Overview

overview

8

Static

static

8

9f67d9eaea...c1.exe

windows7-x64

8

9f67d9eaea...c1.exe

windows10-2004-x64

8

Analysis

  • max time kernel
    144s
  • max time network
    150s
  • platform
    windows7_x64
  • resource
    win7-20221111-en
  • resource tags

    arch:x64arch:x86image:win7-20221111-enlocale:en-usos:windows7-x64system
  • submitted
    27-11-2022 14:35

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    9f67d9eaeab4c37e3b26473a1044f568a749b25781e6451f09c92222a2f097c1.exe

  • Size

    3.1MB

  • MD5

    ee7cd6500547062ba7e44a95ecc7c226

  • SHA1

    b7d4ef0ee7efa1877e6f82f2a291100834f4a9a1

  • SHA256

    9f67d9eaeab4c37e3b26473a1044f568a749b25781e6451f09c92222a2f097c1

  • SHA512

    a451f088d42e40c1b565401cfef578862fbdfcb30c81f9e232ce05a91d6b2ad5b2a332ff01bf1f93315c8ab7f32d9b551faab71399cba359e9106947f6282285

  • SSDEEP

    98304:+arow/oQObn2xC7ldGz5in+9yQBd0d8XPuf:++A5r2xMbGz5i+IQBydguf

Score
8/10
vmprotect

Malware Config

Signatures

  • VMProtect packed file 4 IoCs

    Detects executables packed with VMProtect commercial packer.

    vmprotect
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

  • Modifies Internet Explorer settings 1 TTPs 48 IoCs
    adwarespyware
  • Suspicious behavior: EnumeratesProcesses 28 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 14 IoCs
  • Suspicious use of WriteProcessMemory 20 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\9f67d9eaeab4c37e3b26473a1044f568a749b25781e6451f09c92222a2f097c1.exe
    "C:\Users\Admin\AppData\Local\Temp\9f67d9eaeab4c37e3b26473a1044f568a749b25781e6451f09c92222a2f097c1.exe"
    1⤵
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:1796
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" http://зябука.рф/
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:1500
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1500 CREDAT:275457 /prefetch:2
        3⤵
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:772
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1500 CREDAT:275475 /prefetch:2
        3⤵
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:1572
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1500 CREDAT:406543 /prefetch:2
        3⤵
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:1288
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1500 CREDAT:537605 /prefetch:2
        3⤵
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:1056

Network

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

System Information Discovery

1
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    779d80acbf83f8de5f2fa0f37b6064e2

    SHA1

    21d1cea68281dbb1a0317da42bdf829bb2b3e731

    SHA256

    5ceaccd6fb6854ca22cbccca7922ea1f585684cfeec24af3572ea26f2a1d38fe

    SHA512

    cb3519a9ee80d5d21fdd78ea6b27c056af8ae7114c5e08dc5209ab18363a3ebc26d02c0bf2e84325741c1c3b300fc1e5fa57e3d97bc03d5ce067369d11adf593

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    d019824dfd432f08e05a5e604dd3e5de

    SHA1

    31983ec53564df1530a1bee06b1ce77a4eb261d5

    SHA256

    dace36233c4ca870e5543c318fad9bd4d36e6a8473b8d39ec3e888bea231a5f6

    SHA512

    56adca0395a7b853bbb9ec7d284d77992dbdf318a4c4e0920e01ce7f9e1c8c4401203951810445d09a54e00c7c716324aae5fb65a519c7251daa3a498bbd61b4

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    d019824dfd432f08e05a5e604dd3e5de

    SHA1

    31983ec53564df1530a1bee06b1ce77a4eb261d5

    SHA256

    dace36233c4ca870e5543c318fad9bd4d36e6a8473b8d39ec3e888bea231a5f6

    SHA512

    56adca0395a7b853bbb9ec7d284d77992dbdf318a4c4e0920e01ce7f9e1c8c4401203951810445d09a54e00c7c716324aae5fb65a519c7251daa3a498bbd61b4

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    d019824dfd432f08e05a5e604dd3e5de

