Overview

overview

7

Static

static

a3cb786ef6...c0.exe

windows7-x64

7

a3cb786ef6...c0.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    151s
  • max time network
    156s
  • platform
    windows7_x64
  • resource
    win7-20220812-en
  • resource tags

    arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
  • submitted
    05/12/2022, 10:16

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    a3cb786ef604b849dfdee3f6a9f4356e8fb4204e018f53c0799a5348f06ee2c0.exe

  • Size

    69KB

  • MD5

    268171181d88cf3cacf18078d1366a00

  • SHA1

    eea95617c94b191506cf37ca85e2b5064cf6215f

  • SHA256

    a3cb786ef604b849dfdee3f6a9f4356e8fb4204e018f53c0799a5348f06ee2c0

  • SHA512

    025caa53938e52b8710542776433737c1929bc100c33af778b83ef1f01ea22f9063fb1e2f8153f73ade8bdbab55f3892022bbf26ccd4e1e7dbdc05bf9115041c

  • SSDEEP

    1536:LFcpB4OEQDN9ZTGX7rOMw2XGXjDsNEwHYVrOttUBrD:LQBscNDGrrOzzD1mYpMqB3

Score
7/10
persistence

Malware Config

Signatures

  • Loads dropped DLL 1 IoCs
  • Adds Run key to start application 2 TTPs 2 IoCs
    persistence
  • Drops file in System32 directory 2 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

  • Program crash 1 IoCs
  • Modifies Internet Explorer settings 1 TTPs 27 IoCs
    adwarespyware
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 4 IoCs
  • Suspicious use of WriteProcessMemory 24 IoCs

Processes

  • C:\Windows\Explorer.EXE
    C:\Windows\Explorer.EXE
    1⤵
      PID:1384
      • C:\Users\Admin\AppData\Local\Temp\a3cb786ef604b849dfdee3f6a9f4356e8fb4204e018f53c0799a5348f06ee2c0.exe
        "C:\Users\Admin\AppData\Local\Temp\a3cb786ef604b849dfdee3f6a9f4356e8fb4204e018f53c0799a5348f06ee2c0.exe"
        2⤵
        • Loads dropped DLL
        • Adds Run key to start application
        • Drops file in System32 directory
        • Suspicious use of WriteProcessMemory
        PID:576
        • C:\Windows\SysWOW64\cmd.exe
          cmd /c start iexplore -embedding
          3⤵
          • Suspicious use of WriteProcessMemory
          PID:1068
          • C:\Program Files\Internet Explorer\iexplore.exe
            "C:\Program Files\Internet Explorer\iexplore.exe" -embedding
            4⤵
            • Modifies Internet Explorer settings
            • Suspicious use of FindShellTrayWindow
            • Suspicious use of SetWindowsHookEx
            • Suspicious use of WriteProcessMemory
            PID:1640
            • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
              "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1640 CREDAT:275457 /prefetch:2
              5⤵
              • Modifies Internet Explorer settings
              • Suspicious use of SetWindowsHookEx
              PID:620
        • C:\Windows\SysWOW64\cmd.exe
          cmd /c "C:\Users\Admin\AppData\Local\Temp\fig7273.bat"
          3⤵
            PID:1836
          • C:\Windows\SysWOW64\WerFault.exe
            C:\Windows\SysWOW64\WerFault.exe -u -p 576 -s 140
            3⤵
            • Program crash
            PID:1416

      Network

            MITRE ATT&CK Enterprise v6

            Replay Monitor

            Loading Replay Monitor...

            Downloads

            • C:\Users\Admin\AppData\Local\Temp\fig7273.bat
              Filesize

              188B

              MD5

              546eab929b7be7d013da0148c423ebf1

              SHA1

              c0513a5f1c99f7b42d55e23d059e76a2f3adecbe

              SHA256

              efa0876455000a5bef22d3dda89258f2083b3b65476897d8f14c499bcbb91b00

              SHA512

              e9b2fd91f7f47781a1c94284008a7fd97b6290d23eed23c5e91bdc1402efa8a5237e345ecbcf8db1943644815d207da73f4ab58bd955cf2a2acc658c5c20680c

              Download Submit

            • C:\Users\Admin\AppData\Local\Temp\fig7273.tmp
              Filesize

              38KB

              MD5

              ba571f16760b1edc0a3b0ba384e8698f

              SHA1

              a4e3328f0f9c476db90208cfe96c4be69da70645

              SHA256

              afff2d01281449bb050310decf680ddee2ef8eec0be72519eddbfd16081139c1

              SHA512

              d548739479704e3a95920d43fff4abcb76dc5494bd8b57a27367cbe451250b9c8b8becd190fcce2fdb69a796a5b04218f82d33660584dc78ece7a1ec814d3aff

              Download Submit

            • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\UUKAHOF7.txt
              Filesize

              601B

              MD5

              bd5ebd214458e5d7bf645e2a576c6a21

              SHA1

              a1c4a891557920d2e4a51267514b9abe082c3737

              SHA256

              1782df5fc82599952d4d29b06ebed383250eebf83a7f8e222df03fec64bbf0f1

              SHA512

              bc54a7e7d4913016222c4d9f1cdc53a6d2f0799fe7ce21a21885509e76b21c5d7dedc78aded08956439ca0f2939329cfc9457f4ff970008ff2fa4dfc79c556fe

              Download Submit

            • \Users\Admin\AppData\Local\Temp\fig7273.tmp
              Filesize

              38KB

              MD5

              ba571f16760b1edc0a3b0ba384e8698f

              SHA1

              a4e3328f0f9c476db90208cfe96c4be69da70645

              SHA256

              afff2d01281449bb050310decf680ddee2ef8eec0be72519eddbfd16081139c1

              SHA512

              d548739479704e3a95920d43fff4abcb76dc5494bd8b57a27367cbe451250b9c8b8becd190fcce2fdb69a796a5b04218f82d33660584dc78ece7a1ec814d3aff

              Download Submit

            • memory/1068-56-0x0000000075911000-0x0000000075913000-memory.dmp

              Filesize

              8KB

              Download

            • memory/1384-57-0x000000007FFF0000-0x000000007FFF6000-memory.dmp

              Filesize

              24KB

              Download

            • memory/1384-60-0x000000007FFF0000-0x000000007FFF6000-memory.dmp

              Filesize

              24KB

              Download