Overview

overview

8

Static

static

f4998aae42...dc.exe

windows7-x64

8

f4998aae42...dc.exe

windows10-2004-x64

8

Analysis

  • max time kernel
    128s
  • max time network
    152s
  • platform
    windows7_x64
  • resource
    win7-20220901-en
  • resource tags

    arch:x64arch:x86image:win7-20220901-enlocale:en-usos:windows7-x64system
  • submitted
    05-12-2022 07:53

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    f4998aae426aa79857a3fc359bc7352eae28e88321b76993f8359c1d834b57dc.exe

  • Size

    1.3MB

  • MD5

    68045f538d39068351fb4de464031d35

  • SHA1

    e3bf32c59e469d60405a041272847ce49a99e5ff

  • SHA256

    f4998aae426aa79857a3fc359bc7352eae28e88321b76993f8359c1d834b57dc

  • SHA512

    3d7f4626941df9fd4538424640b19a34648e48d71b65a30166a3bcedd0e51ea35c5c7152525beed03043120cba6040b9424b1882d37837110e3ddf0cb4e7c9e7

  • SSDEEP

    12288:1HiRsFvz1J+YA457NotY1kWwy8v510QK9hkmCM5Dbw3MKskhWkd/SMZoSvbUHEu1:1H9NpJZAu7E/1Shkmt5D61hWkIMrbJe

Score
8/10
upx

Malware Config

Signatures

  • UPX packed file 26 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

  • Modifies Internet Explorer settings 1 TTPs 38 IoCs
    adwarespyware
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 11 IoCs
  • Suspicious use of WriteProcessMemory 8 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\f4998aae426aa79857a3fc359bc7352eae28e88321b76993f8359c1d834b57dc.exe
    "C:\Users\Admin\AppData\Local\Temp\f4998aae426aa79857a3fc359bc7352eae28e88321b76993f8359c1d834b57dc.exe"
    1⤵
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:1000
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" http://www.75ts.com/?gq
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:1912
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1912 CREDAT:275457 /prefetch:2
        3⤵
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:1080

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
    Filesize

    61KB

    MD5

    fc4666cbca561e864e7fdf883a9e6661

    SHA1

    2f8d6094c7a34bf12ea0bbf0d51ee9c5bb7939a5

    SHA256

    10f3deb6c452d749a7451b5d065f4c0449737e5ee8a44f4d15844b503141e65b

    SHA512

    c71f54b571e01f247f072be4bbebdf5d8410b67eb79a61e7e0d9853fe857ab9bd12f53e6af3394b935560178107291fc4be351b27deb388eba90ba949633d57d

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    304B

    MD5

    6b508d861541be26b7c45b895322b042

    SHA1

    787af9c441431086eb0b49169618bd82cfe90681

    SHA256

    45a5298463811da0cdb72b19f879290b41fc670f953a8c4be8b12e294865ad53

    SHA512

    e265421160615ce79debc5227602df55e7678e5988a112c20b90a86d2a191d4c7b3f46f2c4e0c598a195fd38969fb67f9ba91e3aa0b04d05b163154ae01b4361

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\imagestore\309axvf\imagestore.dat
    Filesize

    5KB

    MD5

    0eafdba93c701da53fad6fe255743c8c

    SHA1

    544e4755174a96a4967c9f3386c01ce217e1a6a0

    SHA256

    4ad81c146f8acd72808ac3874665f26ec1fedb08950b4ed48b118841ddd309bd

    SHA512

    34871c6d01ea6adfa16d8dbae235906a016df9a3961c518b6bc341985ddee8a26481dde7835cd4fdda1bf14553c015da098948a6b4cd6f8445a0c167b89c81e4

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\imagestore\309axvf\imagestore.dat
    Filesize

    15KB

    MD5

    614e4480586d6f96f16c0a255c0d3bed

    SHA1

    1dec62dbe19ccfd88ff4728a2a686a46a0c146d5

    SHA256

    d198a85743b0691adc8b6cee5df1b1e2dc667d6953c26d4fd04e54c0c1b4800f

    SHA512

    1d8fdf14632acc1964436425cb3e29041290a9882201e4cbffcc082e6ba2ac87b3ad46b710d094249bb51ce2c577a8aee1ba0ed1c34a91c99f00b0a8eca7139d

