Overview

overview

8

Static

static

9bdada33f3...61.exe

windows7-x64

8

9bdada33f3...61.exe

windows10-2004-x64

8

Analysis

  • max time kernel
    119s
  • max time network
    152s
  • platform
    windows7_x64
  • resource
    win7-20221111-en
  • resource tags

    arch:x64arch:x86image:win7-20221111-enlocale:en-usos:windows7-x64system
  • submitted
    01/12/2022, 10:39

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    9bdada33f3fc95ffccc40f10a047caa88ba45857cc18c545cd0d35a601128e61.exe

  • Size

    1.4MB

  • MD5

    3418d80859058585e177aaa64641e820

  • SHA1

    28e835edad756f392e909b7761892f46cf0bdded

  • SHA256

    9bdada33f3fc95ffccc40f10a047caa88ba45857cc18c545cd0d35a601128e61

  • SHA512

    ae0f671343fd0d8625f659392fd40189864aea4029cbfdadf553c9db40e462692c44fb8eaa3f1e2065bc25df00d934203e6f25f066ac39936935f391e6004874

  • SSDEEP

    24576:UGXghB8kjjGlTBiBkdXORxhQZoaeTKh1YTqdoIMGF0NyzZhb:UJCBh+vhQfaKh142wUD

Score
8/10

Malware Config

Signatures

  • Drops file in Drivers directory 2 IoCs
  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 2 IoCs
  • Drops file in System32 directory 2 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

  • Modifies Internet Explorer settings 1 TTPs 48 IoCs
    adwarespyware
  • Modifies Internet Explorer start page 1 TTPs 1 IoCs
    stealer
  • Modifies system certificate store 2 TTPs 2 IoCs
    evasionspywaretrojan
  • Suspicious behavior: EnumeratesProcesses 3 IoCs
  • Suspicious behavior: LoadsDriver 2 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 16 IoCs
  • Suspicious use of WriteProcessMemory 16 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\9bdada33f3fc95ffccc40f10a047caa88ba45857cc18c545cd0d35a601128e61.exe
    "C:\Users\Admin\AppData\Local\Temp\9bdada33f3fc95ffccc40f10a047caa88ba45857cc18c545cd0d35a601128e61.exe"
    1⤵
    • Drops file in Drivers directory
    • Loads dropped DLL
    • Drops file in System32 directory
    • Modifies Internet Explorer settings
    • Modifies Internet Explorer start page
    • Modifies system certificate store
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:1824
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" http://www.cffuzhu.com/
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:952
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:952 CREDAT:275457 /prefetch:2
        3⤵
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:1276
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:952 CREDAT:406536 /prefetch:2
        3⤵
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:1156
    • C:\Windows\SysWOW64\CFleilei.exe
      C:\Windows\system32\CFleilei.exe
      2⤵
      • Executes dropped EXE
      • Drops file in System32 directory
      • Suspicious use of SetWindowsHookEx
      PID:896

Network

        MITRE ATT&CK Enterprise v6

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\0DA515F703BB9B49479E8697ADB0B955_4136D3715888E22D65EBE484B233D81B
          Filesize

          1KB

          MD5

          8461b627fd0e03a19c0066e408ea7046

          SHA1

          799fe8fc1b7cd1e9b361bc29eb53d22ac4650f22

          SHA256

          3cfe7bdbfc30c77d71caba0bb759ffb0c37c243f89ff5de9352fb37a2d977ba7

          SHA512

          2d965a4516e87529eb3ed7bcb366e1b42711b1fee840a2b3679a4298ccbdb5634f4f5c2fdfc23db41e297fa01d153f5014bcdbd184088f27c41c4877134fe04d

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\349D186F1CB5682FA0194D4F3754EF36_97A2CB43E01F27293633B7B57353C80B
          Filesize

          1KB

          MD5

          aae127276e11f73783b91ae7865b959b

          SHA1

          b886fc94dad951346d28aa28e3617aacd9782037

          SHA256

          323a186c50387c4bcc670314dd3f21ae7bf7745822460ffb9e1af745f33628a0

          SHA512

          f8f6001f3b74f9ffe068df182084511582c25305f42db292803fadeeaea04622334ba036a51d001d86619fd6eaaa7becad9e5befa2fa7d6968499f01b2c23e7d

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
          Filesize

          61KB

          MD5

          fc4666cbca561e864e7fdf883a9e6661

          SHA1

          2f8d6094c7a34bf12ea0bbf0d51ee9c5bb7939a5

          SHA256

          10f3deb6c452d749a7451b5d065f4c0449737e5ee8a44f4d15844b503141e65b

          SHA512

          c71f54b571e01f247f072be4bbebdf5d8410b67eb79a61e7e0d9853fe857ab9bd12f53e6af3394b935560178107291fc4be351b27deb388eba90ba949633d57d

