Overview

overview

7

Static

static

0355dd0f6c...1c.exe

windows7-x64

3

0355dd0f6c...1c.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    147s
  • max time network
    165s
  • platform
    windows7_x64
  • resource
    win7-20221111-en
  • resource tags

    arch:x64arch:x86image:win7-20221111-enlocale:en-usos:windows7-x64system
  • submitted
    27-11-2022 10:10

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    0355dd0f6c0b02bbc6ac77764296352899c348d46b132f18ab198c6425fead1c.exe

  • Size

    143KB

  • MD5

    102d69aeb2780bd233cb0854ca9f60c4

  • SHA1

    8d9ec5eeb5bc2ce8e3614dddcdfdc19fa5c08c90

  • SHA256

    0355dd0f6c0b02bbc6ac77764296352899c348d46b132f18ab198c6425fead1c

  • SHA512

    6b46bcce6e05b76fa342d5ab8f919a15cd3319b5437cecb55705f413e675d8637607f3b52b31f4be7b725f84f324dc448f24cfea0335877234afacf8ce7d553c

  • SSDEEP

    3072:iN6ZekwVJIlgps5q9Eb648qwlS/+TfQO45DQ:pe9IB83ID5M

Score
3/10

Malware Config

Signatures

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

  • Modifies Internet Explorer settings 1 TTPs 38 IoCs
    adwarespyware
  • Suspicious use of FindShellTrayWindow 2 IoCs
  • Suspicious use of SendNotifyMessage 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 12 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\0355dd0f6c0b02bbc6ac77764296352899c348d46b132f18ab198c6425fead1c.exe
    "C:\Users\Admin\AppData\Local\Temp\0355dd0f6c0b02bbc6ac77764296352899c348d46b132f18ab198c6425fead1c.exe"
    1⤵
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    • Suspicious use of WriteProcessMemory
    PID:1356
    • C:\Windows\SysWOW64\cmd.exe
      "C:\Windows\System32\cmd.exe" /c "start http://securedfileinfo.com/404.jsp?chid=5301121^&rsn=plde^&details=^|v6.1.7601x64sp1.0ws^|tt35^|dt0^|dc100^|fs-2^|dh0^|ec13^|se12007^|dr4^|ds0^|rs0^|p1"
      2⤵
      • Suspicious use of WriteProcessMemory
      PID:1448
      • C:\Program Files\Internet Explorer\iexplore.exe
        "C:\Program Files\Internet Explorer\iexplore.exe" http://securedfileinfo.com/404.jsp?chid=5301121&rsn=plde&details=|v6.1.7601x64sp1.0ws|tt35|dt0|dc100|fs-2|dh0|ec13|se12007|dr4|ds0|rs0|p1
        3⤵
        • Modifies Internet Explorer settings
        • Suspicious use of FindShellTrayWindow
        • Suspicious use of SetWindowsHookEx
        • Suspicious use of WriteProcessMemory
        PID:2012
        • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
          "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2012 CREDAT:275457 /prefetch:2
          4⤵
          • Modifies Internet Explorer settings
          • Suspicious use of SetWindowsHookEx
          PID:540

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA
    Filesize

    1KB

    MD5

    167cfd90cb81d3dddd63f107249a0f2e

    SHA1

    39a78631cc336bb71fe7a02eeb91474bbc335eea

    SHA256

    4c527164ea0096494cfd68b9e9167c0587c162106e8ec71edc705963c9fc543b

    SHA512

    013a16d1dc963bf536a156ccb6ea94596887e1d774d6b18636000bbda06b57c135bac00ef046d18022b8512d6abb9bffd3c26b6d10998b4f0e86b46c319b7911

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\265C0DEB29181DD1891051371C5F863A_46F574BDF8F8E3AC29733131E4667BA4
    Filesize

