Overview

overview

7

Static

static

1aa826c04f...64.exe

windows7-x64

3

1aa826c04f...64.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    254s
  • max time network
    361s
  • platform
    windows7_x64
  • resource
    win7-20221111-en
  • resource tags

    arch:x64arch:x86image:win7-20221111-enlocale:en-usos:windows7-x64system
  • submitted
    27/11/2022, 15:44

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    1aa826c04f33960f5dcc6ad0e980b1b0cd9b8da0c07e5c09e3f47d561fbb7264.exe

  • Size

    149KB

  • MD5

    4ad44d23575a3c551c379c35ca07ae34

  • SHA1

    86c734b6a759ebfd5594581a504f5234a2d14b5c

  • SHA256

    1aa826c04f33960f5dcc6ad0e980b1b0cd9b8da0c07e5c09e3f47d561fbb7264

  • SHA512

    075b546a7a1032ecff78741298b884b569c8790277620f5fd498a875ba6a0c1679007af355dfa144e0b2dc88f8d7e188aa156789876faf58070b8c3b2378e173

  • SSDEEP

    1536:Q9FX/kSS8Rr3/9ph8vVS22oCJIY0meA1SNxbJY2J+7jQ21nV2m:gkSS2hbJI/NxbJY2J+7jQ21nwm

Score
3/10

Malware Config

Signatures

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

  • Modifies Internet Explorer settings 1 TTPs 32 IoCs
    adwarespyware
  • Suspicious use of FindShellTrayWindow 2 IoCs
  • Suspicious use of SendNotifyMessage 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 12 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\1aa826c04f33960f5dcc6ad0e980b1b0cd9b8da0c07e5c09e3f47d561fbb7264.exe
    "C:\Users\Admin\AppData\Local\Temp\1aa826c04f33960f5dcc6ad0e980b1b0cd9b8da0c07e5c09e3f47d561fbb7264.exe"
    1⤵
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    • Suspicious use of WriteProcessMemory
    PID:472
    • C:\Windows\SysWOW64\cmd.exe
      "C:\Windows\System32\cmd.exe" /c "start http://securedfileinfo.com/404.jsp?chid=5300031^&rsn=plde^&details=^|v6.1.7601x64sp1.0ws^|tt34^|dt0^|dc100^|fs-2^|dh0^|ec13^|se12007^|dr4^|ds0^|rs0^|p1"
      2⤵
      • Suspicious use of WriteProcessMemory
      PID:1332
      • C:\Program Files\Internet Explorer\iexplore.exe
        "C:\Program Files\Internet Explorer\iexplore.exe" http://securedfileinfo.com/404.jsp?chid=5300031&rsn=plde&details=|v6.1.7601x64sp1.0ws|tt34|dt0|dc100|fs-2|dh0|ec13|se12007|dr4|ds0|rs0|p1
        3⤵
        • Modifies Internet Explorer settings
        • Suspicious use of FindShellTrayWindow
        • Suspicious use of SetWindowsHookEx
        • Suspicious use of WriteProcessMemory
        PID:1792
        • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
          "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1792 CREDAT:275457 /prefetch:2
          4⤵
          • Modifies Internet Explorer settings
          • Suspicious use of SetWindowsHookEx
          PID:1288

Network

        MITRE ATT&CK Enterprise v6

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA
          Filesize

          1KB

          MD5

          7ef66f502cb164d6d88fd779895d5e07

          SHA1

          75c68e887afe0041c18bc01dc36ae719db07a436

          SHA256

          084f8949af79ac48c5c245e4bbeea807949d1e8e182e7d0487227231fcd97a77

          SHA512

          419b6e5def7e1051af856ea4256235fa4f1bdbf001b54f1db9e59c44f7da8f9cfa8d63f77e35345ec6d5c3ab13de10094281d44f42a7e1fd9d92b3b68ac5ba9e

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\265C0DEB29181DD1891051371C5F863A_46F574BDF8F8E3AC29733131E4667BA4
          Filesize