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\B039FEA45CB4CC4BBACFC013C7C55604_50D7940D5D3FEDD8634D83074C7A46A3
          Filesize

          1KB

          MD5

          65bd21a8c45a88ba323335fe676c00ed

          SHA1

          a80ae68c4bda2b9198744fa2dd6636a24f50cc82

          SHA256

          b37038c79f8b28c632230d8bf35ea3d17fb67cc1b841a06afb3ae1f73136d679

          SHA512

          086611121991452157c3089b834b7e54355a914bafbb39a955858cd87cdc33e5029500c556503f5e33019c0c87b73824dd3dded28e152229e58e97629f13b5da

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\0DA515F703BB9B49479E8697ADB0B955_4136D3715888E22D65EBE484B233D81B
          Filesize

          508B

          MD5

          033f88ee9858d531c810b387e6d0731a

          SHA1

          1612a3323226f515903356f94c9b980a7e6081ab

          SHA256

          b5950788b505049f9553af88e1a2ef9aefe190a588c676b5becf4e8ce64db5cf

          SHA512

          0580104e9aa8642695ba0b37a8d8156eb5fdaef950b5fad70ad207e9d0cc398b0040406b1587aa215139278b0413705bb6772b007fa0db9d8ccf2e7e33f4a901

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\349D186F1CB5682FA0194D4F3754EF36_97A2CB43E01F27293633B7B57353C80B
          Filesize

          532B

          MD5

          db94b555843102444352bbed3af921e0

          SHA1

          ef809eed8f87699ff07ae2a26661093a4ceefa94

          SHA256

          2eb62f343d2244e649427468d17d5ff0d05dbb6f8b012bc42b0af8d8dcdba540

          SHA512

          6fc9fbe60699e7b3a28e5e6913eea06ffa2025a5c078b42ca1c1379e178cfba51c577e571e17eb7f87333eb58ad0cf7387240178730fe4aae8d98d933e9ff7c9

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          342B

          MD5

          e54a99bc5bada88cec275d0c0ad6882d

          SHA1

          50b98eb67251b27e6fc7929db5fc222ada744813

          SHA256

          b8b84ec75c1078f54f4209314418af0c6fb7187fb120b66992cf20c62a763b83

          SHA512

          1bb02b251f84c99ca8c1c9875f1461e48d23ace949ba3432ccf27440a2fb472b94b2d73f0b5aae4e9152168965497133635fd9fe4da5ba4cba2e235d6bf29f4f

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          342B

          MD5

          361c4b916876c095a472608dd94ee67c

          SHA1

          957ddc1699754fd884ee4fd3661c783e82672f5a

          SHA256

          9764caf25e6ad1ac984d3ba51d04f592a1cf39f0855910335a2cdba505f0712d

          SHA512

          fd17dd0fe0c9b2f265afe33826696d32917bd79ee07db991f7dc7bfb6e64cfe8fb4dc83ae2de96d1310f01d27cb37e3304f26e31791d271927602741c6f44dba

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\B039FEA45CB4CC4BBACFC013C7C55604_50D7940D5D3FEDD8634D83074C7A46A3
          Filesize

          506B

          MD5

          0d94b8a5b1e42ab68c8299d115dfb0a3

          SHA1

          79922402a02d76f5e682d865e3e430935a71bd97

          SHA256

          bcab08dc634688b19c1eae0f6c35268f07c752c09cfcbe0c3f467751363ee4c7

          SHA512

          5c9f8eb728139457ffaf39fa905b707f3299be2dacc251d5d1933282b8614c1bd8e1b2f93082d66127687d0a88510e39b1dcf1b62453c47c9cb03581048ce702

          Download Submit

        • C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\imagestore\try74lz\imagestore.dat
          Filesize

          1KB

          MD5

          4023ec599fdfab76834c16f2ec51e4d0

          SHA1

          948fc488c282ed9ec35d190fa489c1bf7a2686ca

          SHA256

          d0697373330d94b0a15839dc7e049c8cb9766ec507b5316d479fcc6ed9623f58

          SHA512

          fca5f9d6782baf96e70b9e46921cebc5c73b8c5db075b5a43185d54f94441633928e83b03988b7a1d61c90302bbf34ec8967b4db585998f8274f6730ecd22fa3

          Download Submit

        • C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\imagestore\try74lz\imagestore.dat
          Filesize

