Overview

overview

8

Static

static

96cf831886...b4.exe

windows7-x64

8

96cf831886...b4.exe

windows10-2004-x64

1

Analysis

  • max time kernel
    273s
  • max time network
    359s
  • platform
    windows7_x64
  • resource
    win7-20221111-en
  • resource tags

    arch:x64arch:x86image:win7-20221111-enlocale:en-usos:windows7-x64system
  • submitted
    05-12-2022 11:52

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    96cf83188669d71aa8d65c770c01338b0fa31433cf850cb9fc7e9f3424c2e4b4.exe

  • Size

    39KB

  • MD5

    c5515bba68e317cc68edb4ba96e7642b

  • SHA1

    7cc5e9a45710b7e31884c004f493c13e313691ea

  • SHA256

    96cf83188669d71aa8d65c770c01338b0fa31433cf850cb9fc7e9f3424c2e4b4

  • SHA512

    6bc2f9231e446c2d2c765ffb4cedf793b3274a47aa4ef637a472a320ff273a38735a24509b805a7518255aeabfdb75e07576b602055293c237a77fbe8e8d49ee

  • SSDEEP

    768:IetW4XNHzwYjg7why3W1alNTtVj9iCWUObgcKKaJS1/L:IetTwYjw3lNTtV0JbgcKK8S1/L

Score
8/10
persistence

Malware Config

Signatures

  • Executes dropped EXE 2 IoCs
  • Adds Run key to start application 2 TTPs 2 IoCs
    persistence
  • Suspicious use of SetThreadContext 2 IoCs
  • Drops file in Windows directory 2 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

  • Modifies Internet Explorer settings 1 TTPs 40 IoCs
    adwarespyware
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 31 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\96cf83188669d71aa8d65c770c01338b0fa31433cf850cb9fc7e9f3424c2e4b4.exe
    "C:\Users\Admin\AppData\Local\Temp\96cf83188669d71aa8d65c770c01338b0fa31433cf850cb9fc7e9f3424c2e4b4.exe"
    1⤵
    • Suspicious use of SetThreadContext
    • Suspicious use of WriteProcessMemory
    PID:752
    • C:\Users\Admin\AppData\Local\Temp\96cf83188669d71aa8d65c770c01338b0fa31433cf850cb9fc7e9f3424c2e4b4.exe
      C:\Users\Admin\AppData\Local\Temp\96cf83188669d71aa8d65c770c01338b0fa31433cf850cb9fc7e9f3424c2e4b4.exe
      2⤵
      • Adds Run key to start application
      • Drops file in Windows directory
      • Suspicious use of WriteProcessMemory
      PID:1488
      • C:\Windows\SysWOW64\explorer.exe
        "C:\Windows\System32\explorer.exe" http://browseusers.myspace.com/Browse/Browse.aspx
        3⤵
          PID:856
        • C:\Windows\dllcache.exe
          "C:\Windows\dllcache.exe"
          3⤵
          • Executes dropped EXE
          • Suspicious use of SetThreadContext
          • Suspicious use of WriteProcessMemory
          PID:1600
          • C:\Windows\dllcache.exe
            C:\Windows\dllcache.exe
            4⤵
            • Executes dropped EXE
            PID:1636
    • C:\Windows\explorer.exe
      C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding
      1⤵
      • Suspicious use of WriteProcessMemory
      PID:760
      • C:\Program Files\Internet Explorer\iexplore.exe
        "C:\Program Files\Internet Explorer\iexplore.exe" http://browseusers.myspace.com/Browse/Browse.aspx
        2⤵
        • Modifies Internet Explorer settings
        • Suspicious use of FindShellTrayWindow
        • Suspicious use of SetWindowsHookEx
        • Suspicious use of WriteProcessMemory
        PID:552
        • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
          "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:552 CREDAT:275457 /prefetch:2
          3⤵
          • Modifies Internet Explorer settings
          • Suspicious use of SetWindowsHookEx
          PID:1768

    Network

    MITRE ATT&CK Enterprise v6

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
      Filesize

      61KB

      MD5

      fc4666cbca561e864e7fdf883a9e6661

      SHA1

      2f8d6094c7a34bf12ea0bbf0d51ee9c5bb7939a5

      SHA256

      10f3deb6c452d749a7451b5d065f4c0449737e5ee8a44f4d15844b503141e65b

      SHA512

      c71f54b571e01f247f072be4bbebdf5d8410b67eb79a61e7e0d9853fe857ab9bd12f53e6af3394b935560178107291fc4be351b27deb388eba90ba949633d57d

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      ed9ee9c561c372539c5124852d55a5bc

