81d3258c0210844668ec7482249868920b05e2f97ed93eed44f64e115933b34c

General

Target

81d3258c0210844668ec7482249868920b05e2f97ed93eed44f64e115933b34c.exe
Size

1.9MB
MD5

38ed1482a93e877aa73059ae4d0fa8c4
SHA1

c38f9632058d1a71a1679191406feb105553aa1a
SHA256

81d3258c0210844668ec7482249868920b05e2f97ed93eed44f64e115933b34c
SHA512

55466f9b1ed75371c4855ff286e59a1e82f01a3cb45b21470ef229cb521c1768aadfee7aad4cbabfda0ca35df5c19bd035b85bf51383579b4aa69a585d6cc6b4
SSDEEP

49152:4xIjr6wPSFG2a0bDgfRFqT9EPvLI2ShrNDujwA:4qjr3S023Dg7qT+PBShBDQwA

Score

3^/10

Malware Config

Signatures

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

System Information Discovery
T1082

Modifies Internet Explorer settings 1 TTPs 1 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-4063495947-34355257-727531523-1000\Software\Microsoft\Internet Explorer\TypedURLs	81d3258c0210844668ec7482249868920b05e2f97ed93eed44f64e115933b34c.exe

Suspicious use of SetWindowsHookEx 3 IoCs

pid	Process
1364	81d3258c0210844668ec7482249868920b05e2f97ed93eed44f64e115933b34c.exe
1364	81d3258c0210844668ec7482249868920b05e2f97ed93eed44f64e115933b34c.exe
1364	81d3258c0210844668ec7482249868920b05e2f97ed93eed44f64e115933b34c.exe

C:\Users\Admin\AppData\Local\Temp\81d3258c0210844668ec7482249868920b05e2f97ed93eed44f64e115933b34c.exe
"C:\Users\Admin\AppData\Local\Temp\81d3258c0210844668ec7482249868920b05e2f97ed93eed44f64e115933b34c.exe"
1⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:1364

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

1

T1112

Credential Access

Discovery

System Information Discovery

1

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1364-54-0x0000000075091000-0x0000000075093000-memory.dmp

Filesize
8KB

Download
memory/1364-55-0x000000007EF50000-0x000000007EFAC000-memory.dmp

Filesize
368KB

Download
memory/1364-56-0x000000007EF50000-0x000000007EFAC000-memory.dmp

Filesize
368KB

Download
memory/1364-57-0x000000007EF50000-0x000000007EFAC000-memory.dmp

Filesize
368KB

Download
memory/1364-58-0x000000007EF50000-0x000000007EFAC000-memory.dmp

Filesize
368KB

Download
memory/1364-59-0x000000007EF50000-0x000000007EFAC000-memory.dmp

Filesize
368KB

Download
memory/1364-60-0x000000007EF50000-0x000000007EFAC000-memory.dmp

Filesize
368KB

Download
memory/1364-61-0x000000007EF50000-0x000000007EFAC000-memory.dmp

Filesize
368KB

Download
memory/1364-62-0x000000007EF50000-0x000000007EFAC000-memory.dmp

Filesize
368KB

Download
memory/1364-63-0x0000000000537000-0x000000000053A200-memory.dmp

Filesize
12KB

Download
memory/1364-64-0x0000000000537000-0x000000000053A200-memory.dmp

Filesize
12KB

Download
memory/1364-65-0x0000000000537000-0x000000000053A200-memory.dmp

Filesize
12KB

Download
memory/1364-66-0x0000000000537000-0x000000000053A200-memory.dmp

Filesize
12KB

Download
memory/1364-67-0x0000000000537000-0x000000000053A200-memory.dmp

Filesize
12KB

Download
memory/1364-68-0x0000000000537000-0x000000000053A200-memory.dmp

Filesize
12KB

Download
memory/1364-69-0x0000000000537000-0x000000000053A200-memory.dmp

Filesize
12KB

Download
memory/1364-70-0x0000000000537000-0x000000000053A200-memory.dmp

Filesize
12KB

Download
memory/1364-71-0x0000000000537000-0x000000000053A200-memory.dmp

Filesize
12KB

Download
memory/1364-72-0x0000000000537000-0x000000000053A200-memory.dmp

Filesize
12KB

Download
memory/1364-73-0x0000000000537000-0x000000000053A200-memory.dmp

Filesize
12KB

Download
memory/1364-74-0x0000000000537000-0x000000000053A200-memory.dmp

Filesize
12KB

Download
memory/1364-75-0x0000000000537000-0x000000000053A200-memory.dmp

Filesize
12KB

Download
memory/1364-76-0x0000000000537000-0x000000000053A200-memory.dmp

Filesize
12KB

Download
memory/1364-78-0x0000000000537000-0x000000000053A200-memory.dmp

Filesize
12KB

Download
memory/1364-77-0x0000000000537000-0x000000000053A200-memory.dmp

Filesize
12KB

Download
memory/1364-79-0x0000000000537000-0x000000000053A200-memory.dmp

Filesize
12KB

Download
memory/1364-80-0x0000000000537000-0x000000000053A200-memory.dmp

Filesize
12KB

Download
memory/1364-81-0x0000000000537000-0x000000000053A200-memory.dmp

Filesize
12KB

Download
memory/1364-82-0x0000000000537000-0x000000000053A200-memory.dmp

Filesize
12KB

Download
memory/1364-83-0x0000000000537000-0x000000000053A200-memory.dmp

Filesize
12KB

Download
memory/1364-84-0x0000000000537000-0x000000000053A200-memory.dmp

Filesize
12KB

Download
memory/1364-85-0x0000000000537000-0x000000000053A200-memory.dmp

Filesize
12KB

Download
memory/1364-86-0x0000000000400000-0x0000000000BDE000-memory.dmp

Filesize
7.9MB

Download
memory/1364-87-0x000000007EF50000-0x000000007EFAC000-memory.dmp

Filesize
368KB

Download
memory/1364-88-0x0000000000400000-0x0000000000BDE000-memory.dmp

Filesize
7.9MB

Download
memory/1364-89-0x0000000000400000-0x0000000000BDE000-memory.dmp

Filesize
7.9MB

Download
memory/1364-90-0x000000007EF50000-0x000000007EFAC000-memory.dmp

Filesize
368KB

Download

Analysis

Sharing