Overview

overview

7

Static

static

1

acdd951a42...4b.exe

windows7-x64

7

acdd951a42...4b.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    123s
  • max time network
    164s
  • platform
    windows7_x64
  • resource
    win7-20220812-en
  • resource tags

    arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
  • submitted
    28/11/2022, 07:47

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    acdd951a428d4fd7b2da757fb7d151e11ba1b8add11ae5548014f3897a37284b.exe

  • Size

    56KB

  • MD5

    405e13e56892ffae299019ab65fe1e15

  • SHA1

    11a8ab4a0a50806dad14259431bdbb874528bc43

  • SHA256

    acdd951a428d4fd7b2da757fb7d151e11ba1b8add11ae5548014f3897a37284b

  • SHA512

    12249d0c3989a452906df7eb0d19833117940c037db050c9f07e05518f053fab363082ca64e9d165e53aedf608141ef8d71ace84b796dbafb50123723fcd84b1

  • SSDEEP

    1536:3oLDYsacy7mHMowHjXJpw5AeUEEc+xtkZQJKFTiZ8:3oPyys5jXJpw5AeU5c+xttMFC

Score
7/10

Malware Config

Signatures

  • Loads dropped DLL 5 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

  • Kills process with taskkill 1 IoCs
    evasion
  • Modifies Internet Explorer settings 1 TTPs 36 IoCs
    adwarespyware
  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 12 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\acdd951a428d4fd7b2da757fb7d151e11ba1b8add11ae5548014f3897a37284b.exe
    "C:\Users\Admin\AppData\Local\Temp\acdd951a428d4fd7b2da757fb7d151e11ba1b8add11ae5548014f3897a37284b.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious use of WriteProcessMemory
    PID:864
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" http://myredir.net/K_Y0OxVHTtzcWeubp77DRaqWpG
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:756
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:756 CREDAT:275457 /prefetch:2
        3⤵
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:1736
    • C:\Windows\SysWOW64\taskkill.exe
      taskkill -f -im Y0OxVHTtzcWeubp77DRaqWpG_has.exe
      2⤵
      • Kills process with taskkill
      • Suspicious use of AdjustPrivilegeToken
      PID:536

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    340B

    MD5

    00a4c0e047205fe59ab07d4bb2c71014

    SHA1

    714d95fcb731a956fd04f05c7c4836070bec51c3

    SHA256

    a28a457dade009042b5018e96b528f7715fa3f94e269c6cb4ccaad102c7d225e

    SHA512

    4bafdce3614c7e64a54a1243dded6d4aa8e739404d05cc5b34968c3aa39ebf10b9a6eea88e46037069bc64f7a432cbf65400802e57533ae439dec6e047810e02

    Download Submit

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\ZGRP1GZB.txt
    Filesize

    608B

    MD5

    5e426e73e912adef96419440ce4b9b23

    SHA1

    d58ba20eb7d9161a00a1d418c8dce24f3ee7b5a4

    SHA256

    2831c9bd07497bfae9f21d4e1f1133c82fecfb56080e92cfc70dd8f9b298784d

    SHA512

    51ad06a73e23e0225a58074a9f87f0d84d0325a7262bfffe1daf021a5131ddf014f6e0e78a0fba0dd96d70c80d26f49bb1b9d5766edf65607f87ab52574a872d

    Download Submit

  • \Users\Admin\AppData\Local\Temp\nsd47FB.tmp\inetc.dll
    Filesize

    21KB

    MD5

    d7a3fa6a6c738b4a3c40d5602af20b08

    SHA1

    34fc75d97f640609cb6cadb001da2cb2c0b3538a

    SHA256

    67eff17c53a78c8ec9a28f392b9bb93df3e74f96f6ecd87a333a482c36546b3e

    SHA512

    75cf123448567806be5f852ebf70f398da881e89994b82442a1f4bc6799894e799f979f5ab1cc9ba12617e48620e6c34f71e23259da498da37354e5fd3c0f934

    Download Submit

  • \Users\Admin\AppData\Local\Temp\nsd47FB.tmp\inetc.dll
    Filesize

    21KB

    MD5

    d7a3fa6a6c738b4a3c40d5602af20b08

    SHA1

    34fc75d97f640609cb6cadb001da2cb2c0b3538a

    SHA256

    67eff17c53a78c8ec9a28f392b9bb93df3e74f96f6ecd87a333a482c36546b3e

    SHA512

    75cf123448567806be5f852ebf70f398da881e89994b82442a1f4bc6799894e799f979f5ab1cc9ba12617e48620e6c34f71e23259da498da37354e5fd3c0f934

    Download Submit

  • \Users\Admin\AppData\Local\Temp\nsd47FB.tmp\inetc.dll
    Filesize

    21KB

    MD5

    d7a3fa6a6c738b4a3c40d5602af20b08

    SHA1

    34fc75d97f640609cb6cadb001da2cb2c0b3538a

    SHA256

    67eff17c53a78c8ec9a28f392b9bb93df3e74f96f6ecd87a333a482c36546b3e

    SHA512

    75cf123448567806be5f852ebf70f398da881e89994b82442a1f4bc6799894e799f979f5ab1cc9ba12617e48620e6c34f71e23259da498da37354e5fd3c0f934

    Download Submit

  • \Users\Admin\AppData\Local\Temp\nsd47FB.tmp\inetc.dll
    Filesize

    21KB

    MD5

    d7a3fa6a6c738b4a3c40d5602af20b08

    SHA1

    34fc75d97f640609cb6cadb001da2cb2c0b3538a

    SHA256

    67eff17c53a78c8ec9a28f392b9bb93df3e74f96f6ecd87a333a482c36546b3e

    SHA512

    75cf123448567806be5f852ebf70f398da881e89994b82442a1f4bc6799894e799f979f5ab1cc9ba12617e48620e6c34f71e23259da498da37354e5fd3c0f934

    Download Submit

  • \Users\Admin\AppData\Local\Temp\nsd47FB.tmp\inetc.dll
    Filesize

    21KB

    MD5

    d7a3fa6a6c738b4a3c40d5602af20b08

    SHA1

    34fc75d97f640609cb6cadb001da2cb2c0b3538a

    SHA256

    67eff17c53a78c8ec9a28f392b9bb93df3e74f96f6ecd87a333a482c36546b3e

    SHA512

    75cf123448567806be5f852ebf70f398da881e89994b82442a1f4bc6799894e799f979f5ab1cc9ba12617e48620e6c34f71e23259da498da37354e5fd3c0f934

    Download Submit

  • memory/864-54-0x0000000076261000-0x0000000076263000-memory.dmp

    Filesize

    8KB

    Download