Overview

overview

6

Static

static

6c42423e18...19.exe

windows7-x64

6

6c42423e18...19.exe

windows10-2004-x64

6

Analysis

  • max time kernel
    139s
  • max time network
    148s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20220901-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20220901-enlocale:en-usos:windows10-2004-x64system
  • submitted
    04-12-2022 02:55

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    6c42423e18decb610668de1f708a55f80dc7e73b4fbf32c739b9c6d4d4d97719.exe

  • Size

    1.4MB

  • MD5

    5d93d6b3c7fae90403a91666598d3d9f

  • SHA1

    db22b53e6cb625c7cae1befa0655e83176dd9a76

  • SHA256

    6c42423e18decb610668de1f708a55f80dc7e73b4fbf32c739b9c6d4d4d97719

  • SHA512

    e20334d38b266caa8cf39e06362513d12b73995f9d1f9adbee353b6b58956825e53d146c34dc5c7011881cdab47eba968622c4df7e5474c1963ee59a77c1dd84

  • SSDEEP

    24576:JHPn34MhTCilQoR1Ke2xnk6c/gfsGfhyQemrNDgPUzCgnextHWUziJm4IFMesbT7:RP9RbGGc9eTYmEbTrL1OImTyTYhlB7B

Score
6/10
bootkitevasionpersistencetrojan

Malware Config

Signatures

  • Checks whether UAC is enabled 1 TTPs 1 IoCs
    evasiontrojan
  • Writes to the Master Boot Record (MBR) 1 TTPs 1 IoCs

    Bootkits write to the MBR to gain persistence at a level below the operating system.

    bootkitpersistence
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

  • Modifies Internet Explorer settings 1 TTPs 58 IoCs
    adwarespyware
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 8 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\6c42423e18decb610668de1f708a55f80dc7e73b4fbf32c739b9c6d4d4d97719.exe
    "C:\Users\Admin\AppData\Local\Temp\6c42423e18decb610668de1f708a55f80dc7e73b4fbf32c739b9c6d4d4d97719.exe"
    1⤵
    • Checks whether UAC is enabled
    • Writes to the Master Boot Record (MBR)
    • Modifies Internet Explorer settings
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of SetWindowsHookEx
    PID:4992
  • C:\Program Files (x86)\Internet Explorer\ielowutil.exe
    "C:\Program Files (x86)\Internet Explorer\ielowutil.exe" -CLSID:{D5E8041D-920F-45e9-B8FB-B1DEB82C6E5E} -Embedding
    1⤵
      PID:652
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" -startmediumtab -Embedding
      1⤵
      • Modifies Internet Explorer settings
      • Suspicious behavior: GetForegroundWindowSpam
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:1960
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1960 CREDAT:17410 /prefetch:2
        2⤵
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:3368

    Network

    MITRE ATT&CK Matrix ATT&CK v6

    Initial Access

    Execution

    Persistence

    Bootkit

    1
    T1067

    Privilege Escalation

    Defense Evasion

    Modify Registry

    1
    T1112

    Credential Access

    Discovery

    System Information Discovery

    2
    T1082

    Lateral Movement

    Collection

    Exfiltration

    Command and Control

    Impact

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\0DA515F703BB9B49479E8697ADB0B955_4136D3715888E22D65EBE484B233D81B
      Filesize

      1KB

      MD5

      0339b8dc921fec5a91b0a54ab2c51553

      SHA1

      444e54c0bb3295912b71a9781ebc94ec8a8e1c6f

      SHA256

      c932b5ca8cc6db0baea3ba0bc2c942dd7ebb4e5b876a4912ce43fc76bd8b4f71

      SHA512

      45191cb3148e05b286383b7580101484232f7e7e73c1ddc610b53c8cdaa7f988f90908c7906ffc3a23f74fc104f3dbac3461eed67ee1143d767e765d2e10d6da

      Download Submit
    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\349D186F1CB5682FA0194D4F3754EF36_97A2CB43E01F27293633B7B57353C80B
      Filesize

      1KB

      MD5

      0b79e1bd9f1d76b5c103ec4a616d79f4

      SHA1

      05fb002a96bfc2f0c17ddce7e39f413dfab6a072

      SHA256

      3f21740ba2ec28d48d240dbdb73ce8bd069d05a09b32be0f2f82cf782e2201db

      SHA512

      40cc59f003fa1deca9a69b5d6f80e33b6740d471c13a436e358f5dd94deb8f40da0b75f7db68532eee28d7eb28941ac5472a2e4756f3c0e8ca7c896623de0881

