Overview

overview

7

Static

static

47742952d2...98.exe

windows7-x64

3

47742952d2...98.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    116s
  • max time network
    145s
  • platform
    windows7_x64
  • resource
    win7-20221111-en
  • resource tags

    arch:x64arch:x86image:win7-20221111-enlocale:en-usos:windows7-x64system
  • submitted
    27-11-2022 08:27

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    47742952d2bfc13628e7931f1c48ff76600ac7fe8b057cdfc1b16621bc80a198.exe

  • Size

    143KB

  • MD5

    937732efe13cdf1ad87cc2937934dda2

  • SHA1

    09a95b960204186704edac294e18e30d6745bb7e

  • SHA256

    47742952d2bfc13628e7931f1c48ff76600ac7fe8b057cdfc1b16621bc80a198

  • SHA512

    5ed7ecdd640e7298986387f9832fbe7fd1d28500f19236973edb21e7227bec67896bfa7406bfeaef1cfe8c551f2dbc9f3d7f4110320ca3b30f259129099985ba

  • SSDEEP

    3072:iN6ZekwVJIlgps5q9Eb648qwlS/+TfQO45Df7:pe9IB83ID5n

Score
3/10

Malware Config

Signatures

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

  • Modifies Internet Explorer settings 1 TTPs 38 IoCs
    adwarespyware
  • Suspicious use of FindShellTrayWindow 2 IoCs
  • Suspicious use of SendNotifyMessage 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 12 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\47742952d2bfc13628e7931f1c48ff76600ac7fe8b057cdfc1b16621bc80a198.exe
    "C:\Users\Admin\AppData\Local\Temp\47742952d2bfc13628e7931f1c48ff76600ac7fe8b057cdfc1b16621bc80a198.exe"
    1⤵
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    • Suspicious use of WriteProcessMemory
    PID:1564
    • C:\Windows\SysWOW64\cmd.exe
      "C:\Windows\System32\cmd.exe" /c "start http://securedfileinfo.com/404.jsp?chid=5300108^&rsn=plde^&details=^|v6.1.7601x64sp1.0ws^|tt35^|dt0^|dc100^|fs-2^|dh0^|ec13^|se12007^|dr4^|ds0^|rs0^|p1"
      2⤵
      • Suspicious use of WriteProcessMemory
      PID:756
      • C:\Program Files\Internet Explorer\iexplore.exe
        "C:\Program Files\Internet Explorer\iexplore.exe" http://securedfileinfo.com/404.jsp?chid=5300108&rsn=plde&details=|v6.1.7601x64sp1.0ws|tt35|dt0|dc100|fs-2|dh0|ec13|se12007|dr4|ds0|rs0|p1
        3⤵
        • Modifies Internet Explorer settings
        • Suspicious use of FindShellTrayWindow
        • Suspicious use of SetWindowsHookEx
        • Suspicious use of WriteProcessMemory
        PID:288
        • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
          "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:288 CREDAT:275457 /prefetch:2
          4⤵
          • Modifies Internet Explorer settings
          • Suspicious use of SetWindowsHookEx
          PID:432

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA
    Filesize

    1KB

    MD5

    f2080851a6780703a0f3764645202ce1

    SHA1

    6e16ec7fe0404b0fe43ebd271ca47ffba9fc9588

    SHA256

    d3969401d4fc819669b9ce997251cc41d4883a31c4f43271b088944fadce3a83

    SHA512

    50e5661d1b5c66073c34d164b49733d7c1c1d7b2782611596646b60dae81321c5c92f9e64dce980cea8306b29db6136e582dcc07f1a951580c1f9f4d69643121

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\265C0DEB29181DD1891051371C5F863A_46F574BDF8F8E3AC29733131E4667BA4
    Filesize