          10KB

          MD5

          999354a24914bc4a9072210f27e76e24

          SHA1

          c98e4efff8949c9f8a9d663ea0fa1e87b9430504

          SHA256

          5010fab31f613f4d5febf6da9111092e406c920dd52915c809c845fd28e480f4

          SHA512

          4252de25744fffb3d190162ba256bf6bf84bd52607fe3099b2aadad936295e0886721b3f0a27b4aad0b3f5f71f1f976b2def217e6a2781a22d38f34816eed740

          Download Submit

        • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\2RILQ0KK.txt
          Filesize

          754B

          MD5

          c62e592350995f32fcd3698441941e65

          SHA1

          a0207caf8b61ff7c6ab44dda40917dabc1cbb47d

          SHA256

          740c39327b8440677364f9b349ac192dc1b8a39d190f2d742d886dc4f24a0a36

          SHA512

          ba817d4b8ad01a99f447c22d83128ec104bfa5e1fc0d0dcc60f91fce36023f441304d2323333a252c4fd33d70e5583a2c4e91483fe15ec719961c6819bb3b5c2

          Download Submit

        • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\BPUOVSHO.txt
          Filesize

          104B

          MD5

          9e5408aecd8f9a1aaac66df4e5acdc3f

          SHA1

          7c6fcfe2eaf0b0ca04c54caa97d2e54caca830aa

          SHA256

          11826b466e6ed30c58f86d1997b1a60774f85abb34a365ec7252d50da9328e6e

          SHA512

          28b1f9eae7584b29d67d4ad7e1f170e533d28a6a1f2cc49f6f44fbef143a2050ab5a9f16167147071c2ed9beb902c197c1442df39530f01a1c76e52c5857c819

          Download Submit

        • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\F327H4O7.txt
          Filesize

          321B

          MD5

          ea5b1f54990bed91ec377afb6ba36b3f

          SHA1

          dc3dfc0107234a874f90c54bbe6dd0908a34e3e4

          SHA256

          a650581492a25a374e6cc5eb30eeab2206708e1f5f81a778bd49f14116aef4c6

          SHA512

          47894ed172eb19a090f1f121456654d814a83ade195378c4f555eb16a16b8b74e2768c14736e256afd5411ea1f65b33ccdc400af026f75609e6b620f3240c1dc

          Download Submit

        • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\MMZX4NKB.txt
          Filesize

          533B

          MD5

          cc824026c9aaad4082cdf9b7973ba559

          SHA1

          5ab478b0685a8a0166b563185bb594ba89bcd868

          SHA256

          f03512c0106d2ee76eb261eb4ae66b26fb2d559004af7e50e0f250f91713c552

          SHA512

          a84edf99c7daffc7de1c0baee127e881aaf647bad25bfd7ae347b5b6021280e5c0cff8a2318e5a57d74d7869a83f7fb52f836d62205b1a66a122d05e647eca5a

          Download Submit

        • C:\Windows\SysWOW64\CFleilei.exe
          Filesize

          632KB

          MD5

          f8441fa40c9108ba8a056b2012ea4f64

          SHA1

          3444544f8abbf47165d3f3303274d3ce7325a8c2

          SHA256

          e946af5ee5c30450ab8d85fb0387a8f369e720794195ee3487f22a6b0b02dc4f

          SHA512

          67395c945ad4f3b4c2edfb6ec322f430230da699c1e9956fd768b794c0719e4a85af5c44b0611380c3483182d7d2dce9a46364b032d3b138c1b296a2d9e0269c

          Download Submit

        • \Windows\SysWOW64\CFleilei.exe
          Filesize

          632KB

          MD5

          f8441fa40c9108ba8a056b2012ea4f64

          SHA1

          3444544f8abbf47165d3f3303274d3ce7325a8c2

          SHA256

          e946af5ee5c30450ab8d85fb0387a8f369e720794195ee3487f22a6b0b02dc4f

          SHA512

          67395c945ad4f3b4c2edfb6ec322f430230da699c1e9956fd768b794c0719e4a85af5c44b0611380c3483182d7d2dce9a46364b032d3b138c1b296a2d9e0269c

          Download Submit

        • \Windows\SysWOW64\CFleilei.exe
          Filesize

          632KB

          MD5

          f8441fa40c9108ba8a056b2012ea4f64

          SHA1

          3444544f8abbf47165d3f3303274d3ce7325a8c2

          SHA256

          e946af5ee5c30450ab8d85fb0387a8f369e720794195ee3487f22a6b0b02dc4f

          SHA512

          67395c945ad4f3b4c2edfb6ec322f430230da699c1e9956fd768b794c0719e4a85af5c44b0611380c3483182d7d2dce9a46364b032d3b138c1b296a2d9e0269c

          Download Submit

        • memory/1824-54-0x0000000075F21000-0x0000000075F23000-memory.dmp

          Filesize

          8KB

          Download