Overview

overview

7

Static

static

330f347a53...c3.exe

windows7-x64

3

330f347a53...c3.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    129s
  • max time network
    143s
  • platform
    windows7_x64
  • resource
    win7-20220812-en
  • resource tags

    arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
  • submitted
    27-11-2022 11:53

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    330f347a53f06c89ca7fd0c6684cb6c78395a0a09875980d58821adf76148ec3.exe

  • Size

    143KB

  • MD5

    3f0b49449db35d26ccf73c069c1ee589

  • SHA1

    106ee20726c8714a9a9db9e87afff50e77cf3507

  • SHA256

    330f347a53f06c89ca7fd0c6684cb6c78395a0a09875980d58821adf76148ec3

  • SHA512

    230a70fcca35a857da2025438b0cc527826cefa67b0a0247407c576bbf3f986db06158a094592b03c0bc5a1e781d54634431d26200846a8c97aa39ca677bd5f8

  • SSDEEP

    3072:iN6ZekwVJIlgps5q9Eb648qwlS/+TfQO45Ds:pe9IB83ID54

Score
3/10

Malware Config

Signatures

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

  • Modifies Internet Explorer settings 1 TTPs 36 IoCs
    adwarespyware
  • Suspicious use of FindShellTrayWindow 2 IoCs
  • Suspicious use of SendNotifyMessage 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 12 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\330f347a53f06c89ca7fd0c6684cb6c78395a0a09875980d58821adf76148ec3.exe
    "C:\Users\Admin\AppData\Local\Temp\330f347a53f06c89ca7fd0c6684cb6c78395a0a09875980d58821adf76148ec3.exe"
    1⤵
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    • Suspicious use of WriteProcessMemory
    PID:1096
    • C:\Windows\SysWOW64\cmd.exe
      "C:\Windows\System32\cmd.exe" /c "start http://securedfileinfo.com/404.jsp?chid=5301121^&rsn=plde^&details=^|v6.1.7601x64sp1.0ws^|tt35^|dt0^|dc100^|fs-2^|dh0^|ec13^|se12007^|dr4^|ds0^|rs0^|p1"
      2⤵
      • Suspicious use of WriteProcessMemory
      PID:932
      • C:\Program Files\Internet Explorer\iexplore.exe
        "C:\Program Files\Internet Explorer\iexplore.exe" http://securedfileinfo.com/404.jsp?chid=5301121&rsn=plde&details=|v6.1.7601x64sp1.0ws|tt35|dt0|dc100|fs-2|dh0|ec13|se12007|dr4|ds0|rs0|p1
        3⤵
        • Modifies Internet Explorer settings
        • Suspicious use of FindShellTrayWindow
        • Suspicious use of SetWindowsHookEx
        • Suspicious use of WriteProcessMemory
        PID:960
        • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
          "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:960 CREDAT:275457 /prefetch:2
          4⤵
          • Modifies Internet Explorer settings
          • Suspicious use of SetWindowsHookEx
          PID:1512

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA
    Filesize

    1KB

    MD5

    167cfd90cb81d3dddd63f107249a0f2e

    SHA1

    39a78631cc336bb71fe7a02eeb91474bbc335eea

    SHA256

    4c527164ea0096494cfd68b9e9167c0587c162106e8ec71edc705963c9fc543b

    SHA512

    013a16d1dc963bf536a156ccb6ea94596887e1d774d6b18636000bbda06b57c135bac00ef046d18022b8512d6abb9bffd3c26b6d10998b4f0e86b46c319b7911

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\265C0DEB29181DD1891051371C5F863A_46F574BDF8F8E3AC29733131E4667BA4
    Filesize

    472B

    MD5

    03ad9fc0b00b5df3165dc2fb1e3b0a3e

    SHA1

    f8243335a8bc24d989bddd346048a055e1d0bdeb

    SHA256

    366b28d491f7fd632e31c1ce97f939555f7dcee14bb6875737ed2d3e96fa32ec

    SHA512

    a3cd8a001366e6c1b96d2b920d56e6efd34e9b69b9805e1a2b0c270346712e22420366f8bd18bbb1dd16fa60d481ad65b13385a66a3f1fa0d7aadaaa27b99796

