Overview

overview

7

Static

static

9dd57778f1...7f.exe

windows7-x64

3

9dd57778f1...7f.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    127s
  • max time network
    121s
  • platform
    windows7_x64
  • resource
    win7-20220901-en
  • resource tags

    arch:x64arch:x86image:win7-20220901-enlocale:en-usos:windows7-x64system
  • submitted
    27/11/2022, 11:11

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    9dd57778f166b1b89fc1c38b2facb410f161d3ef12c04b87dc62cc4881c51c7f.exe

  • Size

    143KB

  • MD5

    9276ec3a3f06c2db1ddc4204466b0cf5

  • SHA1

    a06960be637b6125a9c5572f626bd6212485f0d6

  • SHA256

    9dd57778f166b1b89fc1c38b2facb410f161d3ef12c04b87dc62cc4881c51c7f

  • SHA512

    3c53f6707fd256501eef24a07641b8ad66ad579f28d35ece7f4642839f26b1524ec98fc47426d2a61351e3b6a8cfb540c7eb2a59e6012be49679a14d7e4e005f

  • SSDEEP

    3072:iN6ZekwVJIlgps5q9Eb648qwlS/+TfQO45Dt:pe9IB83ID5J

Score
3/10

Malware Config

Signatures

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

  • Modifies Internet Explorer settings 1 TTPs 36 IoCs
    adwarespyware
  • Suspicious use of FindShellTrayWindow 2 IoCs
  • Suspicious use of SendNotifyMessage 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 12 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\9dd57778f166b1b89fc1c38b2facb410f161d3ef12c04b87dc62cc4881c51c7f.exe
    "C:\Users\Admin\AppData\Local\Temp\9dd57778f166b1b89fc1c38b2facb410f161d3ef12c04b87dc62cc4881c51c7f.exe"
    1⤵
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    • Suspicious use of WriteProcessMemory
    PID:1768
    • C:\Windows\SysWOW64\cmd.exe
      "C:\Windows\System32\cmd.exe" /c "start http://securedfileinfo.com/404.jsp?chid=5301121^&rsn=plde^&details=^|v6.1.7601x64sp1.0ws^|tt36^|dt0^|dc100^|fs-2^|dh0^|ec13^|se12007^|dr4^|ds0^|rs0^|p1"
      2⤵
      • Suspicious use of WriteProcessMemory
      PID:1700
      • C:\Program Files\Internet Explorer\iexplore.exe
        "C:\Program Files\Internet Explorer\iexplore.exe" http://securedfileinfo.com/404.jsp?chid=5301121&rsn=plde&details=|v6.1.7601x64sp1.0ws|tt36|dt0|dc100|fs-2|dh0|ec13|se12007|dr4|ds0|rs0|p1
        3⤵
        • Modifies Internet Explorer settings
        • Suspicious use of FindShellTrayWindow
        • Suspicious use of SetWindowsHookEx
        • Suspicious use of WriteProcessMemory
        PID:1960
        • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
          "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1960 CREDAT:275457 /prefetch:2
          4⤵
          • Modifies Internet Explorer settings
          • Suspicious use of SetWindowsHookEx
          PID:672

Network

        MITRE ATT&CK Enterprise v6

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA
          Filesize

          1KB

          MD5

          167cfd90cb81d3dddd63f107249a0f2e

          SHA1

          39a78631cc336bb71fe7a02eeb91474bbc335eea

          SHA256

          4c527164ea0096494cfd68b9e9167c0587c162106e8ec71edc705963c9fc543b

          SHA512

          013a16d1dc963bf536a156ccb6ea94596887e1d774d6b18636000bbda06b57c135bac00ef046d18022b8512d6abb9bffd3c26b6d10998b4f0e86b46c319b7911

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\265C0DEB29181DD1891051371C5F863A_46F574BDF8F8E3AC29733131E4667BA4
          Filesize

          472B

          MD5

          03ad9fc0b00b5df3165dc2fb1e3b0a3e

          SHA1

          f8243335a8bc24d989bddd346048a055e1d0bdeb

          SHA256

          366b28d491f7fd632e31c1ce97f939555f7dcee14bb6875737ed2d3e96fa32ec

          SHA512

          a3cd8a001366e6c1b96d2b920d56e6efd34e9b69b9805e1a2b0c270346712e22420366f8bd18bbb1dd16fa60d481ad65b13385a66a3f1fa0d7aadaaa27b99796