    472B

    MD5

    03ad9fc0b00b5df3165dc2fb1e3b0a3e

    SHA1

    f8243335a8bc24d989bddd346048a055e1d0bdeb

    SHA256

    366b28d491f7fd632e31c1ce97f939555f7dcee14bb6875737ed2d3e96fa32ec

    SHA512

    a3cd8a001366e6c1b96d2b920d56e6efd34e9b69b9805e1a2b0c270346712e22420366f8bd18bbb1dd16fa60d481ad65b13385a66a3f1fa0d7aadaaa27b99796

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA
    Filesize

    724B

    MD5

    f569e1d183b84e8078dc456192127536

    SHA1

    30c537463eed902925300dd07a87d820a713753f

    SHA256

    287bc80237497eb8681dbf136a56cc3870dd5bd12d48051525a280ae62aab413

    SHA512

    49553b65a8e3fc0bf98c1bc02bae5b22188618d8edf8e88e4e25932105796956ae8301c63c487e0afe368ea39a4a2af07935a808f5fb53287ef9287bc73e1012

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA
    Filesize

    410B

    MD5

    6ac80c56fb60b3a06ed1215291b959be

    SHA1

    0766a5aeb49d24ac4f04af65a48653c61aefbb83

    SHA256

    5eda4573d8fb2fb4f58a4f78a1807475e7b96e1ad656f569cc92734a99ef3732

    SHA512

    1d5063268d57e3bca5023b21cf6d2e789ca6164b5a5d02e98c89d3f56955cf737b00e1bf3942593cc0659873aa0c7438d1293314bd2b573008ccc0028cff9a4a

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\265C0DEB29181DD1891051371C5F863A_46F574BDF8F8E3AC29733131E4667BA4
    Filesize

    402B

    MD5

    a187f221a73e6efa710ea472e25f2adb

    SHA1

    e2f0557432a89b8c9cb3672947f2630b2d97578c

    SHA256

    280b2bd42ff782509c21449df993c92c79fcd627a858ea5391d38fe13d46a05e

    SHA512

    3a5ed4276ec2e6167368bd26e31b2fddeafc306f0954e9a3ca394e05379cc7c25f679bb7a4ae8c884e269400fdc23210f86910ab2ab2d8634b269dddffcba92a

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    a8e58bc5059af9dc9e11a158e53afea6

    SHA1

    72dc420ee9357291d451dd1a27c52a14e1f355b5

    SHA256

    4e018623a238954e23f227047bf02feb9e7b7cc90a3cb84f1b41db2545568bcb

    SHA512

    7e038b8956783892b36c6e9bade7dea86ea60de0655cf24a50bab3456257be9cf4363e9d57e5a1d9b7c85e6b29f205ed4216cd19378ec08854ef5a5455a77a13

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA
    Filesize

    392B

    MD5

    749e000b793068539ca520fab669327a

    SHA1

    90f5c2461013fc19cc816a1b6d219e8817ffd810

    SHA256

    668253897d62c7127acef1a89365271ce162d45d00cd081dba2da4dcf7194872

    SHA512

    e7bc7525301188cc3c1e46f5a69d2c476a3b448841b3adb3f64abdfb68f49ea5a615d987daa7480a2412918662ecd459dcdc81b38fcdec3bf636fb46ec6ea68f

    Download Submit

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\RZZK6BH2.txt
    Filesize

    601B

    MD5

    7e5f942285aa4b1cc5ff2cc97972b0a4

    SHA1

    251fe65f1e3972aec1c7eee31fcb9b809df76be5

    SHA256

    7801c5514e99e99ae3881ed6bd21ea9efa71808bf5afadfe5f3f45ec9b22b95b

    SHA512

    85abaef0a5c1428dd168dbece18f5d265d76aa3fdd5b6609931b2043f43b3bdcf4a5dcc3f2468f7a3ebfede87039a6169ae4b6f20e9aaa1a064e3619332bc7df

    Download Submit

  • memory/1356-54-0x00000000760A1000-0x00000000760A3000-memory.dmp

    Filesize

    8KB

    Download