Overview

overview

7

Static

static

a8b8014bcb...c6.exe

windows7-x64

7

a8b8014bcb...c6.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    151s
  • max time network
    145s
  • platform
    windows7_x64
  • resource
    win7-20220812-en
  • resource tags

    arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
  • submitted
    05/12/2022, 09:43

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    a8b8014bcbc58710fecd9a9c4c4b20cd68db4a3fd36ef171723fc84be8899dc6.exe

  • Size

    108KB

  • MD5

    74b4bb3c6d40bb60f1827410e175bc84

  • SHA1

    a48ecf758da486ec66374aef2620fd182c6583a4

  • SHA256

    a8b8014bcbc58710fecd9a9c4c4b20cd68db4a3fd36ef171723fc84be8899dc6

  • SHA512

    6fb3bcf5a0145908d330a111311a49c528d1a1d2c95ec9c4e1aed9271fbf1421f53ca0468452ec72f1ee157744eca9bed47f522c3b50bf4acb94d0a3f9f6dd46

  • SSDEEP

    1536:ZXbgU0nlmm8oh+ct4aXASg5VmXzGkV/0uNuucotd04Z9KQh1INjcyLHpRtMjf8bN:aU0nf1h+c+SMmakOuBcqnuU1IB9LJrN

Score
7/10
persistence

Malware Config

Signatures

  • Loads dropped DLL 1 IoCs
  • Adds Run key to start application 2 TTPs 2 IoCs
    persistence
  • Drops file in System32 directory 2 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

  • Program crash 1 IoCs
  • Modifies Internet Explorer settings 1 TTPs 27 IoCs
    adwarespyware
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 4 IoCs
  • Suspicious use of WriteProcessMemory 22 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\a8b8014bcbc58710fecd9a9c4c4b20cd68db4a3fd36ef171723fc84be8899dc6.exe
    "C:\Users\Admin\AppData\Local\Temp\a8b8014bcbc58710fecd9a9c4c4b20cd68db4a3fd36ef171723fc84be8899dc6.exe"
    1⤵
    • Loads dropped DLL
    • Adds Run key to start application
    • Drops file in System32 directory
    • Suspicious use of WriteProcessMemory
    PID:1960
    • C:\Windows\SysWOW64\cmd.exe
      cmd /c start iexplore -embedding
      2⤵
      • Suspicious use of WriteProcessMemory
      PID:1360
      • C:\Program Files\Internet Explorer\iexplore.exe
        "C:\Program Files\Internet Explorer\iexplore.exe" -embedding
        3⤵
        • Modifies Internet Explorer settings
        • Suspicious use of FindShellTrayWindow
        • Suspicious use of SetWindowsHookEx
        • Suspicious use of WriteProcessMemory
        PID:1388
        • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
          "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1388 CREDAT:275457 /prefetch:2
          4⤵
          • Modifies Internet Explorer settings
          • Suspicious use of SetWindowsHookEx
          PID:1264
    • C:\Windows\SysWOW64\cmd.exe
      cmd /c "C:\Users\Admin\AppData\Local\Temp\oOuF5B5.bat"
      2⤵
        PID:1796
      • C:\Windows\SysWOW64\WerFault.exe
        C:\Windows\SysWOW64\WerFault.exe -u -p 1960 -s 152
        2⤵
        • Program crash
        PID:280

    Network

    MITRE ATT&CK Enterprise v6

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\Local\Temp\oOuF5B5.bat
      Filesize

      188B

      MD5

      9a13669e77d6c0a77ba89af239fe1247

      SHA1

      125e521264de0858d96d299922d1093c5f8cf298

      SHA256

      79be52ed123dae7fab8f12ea3ded61eadbaa09ff155bb2156e815a0c541b2245

      SHA512

      7e3b1e88d0e9928757ba6b43a35a370d8aaecbdffb9635e1c9b77235b1fea85e901c4f720b4a65ca335151040bcfd0a923a6938cfa9692493b94eadd2f9dbc48

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\oOuF5B5.tmp
      Filesize

      71KB

      MD5

      3649a07fe15c43855270f62fbac9da97

      SHA1

      b71522b10f7d75552b975ac2cf21d0440ddcdf52

      SHA256

      096f30d7198ab655049186453874938912f1c26e8ec227c930424af14c09c350

      SHA512

      886cefc7438b7193842cee880eb916baa6a138dc9920d7c723d4102aa675be3d1548aff537cb7679338fdce75a4f94ac562b5d92280dcfe90c3d9063325e8876

      Download Submit

    • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\AIGCRI7K.txt
      Filesize

      603B

      MD5

      29fc5ba6445e7fabec67826296c79375

      SHA1

      b7ef0d423c9e2da1578388823a44bafeef0fa449

      SHA256

      0883ba0f9a0a2cc52b3c1fcc8360a0e85274bd186eeed44c7eca25dcde232a3c

      SHA512

      bed05d4573703b3a65fccb9a86179f59b97ccb6199cd2d4dbb8ccb6a6084226f1962fe95e51dac0b384fc77c1839a802d0f945bc8472793fede98db3d3de0b97

      Download Submit

    • \Users\Admin\AppData\Local\Temp\oOuF5B5.tmp
      Filesize

      71KB

      MD5

      3649a07fe15c43855270f62fbac9da97

      SHA1

      b71522b10f7d75552b975ac2cf21d0440ddcdf52

      SHA256

      096f30d7198ab655049186453874938912f1c26e8ec227c930424af14c09c350

      SHA512

      886cefc7438b7193842cee880eb916baa6a138dc9920d7c723d4102aa675be3d1548aff537cb7679338fdce75a4f94ac562b5d92280dcfe90c3d9063325e8876

      Download Submit

    • memory/1960-54-0x00000000751A1000-0x00000000751A3000-memory.dmp

      Filesize

      8KB

      Download