Overview

overview

7

Static

static

348c0e4152...4e.exe

windows7-x64

3

348c0e4152...4e.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    182s
  • max time network
    244s
  • platform
    windows7_x64
  • resource
    win7-20221111-en
  • resource tags

    arch:x64arch:x86image:win7-20221111-enlocale:en-usos:windows7-x64system
  • submitted
    27-11-2022 11:33

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    348c0e4152c5fa97311c4f0ceeba8f3471c80f947ebc78dfe62aca396bd83b4e.exe

  • Size

    143KB

  • MD5

    ea99aa4d2a21dc691976f30ee5eff8ac

  • SHA1

    ff883881ddffa6597a3b99a24a7ffedc54bad986

  • SHA256

    348c0e4152c5fa97311c4f0ceeba8f3471c80f947ebc78dfe62aca396bd83b4e

  • SHA512

    6a9bd4107fe202bd2f2ea727c575592932903846e389aca0a70bdf9eafa6dbcc34223505670f6a9d36ac66c32ba6c4b5c11871288b8cc1d30eb53fb042313dc3

  • SSDEEP

    3072:iN6ZekwVJIlgps5q9Eb648qwlS/+TfQO45D6aw:pe9IB83ID52j

Score
3/10

Malware Config

Signatures

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

  • Modifies Internet Explorer settings 1 TTPs 38 IoCs
    adwarespyware
  • Suspicious use of FindShellTrayWindow 2 IoCs
  • Suspicious use of SendNotifyMessage 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 12 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\348c0e4152c5fa97311c4f0ceeba8f3471c80f947ebc78dfe62aca396bd83b4e.exe
    "C:\Users\Admin\AppData\Local\Temp\348c0e4152c5fa97311c4f0ceeba8f3471c80f947ebc78dfe62aca396bd83b4e.exe"
    1⤵
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    • Suspicious use of WriteProcessMemory
    PID:936
    • C:\Windows\SysWOW64\cmd.exe
      "C:\Windows\System32\cmd.exe" /c "start http://securedfileinfo.com/404.jsp?chid=5300108^&rsn=plde^&details=^|v6.1.7601x64sp1.0ws^|tt35^|dt0^|dc100^|fs-2^|dh0^|ec13^|se12007^|dr4^|ds0^|rs0^|p1"
      2⤵
      • Suspicious use of WriteProcessMemory
      PID:920
      • C:\Program Files\Internet Explorer\iexplore.exe
        "C:\Program Files\Internet Explorer\iexplore.exe" http://securedfileinfo.com/404.jsp?chid=5300108&rsn=plde&details=|v6.1.7601x64sp1.0ws|tt35|dt0|dc100|fs-2|dh0|ec13|se12007|dr4|ds0|rs0|p1
        3⤵
        • Modifies Internet Explorer settings
        • Suspicious use of FindShellTrayWindow
        • Suspicious use of SetWindowsHookEx
        • Suspicious use of WriteProcessMemory
        PID:812
        • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
          "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:812 CREDAT:275457 /prefetch:2
          4⤵
          • Modifies Internet Explorer settings
          • Suspicious use of SetWindowsHookEx
          PID:1448

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA
    Filesize

    1KB

    MD5

    167cfd90cb81d3dddd63f107249a0f2e

    SHA1

    39a78631cc336bb71fe7a02eeb91474bbc335eea

    SHA256

    4c527164ea0096494cfd68b9e9167c0587c162106e8ec71edc705963c9fc543b

    SHA512

    013a16d1dc963bf536a156ccb6ea94596887e1d774d6b18636000bbda06b57c135bac00ef046d18022b8512d6abb9bffd3c26b6d10998b4f0e86b46c319b7911

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\265C0DEB29181DD1891051371C5F863A_46F574BDF8F8E3AC29733131E4667BA4
    Filesize

