Overview

overview

8

Static

static

67b7a05084...a0.exe

windows7-x64

8

67b7a05084...a0.exe

windows10-2004-x64

8

Analysis

  • max time kernel
    307s
  • max time network
    321s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20221111-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20221111-enlocale:en-usos:windows10-2004-x64system
  • submitted
    05/12/2022, 07:59

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    67b7a0508470620772bd460fc6a4aaf1dde2139ca63225f35ea25a7935b3c6a0.exe

  • Size

    1.8MB

  • MD5

    367ff4d02580f7ccb57cc48c3417df39

  • SHA1

    f03ea2d4cf0bd061d3ea6d3412961b8f30394859

  • SHA256

    67b7a0508470620772bd460fc6a4aaf1dde2139ca63225f35ea25a7935b3c6a0

  • SHA512

    526a879d9554da5be1993ac3fa2273014e50005728c68bf1b338b30170163883e2216aa01d37910cbe7fcae1177f01d66317990b70f44704077a1decf36752da

  • SSDEEP

    49152:fWtJIp4GlLfkUeUykN4WVXVVG88sSQvzSSO4IzN:f8yp4umUDrGmS2zvO40

Score
8/10
upx

Malware Config

Signatures

  • UPX packed file 25 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Checks computer location settings 2 TTPs 1 IoCs

    Looks up country code configured in the registry, likely geofence.

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

  • Program crash 1 IoCs
  • Modifies Internet Explorer settings 1 TTPs 17 IoCs
    adwarespyware
  • Modifies Internet Explorer start page 1 TTPs 1 IoCs
    stealer
  • Suspicious use of AdjustPrivilegeToken 4 IoCs
  • Suspicious use of SetWindowsHookEx 5 IoCs
  • Suspicious use of WriteProcessMemory 5 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\67b7a0508470620772bd460fc6a4aaf1dde2139ca63225f35ea25a7935b3c6a0.exe
    "C:\Users\Admin\AppData\Local\Temp\67b7a0508470620772bd460fc6a4aaf1dde2139ca63225f35ea25a7935b3c6a0.exe"
    1⤵
    • Checks computer location settings
    • Modifies Internet Explorer start page
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:204
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" http://dnf-ff.cccpan.com
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:2924
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2924 CREDAT:17410 /prefetch:2
        3⤵
          PID:4668
      • C:\Windows\SysWOW64\WerFault.exe
        C:\Windows\SysWOW64\WerFault.exe -u -p 204 -s 1304
        2⤵
        • Program crash
        PID:4592
    • C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 204 -ip 204
      1⤵
        PID:4828

      Network

            MITRE ATT&CK Enterprise v6

            Replay Monitor

            Loading Replay Monitor...

            Downloads

            • memory/204-132-0x0000000010000000-0x000000001003D000-memory.dmp

              Filesize

              244KB

              Download

            • memory/204-135-0x0000000010000000-0x000000001003D000-memory.dmp

              Filesize

              244KB

              Download

            • memory/204-134-0x0000000010000000-0x000000001003D000-memory.dmp

              Filesize

              244KB

              Download

            • memory/204-137-0x0000000010000000-0x000000001003D000-memory.dmp

              Filesize

              244KB

              Download

            • memory/204-136-0x0000000010000000-0x000000001003D000-memory.dmp

              Filesize

              244KB

              Download

            • memory/204-139-0x0000000010000000-0x000000001003D000-memory.dmp

              Filesize

              244KB

              Download

            • memory/204-141-0x0000000010000000-0x000000001003D000-memory.dmp

              Filesize

              244KB

              Download

            • memory/204-143-0x0000000010000000-0x000000001003D000-memory.dmp

              Filesize

              244KB

              Download

            • memory/204-145-0x0000000010000000-0x000000001003D000-memory.dmp

              Filesize

              244KB

              Download

            • memory/204-147-0x0000000010000000-0x000000001003D000-memory.dmp

              Filesize

              244KB

              Download

            • memory/204-149-0x0000000010000000-0x000000001003D000-memory.dmp

              Filesize

              244KB

              Download

            • memory/204-151-0x0000000010000000-0x000000001003D000-memory.dmp

              Filesize

              244KB

              Download

            • memory/204-153-0x0000000010000000-0x000000001003D000-memory.dmp

              Filesize

              244KB

              Download

            • memory/204-155-0x0000000010000000-0x000000001003D000-memory.dmp

              Filesize

              244KB

              Download

            • memory/204-157-0x0000000010000000-0x000000001003D000-memory.dmp

              Filesize

              244KB

              Download

            • memory/204-159-0x0000000010000000-0x000000001003D000-memory.dmp

              Filesize

              244KB

              Download

            • memory/204-161-0x0000000010000000-0x000000001003D000-memory.dmp

              Filesize

              244KB

              Download

            • memory/204-163-0x0000000010000000-0x000000001003D000-memory.dmp

              Filesize

              244KB

              Download

            • memory/204-165-0x0000000010000000-0x000000001003D000-memory.dmp

              Filesize

              244KB

              Download

            • memory/204-167-0x0000000010000000-0x000000001003D000-memory.dmp

              Filesize

              244KB

              Download

            • memory/204-169-0x0000000010000000-0x000000001003D000-memory.dmp

              Filesize

              244KB

              Download

            • memory/204-171-0x0000000010000000-0x000000001003D000-memory.dmp

              Filesize

              244KB

              Download

            • memory/204-173-0x0000000010000000-0x000000001003D000-memory.dmp

              Filesize

              244KB

              Download

            • memory/204-175-0x0000000010000000-0x000000001003D000-memory.dmp

              Filesize

              244KB

              Download

            • memory/204-177-0x0000000010000000-0x000000001003D000-memory.dmp

              Filesize

              244KB

              Download