    Download Submit

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\OAJJWBCB.txt
    Filesize

    603B

    MD5

    b11237f53354c9bca76c2f7aabf5553d

    SHA1

    c7411ec30da4f4e7ef1d2966d65d2c8910c3c288

    SHA256

    3d5237d2e7c9cace056c2e2d5a5d4831ec23f6d14a2652967b03e4746ce48f03

    SHA512

    0c430a45b15d991c6664e8d8e3551d914c236d6217b411af83d21bf06e2cb8cd51d778d79c3ffe42fae670a62b5b64a22f2864c8defdf9627eee4555abc298f7

    Download Submit

  • memory/1000-88-0x0000000010000000-0x000000001003D000-memory.dmp

    Filesize

    244KB

    Download

  • memory/1000-96-0x0000000010000000-0x000000001003D000-memory.dmp

    Filesize

    244KB

    Download

  • memory/1000-66-0x0000000010000000-0x000000001003D000-memory.dmp

    Filesize

    244KB

    Download

  • memory/1000-74-0x0000000010000000-0x000000001003D000-memory.dmp

    Filesize

    244KB

    Download

  • memory/1000-80-0x0000000010000000-0x000000001003D000-memory.dmp

    Filesize

    244KB

    Download

  • memory/1000-84-0x0000000010000000-0x000000001003D000-memory.dmp

    Filesize

    244KB

    Download

  • memory/1000-82-0x0000000010000000-0x000000001003D000-memory.dmp

    Filesize

    244KB

    Download

  • memory/1000-78-0x0000000010000000-0x000000001003D000-memory.dmp

    Filesize

    244KB

    Download

  • memory/1000-86-0x0000000010000000-0x000000001003D000-memory.dmp

    Filesize

    244KB

    Download

  • memory/1000-76-0x0000000010000000-0x000000001003D000-memory.dmp

    Filesize

    244KB

    Download

  • memory/1000-72-0x0000000010000000-0x000000001003D000-memory.dmp

    Filesize

    244KB

    Download

  • memory/1000-54-0x0000000076561000-0x0000000076563000-memory.dmp

    Filesize

    8KB

    Download

  • memory/1000-70-0x0000000010000000-0x000000001003D000-memory.dmp

    Filesize

    244KB

    Download

  • memory/1000-64-0x0000000010000000-0x000000001003D000-memory.dmp

    Filesize

    244KB

    Download

  • memory/1000-100-0x0000000010000000-0x000000001003D000-memory.dmp

    Filesize

    244KB

    Download

  • memory/1000-98-0x0000000010000000-0x000000001003D000-memory.dmp

    Filesize

    244KB

    Download

  • memory/1000-94-0x0000000010000000-0x000000001003D000-memory.dmp

    Filesize

    244KB

    Download

  • memory/1000-92-0x0000000010000000-0x000000001003D000-memory.dmp

    Filesize

    244KB

    Download

  • memory/1000-90-0x0000000010000000-0x000000001003D000-memory.dmp

    Filesize

    244KB

    Download

  • memory/1000-68-0x0000000010000000-0x000000001003D000-memory.dmp

    Filesize

    244KB

    Download

  • memory/1000-59-0x0000000010000000-0x000000001003D000-memory.dmp

    Filesize

    244KB

    Download

  • memory/1000-101-0x0000000010000000-0x000000001003D000-memory.dmp

    Filesize

    244KB

    Download

  • memory/1000-60-0x0000000010000000-0x000000001003D000-memory.dmp

    Filesize

    244KB

    Download

  • memory/1000-62-0x0000000010000000-0x000000001003D000-memory.dmp

    Filesize

    244KB

    Download

  • memory/1000-58-0x0000000010000000-0x000000001003D000-memory.dmp

    Filesize

    244KB

    Download

  • memory/1000-57-0x0000000010000000-0x000000001003D000-memory.dmp

    Filesize

    244KB

    Download

  • memory/1000-55-0x0000000010000000-0x000000001003D000-memory.dmp

    Filesize

    244KB

    Download