Overview

overview

7

Static

static

94983e8737...82.exe

windows7-x64

3

94983e8737...82.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    182s
  • max time network
    196s
  • platform
    windows7_x64
  • resource
    win7-20220812-en
  • resource tags

    arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
  • submitted
    27/11/2022, 10:15

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    94983e8737d88f18f2e98a617bfbf790fb305cd5c0484c97613ed40c7603d482.exe

  • Size

    143KB

  • MD5

    52e17243bf995498ce4afbf6726adb5f

  • SHA1

    841b95191bd57734579ae260c3aefa4567f4861c

  • SHA256

    94983e8737d88f18f2e98a617bfbf790fb305cd5c0484c97613ed40c7603d482

  • SHA512

    9ff953131f0f2e86707165932951dde79ee3d59a5fab105bb7a13e0f1fcf3f7361d5d424c7d20ae0a846d2756778749153a80e9c7c8b56a7fca86d6c8dcc2c60

  • SSDEEP

    3072:iN6ZekwVJIlgps5q9Eb648qwlS/+TfQO45DN:pe9IB83ID5h

Score
3/10

Malware Config

Signatures

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

  • Modifies Internet Explorer settings 1 TTPs 36 IoCs
    adwarespyware
  • Suspicious use of FindShellTrayWindow 2 IoCs
  • Suspicious use of SendNotifyMessage 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 12 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\94983e8737d88f18f2e98a617bfbf790fb305cd5c0484c97613ed40c7603d482.exe
    "C:\Users\Admin\AppData\Local\Temp\94983e8737d88f18f2e98a617bfbf790fb305cd5c0484c97613ed40c7603d482.exe"
    1⤵
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    • Suspicious use of WriteProcessMemory
    PID:980
    • C:\Windows\SysWOW64\cmd.exe
      "C:\Windows\System32\cmd.exe" /c "start http://securedfileinfo.com/404.jsp?chid=5301121^&rsn=plde^&details=^|v6.1.7601x64sp1.0ws^|tt36^|dt0^|dc100^|fs-2^|dh0^|ec13^|se12007^|dr4^|ds0^|rs0^|p1"
      2⤵
      • Suspicious use of WriteProcessMemory
      PID:1552
      • C:\Program Files\Internet Explorer\iexplore.exe
        "C:\Program Files\Internet Explorer\iexplore.exe" http://securedfileinfo.com/404.jsp?chid=5301121&rsn=plde&details=|v6.1.7601x64sp1.0ws|tt36|dt0|dc100|fs-2|dh0|ec13|se12007|dr4|ds0|rs0|p1
        3⤵
        • Modifies Internet Explorer settings
        • Suspicious use of FindShellTrayWindow
        • Suspicious use of SetWindowsHookEx
        • Suspicious use of WriteProcessMemory
        PID:1536
        • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
          "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1536 CREDAT:275457 /prefetch:2
          4⤵
          • Modifies Internet Explorer settings
          • Suspicious use of SetWindowsHookEx
          PID:1924

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA
    Filesize

    1KB

    MD5

    167cfd90cb81d3dddd63f107249a0f2e

    SHA1

    39a78631cc336bb71fe7a02eeb91474bbc335eea

    SHA256

    4c527164ea0096494cfd68b9e9167c0587c162106e8ec71edc705963c9fc543b

    SHA512

    013a16d1dc963bf536a156ccb6ea94596887e1d774d6b18636000bbda06b57c135bac00ef046d18022b8512d6abb9bffd3c26b6d10998b4f0e86b46c319b7911

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\265C0DEB29181DD1891051371C5F863A_46F574BDF8F8E3AC29733131E4667BA4
    Filesize

    472B

    MD5

    03ad9fc0b00b5df3165dc2fb1e3b0a3e

    SHA1

    f8243335a8bc24d989bddd346048a055e1d0bdeb

    SHA256

    366b28d491f7fd632e31c1ce97f939555f7dcee14bb6875737ed2d3e96fa32ec

    SHA512

    a3cd8a001366e6c1b96d2b920d56e6efd34e9b69b9805e1a2b0c270346712e22420366f8bd18bbb1dd16fa60d481ad65b13385a66a3f1fa0d7aadaaa27b99796

