Overview

overview

8

Static

static

98f4328ad3...4b.exe

windows7-x64

8

98f4328ad3...4b.exe

windows10-2004-x64

8

Analysis

  • max time kernel
    169s
  • max time network
    175s
  • platform
    windows7_x64
  • resource
    win7-20220812-en
  • resource tags

    arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
  • submitted
    01-12-2022 07:09

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    98f4328ad3eedc4e5e78b426065dc9d8c17e173213d393ea3580d11c87c7a64b.exe

  • Size

    176KB

  • MD5

    8d31df13ee0a53951186f7623aec8bde

  • SHA1

    dfcac02c889a624df5a02856a7c816e59cba2e02

  • SHA256

    98f4328ad3eedc4e5e78b426065dc9d8c17e173213d393ea3580d11c87c7a64b

  • SHA512

    4d88c111c580c2996e1cb61859ec61447ebe2631f8794d5b26e5862e449c0f9be7c70d209e70858be820678c204598717831349324e0b58f63dd670bb4fcd3a7

  • SSDEEP

    3072:LLIVdnMWqZxKDVb9PQesPOe83fwgFqpqfYTWBdz1QVt:LkAxIePWqQSW7Jo

Score
8/10
persistence

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Adds Run key to start application 2 TTPs 1 IoCs
    persistence
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

  • Modifies Internet Explorer settings 1 TTPs 64 IoCs
    adwarespyware
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of FindShellTrayWindow 2 IoCs
  • Suspicious use of SetWindowsHookEx 16 IoCs
  • Suspicious use of WriteProcessMemory 18 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\98f4328ad3eedc4e5e78b426065dc9d8c17e173213d393ea3580d11c87c7a64b.exe
    "C:\Users\Admin\AppData\Local\Temp\98f4328ad3eedc4e5e78b426065dc9d8c17e173213d393ea3580d11c87c7a64b.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:912
    • C:\Users\Admin\AppData\Roaming\Vlc.exe
      "C:\Users\Admin\AppData\Roaming\Vlc.exe"
      2⤵
      • Executes dropped EXE
      • Adds Run key to start application
      • Modifies Internet Explorer settings
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:948
      • C:\Program Files\Internet Explorer\iexplore.exe
        "C:\Program Files\Internet Explorer\iexplore.exe" http://trololololololololololo.com/
        3⤵
        • Modifies Internet Explorer settings
        • Suspicious use of FindShellTrayWindow
        • Suspicious use of SetWindowsHookEx
        • Suspicious use of WriteProcessMemory
        PID:628
        • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
          "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:628 CREDAT:275457 /prefetch:2
          4⤵
          • Modifies Internet Explorer settings
          • Suspicious use of SetWindowsHookEx
          PID:1120
        • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
          "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:628 CREDAT:1324040 /prefetch:2
          4⤵
          • Modifies Internet Explorer settings
          • Suspicious use of SetWindowsHookEx
          PID:1612
        • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
          "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:628 CREDAT:668697 /prefetch:2
          4⤵
          • Modifies Internet Explorer settings
          • Suspicious use of SetWindowsHookEx
          PID:1304

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA
    Filesize

    1KB

    MD5

    8ce5043f0586087e48c9f07b790306a5

    SHA1

    668cb4a62d13f5d35b9ad62c495c26cff9ca4eff

    SHA256

    2266d6e10bc485bf9ae6e71df2d00e05f9058f1983e10c02488ea2de5755c271

    SHA512

    b9486cd6998613615a91927207834801bde05e82c6753f44c8c7b280d660069af12c0613de5f2123966c9d1ec47bcae1e4c83452c86309cd5c9a15ce9d8f67fb

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\265C0DEB29181DD1891051371C5F863A_46F574BDF8F8E3AC29733131E4667BA4
    Filesize