      Download Submit
    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776
      Filesize

      471B

      MD5

      0ff2da8bfc83bec6bce38ba6a3f7bf58

      SHA1

      84c37df7bed08d69f040c289676735c49a9564eb

      SHA256

      91026f24711c435d99a44884c7239ed1265cd17c0259a6c5885f69e4309421ea

      SHA512

      78afdc44d7557b2f14444182085252e8456c91289511d6f2abfd1d7273d05baba9a94206d370add716b9fc30dc326a1a2e1c78f642e926759d962cf216c3a489

      Download Submit
    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\B039FEA45CB4CC4BBACFC013C7C55604_50D7940D5D3FEDD8634D83074C7A46A3
      Filesize

      1KB

      MD5

      670005ccc716a6825344a30a38c556ac

      SHA1

      fac29fe23a21cf68b2b54b0bf0f65bfe167d388b

      SHA256

      2818c2937eea3ec98037df87bff9e9d27b172c0afef3e91181033c85dc68c519

      SHA512

      daa386a4da02b99da9fafe532d4609f0ffc510569847844e42bc251463638afccde7a82396be02e40f207bbe5ef806a43a3852ae1455cf08ae30a783dfe4c4cf

      Download Submit
    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\0DA515F703BB9B49479E8697ADB0B955_4136D3715888E22D65EBE484B233D81B
      Filesize

      508B

      MD5

      5792c8359cf4e33b2fa110c5b07f9f01

      SHA1

      f0ab7d3c2afaff2b9ac80516533f68abcd3a2089

      SHA256

      cff86e45c93723c5e3bf0334e02fa6f7d7522df22711fd1a33f6bbc93864bcb3

      SHA512

      0e1e279adf0ab4ee6108079dd8a8d05b84d429b5c07f73dd86d613c7e2083afe19b449e5553dd975393cdf388cab4a3c234ba6cd01f3a67cf65a935038c8efd9

      Download Submit
    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\349D186F1CB5682FA0194D4F3754EF36_97A2CB43E01F27293633B7B57353C80B
      Filesize

      532B

      MD5

      65a4d52098a0e844e1f4ed11f6e4a34c

      SHA1

      d19188f3b9266c69eee7a003e0276589ddfd883f

      SHA256

      c987d1bacdeee865f020a5d8e06797088abe7b904310546566411994d2d2a750

      SHA512

      66e4133b016ddae5ac7db977ab1e4a06cea013e2b14f3c3cebfa1d8d967c8dc3d516d039d6af674e9b4a008947a217558733be07cd768fcf3409f2a80c56ca93

      Download Submit
    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776
      Filesize

      434B

      MD5

      c28b6e3945f16fda536c6a96a54089e8

      SHA1

      9490fd475f492ee14747d2086d461302c28edb06

      SHA256

      69820dafda61dfe12862a40d62dbcae00be5fc481f1e66b3760b4a7e419ae8aa

      SHA512

      ab8ea7b0aac4145d2544e98eaefd7f4572af312b110fbb3b6dd1c4a9bfea9bb3d6ac90acf9dd84727e6a0961d02e92ca2650cb0b4c8be09a92214db475d51128

      Download Submit
    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\B039FEA45CB4CC4BBACFC013C7C55604_50D7940D5D3FEDD8634D83074C7A46A3
      Filesize

      506B

      MD5

      f47ca5775088fb2cf43e3c2ab15e1001

      SHA1

      d21cb8ea9d7a7f1dbf2ee553337f29ebbcff6d25

      SHA256

      8066b8d7ad32a6a19182ae9d51f29a5f10c0a4dbc04a55966c955f98906b5793

      SHA512

      a2d3ecf2ef4a3da3615964088ee7889b826b81edfdb731988734bd890595359c4dd8f837f25070c713c7788eaf5d9a1a4c05daf6b02a8cfa2d320c0218faa714

      Download Submit
    • C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\imagestore\ckj4gk4\imagestore.dat
      Filesize

      1KB

      MD5

      841e2ad3840a2ec885fcf799817ff7eb

      SHA1

      2ec24802857e622a8e414173bd63e2c2f228a45d

      SHA256

      b9c6bab7fccdd91440d3bd9fd05533827b8f5101dca2099b0cc5053c72e23a50

      SHA512

      3cf05e3fd396cdaba1990cbb069a4164096961c6f8e668c132cf7765b6029f21fd4dbe4e4ef7451c6c792e4d26a0881a865d0705b1a2f11d90dd712daee24715

      Download Submit