Overview

overview

7

Static

static

74ca922272...de.exe

windows7-x64

3

74ca922272...de.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    261s
  • max time network
    355s
  • platform
    windows7_x64
  • resource
    win7-20221111-en
  • resource tags

    arch:x64arch:x86image:win7-20221111-enlocale:en-usos:windows7-x64system
  • submitted
    27/11/2022, 15:21

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    74ca9222721934a3334203850ec67f47b50e45fdb55d2c9c319524dac42ea6de.exe

  • Size

    143KB

  • MD5

    ff3813d597a35184c3188118734f30a7

  • SHA1

    24e5938bfc63047681e7e4323d27d432b76a150b

  • SHA256

    74ca9222721934a3334203850ec67f47b50e45fdb55d2c9c319524dac42ea6de

  • SHA512

    1154e83f306046fee8c413716cfea7338d9c0fb1c999a05ef1b387a38cd61c043982b09f6ba10cf79de03beca6733485c126caa293f56f363c88394d251b1e50

  • SSDEEP

    3072:iN6ZekwVJIlgps5q9Eb648qwlS/+TfQO45DJor:pe9IB83ID5dc

Score
3/10

Malware Config

Signatures

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

  • Modifies Internet Explorer settings 1 TTPs 25 IoCs
    adwarespyware
  • Suspicious use of FindShellTrayWindow 2 IoCs
  • Suspicious use of SendNotifyMessage 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 12 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\74ca9222721934a3334203850ec67f47b50e45fdb55d2c9c319524dac42ea6de.exe
    "C:\Users\Admin\AppData\Local\Temp\74ca9222721934a3334203850ec67f47b50e45fdb55d2c9c319524dac42ea6de.exe"
    1⤵
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    • Suspicious use of WriteProcessMemory
    PID:1104
    • C:\Windows\SysWOW64\cmd.exe
      "C:\Windows\System32\cmd.exe" /c "start http://securedfileinfo.com/404.jsp?chid=5300108^&rsn=plde^&details=^|v6.1.7601x64sp1.0ws^|tt73^|dt0^|dc100^|fs-2^|dh0^|ec13^|se12007^|dr4^|ds0^|rs0^|p1"
      2⤵
      • Suspicious use of WriteProcessMemory
      PID:1676
      • C:\Program Files\Internet Explorer\iexplore.exe
        "C:\Program Files\Internet Explorer\iexplore.exe" http://securedfileinfo.com/404.jsp?chid=5300108&rsn=plde&details=|v6.1.7601x64sp1.0ws|tt73|dt0|dc100|fs-2|dh0|ec13|se12007|dr4|ds0|rs0|p1
        3⤵
        • Modifies Internet Explorer settings
        • Suspicious use of FindShellTrayWindow
        • Suspicious use of SetWindowsHookEx
        • Suspicious use of WriteProcessMemory
        PID:1284
        • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
          "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1284 CREDAT:275457 /prefetch:2
          4⤵
          • Modifies Internet Explorer settings
          • Suspicious use of SetWindowsHookEx
          PID:840

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA
    Filesize

    1KB

    MD5

    7ef66f502cb164d6d88fd779895d5e07

    SHA1

    75c68e887afe0041c18bc01dc36ae719db07a436

    SHA256

    084f8949af79ac48c5c245e4bbeea807949d1e8e182e7d0487227231fcd97a77

    SHA512

    419b6e5def7e1051af856ea4256235fa4f1bdbf001b54f1db9e59c44f7da8f9cfa8d63f77e35345ec6d5c3ab13de10094281d44f42a7e1fd9d92b3b68ac5ba9e

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\265C0DEB29181DD1891051371C5F863A_46F574BDF8F8E3AC29733131E4667BA4
    Filesize

    472B

    MD5

    03ad9fc0b00b5df3165dc2fb1e3b0a3e

    SHA1

    f8243335a8bc24d989bddd346048a055e1d0bdeb

    SHA256

    366b28d491f7fd632e31c1ce97f939555f7dcee14bb6875737ed2d3e96fa32ec

    SHA512

    a3cd8a001366e6c1b96d2b920d56e6efd34e9b69b9805e1a2b0c270346712e22420366f8bd18bbb1dd16fa60d481ad65b13385a66a3f1fa0d7aadaaa27b99796

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA
    Filesize

    724B

    MD5

    f569e1d183b84e8078dc456192127536

    SHA1

    30c537463eed902925300dd07a87d820a713753f

    SHA256

    287bc80237497eb8681dbf136a56cc3870dd5bd12d48051525a280ae62aab413

    SHA512

    49553b65a8e3fc0bf98c1bc02bae5b22188618d8edf8e88e4e25932105796956ae8301c63c487e0afe368ea39a4a2af07935a808f5fb53287ef9287bc73e1012

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA
    Filesize

    410B

    MD5

    e214e414a64216a8b1bc14cc445a28d1

    SHA1

    bf49735629bce3666aedae531898841ea49c5b3a

    SHA256

    2d6fdfe468215c5eaf810cb447ff2f202cbca485d4795fec34aca5df4195eebd

    SHA512

    28c4a2f6caf6209b7ad4d1a2ecd19d3030af78f8e73596ee0425d4884b2f19585776c7da0e1394931d1dbd363863d36670d4c25fb12a671ed625121d9136ae80

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\265C0DEB29181DD1891051371C5F863A_46F574BDF8F8E3AC29733131E4667BA4
    Filesize

    402B

    MD5

    cda54d5600a276e5cb53a9849a167485

    SHA1

    9cbd102b2f85aab900ae9f52546a8e40a1ded788

    SHA256

    a7f1760df33acf62a1256bf0fd3705b2e7dd674bb0340f1f09302156783c4d22

    SHA512

    b7d7f2e43bb0e649264c444d794726639b1d54bd62ed7f3084ac4d4e626518f9a75cc62f80c9054e6497fe64b80f5fe693bbe20fe2597be6cfb9eeebfa53b8f0

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    9df9e45b538c2960db8de5494d34d14d

    SHA1

    06daedb32dd424932f5791f931487ac0f92c40ee

    SHA256

    ba159620fffd09ea7eeb8940f7a328e6bd835aba957e8789f4ed79d95dc4b5f3

    SHA512

    a43901f35a8d686e177ec32dee444a1b7289a66dfdb7d58222c9daa694c3228b8cdbfaa901107ed632e730935c352316170443831727d12dd1ffedfb63a3149f

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA
    Filesize

    392B

    MD5

    2376d4eb7aea7b26e335962bee651cef

    SHA1

    0ad36f608e07615ecdfe18e5b88216c3737ead08

    SHA256

    86ae636d5e54d6bed28deb4e7c4f9b9bb0a9fb6d6c970377184409dcbf4befa7

    SHA512

    de0e6d0f87df9e2b352f89ff1392083b1f1bfdb4077681e228adeecff13d349a011068265dedac4596344fd61e961f9d6d426142ca8a7ad71d485a85186dc3c0

    Download Submit

  • memory/1104-54-0x0000000075551000-0x0000000075553000-memory.dmp

    Filesize

    8KB

    Download