Overview

overview

7

Static

static

c951235484...99.exe

windows7-x64

3

c951235484...99.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    144s
  • max time network
    151s
  • platform
    windows7_x64
  • resource
    win7-20220812-en
  • resource tags

    arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
  • submitted
    27-11-2022 12:25

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    c951235484d5d4e563bd8a3a0b7ee773e627770c2bdd15fed7c3007aacb39899.exe

  • Size

    143KB

  • MD5

    29b0ebd5011a29fdf0e0d9a4e6f53069

  • SHA1

    b7da31337cc801e9674f64e32c971fb3695b6c8f

  • SHA256

    c951235484d5d4e563bd8a3a0b7ee773e627770c2bdd15fed7c3007aacb39899

  • SHA512

    d4a67c41a946f4c2c51caa039ddd344ea873dfd287e2019be3fb2dc4ff9f933bd97f1e927444b82c746fd6c074541d8d7ec908ff10cc94142fc9c0f85a677348

  • SSDEEP

    3072:iN6ZekwVJIlgps5q9Eb648qwlS/+TfQO45DQ:pe9IB83ID5E

Score
3/10

Malware Config

Signatures

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

  • Modifies Internet Explorer settings 1 TTPs 36 IoCs
    adwarespyware
  • Suspicious use of FindShellTrayWindow 2 IoCs
  • Suspicious use of SendNotifyMessage 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 12 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\c951235484d5d4e563bd8a3a0b7ee773e627770c2bdd15fed7c3007aacb39899.exe
    "C:\Users\Admin\AppData\Local\Temp\c951235484d5d4e563bd8a3a0b7ee773e627770c2bdd15fed7c3007aacb39899.exe"
    1⤵
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    • Suspicious use of WriteProcessMemory
    PID:1672
    • C:\Windows\SysWOW64\cmd.exe
      "C:\Windows\System32\cmd.exe" /c "start http://securedfileinfo.com/404.jsp?chid=5300108^&rsn=plde^&details=^|v6.1.7601x64sp1.0ws^|tt35^|dt0^|dc100^|fs-2^|dh0^|ec13^|se12007^|dr4^|ds0^|rs0^|p1"
      2⤵
      • Suspicious use of WriteProcessMemory
      PID:680
      • C:\Program Files\Internet Explorer\iexplore.exe
        "C:\Program Files\Internet Explorer\iexplore.exe" http://securedfileinfo.com/404.jsp?chid=5300108&rsn=plde&details=|v6.1.7601x64sp1.0ws|tt35|dt0|dc100|fs-2|dh0|ec13|se12007|dr4|ds0|rs0|p1
        3⤵
        • Modifies Internet Explorer settings
        • Suspicious use of FindShellTrayWindow
        • Suspicious use of SetWindowsHookEx
        • Suspicious use of WriteProcessMemory
        PID:1748
        • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
          "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1748 CREDAT:275457 /prefetch:2
          4⤵
          • Modifies Internet Explorer settings
          • Suspicious use of SetWindowsHookEx
          PID:1796

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA
    Filesize

    1KB

    MD5

    7ef66f502cb164d6d88fd779895d5e07

    SHA1

    75c68e887afe0041c18bc01dc36ae719db07a436

    SHA256

    084f8949af79ac48c5c245e4bbeea807949d1e8e182e7d0487227231fcd97a77

    SHA512

    419b6e5def7e1051af856ea4256235fa4f1bdbf001b54f1db9e59c44f7da8f9cfa8d63f77e35345ec6d5c3ab13de10094281d44f42a7e1fd9d92b3b68ac5ba9e

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\265C0DEB29181DD1891051371C5F863A_46F574BDF8F8E3AC29733131E4667BA4
    Filesize

    472B

    MD5

    03ad9fc0b00b5df3165dc2fb1e3b0a3e

    SHA1

    f8243335a8bc24d989bddd346048a055e1d0bdeb

    SHA256

    366b28d491f7fd632e31c1ce97f939555f7dcee14bb6875737ed2d3e96fa32ec

    SHA512

    a3cd8a001366e6c1b96d2b920d56e6efd34e9b69b9805e1a2b0c270346712e22420366f8bd18bbb1dd16fa60d481ad65b13385a66a3f1fa0d7aadaaa27b99796

