Overview

overview

8

Static

static

8

c6407afc57...2d.exe

windows7-x64

8

c6407afc57...2d.exe

windows10-2004-x64

8

Analysis

  • max time kernel
    189s
  • max time network
    195s
  • platform
    windows7_x64
  • resource
    win7-20221111-en
  • resource tags

    arch:x64arch:x86image:win7-20221111-enlocale:en-usos:windows7-x64system
  • submitted
    27-11-2022 20:03

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    c6407afc5732ed56d0669dc0d944e56a8dd9e322d2cdc226616b77ac02c1892d.exe

  • Size

    1.4MB

  • MD5

    1f93d007fc111efc021fa0b6a0b2c2de

  • SHA1

    1d048ee47a40a2aff6f86ecc9feae4fe719e4a4d

  • SHA256

    c6407afc5732ed56d0669dc0d944e56a8dd9e322d2cdc226616b77ac02c1892d

  • SHA512

    cb0b02edf6507ab1e535097af290f583c9c8313937992d2126ed9fbde002a912014c7d12ad40981ce73e152751a9c0cb4aaf57b23c550e727ba106cb1323a755

  • SSDEEP

    24576:tk70TrcDgjCXYNBsIfkUpEONJ5XBKcHE6grYO5/kxlAs+jlFFmqgCVJUBUrG:tkQTAjIYMxNH5s5MB+j0oid

Score
8/10
vmprotect

Malware Config

Signatures

  • VMProtect packed file 4 IoCs

    Detects executables packed with VMProtect commercial packer.

    vmprotect
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

  • Modifies Internet Explorer settings 1 TTPs 48 IoCs
    adwarespyware
  • Suspicious behavior: EnumeratesProcesses 32 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 14 IoCs
  • Suspicious use of WriteProcessMemory 20 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\c6407afc5732ed56d0669dc0d944e56a8dd9e322d2cdc226616b77ac02c1892d.exe
    "C:\Users\Admin\AppData\Local\Temp\c6407afc5732ed56d0669dc0d944e56a8dd9e322d2cdc226616b77ac02c1892d.exe"
    1⤵
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:344
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" http://зябука.рф/
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:524
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:524 CREDAT:275457 /prefetch:2
        3⤵
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:1592
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:524 CREDAT:4273156 /prefetch:2
        3⤵
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:1504
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:524 CREDAT:930830 /prefetch:2
        3⤵
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:572
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:524 CREDAT:799751 /prefetch:2
        3⤵
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:1336

Network

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

System Information Discovery

1
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    23585136a170728c051dc8642c6939ce

    SHA1

    409454e23ab7bd613de0a0810c2ad931cc731ee9

    SHA256

    b3f2dfae4c80238cedcc41d4881ceb29960c9c938df5dfcc34eee1a812cf9215

    SHA512

    77f5b97957179770ab1b747c8e940b09effc6b97ad2fb0155e14778dcd7a7b126532c950bdc37b549f72fc88f399b41a31eeae747807c946f81b2c8944441740

    Download Submit
  • C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\imagestore\t9o3c8r\imagestore.dat
    Filesize

    4KB

    MD5

    edc1516bae00ace4f8f310e98452a99f

    SHA1

    061ecd75d6db0d28364c881316b67700b7c6be9b

    SHA256

    6193b992549d7af24ba7c787fe63708dfc929377c68bc965e0407f9bebb2ad8e

    SHA512

    6ccd987b2d9aa57d88454ace88254598d22cd20e80427cfdbe8f54b86f04c32c4c4d15f085ced462c0d7529b99092de4b8f347cd09df4dbd3c0c37ea3347906c

    Download Submit
  • C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\imagestore\t9o3c8r\imagestore.dat
    Filesize

    10KB

    MD5

    1dc2dc8666c17afeaf74c744e66edc9a

    SHA1

    6c556bba49a594f536d9b85a4b7ab467508d087b

    SHA256

    ad1d24bc1d77e8ceb0d8a609f72a37dbd267361c654d2eeb8acd277b41aab8e3

    SHA512

    a211968c5187c5fde5b01264e0c892730dd2defcaaf5d37d16bcd87a27443e2c12213d1df3997c45cf6b1f129d325c17b26b4e65ef48ad1dc5f0823d0a5cbf49

    Download Submit
  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\MS7NTN0A.txt
    Filesize

    266B

    MD5

    1d4f885aecfcf99e7e6f0e4ce20b28bb

    SHA1

    94106fee4e84fb61654e1d1a633068ecd2634b55

    SHA256

    7aac8b51d158fb8a66b1c8d7296e21f4d90d0409e677f1a86de90cb0a5e56cb1

    SHA512

    f7c9e09797c656bcea4fabe66d8cf74f4a9857f1275b072b22cbbe9b53b9e805c5bf3cbef077598e98a644548fb2f585a8fd57c78ee430172fed64e9fc45f731

    Download Submit
  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\SWCSU3GC.txt
    Filesize

    608B

    MD5

    ec644c8b91b91df9ad6dc030ed9f80ed

    SHA1

    f2a7126f480462d72fd2403af88c2b9f5c85aea5

    SHA256

    a70d31f6bedad2bc6a4ad13e1d9e4270876e060a294792d19f3c9baa7992a346

    SHA512

    afe387e0ac3434cd8c14e8767387cd16b337a3dd29069dcf00c666264c32b37af18308f14c4d8fcc713cc7a522e1eb4825f158d7bd5612c98aafa430f518e426

    Download Submit
  • memory/344-60-0x0000000005600000-0x0000000005638000-memory.dmp
    Filesize

    224KB

    Download
  • memory/344-54-0x0000000000400000-0x000000000056F000-memory.dmp
    Filesize

    1.4MB

    Download
  • memory/344-61-0x000000000564A000-0x000000000565B000-memory.dmp
    Filesize

    68KB

    Download
  • memory/344-62-0x0000000000400000-0x000000000056F000-memory.dmp
    Filesize

    1.4MB

    Download
  • memory/344-63-0x000000000564A000-0x000000000565B000-memory.dmp
    Filesize

    68KB

    Download
  • memory/344-59-0x0000000075FF1000-0x0000000075FF3000-memory.dmp
    Filesize

    8KB

    Download
  • memory/344-57-0x0000000003180000-0x0000000003214000-memory.dmp
    Filesize

    592KB

    Download
  • memory/344-58-0x0000000000400000-0x000000000056F000-memory.dmp
    Filesize

    1.4MB

    Download
  • memory/344-56-0x0000000005450000-0x00000000054E4000-memory.dmp
    Filesize

    592KB

    Download
  • memory/344-55-0x0000000000400000-0x000000000056F000-memory.dmp
    Filesize

    1.4MB

    Download