
  • memory/3328-138-0x0000000000400000-0x00000000006D6000-memory.dmp
    Filesize

    2.8MB

    Download
  • memory/3328-137-0x0000000000400000-0x00000000006D6000-memory.dmp
    Filesize

    2.8MB

    Download
  • memory/3328-136-0x0000000000400000-0x00000000006D6000-memory.dmp
    Filesize

    2.8MB

    Download
  • memory/3328-133-0x0000000000400000-0x00000000006D6000-memory.dmp
    Filesize

    2.8MB

    Download