    472B

    MD5

    9f6cc8d3fe9092a6d3901e873a87fd87

    SHA1

    2e0aac117a4cc57596efb3d6f6624c269f94b031

    SHA256

    e73982e62b92abac3d15b161f4525448cc2bc8b9bacefdcbfc6f87b74ec372e4

    SHA512

    9736a099967d7ad595439768e45c633ff7d34de92f7cb0c19cd3d4590c4a6dd4fedfcd1b5617c81652e61f4ffe919057507f622f4c6d8d626cfc40234ad2c757

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA
    Filesize

    724B

    MD5

    f569e1d183b84e8078dc456192127536

    SHA1

    30c537463eed902925300dd07a87d820a713753f

    SHA256

    287bc80237497eb8681dbf136a56cc3870dd5bd12d48051525a280ae62aab413

    SHA512

    49553b65a8e3fc0bf98c1bc02bae5b22188618d8edf8e88e4e25932105796956ae8301c63c487e0afe368ea39a4a2af07935a808f5fb53287ef9287bc73e1012

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA
    Filesize

    410B

    MD5

    cc58fa8ab7d652496e81ad583d2d3fb9

    SHA1

    23c9bf1c677a2f7b4e187921475410d42a135ca6

    SHA256

    0b4e87d36f30bb8bae7761353dd8a3ebd49c8296d099462b672a3fd7015e8854

    SHA512

    08c9ff8e9f78cc69d6c8279bff85c9b5ff86064047ab7e56ea02a9f954ca954de72f29a1f18514ce98c89cd07567a65f7b4a60d37286e77f351b28a8def0d5c8

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\265C0DEB29181DD1891051371C5F863A_46F574BDF8F8E3AC29733131E4667BA4
    Filesize

    402B

    MD5

    42470210b756dd15e860382d3d24dc6b

    SHA1

    e1f6d6779633f0c696900b8bc8f7913d7424ac94

    SHA256

    2c4b4a871b35fa932f314028dca353c93baba1ef78b603b3635582ece7cad830

    SHA512

    e27aa1eab8f1087363ea179187cadf09c6b284653f065b1c5b22b5f2faf14723192133a569e7f269c2fe8ae7edf39a25e7b58651c764d0ecde1a98e34defd05e

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    41e6e8eb6adb422f483e6bc79d765684

    SHA1

    05a61bd8f89d22b2e18c76fe72da21b03e41c2e2

    SHA256

    c509adce8a27c91723b2dc22f91ef7abd77482394ec4c014b942283eb6493417

    SHA512

    98a8047f6f48f28b6b2049fc8a385c1f612b8ca63d30ee9d35fe72d55496e04799410af49a1490e1e4eaa57a419b2c762e92461658be0297e83bd739f1b03375

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA
    Filesize

    392B

    MD5

    3913e19c403398a9444eedb57ac078c4

    SHA1

    2eca27220b613a504661df9329850eabc18dce6e

    SHA256

    9bfd378dc3950dd20289939a0f88a06280de7b38740e1ddc159328f44e4c1098

    SHA512

    f9e0783a2b22daf0fb169230e2d3e298e33f16d068e8398ccc0b4389a5496482622d4a1578f2b9d1f9591f71c8227eb47ffeaf175111732e87cb04170058d4ee

    Download Submit

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\SS54QBE9.txt
    Filesize

    601B

    MD5

    f8b250b466aa4ac8f78b10e885212407

    SHA1

    2681d8aab68cf9a239a82cf62db3d5ae850b64bd

    SHA256

    e7ea5d9de0578cce1626e5a8437e397a3c646ad1770ee680312875b0657e93fe

    SHA512

    61e7a66dbe5c1445fa8e9ab6d7d7163ec1ab3b4a472d2d1c630fba5ddcd5dba86c4c8f3eaf8d088be8d80665a477bdf4edeb81d6cb95baf81891d269551c69ca

    Download Submit

  • memory/756-55-0x0000000000000000-mapping.dmp

    Download

  • memory/1564-54-0x00000000766F1000-0x00000000766F3000-memory.dmp

    Filesize

    8KB

    Download