Overview

overview

7

Static

static

d2fd71cebf...fe.exe

windows7-x64

3

d2fd71cebf...fe.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    155s
  • max time network
    194s
  • platform
    windows7_x64
  • resource
    win7-20221111-en
  • resource tags

    arch:x64arch:x86image:win7-20221111-enlocale:en-usos:windows7-x64system
  • submitted
    27-11-2022 16:37

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    d2fd71cebf410172c6471b54ff292158e139bed7bb8514168afbbd51225ca6fe.exe

  • Size

    149KB

  • MD5

    02714eeedd57bfe6c352a6eab965fb31

  • SHA1

    8354c3a4b1c04dd5279415d00d8e210e1b2ad179

  • SHA256

    d2fd71cebf410172c6471b54ff292158e139bed7bb8514168afbbd51225ca6fe

  • SHA512

    b50fbc0661bcb75abeff88c6a7991a33ae45e5fa31df13bf2fe217afb2d1cd5e3f62f841690c594ad304e38b150a50764adbad3f36d34864909230a749b4bef5

  • SSDEEP

    1536:Q9FX/kSS8Rr3/9ph8vVS22oCJIY0meA1SNxbJY2J+7jQ21nV2F7:gkSS2hbJI/NxbJY2J+7jQ21nwF7

Score
3/10

Malware Config

Signatures

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

  • Modifies Internet Explorer settings 1 TTPs 25 IoCs
    adwarespyware
  • Suspicious use of FindShellTrayWindow 2 IoCs
  • Suspicious use of SendNotifyMessage 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 12 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\d2fd71cebf410172c6471b54ff292158e139bed7bb8514168afbbd51225ca6fe.exe
    "C:\Users\Admin\AppData\Local\Temp\d2fd71cebf410172c6471b54ff292158e139bed7bb8514168afbbd51225ca6fe.exe"
    1⤵
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    • Suspicious use of WriteProcessMemory
    PID:948
    • C:\Windows\SysWOW64\cmd.exe
      "C:\Windows\System32\cmd.exe" /c "start http://securedfileinfo.com/404.jsp?chid=5300107^&rsn=plde^&details=^|v6.1.7601x64sp1.0ws^|tt35^|dt0^|dc100^|fs-2^|dh0^|ec13^|se12007^|dr4^|ds0^|rs0^|p1"
      2⤵
      • Suspicious use of WriteProcessMemory
      PID:1732
      • C:\Program Files\Internet Explorer\iexplore.exe
        "C:\Program Files\Internet Explorer\iexplore.exe" http://securedfileinfo.com/404.jsp?chid=5300107&rsn=plde&details=|v6.1.7601x64sp1.0ws|tt35|dt0|dc100|fs-2|dh0|ec13|se12007|dr4|ds0|rs0|p1
        3⤵
        • Modifies Internet Explorer settings
        • Suspicious use of FindShellTrayWindow
        • Suspicious use of SetWindowsHookEx
        • Suspicious use of WriteProcessMemory
        PID:1156
        • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
          "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1156 CREDAT:275457 /prefetch:2
          4⤵
          • Modifies Internet Explorer settings
          • Suspicious use of SetWindowsHookEx
          PID:1480

Network

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

System Information Discovery

1
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\265C0DEB29181DD1891051371C5F863A_46F574BDF8F8E3AC29733131E4667BA4
    Filesize

    472B

    MD5

    03ad9fc0b00b5df3165dc2fb1e3b0a3e

    SHA1

    f8243335a8bc24d989bddd346048a055e1d0bdeb

    SHA256

    366b28d491f7fd632e31c1ce97f939555f7dcee14bb6875737ed2d3e96fa32ec

    SHA512

    a3cd8a001366e6c1b96d2b920d56e6efd34e9b69b9805e1a2b0c270346712e22420366f8bd18bbb1dd16fa60d481ad65b13385a66a3f1fa0d7aadaaa27b99796

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\30BCF8D79B1225AC4F40686E58D30D95
    Filesize

    11KB

    MD5

    4d511fc8ef479cca5a9c552223969168

    SHA1

    3c2b68545ee797c7bc73c9687b61f6bcb2baf5cd

    SHA256

    4c5af46da736471fb323cd0aabaf65cebb0d03efacb65cd18bd6a70d9dd09907

    SHA512

    cc54c1056881d9c44ea995b533572c5c9b147ad75b5fe4d6e7d1be10249e253d856b17c440707732695f76f84cf9d005d0f3332c94e7bb7911583a5e7c482989