    472B

    MD5

    03ad9fc0b00b5df3165dc2fb1e3b0a3e

    SHA1

    f8243335a8bc24d989bddd346048a055e1d0bdeb

    SHA256

    366b28d491f7fd632e31c1ce97f939555f7dcee14bb6875737ed2d3e96fa32ec

    SHA512

    a3cd8a001366e6c1b96d2b920d56e6efd34e9b69b9805e1a2b0c270346712e22420366f8bd18bbb1dd16fa60d481ad65b13385a66a3f1fa0d7aadaaa27b99796

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA
    Filesize

    724B

    MD5

    f569e1d183b84e8078dc456192127536

    SHA1

    30c537463eed902925300dd07a87d820a713753f

    SHA256

    287bc80237497eb8681dbf136a56cc3870dd5bd12d48051525a280ae62aab413

    SHA512

    49553b65a8e3fc0bf98c1bc02bae5b22188618d8edf8e88e4e25932105796956ae8301c63c487e0afe368ea39a4a2af07935a808f5fb53287ef9287bc73e1012

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA
    Filesize

    410B

    MD5

    bbb03def5378c8f4901fdf599acc1fdc

    SHA1

    6c9110b90c269ac18b5d24ab5d611bda13abff89

    SHA256

    01aedc8aa4f5d3683942410a0fe91b3ddfc2d968bd1d829bbbde002504425074

    SHA512

    84a33d0dab0a15b0ebff6071f132e0d0a551b585144c18cc589ee72572b916765997faba4e051c396b4cdc39d2fb9ec852f254b12cbe5c20f3289434b169b307

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\265C0DEB29181DD1891051371C5F863A_46F574BDF8F8E3AC29733131E4667BA4
    Filesize

    402B

    MD5

    58d462b677915026dd5e20eecb0f50d1

    SHA1

    0870d6f7d390eae33ac0f2ed5ba2c2a00147d3c1

    SHA256

    0661f6a55f7eaee31ddf608c658d0a21d9e0a0273a1ccf7a2d83a4289cb70c21

    SHA512

    06bb1a5262fef7067e83c761a7b7a603f13e621b19bf5d5d824d851db8344d5c4bd5a734194a42388ee5afdd1deccba6aef7727d2414c1aab75a8b8ceb244fc6

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    3ad56486f66179de1c601c87c90ea894

    SHA1

    97ff599190f9666966a06a8e50a4d71e3c43388b

    SHA256

    08e4aa2a49cace424551c846516c066e8610b2de4cd484f83a8489dd32cbf376

    SHA512

    cee96920ad42a522993bbdbc268cb1c3bb5d0939570059f8b78525360d366d0884ac46a5677ac42656646d66d1dbab8918e4947d15164a2d2b9605b441f79b37

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA
    Filesize

    392B

    MD5

    31e254f6b616b9c0f9524f5d788d1f32

    SHA1

    80f740d81bdfd4d74cc21327bb2a32423b0336f7

    SHA256

    7ca602c3c7a162632e15d4cd61a4b606a77993e2bcac957fdd785972d4211a25

    SHA512

    54ca1b08e7ea4295f7a638bfb975f7595cced6259e866b0bbca743123b20196d3f76111e35190be5fa29149218e54f9af965f06eaaea385226087b5ed15ddfb0

    Download Submit

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\4RB2Z2FR.txt
    Filesize

    608B

    MD5

    25e0fee00296db0f8df343fc8e7e2ea9

    SHA1

    8d09f35f99cfcc3b26538241394cc25d97476fe9

    SHA256

    f7fd6c9bcabedc823cb3b718bcebdfd2fe2d7f9dc060c3c66143606c2164d49a

    SHA512

    5c37080fda9c73b451ce877fd1e51655d5bbcb3a6c57c4c70b452824e932f5e8a5f521b31398ec4d50cc8599949b023a5657b69db486c60c29b7fc01f98bbb87

    Download Submit

  • memory/920-55-0x0000000000000000-mapping.dmp

    Download

  • memory/936-54-0x00000000757E1000-0x00000000757E3000-memory.dmp

    Filesize

    8KB

    Download