Overview

overview

7

Static

static

73fe1a55d1...2f.exe

windows7-x64

3

73fe1a55d1...2f.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    126s
  • max time network
    119s
  • platform
    windows7_x64
  • resource
    win7-20220901-en
  • resource tags

    arch:x64arch:x86image:win7-20220901-enlocale:en-usos:windows7-x64system
  • submitted
    27/11/2022, 12:53

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    73fe1a55d1e84132f97ed7d0caf14ae4174f64100ad68a50686b1a331bca1f2f.exe

  • Size

    143KB

  • MD5

    8aa115f88e85d16d29a550f7bd7e54b0

  • SHA1

    52900665c6f7d97a2a4d1f1f3783ad738a626f0b

  • SHA256

    73fe1a55d1e84132f97ed7d0caf14ae4174f64100ad68a50686b1a331bca1f2f

  • SHA512

    a14280eae3ccc63d645ac7ed22fc5fb7ff62968b401134a1fca75f8a40c1a8e091de0d651476c9d1245dcb137733a9d1000669f9984bd5799793a132916c5ca3

  • SSDEEP

    3072:iN6ZekwVJIlgps5q9Eb648qwlS/+TfQO45DbF:pe9IB83ID5XF

Score
3/10

Malware Config

Signatures

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

  • Modifies Internet Explorer settings 1 TTPs 36 IoCs
    adwarespyware
  • Suspicious use of FindShellTrayWindow 2 IoCs
  • Suspicious use of SendNotifyMessage 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 12 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\73fe1a55d1e84132f97ed7d0caf14ae4174f64100ad68a50686b1a331bca1f2f.exe
    "C:\Users\Admin\AppData\Local\Temp\73fe1a55d1e84132f97ed7d0caf14ae4174f64100ad68a50686b1a331bca1f2f.exe"
    1⤵
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    • Suspicious use of WriteProcessMemory
    PID:1444
    • C:\Windows\SysWOW64\cmd.exe
      "C:\Windows\System32\cmd.exe" /c "start http://securedfileinfo.com/404.jsp?chid=5300108^&rsn=plde^&details=^|v6.1.7601x64sp1.0ws^|tt36^|dt0^|dc100^|fs-2^|dh0^|ec13^|se12007^|dr4^|ds0^|rs0^|p1"
      2⤵
      • Suspicious use of WriteProcessMemory
      PID:2036
      • C:\Program Files\Internet Explorer\iexplore.exe
        "C:\Program Files\Internet Explorer\iexplore.exe" http://securedfileinfo.com/404.jsp?chid=5300108&rsn=plde&details=|v6.1.7601x64sp1.0ws|tt36|dt0|dc100|fs-2|dh0|ec13|se12007|dr4|ds0|rs0|p1
        3⤵
        • Modifies Internet Explorer settings
        • Suspicious use of FindShellTrayWindow
        • Suspicious use of SetWindowsHookEx
        • Suspicious use of WriteProcessMemory
        PID:1076
        • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
          "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1076 CREDAT:275457 /prefetch:2
          4⤵
          • Modifies Internet Explorer settings
          • Suspicious use of SetWindowsHookEx
          PID:784

Network

        MITRE ATT&CK Enterprise v6

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA
          Filesize

          1KB

          MD5

          7ef66f502cb164d6d88fd779895d5e07

          SHA1

          75c68e887afe0041c18bc01dc36ae719db07a436

          SHA256

          084f8949af79ac48c5c245e4bbeea807949d1e8e182e7d0487227231fcd97a77

          SHA512

          419b6e5def7e1051af856ea4256235fa4f1bdbf001b54f1db9e59c44f7da8f9cfa8d63f77e35345ec6d5c3ab13de10094281d44f42a7e1fd9d92b3b68ac5ba9e

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\265C0DEB29181DD1891051371C5F863A_46F574BDF8F8E3AC29733131E4667BA4
          Filesize

          472B

          MD5

          03ad9fc0b00b5df3165dc2fb1e3b0a3e

          SHA1

          f8243335a8bc24d989bddd346048a055e1d0bdeb

          SHA256

          366b28d491f7fd632e31c1ce97f939555f7dcee14bb6875737ed2d3e96fa32ec

          SHA512

          a3cd8a001366e6c1b96d2b920d56e6efd34e9b69b9805e1a2b0c270346712e22420366f8bd18bbb1dd16fa60d481ad65b13385a66a3f1fa0d7aadaaa27b99796

