Analysis
-
max time kernel
146s -
max time network
157s -
platform
windows10-2004_x64 -
resource
win10v2004-20220812-en -
resource tags
-
submitted
27/11/2022, 13:03
General
-
Target
c557e0f4279607b754e51d37afff4e688a912d1570c3c2411075599c982835e8.exe
-
Size
1.2MB
-
MD5
3d244ea7488701bf8be114b5189598fa
-
SHA1
f4224305b9e49669d83e27febeec4d3a98233695
-
SHA256
c557e0f4279607b754e51d37afff4e688a912d1570c3c2411075599c982835e8
-
SHA512
c4cd0fbcca9b477c052c3d85b46dfa889856b69a2c30c7a7f4ae68b7ceb0b9f7019cd182850dea2cc4b0000bd8f7a7a1b97b223702a623787b93ebde2600ea2c
-
SSDEEP
24576:iT/OrbQykadNZcUVarLHGo1lDAtoiCK6kTVR8SavCc/SnbYqBeWTn10Qj4ce:iTKbPkDEmLm0EtoDQ8S6CuqBeGnavce
Malware Config
Signatures
-
UPX packed file 26 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Checks BIOS information in registry 2 TTPs 1 IoCs
BIOS information is often read in order to detect sandboxing environments.
-
Checks computer location settings 2 TTPs 1 IoCs
Looks up country code configured in the registry, likely geofence.
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.
-
Modifies Internet Explorer settings 1 TTPs 35 IoCs
-
Suspicious behavior: LoadsDriver 1 IoCs
-
Suspicious use of FindShellTrayWindow 1 IoCs
-
Suspicious use of SetWindowsHookEx 9 IoCs
-
Suspicious use of WriteProcessMemory 5 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\c557e0f4279607b754e51d37afff4e688a912d1570c3c2411075599c982835e8.exe"C:\Users\Admin\AppData\Local\Temp\c557e0f4279607b754e51d37afff4e688a912d1570c3c2411075599c982835e8.exe"1⤵
- Checks BIOS information in registry
- Checks computer location settings
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe" http://www.x5ace.com2⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:4820 CREDAT:17410 /prefetch:23⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
-
-
Network
MITRE ATT&CK Enterprise v6
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
471B
MD53bc8595d0a469edc8b7a071a3befe724
SHA1f7e4b53b01d31626ab7965b267fea4457d798a91
SHA25633c4b30d18fa3eeeed676831973cf8dd8c9a9145e7edcb689efeec0647d685d4
SHA5124969ab6d2239a94d1dfb6105d9a329588ad0e3366ab4af874e033b853adfcadf808eced3466823136221e110accd2bcd5b25b0474b11947aab510f0b92d397d8
-
Filesize
434B
MD5691fad95320d1fa115732875846f84c1
SHA1e6db4364f03418c76b235cf560e13b55770b6a0a
SHA25647773264cfbcd5e8fb5723bf63f3ac4024f3113a2b74308c873abb21ba7f7598
SHA512c12b8cf7cd3c801392037d992675f500902c8a1dd8a46e6d587b23dff774ef8a5ef9275c78e2641b4166c3289cbad61e8ce6b02a4da0d9ce6b21be68da9bfe90
-
Filesize
244KB
-
Filesize
244KB
-
Filesize
1.6MB
-
Filesize
1.6MB
-
Filesize
1.6MB
-
Filesize
244KB
-
Filesize
244KB
-
Filesize
244KB
-
Filesize
244KB
-
Filesize
244KB
-
Filesize
244KB
-
Filesize
244KB
-
Filesize
244KB
-
Filesize
244KB
-
Filesize
244KB
-
Filesize
244KB
-
Filesize
1.6MB
-
Filesize
1.6MB
-
Filesize
244KB
-
Filesize
244KB
-
Filesize
244KB
-
Filesize
244KB
-
Filesize
244KB
-
Filesize
244KB
-
Filesize
244KB
-
Filesize
244KB
-
Filesize
244KB
-
Filesize
244KB
-
Filesize
244KB
-
Filesize
244KB
-
Filesize
244KB
-
Filesize
1.6MB
-
Filesize
1.6MB
-
Filesize
1.6MB
-
Filesize
1.6MB