fe133f3be3a7eeb419fce9d03cbaee6a4dbdf9a736b5e174829eb2c50b7faca0

Analysis

max time kernel
165s
max time network
159s
platform
windows7_x64
resource
win7-20221111-en
resource tags

arch:x64arch:x86image:win7-20221111-enlocale:en-usos:windows7-x64system
submitted
03/12/2022, 10:43

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

fe133f3be3a7eeb419fce9d03cbaee6a4dbdf9a736b5e174829eb2c50b7faca0.exe
Size

2.0MB
MD5

6306f9b38c137db5eb7f032aa9ddbf8b
SHA1

45dd9010ca63e722175dfa9c1c83697f4c4d6a49
SHA256

fe133f3be3a7eeb419fce9d03cbaee6a4dbdf9a736b5e174829eb2c50b7faca0
SHA512

13fb74fa66a64b6cadde31eaa3a86038ce919d884f2d2249917b9f47dc572037af748f835a87ac3c6eb2944a00c400e1d67a3e5385c9602cd40b8f4fe78ad87d
SSDEEP

49152:JLcqD1nJ2Bl6YhmXdbhljDasY6DwOBfrnvV7UeWt2bExrl5Ve4u:JLcqHNQgd9YiwOBpIeW9rlXeX

Score

8^/10

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
480	fe133f3be3a7eeb419fce9d03cbaee6a4dbdf9a736b5e174829eb2c50b7faca0.exe

Loads dropped DLL 2 IoCs

pid	Process
2004	fe133f3be3a7eeb419fce9d03cbaee6a4dbdf9a736b5e174829eb2c50b7faca0.exe
480	fe133f3be3a7eeb419fce9d03cbaee6a4dbdf9a736b5e174829eb2c50b7faca0.exe

Suspicious use of NtSetInformationThreadHideFromDebugger 1 IoCs

pid	Process
480	fe133f3be3a7eeb419fce9d03cbaee6a4dbdf9a736b5e174829eb2c50b7faca0.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

System Information Discovery
T1082

Modifies Internet Explorer settings 1 TTPs 1 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3385717845-2518323428-350143044-1000\Software\Microsoft\Internet Explorer\Main	fe133f3be3a7eeb419fce9d03cbaee6a4dbdf9a736b5e174829eb2c50b7faca0.exe

Suspicious behavior: EnumeratesProcesses 1 IoCs

pid	Process
480	fe133f3be3a7eeb419fce9d03cbaee6a4dbdf9a736b5e174829eb2c50b7faca0.exe

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	480	fe133f3be3a7eeb419fce9d03cbaee6a4dbdf9a736b5e174829eb2c50b7faca0.exe

Suspicious use of SetWindowsHookEx 2 IoCs

pid	Process
480	fe133f3be3a7eeb419fce9d03cbaee6a4dbdf9a736b5e174829eb2c50b7faca0.exe
480	fe133f3be3a7eeb419fce9d03cbaee6a4dbdf9a736b5e174829eb2c50b7faca0.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2004 wrote to memory of 480	2004	fe133f3be3a7eeb419fce9d03cbaee6a4dbdf9a736b5e174829eb2c50b7faca0.exe	28
PID 2004 wrote to memory of 480	2004	fe133f3be3a7eeb419fce9d03cbaee6a4dbdf9a736b5e174829eb2c50b7faca0.exe	28
PID 2004 wrote to memory of 480	2004	fe133f3be3a7eeb419fce9d03cbaee6a4dbdf9a736b5e174829eb2c50b7faca0.exe	28
PID 2004 wrote to memory of 480	2004	fe133f3be3a7eeb419fce9d03cbaee6a4dbdf9a736b5e174829eb2c50b7faca0.exe	28

