Overview

overview

8

Static

static

8

89acd39cf8...c0.exe

windows7-x64

3

89acd39cf8...c0.exe

windows10-2004-x64

6

Analysis

  • max time kernel
    150s
  • max time network
    162s
  • platform
    windows7_x64
  • resource
    win7-20221111-en
  • resource tags

    arch:x64arch:x86image:win7-20221111-enlocale:en-usos:windows7-x64system
  • submitted
    03-12-2022 15:54

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    89acd39cf81b19adf88a148067e4bae6125fa598413ae184fcf7acaffef36ec0.exe

  • Size

    290KB

  • MD5

    8b006397b2bfa549489c892db33adafc

  • SHA1

    037ffe883a1e13f265ea388f50a2f51732819fe1

  • SHA256

    89acd39cf81b19adf88a148067e4bae6125fa598413ae184fcf7acaffef36ec0

  • SHA512

    b02e4522cd39de2b2bc3fb8aa4415ab04c760edb32d485b52a50b9a78c85e404c8ad696cd0d8ead9bf36e8c86fa2f434ad24f4470e459ffa54257ce0ae495f4f

  • SSDEEP

    6144:5y0X3p1xbLtQAFcHj+bWURfT1OQiBLpBF/mZH1TQEuvLWNSNWQ5a3Ws9:BXDliAuHjItfT1hiBLpBFs5qQ8WIad9

Score
3/10

Malware Config

Signatures

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

  • Modifies Internet Explorer settings 1 TTPs 36 IoCs
    adwarespyware
  • Suspicious use of FindShellTrayWindow 64 IoCs
  • Suspicious use of SendNotifyMessage 64 IoCs
  • Suspicious use of SetWindowsHookEx 8 IoCs
  • Suspicious use of WriteProcessMemory 8 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\89acd39cf81b19adf88a148067e4bae6125fa598413ae184fcf7acaffef36ec0.exe
    "C:\Users\Admin\AppData\Local\Temp\89acd39cf81b19adf88a148067e4bae6125fa598413ae184fcf7acaffef36ec0.exe"
    1⤵
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:2040
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" http://www.k25.com/
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:2024
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2024 CREDAT:275457 /prefetch:2
        3⤵
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:1788

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\H8D0B8IQ.txt
    Filesize

    608B

    MD5

    f1d2be0aca735524382c7f41764aa63c

    SHA1

    55ee7b9c57a0ddc8415eb8d8db6e78f1874adeb2

    SHA256

    2a824d4ef243ccd2c51c8497e57f0cbfcd9293b8bfab10732113efb71d031fbe

    SHA512

    701c93b8a9c8559b29cd74f624a25eee7b25cfe0c2087bbd7e3b0d7a972969a2356d3399e063227be27fcbc1dc759119c26ebcd0a92eea11bc091240956b1642

    Download Submit

  • memory/2040-54-0x0000000075591000-0x0000000075593000-memory.dmp

    Filesize

    8KB

    Download

  • memory/2040-56-0x0000000000400000-0x00000000004DB000-memory.dmp

    Filesize

    876KB

    Download

  • memory/2040-55-0x0000000000400000-0x00000000004DB000-memory.dmp

    Filesize

    876KB

    Download

  • memory/2040-57-0x0000000000400000-0x00000000004DB000-memory.dmp

    Filesize

    876KB

    Download

  • memory/2040-58-0x0000000000400000-0x00000000004DB000-memory.dmp

    Filesize

    876KB

    Download

  • memory/2040-60-0x0000000000400000-0x00000000004DB000-memory.dmp

    Filesize

    876KB

    Download