    472B

    MD5

    1377c2956f6d4d989e6fafbe01600b49

    SHA1

    7a550dd67e42a8f1ba1468646af02691d0580345

    SHA256

    4e0206cd8e1112cdefa7f974876461a968bbcbbf016b1b1c2e3af77346507886

    SHA512

    0c559b1d2e6d1772aba8cc7a9dc8891522dc2df68558d4285ecaa87da4fabd81808f5ee8a599ceb7e26641029f7f9b3d27f33c2f42b0bd1f1a3fc5612083ed09

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\265C0DEB29181DD1891051371C5F863A_7D0866F648887A7BB8C83FDD7893DE3B
    Filesize

    472B

    MD5

    33d4c0eb73252b9ee70cebc62151b0dd

    SHA1

    31bc157147ab1329097d7c6f60bd077186c24bf8

    SHA256

    fbf26b2930e09e9f73ff165eba2ce1f953054ebb7f47d425fd656108131b5cba

    SHA512

    e6765506e8681aeaf6349bd3f47ee66a60063c16898c5a562dc279e43d2b4831a64df4d4edcb80d1af35bf08f074490d65e06fd69183a45d5217a72f25b6c082

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
    Filesize

    61KB

    MD5

    fc4666cbca561e864e7fdf883a9e6661

    SHA1

    2f8d6094c7a34bf12ea0bbf0d51ee9c5bb7939a5

    SHA256

    10f3deb6c452d749a7451b5d065f4c0449737e5ee8a44f4d15844b503141e65b

    SHA512

    c71f54b571e01f247f072be4bbebdf5d8410b67eb79a61e7e0d9853fe857ab9bd12f53e6af3394b935560178107291fc4be351b27deb388eba90ba949633d57d

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\A16C6C16D94F76E0808C087DFC657D99_4A183155DB502CF599F3A8AD6680B8C3
    Filesize

    472B

    MD5

    1f3a4f3edea56419c58836a0c80d5cea

    SHA1

    1558a7ad0acc0c09cdf39ec92030f7ee5736e595

    SHA256

    70aeda0cb136ac1add86931a338558b9f302576cd65537575d232fda623fe2f0

    SHA512

    29de795331ac63c75f2bf342f85f95f93c5fea2121097017b90e06197ce468383e2e49a1a85654f1ef756f007a60a81575056300ed42b67135e72776f16c3e55

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\A16C6C16D94F76E0808C087DFC657D99_5C379F3600DE745720AF61433A9796B2
    Filesize

    472B

    MD5

    baaba92c2ccd740f080a25a9ea5cb3ad

    SHA1

    3322d5a9fb0b3a2ec83247eac9865234cbcefece

    SHA256

    5150dcbc7293378fff4a337fd0f61bdbbf6b4f64bddba6d0fd270be37e81fe07

    SHA512

    20fd1761b80cb1983c3185f2689ebf4fd5b8d8e263c4954c956616d86d6c67cbe629875d4543c94f0f6253da8e4f6b1646e3c11d8da177a2e5f17521583c494c

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA
    Filesize

    724B

    MD5

    f569e1d183b84e8078dc456192127536

    SHA1

    30c537463eed902925300dd07a87d820a713753f

    SHA256

    287bc80237497eb8681dbf136a56cc3870dd5bd12d48051525a280ae62aab413

    SHA512

    49553b65a8e3fc0bf98c1bc02bae5b22188618d8edf8e88e4e25932105796956ae8301c63c487e0afe368ea39a4a2af07935a808f5fb53287ef9287bc73e1012

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F07644E38ED7C9F37D11EEC6D4335E02_DD5E18651A85E635F184F73BE6D3DB70
    Filesize

    472B

    MD5

    98fe7e5fd6b778bcdcc63028c3a49fbd

    SHA1

    06b34160c344526fbe14ce41445b9fe76c0a878d

    SHA256

    d45d898dfe5bf1151557bbbc3be6e6878fbadce386136d60777b4464199173a6

    SHA512

    0cc269ea7fb599994d9baa5ebfeda7b912d3381f90f3dc38cec425a1abb8f9ba8ea848007f4b404b690142891d27d44f8c996235f1cf2c939b203a6d919f09e1

