Overview

overview

8

Static

static

bdd941aca8...dc.exe

windows7-x64

8

bdd941aca8...dc.exe

windows10-2004-x64

8

Analysis

  • max time kernel
    90s
  • max time network
    155s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20220901-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20220901-enlocale:en-usos:windows10-2004-x64system
  • submitted
    02-12-2022 17:27

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    bdd941aca82cb461cf9af2ffa1f836c43c60d4e0f0cbf63c552a8607bd6579dc.exe

  • Size

    927KB

  • MD5

    74a2f1b40675804ba89fbb892410534d

  • SHA1

    f6fd1cac2fcb8b5452c7350b916e4ebc80566dbf

  • SHA256

    bdd941aca82cb461cf9af2ffa1f836c43c60d4e0f0cbf63c552a8607bd6579dc

  • SHA512

    b18c073d2ccb026c301b417dcc58df3e6e4c5d55083cdc496862ce501c87f6faa3697fcd9f0d87d4d1cb7c266193bb3fc10024505a59cc62c606a074939b9648

  • SSDEEP

    12288:SV+mz1OoDlM9KSxZXHrDlM9JWpu3v4rP4DShqw55h3CO4mDpHgSuYC5RxiX:S8irmtXH9mJ7+O+55hJ4ipHNuYC50

Score
8/10

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Checks computer location settings 2 TTPs 2 IoCs

    Looks up country code configured in the registry, likely geofence.

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

  • Modifies Internet Explorer settings 1 TTPs 11 IoCs
    adwarespyware
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 8 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\bdd941aca82cb461cf9af2ffa1f836c43c60d4e0f0cbf63c552a8607bd6579dc.exe
    "C:\Users\Admin\AppData\Local\Temp\bdd941aca82cb461cf9af2ffa1f836c43c60d4e0f0cbf63c552a8607bd6579dc.exe"
    1⤵
    • Checks computer location settings
    • Suspicious use of WriteProcessMemory
    PID:5004
    • C:\setup.exe
      "C:\setup.exe"
      2⤵
      • Executes dropped EXE
      • Checks computer location settings
      • Suspicious use of WriteProcessMemory
      PID:1076
      • C:\Program Files\Internet Explorer\iexplore.exe
        "C:\Program Files\Internet Explorer\iexplore.exe" http://keji7009.u19.delldns.com/clcount/count.asp?mac=EA-B2-B6-EB-98-6A&ver=2.03
        3⤵
        • Modifies Internet Explorer settings
        • Suspicious use of FindShellTrayWindow
        • Suspicious use of SetWindowsHookEx
        • Suspicious use of WriteProcessMemory
        PID:1748
        • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
          "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1748 CREDAT:17410 /prefetch:2
          4⤵
          • Modifies Internet Explorer settings
          • Suspicious use of SetWindowsHookEx
          PID:1464

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\setup.exe
    Filesize

    4KB

    MD5

    6ec2f4fa859c6da5e7589f1efb7fba16

    SHA1

    52abf6bc3f914d56f3b52eca93a17979e7d80993

    SHA256

    48195c3953b944d2c27088cce3c7461d11eb4a6accca41a98db5f76e1b8bad46

    SHA512

    72684c40e076465c238bfac7d31f597c413cdbe218e977d5a79f7f5a48303f6a12994becb585aaeeefe35946d1024fac1c273398441d5094e036f8dba8ae7a59

    Download Submit

  • C:\setup.exe
    Filesize

    4KB

    MD5

    6ec2f4fa859c6da5e7589f1efb7fba16

    SHA1

    52abf6bc3f914d56f3b52eca93a17979e7d80993

    SHA256

    48195c3953b944d2c27088cce3c7461d11eb4a6accca41a98db5f76e1b8bad46

    SHA512

    72684c40e076465c238bfac7d31f597c413cdbe218e977d5a79f7f5a48303f6a12994becb585aaeeefe35946d1024fac1c273398441d5094e036f8dba8ae7a59

    Download Submit

  • memory/1076-132-0x0000000000000000-mapping.dmp

    Download