Overview

overview

3

Static

static

c6e4dd14e3...b0.exe

windows7-x64

3

c6e4dd14e3...b0.exe

windows10-2004-x64

3

Analysis

  • max time kernel
    144s
  • max time network
    148s
  • platform
    windows7_x64
  • resource
    win7-20220812-en
  • resource tags

    arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
  • submitted
    04/12/2022, 05:08

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    c6e4dd14e30f57d82dd76067ad49d3bcb15d1e14eedabd29b4de27842ed045b0.exe

  • Size

    308KB

  • MD5

    d11abd22313efc9938af2b0a1fd49dbe

  • SHA1

    974288054056f2eb171513b1f5fe592bfad67563

  • SHA256

    c6e4dd14e30f57d82dd76067ad49d3bcb15d1e14eedabd29b4de27842ed045b0

  • SHA512

    2b1d873212fda48d7c4102743d68ae69ba9f6f4fd0fa9e1735c061da0fa72c242ab878096104f1245117c88e9f8e2e26b7d55f3dca25df440ca06bfd4615de27

  • SSDEEP

    3072:JYD2Jeidx1vse6HKHsHZHITelgA2rOu6t5xdgQkaKT8SD03BV:JYqJekDM5oT+gCP

Score
3/10

Malware Config

Signatures

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

  • Modifies Internet Explorer settings 1 TTPs 64 IoCs
    adwarespyware
  • Suspicious use of AdjustPrivilegeToken 4 IoCs
  • Suspicious use of FindShellTrayWindow 2 IoCs
  • Suspicious use of SetWindowsHookEx 12 IoCs
  • Suspicious use of WriteProcessMemory 16 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\c6e4dd14e30f57d82dd76067ad49d3bcb15d1e14eedabd29b4de27842ed045b0.exe
    "C:\Users\Admin\AppData\Local\Temp\c6e4dd14e30f57d82dd76067ad49d3bcb15d1e14eedabd29b4de27842ed045b0.exe"
    1⤵
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:1228
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" http://christian-k2.co.cc/
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:940
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:940 CREDAT:275457 /prefetch:2
        3⤵
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:1588
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" http://www.facebook.com/profile.php?id=100000038547268
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:1064
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1064 CREDAT:275457 /prefetch:2
        3⤵
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:996
  • C:\Windows\system32\AUDIODG.EXE
    C:\Windows\system32\AUDIODG.EXE 0x514
    1⤵
    • Suspicious use of AdjustPrivilegeToken
    PID:1924

Network

        MITRE ATT&CK Enterprise v6

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
          Filesize

          61KB

          MD5

          fc4666cbca561e864e7fdf883a9e6661

          SHA1

          2f8d6094c7a34bf12ea0bbf0d51ee9c5bb7939a5

          SHA256

          10f3deb6c452d749a7451b5d065f4c0449737e5ee8a44f4d15844b503141e65b

          SHA512

          c71f54b571e01f247f072be4bbebdf5d8410b67eb79a61e7e0d9853fe857ab9bd12f53e6af3394b935560178107291fc4be351b27deb388eba90ba949633d57d

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
          Filesize

          61KB

          MD5

          fc4666cbca561e864e7fdf883a9e6661

          SHA1

          2f8d6094c7a34bf12ea0bbf0d51ee9c5bb7939a5

          SHA256

          10f3deb6c452d749a7451b5d065f4c0449737e5ee8a44f4d15844b503141e65b

          SHA512

          c71f54b571e01f247f072be4bbebdf5d8410b67eb79a61e7e0d9853fe857ab9bd12f53e6af3394b935560178107291fc4be351b27deb388eba90ba949633d57d

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          342B

          MD5

          1bcc89dc5967663638d8df0890b48861

          SHA1

          02f997f556d89c72e442b8e402121d34471f55e5

          SHA256

          5ab927b1c2d75556646f18147f25962743b269a691f845cba5d11a3b41d6ba58

          SHA512

          9e95d719796643909228a0d40510a0d07ece26b6ef543878ef060ec1c4623cd4f391d89488c5882d87097a4204a05128b0f94b36a07e2c5334bd9f81dfd58e32