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357
    Filesize

    1KB

    MD5

    a266bb7dcc38a562631361bbf61dd11b

    SHA1

    3b1efd3a66ea28b16697394703a72ca340a05bd5

    SHA256

    df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e

    SHA512

    0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA
    Filesize

    410B

    MD5

    187e0a8fce0ced15b6296344996b3b4b

    SHA1

    5a6a1b851f811738bca9cb3c438c02314dbdf33e

    SHA256

    a0301d4e7417fea66588aecc427642330061ef3ae19a1395964dc9f132e6dc4f

    SHA512

    a427eb776c027ad763bf2f848651dbdf21db7352ac66cd9c47a8de3b63fa1b18db39e74f2f4e7979ca5ed26c72410d788d306c445acbb324671f6df7ce7a5471

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\265C0DEB29181DD1891051371C5F863A_46F574BDF8F8E3AC29733131E4667BA4
    Filesize

    402B

    MD5

    e6e5939753298cf66ef81eb2b1802f3a

    SHA1

    1faf61c05934a277a6a1baa08fe7c12fe88bc935

    SHA256

    56134df3a243bbfccfd28d1d04b350a3c7fe661a9bed88f8daf34e7be5fec45a

    SHA512

    726689561e82ccebf390f4b5f78d77dd324c8ca123f8210b857b972c49c9e34685e2b867d8e814f7e8a4965372ca0074bf2bd7b4778a365627682ee3b5637c8c

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\265C0DEB29181DD1891051371C5F863A_7D0866F648887A7BB8C83FDD7893DE3B
    Filesize

    402B

    MD5

    ad9461e72a73782d7300754fff423992

    SHA1

    13f5a64bb9899a453116c9b14355964293c19c4b

    SHA256

    ba97c19c98ecb1018a79d1776ca5435101f6e2097fff7355d8fe114f84541e84

    SHA512

    ea9d84b8c9fd00875a6b2da413c1044bf006a50c1ca06f7480a111891197f0cbfa797ab883dca773018435433975b01f1f21147fcb5d63fdcd3af221e551f8c4

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    3b9b19c2739130cf7818adbcbb01ee5c

    SHA1

    e7694b1dba4a9490bf2628dcb90d3eac2631f259

    SHA256

    761fd21b5be510c8c009c2b52c39bff2dbb08f8f8ef9b83a376bc059a478ce67

    SHA512

    4c84434e5c6a0d20d3c07574194a36856ede3f53106686364a298a71b1a91cfbc5f82130928f7622c0fec89285e755145477997b5818bed7f6591b7d22755081

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    30a709bbf61356de09e39b143f955414

    SHA1

    0259b39ed8fc5f5ccbeb526f710876d3a5d6f43f

    SHA256

    93de1480dc1e4eba5d37d36a5b8833602bea664d294d42cf6ff53fd99ce86a13

    SHA512

    f051869a411b139279ed024476855e031b1dac398277a72b6eff9b3edb69b02ca8bf3a54f99098dca33ea87c0d7999e7ef85ce08fba77f5fe533476cfde201e1

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\A16C6C16D94F76E0808C087DFC657D99_4A183155DB502CF599F3A8AD6680B8C3
    Filesize

    402B

    MD5

    a3b3a8d9b6d67d9292e646e775682143

    SHA1

    cdc00f0ddcd1ecf2f66558eb590419621f8f62d8

    SHA256

    d279a78a25f6a5622d7e517803222441af1dc594a91c6b768efb7b2f909d3782

    SHA512

    0bc5d8830eb2a66a216ec5507f2fd101665fd8a6a62c59c42eae695bfb0ed5a2a69c57225b332edebe1919189aee41d873c6c920d2aa09d39242b533e6e4fd24

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\A16C6C16D94F76E0808C087DFC657D99_5C379F3600DE745720AF61433A9796B2
    Filesize

