Overview

overview

7

Static

static

7d21a365dd...6e.exe

windows7-x64

3

7d21a365dd...6e.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    143s
  • max time network
    154s
  • platform
    windows7_x64
  • resource
    win7-20220812-en
  • resource tags

    arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
  • submitted
    27-11-2022 11:55

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    7d21a365ddae82bacda85e6ca1eb338fc89a4610ad924196f9d09f3ca0e3eb6e.exe

  • Size

    143KB

  • MD5

    41c5c25de5c96f860a1bf6dd8122bb0b

  • SHA1

    a61492c5764d90d641138d18534a0dc97cfab49c

  • SHA256

    7d21a365ddae82bacda85e6ca1eb338fc89a4610ad924196f9d09f3ca0e3eb6e

  • SHA512

    6f9206b3f4146cb4caa65f14716634e14c2d2aeca78c5b66a865a53597e0434c5e1567a3a0e06c05e9da128a0de969bdcb43d71e4b596a579e05869920e22063

  • SSDEEP

    3072:iN6ZekwVJIlgps5q9Eb648qwlS/+TfQO45DY:pe9IB83ID5U

Score
3/10

Malware Config

Signatures

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

  • Modifies Internet Explorer settings 1 TTPs 28 IoCs
    adwarespyware
  • Suspicious use of FindShellTrayWindow 2 IoCs
  • Suspicious use of SendNotifyMessage 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 12 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\7d21a365ddae82bacda85e6ca1eb338fc89a4610ad924196f9d09f3ca0e3eb6e.exe
    "C:\Users\Admin\AppData\Local\Temp\7d21a365ddae82bacda85e6ca1eb338fc89a4610ad924196f9d09f3ca0e3eb6e.exe"
    1⤵
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    • Suspicious use of WriteProcessMemory
    PID:536
    • C:\Windows\SysWOW64\cmd.exe
      "C:\Windows\System32\cmd.exe" /c "start http://securedfileinfo.com/404.jsp?chid=5300107^&rsn=plde^&details=^|v6.1.7601x64sp1.0ws^|tt37^|dt0^|dc100^|fs-2^|dh0^|ec13^|se12007^|dr4^|ds0^|rs0^|p1"
      2⤵
      • Suspicious use of WriteProcessMemory
      PID:836
      • C:\Program Files\Internet Explorer\iexplore.exe
        "C:\Program Files\Internet Explorer\iexplore.exe" http://securedfileinfo.com/404.jsp?chid=5300107&rsn=plde&details=|v6.1.7601x64sp1.0ws|tt37|dt0|dc100|fs-2|dh0|ec13|se12007|dr4|ds0|rs0|p1
        3⤵
        • Modifies Internet Explorer settings
        • Suspicious use of FindShellTrayWindow
        • Suspicious use of SetWindowsHookEx
        • Suspicious use of WriteProcessMemory
        PID:556
        • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
          "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:556 CREDAT:275457 /prefetch:2
          4⤵
          • Modifies Internet Explorer settings
          • Suspicious use of SetWindowsHookEx
          PID:1952

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\746IIHT1.txt
    Filesize

    608B

    MD5

    2f2c0cebb92e2e58e2978b6be3f6e622

    SHA1

    32b9031a473c725c44d6b1f6f4aad1d72c278175

    SHA256

    f6877b6702cd1448c96955b14862959f24f13f90bd0406ebb5335af4c0bc5f47

    SHA512

    eebab699f4f2ad6b1f922946d618e45cc1cbd7471f48ccb333cf3e4d1bd53b7778b34c1d1c16d6fc000c727fa3252fc88cff1d82cf4f99e6d3123f3abef7d736

    Download Submit

  • memory/536-54-0x0000000076871000-0x0000000076873000-memory.dmp

    Filesize

    8KB

    Download

  • memory/836-55-0x0000000000000000-mapping.dmp

    Download