Overview

overview

8

Static

static

8

faa5b2dfe6...21.exe

windows7-x64

8

faa5b2dfe6...21.exe

windows10-2004-x64

8

Analysis

  • max time kernel
    180s
  • max time network
    219s
  • platform
    windows7_x64
  • resource
    win7-20221111-en
  • resource tags

    arch:x64arch:x86image:win7-20221111-enlocale:en-usos:windows7-x64system
  • submitted
    29/11/2022, 15:49

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    faa5b2dfe60b26dc92b776285f5d968983cac8957381a3bf172ee0df5e47f221.exe

  • Size

    868KB

  • MD5

    4166f9e9a0f80e9401c2f91fe234b22d

  • SHA1

    13a4e86e40a8bb71bf31e20527645767c48a3af3

  • SHA256

    faa5b2dfe60b26dc92b776285f5d968983cac8957381a3bf172ee0df5e47f221

  • SHA512

    ff0122511b6f50a874fd24e51f04ec0d6d9ae2cec33c47ea86822030d4c0e20a2200254aa34afa11d666f502a485e10774a6618d9aff53d1df2a7a5f4c5eb7b9

  • SSDEEP

    24576:HfCxC3da6K/67yhLYKE6I0pW26OlHlAInTXKNhL5:HgC3df6LYKM0pyOlF/TML5

Score
8/10
vmprotect

Malware Config

Signatures

  • Drops file in Drivers directory 1 IoCs
  • VMProtect packed file 3 IoCs

    Detects executables packed with VMProtect commercial packer.

    vmprotect
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

  • Modifies Internet Explorer settings 1 TTPs 46 IoCs
    adwarespyware
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 8 IoCs
  • Suspicious use of WriteProcessMemory 8 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\faa5b2dfe60b26dc92b776285f5d968983cac8957381a3bf172ee0df5e47f221.exe
    "C:\Users\Admin\AppData\Local\Temp\faa5b2dfe60b26dc92b776285f5d968983cac8957381a3bf172ee0df5e47f221.exe"
    1⤵
    • Drops file in Drivers directory
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:1976
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" www.tt336.com
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:868
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:868 CREDAT:275457 /prefetch:2
        3⤵
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:384

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
    Filesize

    61KB

    MD5

    fc4666cbca561e864e7fdf883a9e6661

    SHA1

    2f8d6094c7a34bf12ea0bbf0d51ee9c5bb7939a5

    SHA256

    10f3deb6c452d749a7451b5d065f4c0449737e5ee8a44f4d15844b503141e65b

    SHA512

    c71f54b571e01f247f072be4bbebdf5d8410b67eb79a61e7e0d9853fe857ab9bd12f53e6af3394b935560178107291fc4be351b27deb388eba90ba949633d57d

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    304B

    MD5

    cbaf6f917f0e8c7623480de69561178d

    SHA1

    3fa33dff7cb619786874e7c2fec0ad3d81685ada

    SHA256

    5c51e63bb52b3a10dd9a0a28b6e32290f2cc7ab2f8e389b117f37ce0cff2a7da

    SHA512

    90d152095a9a420c41e1ae3965c7864eda773490432ea31c3cb225d3bc685999243d494e62f88e35f7e2ce4f04ebe94867af86e984e02a7e658630dd3a28e58c

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    304B

    MD5

    f5b4fa459751b76e060f38afd61e8bda

    SHA1

    1247cfbff2c8d56b520ade9d5de3611432b5f415

    SHA256

    9a49d790e6dc0f77a68b5e4fbc1686ab4fed83ab7b06eeb6021270580703dab0

    SHA512

    5242c213c433fefdfb0ca4503f4dc518d5e7855e3673a11c0152cbdc1a5b0893c3c65d986e1b79771814b5c4f46607e2d1553fc2574241aad8b14bc1a62e9986

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    304B

    MD5

    dbfd30d86060922b755683519761550a

    SHA1

    c69cc1bb67850369f803857ed7849709b31d103f

    SHA256

    61a53a318846fad0306df62618c0260e078341699f4bf386970daf969bbb3440

    SHA512

    1124ff8ea21657bf794a8e0a5f58982ec0a2b548c1d95d5f6de86b7134952cf54fe08d79a7d87a0a341c238b6cd809f32f33d3decb616ca146acb205d18ffc68

    Download Submit

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\GHQE3XKH.txt
    Filesize

    533B

    MD5

    73efa5c2dadf8cbbb30f23a3a8e9037e

    SHA1

    c8bc26fbe4ebda7985938a2d736791b1621463f4

    SHA256

    d034fbfa2301261c8991e4dfce8a5559782e032e4f1e4242d2cacda02f4272be

    SHA512

    86a8a0cd01c0503e042f81a5760770f969704e8bf284fb7d36fc050d1887e62d7470655e0ec64025088a0bfc5adca2d96e26421b58aa1402900b5ea4f5c2049b

    Download Submit

  • memory/1976-54-0x00000000760C1000-0x00000000760C3000-memory.dmp

    Filesize

    8KB

    Download

  • memory/1976-55-0x0000000000400000-0x0000000000610000-memory.dmp

    Filesize

    2.1MB

    Download

  • memory/1976-58-0x0000000000400000-0x0000000000610000-memory.dmp

    Filesize

    2.1MB

    Download

  • memory/1976-59-0x0000000000400000-0x0000000000610000-memory.dmp

    Filesize

    2.1MB

    Download