Overview

overview

8

Static

static

8

2bfe66f919...42.exe

windows7-x64

8

2bfe66f919...42.exe

windows10-2004-x64

8

Analysis

  • max time kernel
    149s
  • max time network
    158s
  • platform
    windows7_x64
  • resource
    win7-20220812-en
  • resource tags

    arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
  • submitted
    01/12/2022, 10:29

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    2bfe66f919a246a58c4caf60606c0b612cfed819fa4dacedc6d0eab0fc392642.exe

  • Size

    1.2MB

  • MD5

    e148b8ce66c584f5e9affb47808e251b

  • SHA1

    d95fd0e36af4db7b5d5745cf4718bbbd8fb0a229

  • SHA256

    2bfe66f919a246a58c4caf60606c0b612cfed819fa4dacedc6d0eab0fc392642

  • SHA512

    25ec6b47f66c32a982a5e9c94e5a4edacc79bdeec326afb064a9055b5d94fc03a2ffee74c2c3166d48d0062419d12f9f225b559fb9139ad4b1fcbe9599ffe357

  • SSDEEP

    24576:eAU8WGNi0q2pom+uFjECaOiuz2PAelzwOi/8Lg+w49:edLOiYpom+xO3aPAufi0k949

Score
8/10
vmprotect

Malware Config

Signatures

  • VMProtect packed file 4 IoCs

    Detects executables packed with VMProtect commercial packer.

    vmprotect
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

  • Modifies Internet Explorer settings 1 TTPs 39 IoCs
    adwarespyware
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 10 IoCs
  • Suspicious use of WriteProcessMemory 8 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\2bfe66f919a246a58c4caf60606c0b612cfed819fa4dacedc6d0eab0fc392642.exe
    "C:\Users\Admin\AppData\Local\Temp\2bfe66f919a246a58c4caf60606c0b612cfed819fa4dacedc6d0eab0fc392642.exe"
    1⤵
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:1388
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" http://www.cfdami.com
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:1208
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1208 CREDAT:275457 /prefetch:2
        3⤵
        • Modifies Internet Explorer settings
        • Suspicious behavior: GetForegroundWindowSpam
        • Suspicious use of SetWindowsHookEx
        PID:932

Network

        MITRE ATT&CK Enterprise v6

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\0DA515F703BB9B49479E8697ADB0B955_4136D3715888E22D65EBE484B233D81B
          Filesize

          1KB

          MD5

          8461b627fd0e03a19c0066e408ea7046

          SHA1

          799fe8fc1b7cd1e9b361bc29eb53d22ac4650f22

          SHA256

          3cfe7bdbfc30c77d71caba0bb759ffb0c37c243f89ff5de9352fb37a2d977ba7

          SHA512

          2d965a4516e87529eb3ed7bcb366e1b42711b1fee840a2b3679a4298ccbdb5634f4f5c2fdfc23db41e297fa01d153f5014bcdbd184088f27c41c4877134fe04d

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
          Filesize

          61KB

          MD5

          fc4666cbca561e864e7fdf883a9e6661

          SHA1

          2f8d6094c7a34bf12ea0bbf0d51ee9c5bb7939a5

          SHA256

          10f3deb6c452d749a7451b5d065f4c0449737e5ee8a44f4d15844b503141e65b

          SHA512

          c71f54b571e01f247f072be4bbebdf5d8410b67eb79a61e7e0d9853fe857ab9bd12f53e6af3394b935560178107291fc4be351b27deb388eba90ba949633d57d

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\B039FEA45CB4CC4BBACFC013C7C55604_50D7940D5D3FEDD8634D83074C7A46A3
          Filesize

          1KB

          MD5

          d86cf35a26124ae08e55ac69af81f731

          SHA1

          1e994d462214513215c67eb0add6f802d45cdf75

          SHA256

          518676fc168473baef2b229a75b14d56a0cd9792ef33a3cf89da972ebb34412d

          SHA512

          d930e566caa14faff75ec5f4fc89bcca868345c6c9cae7152c38b9da97380c9e7c3c8f9b81cbaac2ef4b56168bbfe70c3a287e153a454d6c6aa2fbb1d9b66390

