Overview

overview

7

Static

static

c76819dd88...03.exe

windows7-x64

3

c76819dd88...03.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    140s
  • max time network
    159s
  • platform
    windows7_x64
  • resource
    win7-20220812-en
  • resource tags

    arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
  • submitted
    27/11/2022, 11:27

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    c76819dd88478298e37429ad583783403010b0360f12089a73b540befb76af03.exe

  • Size

    143KB

  • MD5

    a95492c963c5a617b0a145fd02100436

  • SHA1

    0851644427a8f03bc0914722b89f6d34d3694f30

  • SHA256

    c76819dd88478298e37429ad583783403010b0360f12089a73b540befb76af03

  • SHA512

    224ce1c354d7a108a53ff8c38fae210fde94a64e3c0e68cfc228540827ea79977ca738dfbaec7c272f74da5df671162198e1b87513a608c1b61b1416faa771c7

  • SSDEEP

    3072:iN6ZekwVJIlgps5q9Eb648qwlS/+TfQO45DP:pe9IB83ID5D

Score
3/10

Malware Config

Signatures

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

  • Modifies Internet Explorer settings 1 TTPs 25 IoCs
    adwarespyware
  • Suspicious use of FindShellTrayWindow 2 IoCs
  • Suspicious use of SendNotifyMessage 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 12 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\c76819dd88478298e37429ad583783403010b0360f12089a73b540befb76af03.exe
    "C:\Users\Admin\AppData\Local\Temp\c76819dd88478298e37429ad583783403010b0360f12089a73b540befb76af03.exe"
    1⤵
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    • Suspicious use of WriteProcessMemory
    PID:1736
    • C:\Windows\SysWOW64\cmd.exe
      "C:\Windows\System32\cmd.exe" /c "start http://securedfileinfo.com/404.jsp?chid=5300108^&rsn=plde^&details=^|v6.1.7601x64sp1.0ws^|tt36^|dt0^|dc100^|fs-2^|dh0^|ec13^|se12007^|dr4^|ds0^|rs0^|p1"
      2⤵
      • Suspicious use of WriteProcessMemory
      PID:1100
      • C:\Program Files\Internet Explorer\iexplore.exe
        "C:\Program Files\Internet Explorer\iexplore.exe" http://securedfileinfo.com/404.jsp?chid=5300108&rsn=plde&details=|v6.1.7601x64sp1.0ws|tt36|dt0|dc100|fs-2|dh0|ec13|se12007|dr4|ds0|rs0|p1
        3⤵
        • Modifies Internet Explorer settings
        • Suspicious use of FindShellTrayWindow
        • Suspicious use of SetWindowsHookEx
        • Suspicious use of WriteProcessMemory
        PID:524
        • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
          "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:524 CREDAT:275457 /prefetch:2
          4⤵
          • Modifies Internet Explorer settings
          • Suspicious use of SetWindowsHookEx
          PID:872

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA
    Filesize

    1KB

    MD5

    167cfd90cb81d3dddd63f107249a0f2e

    SHA1

    39a78631cc336bb71fe7a02eeb91474bbc335eea

    SHA256

    4c527164ea0096494cfd68b9e9167c0587c162106e8ec71edc705963c9fc543b

    SHA512

    013a16d1dc963bf536a156ccb6ea94596887e1d774d6b18636000bbda06b57c135bac00ef046d18022b8512d6abb9bffd3c26b6d10998b4f0e86b46c319b7911

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\265C0DEB29181DD1891051371C5F863A_46F574BDF8F8E3AC29733131E4667BA4
    Filesize

    472B

    MD5

    03ad9fc0b00b5df3165dc2fb1e3b0a3e

    SHA1

    f8243335a8bc24d989bddd346048a055e1d0bdeb

    SHA256

    366b28d491f7fd632e31c1ce97f939555f7dcee14bb6875737ed2d3e96fa32ec

    SHA512

    a3cd8a001366e6c1b96d2b920d56e6efd34e9b69b9805e1a2b0c270346712e22420366f8bd18bbb1dd16fa60d481ad65b13385a66a3f1fa0d7aadaaa27b99796

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA
    Filesize

    724B

    MD5

    f569e1d183b84e8078dc456192127536

    SHA1

    30c537463eed902925300dd07a87d820a713753f

    SHA256

    287bc80237497eb8681dbf136a56cc3870dd5bd12d48051525a280ae62aab413

    SHA512

    49553b65a8e3fc0bf98c1bc02bae5b22188618d8edf8e88e4e25932105796956ae8301c63c487e0afe368ea39a4a2af07935a808f5fb53287ef9287bc73e1012

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA
    Filesize

    410B

    MD5

    61b80249a1c581420401b5f1e5f7c2a5

    SHA1

    a80f5c71aae6b489a247c9f1f5bb50e70ba017be

    SHA256

    19d5be628b8935966c1baee6fe1a0254d56444710534058a2b92bacd7fca8aa2

    SHA512

    e5da5909094f1e59445ea154dc9de387896676b2fe4487310c7f6116e6b1b0b0ed7af2879f8ce45d107a641436f891911472770cc6a911f0c99946b5f1a9cae0

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\265C0DEB29181DD1891051371C5F863A_46F574BDF8F8E3AC29733131E4667BA4
    Filesize

    402B

    MD5

    7f1d2e004c87b58fee21d33e7549e511

    SHA1

    404e1e74122710393a12802edcead5e60542aa06

    SHA256

    aa7b3c114e657609dfb824341e6926b10d3b9656d327df62b969aec41d4eedd6

    SHA512

    99cedfbf57feeacc4038d305d0e8801f4153c4f176057eb1d06f861aefa00fbcd92585a30b41fa7b71105078ca8f800f407d72f749be9ac5c43321f1d6d7bf76

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    340B

    MD5

    4cdf079668512a6a7b19643b6e7701e3

    SHA1

    fb8c7957fb3b0f8253e36248d6afd3652d8d6e98

    SHA256

    265cd7deac3656ae747225707e42b4260c272551ca52b1e61d47e0eb3f47038e

    SHA512

    3f363e06a5729b08e73b18de134d3c1f5219afd73c4e5dd72ee39db80c9c41c1bb304068ebdbe224522a5226e085680664926e2e43eea4f6c5a751e20b6504c5

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA
    Filesize

    392B

    MD5

    276a55f5adf0c0f8045aade50bdca3e3

    SHA1

    de5ffaf56093df8f970912541feabc2ba9392dd6

    SHA256

    9c0f1e567cd307f56363738abf0cece0693842b9201d3cc3fb20462537cb435e

    SHA512

    5eac162fa82c411168ccb9604518dfd6161a29dd5760770800d4538730e8b116844fd5a90cc455a7279de8f4c412d1ae9dcfd9d1a9a665bd4c2e3c175b28e8b5

    Download Submit

  • memory/1736-54-0x0000000075DA1000-0x0000000075DA3000-memory.dmp

    Filesize

    8KB

    Download