    SHA1

    31983ec53564df1530a1bee06b1ce77a4eb261d5

    SHA256

    dace36233c4ca870e5543c318fad9bd4d36e6a8473b8d39ec3e888bea231a5f6

    SHA512

    56adca0395a7b853bbb9ec7d284d77992dbdf318a4c4e0920e01ce7f9e1c8c4401203951810445d09a54e00c7c716324aae5fb65a519c7251daa3a498bbd61b4

    Download Submit
  • C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\imagestore\try74lz\imagestore.dat
    Filesize

    4KB

    MD5

    a4824ca9cc8349d4e6bdd7ecc9383b56

    SHA1

    e987822d1cc949941f8073aec4955913d0ef8c05

    SHA256

    7156a41d33619c1156e640bfdb9d6160c50ab5b91a035512b7366f0d16c60532

    SHA512

    9455685a946598c2c8db91a8cb802b55b470e9523d9141d048f63f32b7c0b2bc7230daae63268e2af31e1ff88650113ae0926142b6ebbb36dcfee71122cebc5f

    Download Submit
  • C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\imagestore\try74lz\imagestore.dat
    Filesize

    10KB

    MD5

    f7f6a39a6743b51e085c388bc826f311

    SHA1

    96e47b0083f58568ef0d4c6d526085c18bd4c611

    SHA256

    8cb915f9e9836db484b4b9f188c42b3225a6ae718955d3fe53b0b671ed5b47af

    SHA512

    dbd0a0fbbc501b24e8ec2633b670d2f4acbda21025d0d7dc59201ad6c17c7ca0b22a5b959761f5f24c52acad87213dac2ee4105d3710e3ec5ea7acbdceb7891b

    Download Submit
  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\G8GG2FBW.txt
    Filesize

    601B

    MD5

    90978fb707c0d116a191cb10f4cfc4dc

    SHA1

    871d48f53fa6a267b82a69b375261f5ae0de1966

    SHA256

    3fd4ab0b24c7253dae2a7647c9eadfb253be2a7d26944f675f536af6271b87f6

    SHA512

    a0c9d16087299d1b4ec70a3cfaacb811967e8e8ba0f350f957273954148975feeab75993fe00edea627c7f34a922ceb73eaa105115bc33ce2ecc03cca26752db

    Download Submit
  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\J4X4V7YQ.txt
    Filesize

    266B

    MD5

    319c64fdd2cc33961b8f3640fe2cf69b

    SHA1

    7c18464b697afe4cd73b64df73a14312c3ba27d9

    SHA256

    24d83363890fe5636046d4946b4c58f032d5f165b50c7351e338060dcd1638f2

    SHA512

    944783003f16887c05d39c4999a7673e847ba8de61639dd9e81bfc1baddf01006daf353bc237b8ead830eacd206a7f5e27afbd52ae5463d605b2e5c7d086002f

    Download Submit
  • memory/1796-58-0x0000000005D40000-0x0000000005F82000-memory.dmp
    Filesize

    2.3MB

    Download
  • memory/1796-63-0x0000000000400000-0x000000000071B000-memory.dmp
    Filesize

    3.1MB

    Download
  • memory/1796-64-0x0000000005D0A000-0x0000000005D1B000-memory.dmp
    Filesize

    68KB

    Download
  • memory/1796-62-0x0000000005D0A000-0x0000000005D1B000-memory.dmp
    Filesize

    68KB

    Download
  • memory/1796-61-0x0000000005D0A000-0x0000000005D1B000-memory.dmp
    Filesize

    68KB

    Download
  • memory/1796-60-0x00000000068D0000-0x0000000006AC2000-memory.dmp
    Filesize

    1.9MB

    Download
  • memory/1796-59-0x00000000760A1000-0x00000000760A3000-memory.dmp
    Filesize

    8KB

    Download
  • memory/1796-54-0x0000000000400000-0x000000000071B000-memory.dmp
    Filesize

    3.1MB

    Download
  • memory/1796-57-0x0000000005F80000-0x00000000061C2000-memory.dmp
    Filesize

    2.3MB

    Download
  • memory/1796-56-0x0000000000400000-0x000000000071B000-memory.dmp
    Filesize

    3.1MB

    Download
  • memory/1796-55-0x0000000000400000-0x000000000071B000-memory.dmp
    Filesize

    3.1MB

    Download