Overview

overview

7

Static

static

4d77d97402...0d.exe

windows7-x64

3

4d77d97402...0d.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    147s
  • max time network
    151s
  • platform
    windows7_x64
  • resource
    win7-20220812-en
  • resource tags

    arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
  • submitted
    27-11-2022 13:46

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    4d77d974027014dc8e98e4fdd0ccf9fb1de1ada14c9a6d137584cfc61814450d.exe

  • Size

    143KB

  • MD5

    d1302379f2222a6f65f1aa6fdb072ace

  • SHA1

    59b35b0099d1dee00ebab458e737ee011e7276bf

  • SHA256

    4d77d974027014dc8e98e4fdd0ccf9fb1de1ada14c9a6d137584cfc61814450d

  • SHA512

    2550d6eced93096f4ddd444dc59b60f2c873c57ab64cd21797fd03cecb1acb119048f6e7415a6be3ca65a940cc671b8e40053ee5396bbf609bb9911493599cb3

  • SSDEEP

    3072:iN6ZekwVJIlgps5q9Eb648qwlS/+TfQO45DEv:pe9IB83ID5y

Score
3/10

Malware Config

Signatures

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

  • Modifies Internet Explorer settings 1 TTPs 36 IoCs
    adwarespyware
  • Suspicious use of FindShellTrayWindow 2 IoCs
  • Suspicious use of SendNotifyMessage 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 12 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\4d77d974027014dc8e98e4fdd0ccf9fb1de1ada14c9a6d137584cfc61814450d.exe
    "C:\Users\Admin\AppData\Local\Temp\4d77d974027014dc8e98e4fdd0ccf9fb1de1ada14c9a6d137584cfc61814450d.exe"
    1⤵
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    • Suspicious use of WriteProcessMemory
    PID:1340
    • C:\Windows\SysWOW64\cmd.exe
      "C:\Windows\System32\cmd.exe" /c "start http://securedfileinfo.com/404.jsp?chid=5300108^&rsn=plde^&details=^|v6.1.7601x64sp1.0ws^|tt35^|dt0^|dc100^|fs-2^|dh0^|ec13^|se12007^|dr4^|ds0^|rs0^|p1"
      2⤵
      • Suspicious use of WriteProcessMemory
      PID:1008
      • C:\Program Files\Internet Explorer\iexplore.exe
        "C:\Program Files\Internet Explorer\iexplore.exe" http://securedfileinfo.com/404.jsp?chid=5300108&rsn=plde&details=|v6.1.7601x64sp1.0ws|tt35|dt0|dc100|fs-2|dh0|ec13|se12007|dr4|ds0|rs0|p1
        3⤵
        • Modifies Internet Explorer settings
        • Suspicious use of FindShellTrayWindow
        • Suspicious use of SetWindowsHookEx
        • Suspicious use of WriteProcessMemory
        PID:1940
        • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
          "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1940 CREDAT:275457 /prefetch:2
          4⤵
          • Modifies Internet Explorer settings
          • Suspicious use of SetWindowsHookEx
          PID:816

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA
    Filesize

    1KB

    MD5

    7ef66f502cb164d6d88fd779895d5e07

    SHA1

    75c68e887afe0041c18bc01dc36ae719db07a436

    SHA256

    084f8949af79ac48c5c245e4bbeea807949d1e8e182e7d0487227231fcd97a77

    SHA512

    419b6e5def7e1051af856ea4256235fa4f1bdbf001b54f1db9e59c44f7da8f9cfa8d63f77e35345ec6d5c3ab13de10094281d44f42a7e1fd9d92b3b68ac5ba9e

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\265C0DEB29181DD1891051371C5F863A_46F574BDF8F8E3AC29733131E4667BA4
    Filesize

    472B

    MD5

    03ad9fc0b00b5df3165dc2fb1e3b0a3e

    SHA1

    f8243335a8bc24d989bddd346048a055e1d0bdeb

    SHA256

    366b28d491f7fd632e31c1ce97f939555f7dcee14bb6875737ed2d3e96fa32ec

    SHA512

    a3cd8a001366e6c1b96d2b920d56e6efd34e9b69b9805e1a2b0c270346712e22420366f8bd18bbb1dd16fa60d481ad65b13385a66a3f1fa0d7aadaaa27b99796