          472B

          MD5

          03ad9fc0b00b5df3165dc2fb1e3b0a3e

          SHA1

          f8243335a8bc24d989bddd346048a055e1d0bdeb

          SHA256

          366b28d491f7fd632e31c1ce97f939555f7dcee14bb6875737ed2d3e96fa32ec

          SHA512

          a3cd8a001366e6c1b96d2b920d56e6efd34e9b69b9805e1a2b0c270346712e22420366f8bd18bbb1dd16fa60d481ad65b13385a66a3f1fa0d7aadaaa27b99796

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA
          Filesize

          724B

          MD5

          f569e1d183b84e8078dc456192127536

          SHA1

          30c537463eed902925300dd07a87d820a713753f

          SHA256

          287bc80237497eb8681dbf136a56cc3870dd5bd12d48051525a280ae62aab413

          SHA512

          49553b65a8e3fc0bf98c1bc02bae5b22188618d8edf8e88e4e25932105796956ae8301c63c487e0afe368ea39a4a2af07935a808f5fb53287ef9287bc73e1012

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA
          Filesize

          410B

          MD5

          2dd8ba99d46cd36fb05e17488f9da268

          SHA1

          04787eff96a6c6b0aed10abef03fa5ce879a639c

          SHA256

          d0b93d539fae5326d312882a090340e478610187bf63503d30106df505859c10

          SHA512

          655fdd126465c56fa07d0d61d0c110bf5015970d34e55e1ff4ee22f359585a0dd84ea06c7d6615fcbe17dfe18ab2015f87455ce8e9d7381088a33d33e39f2da6

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\265C0DEB29181DD1891051371C5F863A_46F574BDF8F8E3AC29733131E4667BA4
          Filesize

          402B

          MD5

          8cf739d2c0c8c96772bccded650656f6

          SHA1

          d6178d1fa54a399f00f518d10990fdc3b82112b0

          SHA256

          81fb3f8ae7225252a7a9644f9332af8cbeeb62ab0a5467014d4ec1c05d3f7506

          SHA512

          82a37b778cb843ce123dccc04c9104e805e7e81bd9bb5c42df7611843a02b79fb4cfa8bad2fac0c96089484cb95a710725b5a0d751ba07d65afc2833e1359e9c

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          342B

          MD5

          b53854844a0ea9b22570f9085b93f07f

          SHA1

          bb7416cec5bc15b4aba9d510f3ca581a830876bb

          SHA256

          379604319ebb0ece19600ffffd61e0c72eaf8a30c0acd2b532caae2754a30672

          SHA512

          5a6d578962202c45fc53c2f848b1e3135197b84428cb9d5d89d892aeb2dd5b532144951cb985400dabd93cf41295b9afd769aec461a75399d8bab92c9f1eec4d

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA
          Filesize

          392B

          MD5

          1c9f343338c8100254603768e57f0be3

          SHA1

          f960295a6b21776eaaef64b023d5cf9d462b5573

          SHA256

          37881caf9d9d9f98c37370fff0cc23cbf15a74e025782c98b95f6b208fc2e08d

          SHA512

          f0de3923604cf0a1915b32ca4934aa5b427aa871284f88733e5e19e7dba15738761278e19a0da8bcd4762ad10aa88c59545a62acba3bd75e04be153977364ea2

          Download Submit

        • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\KQM2UDPT.txt
          Filesize

          601B

          MD5

          f5547d7186c024ee09d4084d43554e5f

          SHA1

          304ad8398a4093a6bd904efaa915b224c94563ad

          SHA256

          b35a08c00d7125b1d20fcd6ccd82e42eaf9f57bed2a0b33eb0dc44d035cd4067

          SHA512

          11140d96790b250e996ed3d8362eb6c3ca11d0a0fc69b8ee28dd2ef620ff67e2e0fdbfa986f76dd73aa8022dcd75b1590babc02ced408f59f7d975eecda3b12f

          Download Submit

        • memory/472-54-0x00000000767C1000-0x00000000767C3000-memory.dmp

          Filesize

          8KB

          Download