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\646C991C2A28825F3CC56E0A1D1E3FA9
    Filesize

    1KB

    MD5

    1519171ba0e9b6aabdd22495c93b43f8

    SHA1

    da916b57522c4c4cbac2aedc3354bc6c69a56270

    SHA256

    dfb271a64ffabd0110e6c943e6052fca6dcb7cc738c9cc4c03ce3732361fa318

    SHA512

    7392b921cdb6419c616d744e9556b09d38a2e0956cf0ee0687aba4b4ff75ad7692440afa6d99daeea67f0c07197b466990d6d2c6e4d3567cd8f15b0750dcff2d

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA
    Filesize

    724B

    MD5

    f569e1d183b84e8078dc456192127536

    SHA1

    30c537463eed902925300dd07a87d820a713753f

    SHA256

    287bc80237497eb8681dbf136a56cc3870dd5bd12d48051525a280ae62aab413

    SHA512

    49553b65a8e3fc0bf98c1bc02bae5b22188618d8edf8e88e4e25932105796956ae8301c63c487e0afe368ea39a4a2af07935a808f5fb53287ef9287bc73e1012

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\265C0DEB29181DD1891051371C5F863A_46F574BDF8F8E3AC29733131E4667BA4
    Filesize

    402B

    MD5

    58b0cb56fe16ab2d65dc0b746a8274de

    SHA1

    18e5b1407d19462d85ac41dc78bb900e279e8bf4

    SHA256

    97931fedb703998b47fe2fa3b6fd7badfeb173d5e0e856b1a922fd4988d81ace

    SHA512

    e1e9b889c1604a62130efe704bb615654f2ae3787aad4ca39b7dfb7236a82f24bbf205164756207d5c78f5d717da216919a34a33fd1047f41f65b9b281271a60

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\30BCF8D79B1225AC4F40686E58D30D95
    Filesize

    204B

    MD5

    ec2578c16df0f9bf951fcd698b4496a5

    SHA1

    70d7ec3b7f001700a5d16c6044087594dee49c6c

    SHA256

    4b621d0f85fd18409c0028b970522a6c1c374de8bc3666ac63bae3061b2419a6

    SHA512

    cfafd1ed40d44861f9219e6e297a5569900199cdaa47c9b1a1a9330b4b7f9228a460f5aa5d79d96b08d6a6a13ad172ad987a9aafa44e139af1deb01bc9a6896a

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\646C991C2A28825F3CC56E0A1D1E3FA9
    Filesize

    184B

    MD5

    e6c02ceaa9f89eed5058899a5fd3c716

    SHA1

    165566986f80ea83aa4d77764bcb7b5eb34a33da

    SHA256

    8580fc79b8cf1c2a37c8f4dbf1d93fbb53e292ca78c769c08c2d64f716af33ff

    SHA512

    63e9f946dfeb5b544e0fbd8454abab3a109f165b4ed9980574480232b67ae16124fe6d775952c50f01f84ad521016f50444328adabf7cb0cca63faf291d21405

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    4d66e9d1124b454cc1d0bc59e5393479

    SHA1

    963c6535a2a308d6a1227276e183af52f017245c

    SHA256

    86e6c55a8c7eae93ec2196c510c3d120c66028add133bca21cacd10a12459e78

    SHA512

    4b3bc6b93f3bc6908ddae7015f612415afd71273444a42b39c39b4e952f362bbb73ad4ffaba98bddfacf210314ce0adaa33f9e41e011527fcc080fb4f913d68e

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA
    Filesize

    392B

    MD5

    acf1f89789982f04d9aff300aa9d9344

    SHA1

    775723cb416e13a21ed4eb75ba414a36e7456264

    SHA256

    8176bb11f16a179dab067d922e903310decdf2e34870ee1c096e51784d7eb662

    SHA512

    2296f69c50808fcba3d6bd17dd4ed2f1aa1fd449309672ccf2fb15597edbdddc7108cf833bf8b537346dea8654f252f7811345650fed2403548fa47c87a2329a

    Download Submit
  • memory/948-54-0x0000000075A31000-0x0000000075A33000-memory.dmp
    Filesize

    8KB

    Download
  • memory/1732-55-0x0000000000000000-mapping.dmp
    Download