Overview

overview

10

Static

static

1ce8d2a541...04.exe

windows7-x64

3

1ce8d2a541...04.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    147s
  • max time network
    156s
  • platform
    windows7_x64
  • resource
    win7-20220812-en
  • resource tags

    arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
  • submitted
    30-11-2022 11:57

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    1ce8d2a541c912c0a782e8d027444a91505675136a651a7e2b14f473623ac004.exe

  • Size

    498KB

  • MD5

    924d243aebf0620998596bcfcb8f2719

  • SHA1

    60fedf9235cc9a3ed798007d2c68d4234b4d7f76

  • SHA256

    1ce8d2a541c912c0a782e8d027444a91505675136a651a7e2b14f473623ac004

  • SHA512

    083ab4125296716915838fc94fa38826ea01c001a5d89d3bbd134c1fcf9bfc92699701b5f6161ab6f6a6c6f3fc0b078785f8bcdc752dc316e266a7739a391847

  • SSDEEP

    12288:F95O9mv22T+8hWku8YexMbIMIcbyhvkQzyM5iT3:NOGhyaqbD5byxpj5iT3

Score
3/10

Malware Config

Signatures

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

  • Modifies Internet Explorer settings 1 TTPs 36 IoCs
    adwarespyware
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 10 IoCs
  • Suspicious use of WriteProcessMemory 8 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\1ce8d2a541c912c0a782e8d027444a91505675136a651a7e2b14f473623ac004.exe
    "C:\Users\Admin\AppData\Local\Temp\1ce8d2a541c912c0a782e8d027444a91505675136a651a7e2b14f473623ac004.exe"
    1⤵
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:1032
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" http://www.5yaoyx.com/
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:912
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:912 CREDAT:275457 /prefetch:2
        3⤵
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:1304

Network

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

System Information Discovery

1
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\0DA515F703BB9B49479E8697ADB0B955_4136D3715888E22D65EBE484B233D81B
    Filesize

    1KB

    MD5

    3795e654a79246623207e3165fa52afe

    SHA1

    090658fdcc890024254d3742583f86af3302144c

    SHA256

    0e593f7391794b4ef049541aa0079f7aa11bf9def20e058954b620f23ad99c05

    SHA512

    a62a7288f9c53ea05898c1bdc322bda28ce7adc5e6be3f89f4c762c464873df359365fd30a0d5f1345c500b937227b6fadc35476a08d02856eff55233aa08f08

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\0DA515F703BB9B49479E8697ADB0B955_4136D3715888E22D65EBE484B233D81B
    Filesize

    508B

    MD5

    d50726db2a0954a6b00e0d71492d4d7f

    SHA1

    4014ee3094128a0cffd9087842d9ede64bc6de4f

    SHA256

    18096021c4bbfe94618e75760580b550de61e940a71ceafd311f38888715d1f4

    SHA512

    028f1058f3c9d90f5390370af6c27571d0ce0662ef2a91de6434d3776c540ef61342e735a950dd7cdc2097bc305fdbf08c72e3a3ad621b436b77a001653e1029

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    340B

    MD5

    cef74144af05b8d9009ba3200ad87454

    SHA1

    98b423fe371d76eae110926c19fc5249ddb84c48

    SHA256

    cac0f7d5a7b2ba9084ce722058a14d9cab43a2ab4e1d984b5fb142bdfc4a16b3

    SHA512

    2b9d16d61704da0b467f6784f6021f44b34bea5c2414cff51f4f51f18c19af19974f2ca4267ff7d092ec4cee2415bc573fd9538ebb54e103bb89b05e71327a95

    Download Submit
  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\5XQJT6LE.txt
    Filesize

    608B

    MD5

    4c6b4df3c1af9e9bcd39fa780f18f729

    SHA1

    438ed33a238aa7f40f37df82612a4f1cb3902987

    SHA256

    7e528b2934866ad3e69a6f248a23f955d1a364fc9692214f0101f68c0dddfe37

    SHA512

    2a4f658df9044f180da863a5882613d8ed74ca7cccb6763114845dcfefb46eadec79ce263093d1d059c71307faa07e47480d6bdbad61289196dace697f70f7e1

    Download Submit
  • memory/1032-54-0x0000000076711000-0x0000000076713000-memory.dmp
    Filesize

    8KB

    Download
  • memory/1032-55-0x0000000000400000-0x0000000000546000-memory.dmp
    Filesize

    1.3MB

    Download
  • memory/1032-56-0x0000000000400000-0x0000000000546000-memory.dmp
    Filesize

    1.3MB

    Download