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\0DA515F703BB9B49479E8697ADB0B955_4136D3715888E22D65EBE484B233D81B
          Filesize

          508B

          MD5

          daa0c5ed18f74d20eef43cec7c1ead45

          SHA1

          a83214684f94260e695f59561a5f9b1175387feb

          SHA256

          a0cb4b6c47826dbb3c8a5a387dd91ff36faa3c709dc16d7a8afad20f8187d899

          SHA512

          42dd47fde188d99901cd006f14302135373ea22647f2a9ad64b708bfe5d18c4658d3f68a0211812c62b1ff02934356995723a07be90f319870b173e85273478c

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          340B

          MD5

          5d3249e43579c478b44654f82ef15477

          SHA1

          ab70003cb8ca7ee6d14f2941ff4fd21128cdc89b

          SHA256

          46dbd677d532a41c4840b671831533a283e3439b649a7caf39b2f382e893dc92

          SHA512

          da55ce2f429d4c5dd0ec9fdd7aa45592df6e120edb38d83324d8aeb487bebc59859d8ad01ccb4c5c8a6080c012be50594c75b1e89a8cdb5059a995fcea080227

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          342B

          MD5

          2e3ecc58dc16807fdedd18ae9d309ab8

          SHA1

          6c13ad5c07ed56be156ae4eb414e725da3352b8f

          SHA256

          b4dbce9050ce77ef01b43564bcd4d99b06027720c285058f0e406f2ceaef54f6

          SHA512

          14bd9237c39fcacbb2c8feea4e75869ed75dc6d384e6ab9ba05931fdc7e72af7a3e5dbbd45c7e1911303f487f9f88ca7723c19dafd2555404a2ccfa32e00f949

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\B039FEA45CB4CC4BBACFC013C7C55604_50D7940D5D3FEDD8634D83074C7A46A3
          Filesize

          506B

          MD5

          67b150977e6ef327a37232aeaf4eb4ab

          SHA1

          bca2516ff610e5f0ac03fd855a5030c8855290d4

          SHA256

          c7d53603cfe5dd255dcd7b46ff371868e3be2824423efdb7f465c0285a8890a8

          SHA512

          6e1d7f7347a4377c0858c78111578a2fb822b740ee45896244acb0ccc75e064c977ca521cc58394c603520fe6853f6e5d8eb1ca65613cccf05059c88731f49b7

          Download Submit

        • C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0LYNQJM7\I1MOMV2H.htm
          Filesize

          278KB

          MD5

          f2b97a8421e99c2b060bd0113cb79084

          SHA1

          01e193c6c8578080640b83458c3e26ac8a73f568

          SHA256

          44c664ac76cc2c5d6ba3d1dcaa78d288d43bc49989f67eb0f614b136112ae05b

          SHA512

          a70473fdfdf0fbb73f170a14cf54c1c48341e3a810a03a8c45478726cc478293332fcc7f0fd74572f1a34363089cae5d990afc254d40d2db9ba08662dec99ec9

          Download Submit

        • C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0LYNQJM7\white2[1].css
          Filesize

          1KB

          MD5

          20b0aa3ba2ba814c7e6d16cfa19f3d28

          SHA1

          66428ca19ddbcd34ddba1e22717ff26c8fc2098e

          SHA256

          9ba6eac6d8c0da502ad2ff2726acbebac161863c838f6e5eb85f155d8ce59c61

          SHA512

          25c5b27bd74b314c1b8aff6329bedc4554d49ac0bc384f5f2c0c5ca128df847f994c8dee8a7a7bc24fafea9185be4b8d22e452592161925a3289a4491a11fdf8

          Download Submit

        • C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\MK8YK3QV\bootstrap-bbs[1].css
          Filesize