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          342B

          MD5

          d300ae86a268fb5a396b6bda849b4c84

          SHA1

          7452313c8cc03e821e5a315a19376289e8354955

          SHA256

          e4a2a83a3c7461283ef5456d479c32a665cf6be2b21e9b5fc883b4b85e363ae5

          SHA512

          525b4ecc85de44217d4013f410627db4df51e1272e5ed2a3d1cc0ead3707048cb06525d8e413a047e89ed708d668f4e22b770d7300d2d0e83447ed9b04aab50c

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          342B

          MD5

          54d98d441e9d8dda6d0d296f749315ac

          SHA1

          2c3afc1d4e1179c6f76011a2984311a53c0588a0

          SHA256

          d2a489e9b44822e3fc4b7197808ebecdb44911a242584f9705c99a25a36132aa

          SHA512

          2b35d0b21a1848a409164826d4a6d2df9040ed36e70e95a7790b7b9ee2299245bd5e96d3b54e43a13bfc9519a5a64f95800125f8d224dbeba5d02cfebec31d26

          Download Submit

        • C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{7E8874F0-7651-11ED-85B0-72E6D75F6BEB}.dat
          Filesize

          5KB

          MD5

          f09fa1882ec2e9d4ac8533f1e7f093a0

          SHA1

          8197965026c5cd0bcc243f1e6cf0c8ac43f55cce

          SHA256

          537f3895184d54e2abb272695193080bf705a86f69fc552c4ccc04c4f5f1dd8e

          SHA512

          2a2c5bd41425a8a8823019858c4d087c2bf77a9c294370d6e6586efcadd7c8e40e7e4e15e97259c5f910320db1e12a5497b3701ea00b07e8e0ecab5e323ae4fe

          Download Submit

        • C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{7E889C00-7651-11ED-85B0-72E6D75F6BEB}.dat
          Filesize

          4KB

          MD5

          50ebb2e6cb4af1c5206f9a3275569890

          SHA1

          c091d05a82cfc753a0d3b06511cabf4980a8feab

          SHA256

          d3038fa1bac3af0b52d38cc03ec20a406ee79366d5177dffc9fadc027a1765ab

          SHA512

          aff97016e26ab3181892d8130d49dd8c7c3a8e2d88a50562c0632f1b9ec3e4fee150aeb37f738ccabe2ff9da1e2f286999811dfa9231c2e2f2daea89faa73f69

          Download Submit

        • C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\imagestore\1evexod\imagestore.dat
          Filesize

          12KB

          MD5

          8d3a97feae546ef7096cbd58df7b4bca

          SHA1

          969f35de08c3da3ad222f2825dd5368d8a905259

          SHA256

          59ef36f42e5c7f15cdfda3ae6f95803ec1bfdbfe9fe00c98b99e12c885b55fe5

          SHA512

          565502be091cf6994ecc2e378fdad8739fe0235c3374bafb8ff6a090a4bc2b91c0ac275d71b85185d2a78156afbf64044ebb80efe4e34936bedc3f5a07871576

          Download Submit

        • C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\imagestore\1evexod\imagestore.dat
          Filesize

          12KB

          MD5

          8d3a97feae546ef7096cbd58df7b4bca

          SHA1

          969f35de08c3da3ad222f2825dd5368d8a905259

          SHA256

          59ef36f42e5c7f15cdfda3ae6f95803ec1bfdbfe9fe00c98b99e12c885b55fe5

          SHA512

          565502be091cf6994ecc2e378fdad8739fe0235c3374bafb8ff6a090a4bc2b91c0ac275d71b85185d2a78156afbf64044ebb80efe4e34936bedc3f5a07871576

          Download Submit

        • memory/1228-57-0x0000000075561000-0x0000000075563000-memory.dmp

          Filesize

          8KB

          Download

        • memory/1228-58-0x0000000003E70000-0x000000000492A000-memory.dmp

          Filesize

          10.7MB

          Download