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA
    Filesize

    724B

    MD5

    f569e1d183b84e8078dc456192127536

    SHA1

    30c537463eed902925300dd07a87d820a713753f

    SHA256

    287bc80237497eb8681dbf136a56cc3870dd5bd12d48051525a280ae62aab413

    SHA512

    49553b65a8e3fc0bf98c1bc02bae5b22188618d8edf8e88e4e25932105796956ae8301c63c487e0afe368ea39a4a2af07935a808f5fb53287ef9287bc73e1012

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357
    Filesize

    1KB

    MD5

    a266bb7dcc38a562631361bbf61dd11b

    SHA1

    3b1efd3a66ea28b16697394703a72ca340a05bd5

    SHA256

    df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e

    SHA512

    0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA
    Filesize

    410B

    MD5

    33055abb647e6ce6092010c7da901828

    SHA1

    5751f7c23756a7aec7a0980b05be9f8aadb81659

    SHA256

    384616419836c81c5f9a965c2cec1286e1ff4197a9129c2006faaee0d8a7120b

    SHA512

    a8dc8da2f929b2d4b960303071512fcd26cdf462136f318028b836166ba504deceb91069e7ec3d84f79b7e2539aabd23271dc2a88940e99d6c9019366e023d48

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\265C0DEB29181DD1891051371C5F863A_46F574BDF8F8E3AC29733131E4667BA4
    Filesize

    402B

    MD5

    888624a0041e0f5485d34a1d6f0ea950

    SHA1

    79a98e747ea8c83d64eb3725c33404bd22d42c74

    SHA256

    aeadb1524f9da18f3c030d4c5613424a35e366dde63c2d68f22a0df9f39ed526

    SHA512

    722b049672bb6a34a81f9cf0dc2dce0881d496e76836a86e1dbcc23ea1f4abdc95f04d756eff7990243cd306e5ab8aa8250a4e4c09661fb881a345d04c07901f

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    340B

    MD5

    b7fdfbb630b35f53818103b59922534a

    SHA1

    2a101f1bf7b9666fbe31261db65cb2e428149fa3

    SHA256

    21035bab68d3676d0b17cc4bde20bda8447fdf4861bfa1b2d9036d0adf116ca3

    SHA512

    4c65b74110b617e031aff6be75c98318cf0004a83331b6fad16b60767435dc9a6ea1dc24bee8c26a3a7f720663deb2f6654e94659d6613259fa8a23cb5e5f1b7

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA
    Filesize

    392B

    MD5

    37bd7c12f072f124745763ec78b74e9b

    SHA1

    b0184de77bb20a0328ba8cb459acf34520b6f018

    SHA256

    16e74fd20fdab4f7a705b6c7338cae4a1b5943b8284dfa1646e8c3df6aa6f781

    SHA512

    5261eae07a5246c3ec4786d1cdf177f5c9fb43f040b80c06c68ebc3f1c9d7db603a08e19fb12308bde20ccf0eee7f7cf4b26ec331084907f94217d8bbb5f3dc0

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357
    Filesize

    242B

    MD5

    4f8fc35e5138a690eb9afd2141872bc0

    SHA1

    8259a4e495c5733bb6895f9118a6a2d0f262a23e

    SHA256

    14c8a13c685800b2c8e0fac8b1c00d5e5d44dd28278a5223f559cbd7e4e236ca

    SHA512

    d1847e91c167f6d4e86a4c46175f0e3323ce65fa61c33e3bf83aad7095f69b987f96bd2873a26bf76ad868496770a709ec389d43055646ee683a3577abf7a344

    Download Submit

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\4UAPEDD5.txt
    Filesize

    600B

    MD5

    322afa280c6fd3e26efbecc792e46acd

    SHA1

    0b884012b3a2d108738378cbaa9091c6367e5f9a

    SHA256

    72bd252104c7cf0befbaaf151d3e5cf36d595637c23a6467df7b50a18cd408a5

    SHA512

    728f8c53ccb0f0ec89eeced233f4efbb410df864f6424f67e6708a04c843db9c5bdad5a8e3d357e69c7b740f3b7efc305e2fe2ca154953c2277ae3ceefb3068d

    Download Submit

  • memory/980-54-0x0000000075FB1000-0x0000000075FB3000-memory.dmp

    Filesize

    8KB

    Download