      SHA1

      5a573e24967775ac7bdbde204878a29050b416fe

      SHA256

      d35f2c53291751afbe6c1369b779a10380dbf1ede05421cc84b5f52e5d767a19

      SHA512

      7ddd4d009e8c99375206929116ec9970e426e39396635bfc7d3409bda973336a422e059e5635101e0863bbd61c1beb4e506256a279aaf9f9fc84356ccd3253c3

      Download Submit

    • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\JPZN8X39.txt
      Filesize

      608B

      MD5

      fe8d9bf9b298b4966a596b783bfdae90

      SHA1

      49ec2b5a5b1e01bfb3d7b11adac4c4235fd2929a

      SHA256

      6ee9f4a488ff6195afadd4e72ea10ff93b05e6d9a099a51acbe73d6203c2e7a2

      SHA512

      a5b2107fd6b4391ce3f60c66827d7e5177d90c287d9f0d68568ca9a128c4dfb286ee2690082bb9048963c35889309260ee75a0e3044ead46a841aa8f777167c1

      Download Submit

    • C:\Windows\dllcache.exe
      Filesize

      39KB

      MD5

      c5515bba68e317cc68edb4ba96e7642b

      SHA1

      7cc5e9a45710b7e31884c004f493c13e313691ea

      SHA256

      96cf83188669d71aa8d65c770c01338b0fa31433cf850cb9fc7e9f3424c2e4b4

      SHA512

      6bc2f9231e446c2d2c765ffb4cedf793b3274a47aa4ef637a472a320ff273a38735a24509b805a7518255aeabfdb75e07576b602055293c237a77fbe8e8d49ee

      Download Submit

    • C:\Windows\dllcache.exe
      Filesize

      39KB

      MD5

      c5515bba68e317cc68edb4ba96e7642b

      SHA1

      7cc5e9a45710b7e31884c004f493c13e313691ea

      SHA256

      96cf83188669d71aa8d65c770c01338b0fa31433cf850cb9fc7e9f3424c2e4b4

      SHA512

      6bc2f9231e446c2d2c765ffb4cedf793b3274a47aa4ef637a472a320ff273a38735a24509b805a7518255aeabfdb75e07576b602055293c237a77fbe8e8d49ee

      Download Submit

    • C:\Windows\dllcache.exe
      Filesize

      39KB

      MD5

      c5515bba68e317cc68edb4ba96e7642b

      SHA1

      7cc5e9a45710b7e31884c004f493c13e313691ea

      SHA256

      96cf83188669d71aa8d65c770c01338b0fa31433cf850cb9fc7e9f3424c2e4b4

      SHA512

      6bc2f9231e446c2d2c765ffb4cedf793b3274a47aa4ef637a472a320ff273a38735a24509b805a7518255aeabfdb75e07576b602055293c237a77fbe8e8d49ee

      Download Submit

    • memory/760-86-0x000007FEFBCE1000-0x000007FEFBCE3000-memory.dmp

      Filesize

      8KB

      Download

    • memory/856-66-0x0000000000000000-mapping.dmp

      Download

    • memory/856-85-0x0000000074761000-0x0000000074763000-memory.dmp

      Filesize

      8KB

      Download

    • memory/1488-60-0x0000000000400000-0x000000000044C000-memory.dmp

      Filesize

      304KB

      Download

    • memory/1488-54-0x0000000000400000-0x000000000044C000-memory.dmp

      Filesize

      304KB

      Download

    • memory/1488-65-0x0000000075531000-0x0000000075533000-memory.dmp

      Filesize

      8KB

      Download

    • memory/1488-64-0x0000000000400000-0x000000000044C000-memory.dmp

      Filesize

      304KB

      Download

    • memory/1488-61-0x0000000000405232-mapping.dmp

      Download

    • memory/1488-63-0x0000000000400000-0x000000000044C000-memory.dmp

      Filesize

      304KB

      Download

    • memory/1488-58-0x0000000000400000-0x000000000044C000-memory.dmp

      Filesize

      304KB

      Download

    • memory/1488-84-0x0000000000400000-0x000000000044C000-memory.dmp

      Filesize

      304KB

      Download

    • memory/1488-57-0x0000000000400000-0x000000000044C000-memory.dmp

      Filesize

      304KB

      Download

    • memory/1488-55-0x0000000000400000-0x000000000044C000-memory.dmp

      Filesize

      304KB

      Download

    • memory/1600-68-0x0000000000000000-mapping.dmp

      Download

    • memory/1636-87-0x0000000000400000-0x000000000044C000-memory.dmp

      Filesize

      304KB

      Download

    • memory/1636-83-0x0000000000400000-0x000000000044C000-memory.dmp

      Filesize

      304KB

      Download

    • memory/1636-78-0x0000000000405232-mapping.dmp

      Download