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA
          Filesize

          724B

          MD5

          f569e1d183b84e8078dc456192127536

          SHA1

          30c537463eed902925300dd07a87d820a713753f

          SHA256

          287bc80237497eb8681dbf136a56cc3870dd5bd12d48051525a280ae62aab413

          SHA512

          49553b65a8e3fc0bf98c1bc02bae5b22188618d8edf8e88e4e25932105796956ae8301c63c487e0afe368ea39a4a2af07935a808f5fb53287ef9287bc73e1012

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357
          Filesize

          1KB

          MD5

          a266bb7dcc38a562631361bbf61dd11b

          SHA1

          3b1efd3a66ea28b16697394703a72ca340a05bd5

          SHA256

          df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e

          SHA512

          0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA
          Filesize

          410B

          MD5

          60ee2deec2d78e60ca4d346d2f989de0

          SHA1

          d84a625825b41446acb568ac6c590b153535251f

          SHA256

          c4c5226717c52ee10858a471404c555af544bc2e9700017fdbcba57bcb87f93d

          SHA512

          1f0f8d4a2224d78adbf6169b27391c28efd81b14560b604c2c5e76355d6e21f901b0672682c123bd00881b1f0f5caceb15e29c7b6c4d9e8a6f933e2fd525fd2c

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\265C0DEB29181DD1891051371C5F863A_46F574BDF8F8E3AC29733131E4667BA4
          Filesize

          402B

          MD5

          21a1330c1ceb026415015fdf68b2a638

          SHA1

          6ad0bfe5ee4e0673ed8657274f3087f42ae078a8

          SHA256

          9096a53cf25f93475bf61870e68b47dee5849c4c016a4d22a4dc03820df25bc5

          SHA512

          f9c5cc17a679d44541d952761f4ac8395c1ddb60135e93c6265ec78e9ded4d98ae5b7dfd352ed9886c2c885f5980e8cc65dff33b5c8d1ee21e9e06fcfc4a941a

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          344B

          MD5

          be5757de35d450e9e843cf72907601ef

          SHA1

          cbf0833ec7fe6d0e05457f0309d39007ab88c460

          SHA256

          2f28e7b0203fdad4731a4739e2b73c0e498a1e24cfaec6afbfa86ef8333340f6

          SHA512

          c7e0643a9ef2de51aeb52e13566d6d2828efc266e31eb45c76b2752f1e331bde4a23b19a18db4caf7ea5550c559adf0c5766b17f70ab1628caf30f012261a8e8

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA
          Filesize

          392B

          MD5

          8e3b21fef0664381a0fd5f1532addca8

          SHA1

          636d12c861c4a5d47bc5e6e240231b82c23ac707

          SHA256

          2a6fe04ecf1e69f0eb567a2ab9af373099f3a6843435c1a595c0f2c2020afd10

          SHA512

          4d7337c4fc4a6491a4184e266e4d9f6da2881071c5ecef55762f6e6c81da36f451034b567504782c76c8f8dd7c6be51528c67757bf3153a7fc347fa4954b4422

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357
          Filesize

          242B

          MD5

          8aa28f0178a56a47e9acc416658ec87f

          SHA1

          397cf6fe57a806cbfacfccf974a11f764d403745

          SHA256

          80ff44978079c74ccf9453d0daa1c10e0bccbb1b388f0c96cbee90581672ea84

          SHA512

          7d24c82b374d5e40a152e14b3cb4ad327986bec3105961ea27678147f57debc64421436efb2a7ea3fbf0a54f806ec688e9d2f21f6d1d0403e3e0bb069664d050

          Download Submit

        • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\8W26IUHG.txt
          Filesize

          608B

          MD5

          53bbafd4044def6d62d36a5de3ddbef9

          SHA1

          17f7100f1e4a7ce504534b772a279b182baaed39

          SHA256

          9cbede0a527342a492e5c56f1ab17d248cf152ab356bd66745801c2178b275a5

          SHA512

          17b4ef256e9e02fad2fd5ba546435e18654ce662202b3ae3174183310d5c7daa52b93af1ebdd6a316bb696bf91ad7c5d84ff6c78fa086ae6ce747af1d7429ac5

          Download Submit

        • memory/1444-54-0x0000000075D71000-0x0000000075D73000-memory.dmp

          Filesize

          8KB

          Download