Analysis

  • max time kernel
    152s
  • max time network
    158s
  • platform
    windows7_x64
  • resource
    win7-20220812-en
  • resource tags

    arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
  • submitted
    29/11/2022, 10:55

General

  • Target

    e098de712293e3488da4c7ae1e92137f9c791920bb9336a40a0dc96f87fda0a7.exe

  • Size

    438KB

  • MD5

    4c0eb65f01028efe79019feb4badd021

  • SHA1

    a2351a922cbfe0f3cc1da63ab186f1834c9f8eb0

  • SHA256

    e098de712293e3488da4c7ae1e92137f9c791920bb9336a40a0dc96f87fda0a7

  • SHA512

    a3872d5cbc7d0476d977028377590162cb6b21ab9a9af08dd8a6350f4005834cb32d2ba2200d7e61ccaa5f223e19f6a1e88253903dcc42bfad945f3a5dbfe7c2

  • SSDEEP

    6144:C/OyjZRU37eLzFf85mqRVKvsMWSOFTlc6pAXF8USil/MPgHJPB7DWDggPFKzoCiG:C/ijzivs9eN1TSi/NHJdW88KzZT

Score
8/10
upx

Malware Config

Signatures

  • UPX packed file 2 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

  • Modifies Internet Explorer settings 1 TTPs 39 IoCs
  • Modifies system certificate store 2 TTPs 2 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 10 IoCs
  • Suspicious use of WriteProcessMemory 8 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\e098de712293e3488da4c7ae1e92137f9c791920bb9336a40a0dc96f87fda0a7.exe
    "C:\Users\Admin\AppData\Local\Temp\e098de712293e3488da4c7ae1e92137f9c791920bb9336a40a0dc96f87fda0a7.exe"
    1⤵
    • Modifies Internet Explorer settings
    • Modifies system certificate store
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:1348
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" http://ad.51pc114.cn/setup/QQMTDL.htm
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:848
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:848 CREDAT:275457 /prefetch:2
        3⤵
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:1680

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    340B

    MD5

    9d391a91358cbdc9533bce2d993ff2b2

    SHA1

    813a313a1ab67f7595f20b1a75918260c5e548a2

    SHA256

    d58025d089157b711adb91f5a50b74ab4a47a78accf480811e35ff7733988c3e

    SHA512

    2cb3c175c2598b98064315eacd3a8c2919d8e57b7cc81305fbaa34f4d099fe9415487f63436f3a21a567c3f22c0ffd7725ecb19b01cad7af4e6ac4ac3bbf458f

  • C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\imagestore\1evexod\imagestore.dat

    Filesize

    70KB

    MD5

    dfe75f782c43a5af6da53e422496cb2c

    SHA1

    01f583d70d47ccfd110595425180ad94a2d11203

    SHA256

    fbeb0d0cba5f6fc5de1d93586caef8a2790c1f4b3bb74c543cc1b8e3d92266fd

    SHA512

    4d9afeb65491b63c769acea260793466a44c2f94808de74efd072e40b6186da5468064085d58ee4128539c9832eafa9f7e7fc2ec599ae6518c19d408bb67fd72

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\5UZD7SVZ.txt

    Filesize

    533B

    MD5

    e3332d431140dd99a7f92c54a707602d

    SHA1

    19691226436d6c17f1056087213cc513306a0a88

    SHA256

    300df04f314416ea73d00e105049671ec764e2b94c3989cef3bf7b9e69ad2f22

    SHA512

    83e88101c68f3d1eef2d896ff3ae050ec0980d1577156cf696af25d6820d52335bf2eeffa4142f20fe44d448387d8cec9d587f225cbf4e956d26cfff45de78be

  • memory/1348-54-0x0000000074F41000-0x0000000074F43000-memory.dmp

    Filesize

    8KB

  • memory/1348-55-0x0000000000400000-0x000000000056D000-memory.dmp

    Filesize

    1.4MB

  • memory/1348-56-0x0000000000400000-0x000000000056D000-memory.dmp

    Filesize

    1.4MB