Overview

overview

7

Static

static

d05d40d4ad...74.exe

windows7-x64

3

d05d40d4ad...74.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    135s
  • max time network
    188s
  • platform
    windows7_x64
  • resource
    win7-20221111-en
  • resource tags

    arch:x64arch:x86image:win7-20221111-enlocale:en-usos:windows7-x64system
  • submitted
    27/11/2022, 14:25

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    d05d40d4adfa08e5d86a387e00caf68e3be99c5e06de6ef47627b6b97ae12974.exe

  • Size

    143KB

  • MD5

    c348ad12b81d8243808a66d09a9bd466

  • SHA1

    40dcbb53423b72ce6de3f26ebcac6c714791cd1a

  • SHA256

    d05d40d4adfa08e5d86a387e00caf68e3be99c5e06de6ef47627b6b97ae12974

  • SHA512

    996921fa83ad612615afb92894a0eeb385be0f0d9a8e1175517d6fffc526ecd7c682e17893a2a89b0e33657b5ff4b5807cf8f90e2384dab3ef419bf8a55c54e7

  • SSDEEP

    3072:iN6ZekwVJIlgps5q9Eb648qwlS/+TfQO45DQ:pe9IB83ID58

Score
3/10

Malware Config

Signatures

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

  • Modifies Internet Explorer settings 1 TTPs 33 IoCs
    adwarespyware
  • Suspicious use of FindShellTrayWindow 2 IoCs
  • Suspicious use of SendNotifyMessage 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 12 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\d05d40d4adfa08e5d86a387e00caf68e3be99c5e06de6ef47627b6b97ae12974.exe
    "C:\Users\Admin\AppData\Local\Temp\d05d40d4adfa08e5d86a387e00caf68e3be99c5e06de6ef47627b6b97ae12974.exe"
    1⤵
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    • Suspicious use of WriteProcessMemory
    PID:908
    • C:\Windows\SysWOW64\cmd.exe
      "C:\Windows\System32\cmd.exe" /c "start http://securedfileinfo.com/404.jsp?chid=4300109^&rsn=plde^&details=^|v6.1.7601x64sp1.0ws^|tt35^|dt0^|dc100^|fs-2^|dh0^|ec13^|se12007^|dr4^|ds0^|rs0^|p1"
      2⤵
      • Suspicious use of WriteProcessMemory
      PID:1288
      • C:\Program Files\Internet Explorer\iexplore.exe
        "C:\Program Files\Internet Explorer\iexplore.exe" http://securedfileinfo.com/404.jsp?chid=4300109&rsn=plde&details=|v6.1.7601x64sp1.0ws|tt35|dt0|dc100|fs-2|dh0|ec13|se12007|dr4|ds0|rs0|p1
        3⤵
        • Modifies Internet Explorer settings
        • Suspicious use of FindShellTrayWindow
        • Suspicious use of SetWindowsHookEx
        • Suspicious use of WriteProcessMemory
        PID:1336
        • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
          "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1336 CREDAT:275457 /prefetch:2
          4⤵
          • Modifies Internet Explorer settings
          • Suspicious use of SetWindowsHookEx
          PID:1644

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA
    Filesize

    1KB

    MD5

    7ef66f502cb164d6d88fd779895d5e07

    SHA1

    75c68e887afe0041c18bc01dc36ae719db07a436

    SHA256

    084f8949af79ac48c5c245e4bbeea807949d1e8e182e7d0487227231fcd97a77

    SHA512

    419b6e5def7e1051af856ea4256235fa4f1bdbf001b54f1db9e59c44f7da8f9cfa8d63f77e35345ec6d5c3ab13de10094281d44f42a7e1fd9d92b3b68ac5ba9e

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\265C0DEB29181DD1891051371C5F863A_46F574BDF8F8E3AC29733131E4667BA4
    Filesize

    472B

    MD5

    03ad9fc0b00b5df3165dc2fb1e3b0a3e

    SHA1

    f8243335a8bc24d989bddd346048a055e1d0bdeb

    SHA256

    366b28d491f7fd632e31c1ce97f939555f7dcee14bb6875737ed2d3e96fa32ec

    SHA512

    a3cd8a001366e6c1b96d2b920d56e6efd34e9b69b9805e1a2b0c270346712e22420366f8bd18bbb1dd16fa60d481ad65b13385a66a3f1fa0d7aadaaa27b99796

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA
    Filesize

    724B

    MD5

    f569e1d183b84e8078dc456192127536

    SHA1

    30c537463eed902925300dd07a87d820a713753f

    SHA256

    287bc80237497eb8681dbf136a56cc3870dd5bd12d48051525a280ae62aab413

    SHA512

    49553b65a8e3fc0bf98c1bc02bae5b22188618d8edf8e88e4e25932105796956ae8301c63c487e0afe368ea39a4a2af07935a808f5fb53287ef9287bc73e1012

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA
    Filesize

    410B

    MD5

    6695130aaab663affdf6a80adbf98ba3

    SHA1

    9bb20465ab3bb4aaf648a3dec4e6e8d9fc2cc210

    SHA256

    8dfef71e8e17a5cd2cc4f6ae24a8c708097b188ee4215ec8265c7885b35972fe

    SHA512

    0d250c58cc27e7cddc718ddd320aeccdd26d5250af3b1bc26aa6c0a2a3929494340f25c0b798a4e59ad0de36df7bc6beda85636bfa309723bc34314c4e88c430

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\265C0DEB29181DD1891051371C5F863A_46F574BDF8F8E3AC29733131E4667BA4
    Filesize

    402B

    MD5

    b41545967ac7069e7a04e9a1efadec8b

    SHA1

    075b46139137806b2c89f26675d91361adeb4147

    SHA256

    a99b82c6912e90e1758f70c151a0776ca376344db8e3c142deac623cbf6c8954

    SHA512

    3c963ee4c87f67f3748a6481a1160b279081e2c88d6178173755643a4b76d201828905e20955914f1da06a249d5cda83e57a09c31e9c68150657047d9a601917

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    0d92eecbdd0408891e60acc51a08bbfc

    SHA1

    ccc792ee1b265e2766be91ca6cde8f9f04c07e3a

    SHA256

    e37ea9a946e71029601d768269a2960b515bde6806e4dfc8a1d490ffef744fea

    SHA512

    383259491b8f8fe953b9f0c79cb6b9edf224244b473cfced6c89e8d2d89977f8e8067799e6cdd205ba797c97571e6c1196720609650c8a6c675dcec0f42602fc

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA
    Filesize

    392B

    MD5

    4653743454ebcede7098a730f3129939

    SHA1

    7195e7c48fb2edf839a85bfeb7e11fe58166c3f6

    SHA256

    e2857638c87d4019a52f4dd5008aed4bbbb2b9ad934e8e4e07fd2e610235bb22

    SHA512

    8dc21d380912c1bf0a0cb823487f6298dd48d76e6a097aa31352f183616367891a1a11e04de312758b3e71bd5efa93630977c2847633dd266f0dec78819e66cf

    Download Submit

  • memory/908-54-0x0000000075C81000-0x0000000075C83000-memory.dmp

    Filesize

    8KB

    Download