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA
    Filesize

    724B

    MD5

    f569e1d183b84e8078dc456192127536

    SHA1

    30c537463eed902925300dd07a87d820a713753f

    SHA256

    287bc80237497eb8681dbf136a56cc3870dd5bd12d48051525a280ae62aab413

    SHA512

    49553b65a8e3fc0bf98c1bc02bae5b22188618d8edf8e88e4e25932105796956ae8301c63c487e0afe368ea39a4a2af07935a808f5fb53287ef9287bc73e1012

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357
    Filesize

    1KB

    MD5

    a266bb7dcc38a562631361bbf61dd11b

    SHA1

    3b1efd3a66ea28b16697394703a72ca340a05bd5

    SHA256

    df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e

    SHA512

    0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA
    Filesize

    410B

    MD5

    9ea88a4ba0e79b48df691a19a8540b69

    SHA1

    796c22db08d464c02bae275c0343baf4318058c1

    SHA256

    a76f1f52a484c72ca3b4a288f0f69b8773179aaa0340fe1a61a5e640f87ce410

    SHA512

    d67ff1fb75fbbc178ddf85c6b06705937b717deba2f04c31aaeb480a707c3f9ef310680f815248c691781fb0c86068c10b986bff24aceb3b0e53f33db63241b2

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\265C0DEB29181DD1891051371C5F863A_46F574BDF8F8E3AC29733131E4667BA4
    Filesize

    402B

    MD5

    20d28b44e937200fcfb1006508f50071

    SHA1

    583231af09288298277fd7c1da0e3eb5a6e490d2

    SHA256

    f8396cc7cf650cbb8d69d46a605de933f2f26c10ec822ce9fc80a0e2e768d9d7

    SHA512

    177370868976c7236292c76e3fa909163dc14b8e02c3d98fdfd5be3fc4df11b429ed7e8d648cd26796e110d8528269d93b9c360aca4eda4ed3b5e8d62fbdbd93

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    340B

    MD5

    9e86d771f8bb15d9eb810cc866dd375d

    SHA1

    0d14dff8d77a2ce6ad670f9eb3d681dd0463cb0c

    SHA256

    80701893567d8aa9860bb16b22969709c519c7b1b4dafde8bee13d20ec08b5c0

    SHA512

    c868903451dc8164594be7ea8982ecff80bee74b8e421a0870d5b1a48a2284b2950737c00cf4a9276d97de9ca1f16df5cc00c81cf33ce42b78b993e337dccec7

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA
    Filesize

    392B

    MD5

    6103536e42c4202d417f6a016972f421

    SHA1

    034cf845a543f1786567c912b2bdff5dd7fb0a09

    SHA256

    6815d2bd9c3bb6a17c697a02003c8eb51ab89ac7b08bd5503fd2c9aad0b3de44

    SHA512

    325cd9f32760268b77e95d79567f88d50c9dc3b3bf549cbc0a00d8eb57c5cb210c65db7857d140de1b17773c2b3907079e449ee70abb248473479280094541f4

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357
    Filesize

    242B

    MD5

    6ba38d6e20f1ae20a629ac79d7b05eab

    SHA1

    ed147683d48928b813ccc945e97fd21057088d48

    SHA256

    9ed8709c911ea5d5722c044056a84dc1bf4e7cab145b69165c0d5e3b0c5d9886

    SHA512

    020541987d0584bc7c7a72015048d056d199f2be7cdc6426829acad3ab4093b928629bbf52e7f9c9815d85263a8ab99107763a91b198ed854067f7db5ae1dc9d

    Download Submit

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\N0YOSAW0.txt
    Filesize

    601B

    MD5

    83bf7d081565c822588c37f1fd4d9e20

    SHA1

    f54ba68908e7fd76f7bed1fa4d448d9ececa451a

    SHA256

    6150f866281c685307dc7456c55eaf6e4299462350984c3dc44864c0daaffd29

    SHA512

    e2a2cc6020d91ff851b45dd5dac81bb82759f20aed2d20ebf497a518a12a1ebfbbfc19cd918a15d2a71d2c9425e6f287605c6216f22efafaa066768e71ccd0d7

    Download Submit

  • memory/1096-54-0x00000000768A1000-0x00000000768A3000-memory.dmp

    Filesize

    8KB

    Download