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA
          Filesize

          724B

          MD5

          f569e1d183b84e8078dc456192127536

          SHA1

          30c537463eed902925300dd07a87d820a713753f

          SHA256

          287bc80237497eb8681dbf136a56cc3870dd5bd12d48051525a280ae62aab413

          SHA512

          49553b65a8e3fc0bf98c1bc02bae5b22188618d8edf8e88e4e25932105796956ae8301c63c487e0afe368ea39a4a2af07935a808f5fb53287ef9287bc73e1012

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357
          Filesize

          1KB

          MD5

          a266bb7dcc38a562631361bbf61dd11b

          SHA1

          3b1efd3a66ea28b16697394703a72ca340a05bd5

          SHA256

          df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e

          SHA512

          0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA
          Filesize

          410B

          MD5

          a71f22012efac1bf4938fc61b00eeb51

          SHA1

          7f1563fb9b03f70da24f87b78913df118babc3f9

          SHA256

          e7cf5e41746a3ed417830d1480cc44d95b309b34d48d4191160c2f77c704ea65

          SHA512

          aaac2d1fde48b23ec5ea9a17bd1051dc6fa33998ef55a169069bc63c3500bd49b5423dad0e00fd04fec25a10fc09eba7096bed4ec64f8ac22a43da9139c1e76f

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\265C0DEB29181DD1891051371C5F863A_46F574BDF8F8E3AC29733131E4667BA4
          Filesize

          402B

          MD5

          399613ab3c371e07257acb9c943c2d04

          SHA1

          f1b09112becf21bd9aa3f16be647cc267718509f

          SHA256

          a5693afe19b40782ca3ec4b407ff312ca9cdf74cdba11117414703b4a04d599a

          SHA512

          08adc9a666a9b8dde75084420c36526ae3c67383edf7b202f45d7231933b388d208936c2ab614c99468e3c8f9b99ab6b9679172d20ec5a2249621b48b09a6b52

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          344B

          MD5

          6972b63494ac809149421aca9e4b7be7

          SHA1

          423910770a82401de9cddac5ff0c4b48206501ba

          SHA256

          21cf90d0ede02147f8b2ad9b07ed7e755f314222251c4a34509dbee6e801cbe5

          SHA512

          2e4d8dead5a703738a6b06556232884a54dd79c0423753af6a88d5042b25465dfb87e86c9ec26832a20332c031ec8289ddc0ebc579f9b694deb2fe7d7b611c33

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA
          Filesize

          392B

          MD5

          fd18e6aa13972d26c7a0b780656e4c81

          SHA1

          82fcc34a1a54b6ee0fbca2fa620bc92d1005ead7

          SHA256

          a0502cb75fa9bf9ed889985b1d369ff868db8f5b228fff38e6bb8e30818f0ac8

          SHA512

          6071f32a2289bef3379a26f99416da5f6f2292638067d45beba58545318e6997c47c1fd4f6e2e00cbfb8b2f471ba771bd35e84a1e08e9518d47e60f5c2f69a8e

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357
          Filesize

          242B

          MD5

          74e01d2750ac51c14265e6c58f1b0033

          SHA1

          b5b3846ed62ce708e15fb12375bc30c874ab54e5

          SHA256

          90e380769c96aa7dc5b05b91fd8055d5e87c75dbefe48aad71ad2a27178f66cb

          SHA512

          b5e90504fd7faad4f739b6a31c136bc8a6510b7c492ba4a9bb12f90a3fe222c7a0f5e29ddba14c81b2667d6e87d08a0eca96363434613497d165d40508037519

          Download Submit

        • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\3HPZYEDV.txt
          Filesize

          608B

          MD5

          6cad6b008b0f571d73e472afc867fde9

          SHA1

          163c96332b196f8ac94240d8f18511bc214440d8

          SHA256

          596e87adeae4196311f4adce0839eaf431f2295c5087907b4b4bd6554b371c08

          SHA512

          81ef59d1a2c5dba3f28132c3d9b0252d293c09ff911443fad7f81e246d96fc426e5c205b6d66e158121ecd676b75ce377bf39c4508c419e4f90fc3fa8e73f5ee

          Download Submit

        • memory/1768-54-0x0000000076961000-0x0000000076963000-memory.dmp

          Filesize

          8KB

          Download