Overview

overview

7

Static

static

e0fb875547...d0.exe

windows7-x64

3

e0fb875547...d0.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    215s
  • max time network
    298s
  • platform
    windows7_x64
  • resource
    win7-20221111-en
  • resource tags

    arch:x64arch:x86image:win7-20221111-enlocale:en-usos:windows7-x64system
  • submitted
    27/11/2022, 14:47

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    e0fb875547d699fc6725e213656a357ac22856b97740eba29fe2a9d8108327d0.exe

  • Size

    143KB

  • MD5

    7b6159c7656f44b31b99331d0d6de50e

  • SHA1

    8120da89e2453845c27bca94ed1706556f0e3c27

  • SHA256

    e0fb875547d699fc6725e213656a357ac22856b97740eba29fe2a9d8108327d0

  • SHA512

    d2605a00936816cb4dbcfc60ef4014cd7b8c061a2e8ac369f5e986c075af13416764b0519a3e3038e20954bf736e3e2c6c34a9ade2ba2a28da50d0a2aa2d304c

  • SSDEEP

    3072:iN6ZekwVJIlgps5q9Eb648qwlS/+TfQO45DxqU/:pe9IB83ID5F3/

Score
3/10

Malware Config

Signatures

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

  • Modifies Internet Explorer settings 1 TTPs 33 IoCs
    adwarespyware
  • Suspicious use of FindShellTrayWindow 2 IoCs
  • Suspicious use of SendNotifyMessage 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 12 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\e0fb875547d699fc6725e213656a357ac22856b97740eba29fe2a9d8108327d0.exe
    "C:\Users\Admin\AppData\Local\Temp\e0fb875547d699fc6725e213656a357ac22856b97740eba29fe2a9d8108327d0.exe"
    1⤵
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    • Suspicious use of WriteProcessMemory
    PID:1944
    • C:\Windows\SysWOW64\cmd.exe
      "C:\Windows\System32\cmd.exe" /c "start http://securedfileinfo.com/404.jsp?chid=5301121^&rsn=plde^&details=^|v6.1.7601x64sp1.0ws^|tt35^|dt0^|dc100^|fs-2^|dh0^|ec13^|se12007^|dr4^|ds0^|rs0^|p1"
      2⤵
      • Suspicious use of WriteProcessMemory
      PID:2032
      • C:\Program Files\Internet Explorer\iexplore.exe
        "C:\Program Files\Internet Explorer\iexplore.exe" http://securedfileinfo.com/404.jsp?chid=5301121&rsn=plde&details=|v6.1.7601x64sp1.0ws|tt35|dt0|dc100|fs-2|dh0|ec13|se12007|dr4|ds0|rs0|p1
        3⤵
        • Modifies Internet Explorer settings
        • Suspicious use of FindShellTrayWindow
        • Suspicious use of SetWindowsHookEx
        • Suspicious use of WriteProcessMemory
        PID:1880
        • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
          "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1880 CREDAT:275457 /prefetch:2
          4⤵
          • Modifies Internet Explorer settings
          • Suspicious use of SetWindowsHookEx
          PID:896

Network

        MITRE ATT&CK Enterprise v6

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA
          Filesize

          1KB

          MD5

          7ef66f502cb164d6d88fd779895d5e07

          SHA1

          75c68e887afe0041c18bc01dc36ae719db07a436

          SHA256

          084f8949af79ac48c5c245e4bbeea807949d1e8e182e7d0487227231fcd97a77

          SHA512

          419b6e5def7e1051af856ea4256235fa4f1bdbf001b54f1db9e59c44f7da8f9cfa8d63f77e35345ec6d5c3ab13de10094281d44f42a7e1fd9d92b3b68ac5ba9e

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\265C0DEB29181DD1891051371C5F863A_46F574BDF8F8E3AC29733131E4667BA4
          Filesize

          472B

          MD5

          03ad9fc0b00b5df3165dc2fb1e3b0a3e

          SHA1

          f8243335a8bc24d989bddd346048a055e1d0bdeb

          SHA256

          366b28d491f7fd632e31c1ce97f939555f7dcee14bb6875737ed2d3e96fa32ec

          SHA512

          a3cd8a001366e6c1b96d2b920d56e6efd34e9b69b9805e1a2b0c270346712e22420366f8bd18bbb1dd16fa60d481ad65b13385a66a3f1fa0d7aadaaa27b99796

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA
          Filesize

          724B

          MD5

          f569e1d183b84e8078dc456192127536

          SHA1

          30c537463eed902925300dd07a87d820a713753f

          SHA256

          287bc80237497eb8681dbf136a56cc3870dd5bd12d48051525a280ae62aab413

          SHA512

          49553b65a8e3fc0bf98c1bc02bae5b22188618d8edf8e88e4e25932105796956ae8301c63c487e0afe368ea39a4a2af07935a808f5fb53287ef9287bc73e1012

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA
          Filesize

          410B

          MD5

          50d93b1e14d0a8c1f7031efa25d9e0ce

          SHA1

          587cf2ff3126c9103007cc3cacaf7331646d6a9c

          SHA256

          090bc33b9278050e5c828d5d3dafc3f521b7cced285567e86e3a02e0a7ddee6f

          SHA512

          2c812536de805e1aa534ab7142b89a8789525ea94e66a5128fc3e2d4c32063252396f84a2e7e4d0de743d9facae427af205c11b9905c17fc376e96fd36207b11

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\265C0DEB29181DD1891051371C5F863A_46F574BDF8F8E3AC29733131E4667BA4
          Filesize

          402B

          MD5

          3700f0b48a95f764cf6c1f8bb8f69305

          SHA1

          da591ed6a423e42c6131794aeefd01b5a1f7bfbd

          SHA256

          19131e3c9b82b33d0534a392e6c409b48b02800cb046a3ff38ec02ebf51d53fb

          SHA512

          cbd3fa2f1459706703fd458f901594b9c0d09322355684b0c461ce0dcaed3bfdb5ebeb09a7d81f5c2a76a5934f40b0f2a41b0cb7757f93064284e8f59bcf39b6

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          342B

          MD5

          be61330c5d3c91d814e0f601e68dcfbc

          SHA1

          8b3f1463db7aec5448ec6661713901580d9da72e

          SHA256

          e4309dbfd0dc1cceab52e4a9cea5fa695277384f8eafce4781b9bbdd98174d63

          SHA512

          cf1bcdbb0f1d70486048f6d104d93cf2650e1a1d0712acea8ed94c971d3daf894d7fe69517aa5defef8dcc25eebe10863826dfc620b9c3f9a047618388399d8b

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA
          Filesize

          392B

          MD5

          85443048c925e8cff56131fb2fee2f03

          SHA1

          97215a7ed47f9c0e404854d8105cc5e8500e79ac

          SHA256

          4e3797884b4bc47f6c3e65c3ffb11a09109a2236549f8076b261ec29406ba26c

          SHA512

          c3f140cf3b951f68521f253caec0fdb7e1895d8d2667f28b35ad6e203a9986c3077d9d78fc8d940e5e4af99bdbb0f0f0f1fec666b80c59ca96e3c35ea42832ce

          Download Submit

        • memory/1944-54-0x0000000075671000-0x0000000075673000-memory.dmp

          Filesize

          8KB

          Download