Overview

overview

8

Static

static

8

d5e4cc2b93...81.exe

windows7-x64

7

d5e4cc2b93...81.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    136s
  • max time network
    156s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20220901-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20220901-enlocale:en-usos:windows10-2004-x64system
  • submitted
    01/12/2022, 12:54

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    d5e4cc2b9385a98a8168bc607c1bc64e53ccfa71b9c7e94b940cb83f7a20d981.exe

  • Size

    21KB

  • MD5

    ab08623461861158f4ca1d04dd6239c9

  • SHA1

    10a79e2274cb8e2f9b9fae042c9f45103fb6f787

  • SHA256

    d5e4cc2b9385a98a8168bc607c1bc64e53ccfa71b9c7e94b940cb83f7a20d981

  • SHA512

    eb82a736e9e045fb4f7438881d4f6f8d510763d2e00a371e9c8a3bf5550e27af9488b48b4be379859f4b4300945d4ef91a2ef7d35d4d30de17c4c94ba834938e

  • SSDEEP

    384:JVEi6d/zY7ez9sZQuUd5hCnMBDAebfLMYI1G1AxLr6+S9Pfu7n5v:JVEi6d7YTZQLdUMBDAebzMYUGuxydeVv

Score
7/10

Malware Config

Signatures

  • Checks computer location settings 2 TTPs 1 IoCs

    Looks up country code configured in the registry, likely geofence.

  • Loads dropped DLL 1 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

  • Modifies Internet Explorer settings 1 TTPs 29 IoCs
    adwarespyware
  • Modifies registry class 2 IoCs
  • Suspicious behavior: EnumeratesProcesses 6 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 7 IoCs
  • Suspicious use of WriteProcessMemory 8 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\d5e4cc2b9385a98a8168bc607c1bc64e53ccfa71b9c7e94b940cb83f7a20d981.exe
    "C:\Users\Admin\AppData\Local\Temp\d5e4cc2b9385a98a8168bc607c1bc64e53ccfa71b9c7e94b940cb83f7a20d981.exe"
    1⤵
    • Checks computer location settings
    • Modifies registry class
    • Suspicious use of WriteProcessMemory
    PID:1376
    • C:\Users\Admin\AppData\Local\Temp\d5e4cc2b9385a98a8168bc607c1bc64e53ccfa71b9c7e94b940cb83f7a20d981.exe
      "C:\Users\Admin\AppData\Local\Temp\d5e4cc2b9385a98a8168bc607c1bc64e53ccfa71b9c7e94b940cb83f7a20d981.exe"
      2⤵
      • Loads dropped DLL
      • Modifies Internet Explorer settings
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:4196
      • C:\Program Files\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files\Internet Explorer\IEXPLORE.EXE"
        3⤵
        • Modifies Internet Explorer settings
        • Suspicious behavior: GetForegroundWindowSpam
        • Suspicious use of FindShellTrayWindow
        • Suspicious use of SetWindowsHookEx
        • Suspicious use of WriteProcessMemory
        PID:3900
        • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
          "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:3900 CREDAT:17410 /prefetch:2
          4⤵
          • Modifies Internet Explorer settings
          • Suspicious use of SetWindowsHookEx
          PID:632

Network

        MITRE ATT&CK Enterprise v6

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776
          Filesize

          471B

          MD5

          0ff2da8bfc83bec6bce38ba6a3f7bf58

          SHA1

          84c37df7bed08d69f040c289676735c49a9564eb

          SHA256

          91026f24711c435d99a44884c7239ed1265cd17c0259a6c5885f69e4309421ea

          SHA512

          78afdc44d7557b2f14444182085252e8456c91289511d6f2abfd1d7273d05baba9a94206d370add716b9fc30dc326a1a2e1c78f642e926759d962cf216c3a489

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776
          Filesize

          434B

          MD5

          0cd44f74fe4e2bf307cd2f6adf598c63

          SHA1

          52a0f96b25e3407d90ad2e8fbae5ac82bccbc4ec

          SHA256

          55bd40ab72b5ebbb4bc85b4a01f73cf4d5ff55df3613dffdc1211581d808e703

          SHA512

          6444a4868fbe969f74dedb4d770d819e812af1ddbed8b6fccb0930f42da83ff025c90ea8f7848e2c5cc632338a8baa28220d1de50fab7aafadc2103de23f9c26

          Download Submit

        • C:\Users\Admin\AppData\Local\Temp\tmpE5A2.tmp
          Filesize

          26KB

          MD5

          19da423603964c137036759ba65b26a4

          SHA1

          9a759d8e318733ef7809a921b1dea64d5f3c0faa

          SHA256

          89938a90d3897493229195a753afb316750220b495fca6e5ef0ddfb1596b6604

          SHA512

          4f27cb129f8e6d09e2ac1f79e2fda6001e92de146174556719937e7820e902490913d577742c91f4caea225ba90ee0815c9044436f69b9fc7926a6bef0b67fe7

          Download Submit

        • memory/4196-134-0x0000000010000000-0x0000000010009000-memory.dmp

          Filesize

          36KB

          Download

        • memory/4196-137-0x0000000010000000-0x0000000010009000-memory.dmp

          Filesize

          36KB

          Download