C:\Users\Admin\AppData\Local\Temp\fe133f3be3a7eeb419fce9d03cbaee6a4dbdf9a736b5e174829eb2c50b7faca0.exe
"C:\Users\Admin\AppData\Local\Temp\fe133f3be3a7eeb419fce9d03cbaee6a4dbdf9a736b5e174829eb2c50b7faca0.exe"
1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:2004
- C:\Users\Admin\AppData\Local\Temp\imtfmgif.po0\fe133f3be3a7eeb419fce9d03cbaee6a4dbdf9a736b5e174829eb2c50b7faca0.exe
  "C:\Users\Admin\AppData\Local\Temp\imtfmgif.po0\fe133f3be3a7eeb419fce9d03cbaee6a4dbdf9a736b5e174829eb2c50b7faca0.exe"
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of NtSetInformationThreadHideFromDebugger
  - Modifies Internet Explorer settings
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of SetWindowsHookEx
  PID:480

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\imtfmgif.po0\fe133f3be3a7eeb419fce9d03cbaee6a4dbdf9a736b5e174829eb2c50b7faca0.exe

Filesize
1.9MB

MD5
3d07f2e3646796fe3133ea33540d6dfc

SHA1
cb1db06b89747fa59be42f6f3ec3ad06bfc61462

SHA256
df005b6f9876de137f1b34f1e0f4a54a16bc838ddcf855b99e062f9cfdadfddf

SHA512
b1c446727bdc7cc204c1dc0e8dd6c6c48ef3e8737bbbaa97f20ba21f3f19fec49dd398736f3acd93d82de1b2f1de65bad14b543018baebd1602be9e93a33740b

Download Submit
C:\Users\Admin\AppData\Local\Temp\imtfmgif.po0\fe133f3be3a7eeb419fce9d03cbaee6a4dbdf9a736b5e174829eb2c50b7faca0.exe

Filesize
1.9MB

MD5
3d07f2e3646796fe3133ea33540d6dfc

SHA1
cb1db06b89747fa59be42f6f3ec3ad06bfc61462

SHA256
df005b6f9876de137f1b34f1e0f4a54a16bc838ddcf855b99e062f9cfdadfddf

SHA512
b1c446727bdc7cc204c1dc0e8dd6c6c48ef3e8737bbbaa97f20ba21f3f19fec49dd398736f3acd93d82de1b2f1de65bad14b543018baebd1602be9e93a33740b

Download Submit
\Users\Admin\AppData\Local\Temp\imtfmgif.po0\7z.dll

Filesize
893KB

MD5
04ad4b80880b32c94be8d0886482c774

SHA1
344faf61c3eb76f4a2fb6452e83ed16c9cce73e0

SHA256
a1e1d1f0fff4fcccfbdfa313f3bdfea4d3dfe2c2d9174a615bbc39a0a6929338

SHA512
3e3aaf01b769471b18126e443a721c9e9a0269e9f5e48d0a10251bc1ee309855bd71ede266caa6828b007359b21ba562c2a5a3469078760f564fb7bd43acabfb

Download Submit
\Users\Admin\AppData\Local\Temp\imtfmgif.po0\fe133f3be3a7eeb419fce9d03cbaee6a4dbdf9a736b5e174829eb2c50b7faca0.exe

Filesize
1.9MB

MD5
3d07f2e3646796fe3133ea33540d6dfc

SHA1
cb1db06b89747fa59be42f6f3ec3ad06bfc61462

SHA256
df005b6f9876de137f1b34f1e0f4a54a16bc838ddcf855b99e062f9cfdadfddf

SHA512
b1c446727bdc7cc204c1dc0e8dd6c6c48ef3e8737bbbaa97f20ba21f3f19fec49dd398736f3acd93d82de1b2f1de65bad14b543018baebd1602be9e93a33740b