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA
    Filesize

    724B

    MD5

    f569e1d183b84e8078dc456192127536

    SHA1

    30c537463eed902925300dd07a87d820a713753f

    SHA256

    287bc80237497eb8681dbf136a56cc3870dd5bd12d48051525a280ae62aab413

    SHA512

    49553b65a8e3fc0bf98c1bc02bae5b22188618d8edf8e88e4e25932105796956ae8301c63c487e0afe368ea39a4a2af07935a808f5fb53287ef9287bc73e1012

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357
    Filesize

    1KB

    MD5

    a266bb7dcc38a562631361bbf61dd11b

    SHA1

    3b1efd3a66ea28b16697394703a72ca340a05bd5

    SHA256

    df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e

    SHA512

    0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA
    Filesize

    410B

    MD5

    fd4958adb7234a82d4d59885529ad925

    SHA1

    d2c91e7e48dd9c9bafc769f2576ef938a64aca58

    SHA256

    73cb1d8a16c222b4d12979122c1724b616b52cd4347fcf93f628768b99cfbf6b

    SHA512

    843c71952c043bdb82886076b369ec4f7b89ce50f4e7b13a24e8d93111e0877492c8b24a7e155a78aae98fb1c92b338b1e6afe4ffab5e8c37e8500b2aa01c404

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\265C0DEB29181DD1891051371C5F863A_46F574BDF8F8E3AC29733131E4667BA4
    Filesize

    402B

    MD5

    9546ea8258adccaf64eb2765d118a430

    SHA1

    dea17ce2e78b8e131ed697a45e7dded38d050ce8

    SHA256

    08ec091f208b65a32c5118628106e10be0354fc558c5817d43c482a92963e3d9

    SHA512

    82c600f6ccc4768d694b4834a09a7b7e5d533e855aa2f0d00cd6c848d20843bd39e8a016e96b9e7ffe52444574fcdaf3b289afb6a5b2f045aa8769313494e5e6

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    340B

    MD5

    6ecbb1ffec1ace17dbc05b101bcdcb1d

    SHA1

    f4a87f714c9c1c75f2ae7aa352d287247ae42a63

    SHA256

    63cbc999dacbb5c6c1f11e032a4a7d8300306e9eaba55661a2efb2400bc58569

    SHA512

    55e32d942831f8d790ca79dfdbc62de59fe64f5ee4757adb9907a3a317f3a591e90443aa16255a7792fe46cf3da6377a26714ba0c2024b3e430587b89e30b30c

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA
    Filesize

    392B

    MD5

    b514450600a02be2ee4bfe617712ed00

    SHA1

    beea4cb5e7ef743e58f5a920e6414f35ef811ced

    SHA256

    010637f1a4e49374861d76485f7f6a6e4706f063a04212b3fafe19116233f576

    SHA512

    8a872eb6aa63a69ce009c2dc716d9aca2c63ac439114b84bbf03bde604570f2d99b1effb58c90ecfca261665f3617cbc60a808511d6850d0b839c1e27fdb4ea4

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357
    Filesize

    242B

    MD5

    58c777c9de4c8dfebfa85ae9380f993b

    SHA1

    40dae576ccf03d0ad8b8159dc0068ebacf2eb46a

    SHA256

    3961a013b77ae89e592f1b4a3e6f6a32dff46dac3e3dc6f783bb339341d7f4b0

    SHA512

    65c3066115495f0225a74a3a73910276a12339532e21ca807ad1ce8c7917c184bff88ff211fcdc0f0736cd458e8c58f2c2e1dcc80d6e2e48e58b49a3a981ebcc

    Download Submit

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\KKRHB594.txt
    Filesize

    608B

    MD5

    1ed8ebbbe885b62d7aee96c5b6e21de3

    SHA1

    18469d29ed88af14faff411c40c2c18ec2da4969

    SHA256

    de3f173c36dd2043f1a0e86839767e5e8fc2b568b8755a6ef9967b9b28ea1c39

    SHA512

    998c54a120fd3b31b890132ad5d022d491ba63cd66165cab6a77e1743b20c827b2e2252f47321636f05a421b958431a94716fa34c858c0c4d19b2aba99d5e33b

    Download Submit

  • memory/1340-54-0x0000000076411000-0x0000000076413000-memory.dmp

    Filesize

    8KB

    Download