Analysis

  • max time kernel
    112s
  • max time network
    153s
  • platform
    windows7_x64
  • resource
    win7-20220901-en
  • resource tags

    arch:x64arch:x86image:win7-20220901-enlocale:en-usos:windows7-x64system
  • submitted
    30/11/2022, 23:17

General

  • Target

    afd3026992f1cb4e0ce5f65eed7f073aaa459d421ee0fff380545e52cd8a06e9.exe

  • Size

    1.1MB

  • MD5

    4da6e26bbbe545550d7b875f5ca146a2

  • SHA1

    51d5aab16ce7cbf8657f2d99e65e8a8b5e398ef3

  • SHA256

    afd3026992f1cb4e0ce5f65eed7f073aaa459d421ee0fff380545e52cd8a06e9

  • SHA512

    3e1b6b55c63925e8fe5281c4a864145755289f32c7f1eafe2b19b8d9b6fbc39a8eb9f7841de0b21516cd06ea67542a19f5cb862985a36875c2868af39a21aded

  • SSDEEP

    24576:bltjeKzlZUteRO8TCHXO1cF1+eLLJGmpAJn9dsfh3+6kbeOdV6UB:OoZIeRoHXh9LdyJrsd+6kbeOdxB

Score
7/10

Malware Config

Signatures

  • Checks BIOS information in registry 2 TTPs 1 IoCs

    BIOS information is often read in order to detect sandboxing environments.

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

  • Modifies Internet Explorer settings 1 TTPs 35 IoCs
  • Suspicious behavior: LoadsDriver 2 IoCs
  • Suspicious use of AdjustPrivilegeToken 4 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 10 IoCs
  • Suspicious use of WriteProcessMemory 8 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\afd3026992f1cb4e0ce5f65eed7f073aaa459d421ee0fff380545e52cd8a06e9.exe
    "C:\Users\Admin\AppData\Local\Temp\afd3026992f1cb4e0ce5f65eed7f073aaa459d421ee0fff380545e52cd8a06e9.exe"
    1⤵
    • Checks BIOS information in registry
    • Modifies Internet Explorer settings
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:2012
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" http://www.fcgg.info/
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:1520
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1520 CREDAT:275457 /prefetch:2
        3⤵
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:1952
  • C:\Windows\system32\AUDIODG.EXE
    C:\Windows\system32\AUDIODG.EXE 0x530
    1⤵
    • Suspicious use of AdjustPrivilegeToken
    PID:1304

Network

        MITRE ATT&CK Enterprise v6

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\YDB3LKVB.txt

          Filesize

          539B

          MD5

          f2fe105b5b0b4b2193dff54085ca3d90

          SHA1

          74171a6689f9510604fbe217545f97611c8f9994

          SHA256

          02a39575c8a13813f78037a99573861e466c044848c21e886c9e36fff82c9ec7

          SHA512

          6222d71fb1ffa8a7320d1a6705213a3afb859d92662fbf844c594ed56d8fe2fbb3ad47fa01d3d52faba82058854ebf08fa6a3f895078acf2a176f045a64bea70

        • memory/2012-54-0x0000000074B51000-0x0000000074B53000-memory.dmp

          Filesize

          8KB

        • memory/2012-55-0x0000000000400000-0x00000000005A7000-memory.dmp

          Filesize

          1.7MB

        • memory/2012-56-0x0000000000400000-0x00000000005A7000-memory.dmp

          Filesize

          1.7MB

        • memory/2012-57-0x0000000000400000-0x00000000005A7000-memory.dmp

          Filesize

          1.7MB

        • memory/2012-58-0x0000000000400000-0x00000000005A7000-memory.dmp

          Filesize

          1.7MB

        • memory/2012-60-0x0000000000400000-0x00000000005A7000-memory.dmp

          Filesize

          1.7MB

        • memory/2012-61-0x0000000000400000-0x00000000005A7000-memory.dmp

          Filesize

          1.7MB

        • memory/2012-62-0x0000000000400000-0x00000000005A7000-memory.dmp

          Filesize

          1.7MB