Download Submit
memory/480-76-0x0000000075510000-0x000000007615A000-memory.dmp

Filesize
12.3MB

Download
memory/480-83-0x00000000763D0000-0x0000000076405000-memory.dmp

Filesize
212KB

Download
memory/480-64-0x0000000001240000-0x0000000001330000-memory.dmp

Filesize
960KB

Download
memory/480-62-0x00000000001A0000-0x00000000001DD000-memory.dmp

Filesize
244KB

Download
memory/480-61-0x0000000075240000-0x000000007528A000-memory.dmp

Filesize
296KB

Download
memory/480-65-0x0000000001240000-0x0000000001330000-memory.dmp

Filesize
960KB

Download
memory/480-68-0x0000000001240000-0x0000000001330000-memory.dmp

Filesize
960KB

Download
memory/480-69-0x00000000001A0000-0x00000000001DD000-memory.dmp

Filesize
244KB

Download
memory/480-70-0x0000000001240000-0x0000000001330000-memory.dmp

Filesize
960KB

Download
memory/480-71-0x0000000001240000-0x0000000001330000-memory.dmp

Filesize
960KB

Download
memory/480-67-0x0000000076F60000-0x000000007700C000-memory.dmp

Filesize
688KB

Download
memory/480-72-0x0000000076C90000-0x0000000076CD7000-memory.dmp

Filesize
284KB

Download
memory/480-73-0x0000000076880000-0x00000000768D7000-memory.dmp

Filesize
348KB

Download
memory/480-74-0x0000000075230000-0x0000000075239000-memory.dmp

Filesize
36KB

Download
memory/480-75-0x0000000074320000-0x00000000748CB000-memory.dmp

Filesize
5.7MB

Download
memory/480-77-0x0000000076C90000-0x0000000076CD7000-memory.dmp

Filesize
284KB

Download
memory/480-82-0x0000000060340000-0x0000000060348000-memory.dmp

Filesize
32KB

Download
memory/480-106-0x0000000073D90000-0x0000000073DA3000-memory.dmp

Filesize
76KB

Download
memory/480-80-0x00000000770C0000-0x000000007721C000-memory.dmp

Filesize
1.4MB

Download
memory/480-105-0x0000000073DB0000-0x0000000073E0F000-memory.dmp

Filesize
380KB

Download
memory/480-81-0x00000000751C0000-0x000000007521B000-memory.dmp

Filesize
364KB

Download
memory/480-78-0x0000000074320000-0x00000000748CB000-memory.dmp

Filesize
5.7MB

Download
memory/480-84-0x00000000773C0000-0x00000000774DD000-memory.dmp

Filesize
1.1MB

Download
memory/480-85-0x0000000064E70000-0x0000000065142000-memory.dmp

Filesize
2.8MB

Download
memory/480-104-0x0000000073420000-0x00000000735B0000-memory.dmp

Filesize
1.6MB

Download
memory/480-88-0x0000000076690000-0x000000007671F000-memory.dmp

Filesize
572KB

Download
memory/480-89-0x0000000074200000-0x0000000074217000-memory.dmp

Filesize
92KB

Download
memory/480-90-0x0000000074180000-0x0000000074195000-memory.dmp

Filesize
84KB

Download
memory/480-91-0x00000000741A0000-0x00000000741F2000-memory.dmp

Filesize
328KB

Download
memory/480-93-0x0000000077340000-0x0000000077359000-memory.dmp

Filesize
100KB

Download
memory/480-94-0x0000000077340000-0x0000000077359000-memory.dmp

Filesize
100KB

Download
memory/480-95-0x0000000076C90000-0x0000000076CD7000-memory.dmp

Filesize
284KB

Download
memory/480-96-0x0000000074320000-0x00000000748CB000-memory.dmp

Filesize
5.7MB

Download
memory/480-97-0x0000000074070000-0x00000000740BF000-memory.dmp

Filesize
316KB

Download
memory/480-98-0x00000000740C0000-0x0000000074118000-memory.dmp

Filesize
352KB

Download
memory/480-99-0x0000000060340000-0x0000000060348000-memory.dmp

Filesize
32KB

Download
memory/480-100-0x0000000074050000-0x000000007406C000-memory.dmp

Filesize
112KB

Download
memory/480-101-0x0000000075350000-0x000000007535C000-memory.dmp

Filesize
48KB

Download
memory/480-103-0x0000000076AB0000-0x0000000076AD7000-memory.dmp

Filesize
156KB

Download
memory/2004-55-0x00000000748D0000-0x0000000074E7B000-memory.dmp

Filesize
5.7MB

Download
memory/2004-63-0x00000000748D0000-0x0000000074E7B000-memory.dmp

Filesize
5.7MB

Download
memory/2004-54-0x0000000075511000-0x0000000075513000-memory.dmp

Filesize
8KB

Download