    410B

    MD5

    44df14eb0ee033a76b478e8ef9660cfb

    SHA1

    6ca44301f79c51f24879a7b80f8e59558585f036

    SHA256

    ea1a6fe30f91cb956b603d004013969ad29cea1f6839a61f64e39bccfabeea67

    SHA512

    601dde45e348ad094d6497178e2fc528ffe982c448416c742ab756a1d0812b425611f5f016f8baa5b3d3c8d25ab5d318326f4d678d97d56f87454d7e555b6275

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA
    Filesize

    392B

    MD5

    6ffb88e3f41d0734a3cf7d3f9d96d315

    SHA1

    101caa2ded272873bdf3197557161217533905a0

    SHA256

    d19c72ffd0074a1ee21c0f9659ba3f97f0af7c42f8ee986ee958e8d36815ba77

    SHA512

    7e6db332d6623ddf5dcca919e69973f60df94a7d36b3180d291fd473655462affd6f807ff9e78422c482887d4d2f0bd670fc0dcb89e4e8c4861545290a6249d0

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F07644E38ED7C9F37D11EEC6D4335E02_DD5E18651A85E635F184F73BE6D3DB70
    Filesize

    406B

    MD5

    992d26875ac8c4ae766c2e18b4ceec2c

    SHA1

    085f05c7f21e336ee4ee8bd69af643fa84a33852

    SHA256

    bb4a77086ceddd3bf6aa724ab1425c699eb607c68ea92247ef8c6df502f26098

    SHA512

    2b329b4be8e115f48bc56ce5805f2b2420f94fca2e18c1721d3ee2b00755f6029b42fb6ae037b64e3d34a7f173e2b4e8faae37d16f03728bf869c0273b01c399

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357
    Filesize

    242B

    MD5

    be4d0a720f6657fbc3e351aece35fd6c

    SHA1

    4d394d155f040f88cfae019c29ca259ff53619c6

    SHA256

    b1788db3d29a5d819588dbd8970ca72e7208a542bdae108a0d8283bfdc113289

    SHA512

    290fe6f9cb840c54c8e4708c933d28dbd4dfa6774f8acf2ecfd6f9829e0a9e5ae6dcfe09e96d04821660e001e875e0eb7d46b1bbd5a5d6d24728cd21d48bffd1

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\imagestore\tcz8fqz\imagestore.dat
    Filesize

    4KB

    MD5

    017a4457e43b2aceee6b3acc30eb2cb9

    SHA1

    779c2b0c1d999386f1182144f91cdac8fd44411a

    SHA256

    8e66597ee084019eac68f846d02d615c0aba5c7a7e873af27e6bf990fe18a064

    SHA512

    ff3e4fc5b599e2e04079d06449a1fa099037993d63fdc6b15cd6de74b3a0a0f39fa7fc39f37cfbe538d6325512ea3aa7dd89cb94be06ea47fb499d7db8c4d2d8

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\imagestore\tcz8fqz\imagestore.dat
    Filesize

    5KB

    MD5

    a27ad7f67675acef1551a832642407aa

    SHA1

    fa0a532916304937ffe3fcecc7162d35db3b00b7

    SHA256

    51e042dbac35b982d21b248f7dc6538fde86120320f5098e485ebbc8414c8182

    SHA512

    15e746a7f892c67928d4c369d2ebf4b099bd21c76326a279f478e4659837c02d943cddd6b9b95ef03f7d4b8bd5d3497b87371b99835f6542d5bd5cbfdecf6fc4

    Download Submit

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\0UI0USXJ.txt
    Filesize

    266B

    MD5

    a37ab866176eecadd78b89b762353526

    SHA1

    8963bf726505d943626afed185f62bb0320eb7ea

    SHA256

    62b43154efd93cdd6a9de4d663c5debece7ada6a2e5d3939ad9df78f1214c7ad

    SHA512

    83808180874bc50cbb837f23523db067a96034305541a7f92c546a85624d08ed4c84beae6cbf195746fafab396ea2ee4f0051f13ceb4c0d019257e58a5b6f83f