          4KB

          MD5

          af896d79fbfee84a11f7ea3e5811ebb8

          SHA1

          e870488f5bbbe2c907eceab5181adf9a967fc54d

          SHA256

          09a11164df7bfca613e7f00974a4bc29c6765af87298b1123bb52d772da4a3b5

          SHA512

          ffa26440c3cbf73183e71d5eff39de795a583473d73f86a76316165c0df42d29612a066e4ab980b17953e43950a9164a79acf22c15dd7341192d7e5870a83853

          Download Submit

        • C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\MK8YK3QV\bootstrap[1].css
          Filesize

          192KB

          MD5

          62c5cae7f6038a90bbe57e32aaae70a0

          SHA1

          3b19f0b7bd0f794165f66a848d372a04d3251f0b

          SHA256

          b603a4827ca9917237f14d021d0f1c374177e7dac008e932cd95a074ac7b2a8e

          SHA512

          8ccf6943a44e03b5abcb8cde4431e8af8a24d528f928fae72e81f9ea536490aef5ec4e829428138eef34cacafc17f767f2d5bbd2daca0e75b3a9e63301fb551d

          Download Submit

        • C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\V881MODH\plus[1].css
          Filesize

          557B

          MD5

          98969d45be2375d31e56549207f2dba7

          SHA1

          047b707c97319e4ae9889331fa610ca5ee182ab9

          SHA256

          4501a0dbfe5408c669c62796c5977ae80caa445993141d25d60df4105cfd6be0

          SHA512

          751432570a7594235bfb25f55acfca114942999cd6e4239a54bad33532aa9c3ed4d8dbbbcc255b9e163b02bdb0392955c191c5f3c9e04b0d5a0b53373dc70943

          Download Submit

        • C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\WRZXZATJ\av[1].css
          Filesize

          36KB

          MD5

          8f93e03614406339f94a0ddd7eaebb71

          SHA1

          e3869dbb4eee4a24de5f809cdf5306c42489cdea

          SHA256

          c2558ba8391736bd7237bce938e11c60750ac34a61c19a68dcbb15ce3bf14dea

          SHA512

          ab14a7ab5aad319b1f90555f9240fabf39dc77e145b85b56ef2da38f81982fc129f287adb46d5ec86d86be804d0d45d14612781199f6443566cafc6bdf5e6352

          Download Submit

        • C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\WRZXZATJ\white[1].css
          Filesize

          23KB

          MD5

          055b01513eb588878e38199f0dcbae23

          SHA1

          461dccc4dd29409f8d7cc84fb065d043b18d064f

          SHA256

          7b65663be6cfa0f90450fed32a1afa2f987cd8e0fa53759f42a15c9db538a76f

          SHA512

          0119a27877349e427d680e81fc230edc5e98b4d2e914f951932eaf0d3e5e6b4171247122341dd6a25490a14e67315d5caa1ed23332068dd7404b79a6f9cbe93c

          Download Submit

        • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\JWQDTB64.txt
          Filesize

          606B

          MD5

          d7e711682aaef22abbb5f4b2f75f69a9

          SHA1

          97a78dee64c36fc82646604bd38b04d836b51b63

          SHA256

          f563ecd9584f3d6c807e3800348891f9102a275875d9e54a9ebc3e8689340c1a

          SHA512

          fb7881b63accbfb92deb6ee5493d81b45b805bb3a2e5d4a520b4ffc6edf964609719428501a1b60a0115bfb83f71020c448ddc3d1e3eebd3548f402ae0b3758a

          Download Submit

        • memory/1388-54-0x00000000768A1000-0x00000000768A3000-memory.dmp

          Filesize

          8KB

          Download

        • memory/1388-60-0x0000000000400000-0x00000000006F3000-memory.dmp

          Filesize

          2.9MB

          Download

        • memory/1388-58-0x0000000000400000-0x00000000006F3000-memory.dmp

          Filesize

          2.9MB

          Download

        • memory/1388-57-0x0000000000400000-0x00000000006F3000-memory.dmp

          Filesize

          2.9MB

          Download

        • memory/1388-55-0x0000000000400000-0x00000000006F3000-memory.dmp

          Filesize

          2.9MB

          Download