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA
    Filesize

    724B

    MD5

    f569e1d183b84e8078dc456192127536

    SHA1

    30c537463eed902925300dd07a87d820a713753f

    SHA256

    287bc80237497eb8681dbf136a56cc3870dd5bd12d48051525a280ae62aab413

    SHA512

    49553b65a8e3fc0bf98c1bc02bae5b22188618d8edf8e88e4e25932105796956ae8301c63c487e0afe368ea39a4a2af07935a808f5fb53287ef9287bc73e1012

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357
    Filesize

    1KB

    MD5

    a266bb7dcc38a562631361bbf61dd11b

    SHA1

    3b1efd3a66ea28b16697394703a72ca340a05bd5

    SHA256

    df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e

    SHA512

    0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA
    Filesize

    410B

    MD5

    25688da35c4b709b237e4f1ed1f1869c

    SHA1

    3ea09f0154ab97b48d3ce123596965821fe90ef1

    SHA256

    af67ef98ac8d5f47d618648ae6e17d060a382721e50efb223f164cba1b2c3015

    SHA512

    9bbe8ba14974c26fa5c6401680476f5da368ba43d8b4709127049485803f58ac0694e895e2540eb9b31d2b856dccec78a62d8efe3b89cd0fde81310ec5a8c57b

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\265C0DEB29181DD1891051371C5F863A_46F574BDF8F8E3AC29733131E4667BA4
    Filesize

    402B

    MD5

    e90af39e148323c7dd7bc9fcc2e3876b

    SHA1

    0c09f2374b1840dbf95d301f65819086a8fce22c

    SHA256

    97c6e6f9983be21a5419406554abf365dc760669c7e628fc50e347b3ad1095a5

    SHA512

    e5aa49017e0beed54d7acbf30790ea04972598f8e59797804b5bb52db6b515e55329c0bae0cbb8cef313c10bac3676101ac241dc8acaafdaf715582e1a829f84

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    340B

    MD5

    53db95cf076bd769fd6ad50ace8f8d23

    SHA1

    3f2d3e1c959d36d7ca1c2c612a4cdd06e086c1fc

    SHA256

    ba663af35bfe32709c8beaf53b51bc7f148463d5cad5a72d4f9ee9f58373b17f

    SHA512

    b6f2dc0d6f5d6b2f6e900891b0da849dd6b1b2adbb57d962255f3df02fab99d0095c1f5bb3a5ae98153bad7e471e4732635b5003b995820063853ebb6ca80880

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA
    Filesize

    392B

    MD5

    371c9f7ee5e8316e0df0918b11c03825

    SHA1

    5c170a802f70b3282fe2d729df2d18b7c83f2cbd

    SHA256

    2fa9ba9addc6573f4655a1e05a7977c912a98864fee892cf108f55adde7f47bb

    SHA512

    0d35a9a7ce64af62024e2be140370aa887adddcf42e9fb7eff0186d4deff857440f49540f45ff83b97c00220eb1de134303f4d9101330a190586295eb0179707

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357
    Filesize

    242B

    MD5

    370da7f41648ea50f1aea4db48cb14a1

    SHA1

    8c751b6d4ba92b2abaeb4f51d24467db86debeea

    SHA256

    12c6286bc443cbf62cedf8fa321675fc553f76b6b6732c1619032cc9f2635c93

    SHA512

    5041fa73156a6b36c2a1fa202ac348880822989abca00c4e1b8f3f536027fb54a2e47f299299808b40291b4deeed677cdd670a2b3bb086f015430e440391010a

    Download Submit

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\EUAV5B6M.txt
    Filesize

    601B

    MD5

    16c4cfce7142471a2b44f0d30b9a5fc7

    SHA1

    f9dbb0b1e92f7bf57c08ff6e0942e4fc2c3d5b05

    SHA256

    42ce3011a4233c66f9f8887e3a6bf81576181fed8e036f9cd2c9cbbeff6bc28c

    SHA512

    b895b46e7af361d1969e6a887ffcd442ff30fa4d15b72fb4bab7743d39b4c91bb5afb73bb5f8572552a0a2135deef9937a729879fbac44a5a6579c3248f6cea4

    Download Submit

  • memory/680-55-0x0000000000000000-mapping.dmp

    Download

  • memory/1672-54-0x0000000075BD1000-0x0000000075BD3000-memory.dmp

    Filesize

    8KB

    Download