    Download Submit

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\GRO6N9BB.txt
    Filesize

    181B

    MD5

    60ed2a6fd8ce694500cd294cbbb7e5db

    SHA1

    eeeefcab5a6a1921a33b43a58893f0685d15542c

    SHA256

    bee850cf197e906a399334b9181adf5a098100f3499b58529519cc972c818189

    SHA512

    e608dee21263d15871e28fecab78061fb4d2c24b355200151938e248f72b5a46510ad5abb2a5fbd5c2a67318549487734a708213dd9ef34a6c7ecb2487e455b9

    Download Submit

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\NM2RVWKP.txt
    Filesize

    535B

    MD5

    b4a921802b3509a003bf87be5bd3e585

    SHA1

    262e13ca530353befb0109fc6ba021a47fd829f4

    SHA256

    25632d4ea85e2ff8395dbf8c0023c43ecf2786600019951a3c00d24bde90cea8

    SHA512

    74c839ee020c6433f7c5b5c4d26c46bc99dfde52c2320e0b8922ef7dc84e6400e2e8fecfd51cddc0d62c8f64c87dc01dcceac6eaccdf00c96c48c6cd44544482

    Download Submit

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\Y5V3YEJN.txt
    Filesize

    84B

    MD5

    51289ef86bb53b5439ad24b2c9d34a67

    SHA1

    865c77871b15316dce4d1d081b98caada4e5be96

    SHA256

    3cde11111ae23962fa54472f7633a9325c92e05b0d62af1c012011182050193f

    SHA512

    d29735fdf7045155f5b01ce4a2903f496a327e960710ba4c153fc0c0dd5ef1ca2187e784be2192ef87afe87551465192d601440c93b930c1c19a395d391a7433

    Download Submit

  • C:\Users\Admin\AppData\Roaming\Vlc.exe
    Filesize

    27KB

    MD5

    ca3234fa67b6faac365b9829d4e0be6f

    SHA1

    6d2ca38eb6b39dd0b6658fb662c848587b5cab13

    SHA256

    0badd0ea893d2349d46de3a778d6f2945b44c63986ac7274a72122659582b8bd

    SHA512

    6656c33f6e7e434e844f41f6ff4363a2182f5f39a9253bd6fdd5d32d817335cad3a2d3b8b6941237529ad01696c4ec9aa6710d77851300c0dae4b27eda8f120f

    Download Submit

  • C:\Users\Admin\AppData\Roaming\Vlc.exe
    Filesize

    27KB

    MD5

    ca3234fa67b6faac365b9829d4e0be6f

    SHA1

    6d2ca38eb6b39dd0b6658fb662c848587b5cab13

    SHA256

    0badd0ea893d2349d46de3a778d6f2945b44c63986ac7274a72122659582b8bd

    SHA512

    6656c33f6e7e434e844f41f6ff4363a2182f5f39a9253bd6fdd5d32d817335cad3a2d3b8b6941237529ad01696c4ec9aa6710d77851300c0dae4b27eda8f120f

    Download Submit

  • memory/912-55-0x000007FEFBF41000-0x000007FEFBF43000-memory.dmp

    Filesize

    8KB

    Download

  • memory/912-54-0x000007FEF3BC0000-0x000007FEF45E3000-memory.dmp

    Filesize

    10.1MB

    Download

  • memory/948-62-0x00000000004D6000-0x00000000004F5000-memory.dmp

    Filesize

    124KB

    Download

  • memory/948-59-0x000007FEF4AA0000-0x000007FEF54C3000-memory.dmp

    Filesize

    10.1MB

    Download

  • memory/948-60-0x000007FEEE2C0000-0x000007FEEF356000-memory.dmp

    Filesize

    16.6MB

    Download

  • memory/948-56-0x0000000000000000-mapping.dmp

    Download

  • memory/948-61-0x00000000004D6000-0x00000000004F5000-memory.dmp

    Filesize

    124KB

    Download