Overview

overview

8

Static

static

837103031e...1b.exe

windows7-x64

8

837103031e...1b.exe

windows10-2004-x64

8

Analysis

  • max time kernel
    96s
  • max time network
    148s
  • platform
    windows7_x64
  • resource
    win7-20220812-en
  • resource tags

    arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
  • submitted
    05-12-2022 17:31

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    837103031ef3a1f93c4fb646ac3f60f9d8e562bd2ae931249fe028bd7634ed1b.exe

  • Size

    111KB

  • MD5

    bc28526297b712001cb57eef996e57a5

  • SHA1

    9e028fe02e303cf9e20d3477158da1e3b4834cd1

  • SHA256

    837103031ef3a1f93c4fb646ac3f60f9d8e562bd2ae931249fe028bd7634ed1b

  • SHA512

    13393896ce76ca138dcb97d697f186bd7cc2d8408729c2edab6d3745880336264e9006d58f62f892d59be59e44ef1904209397620d894a95cd06fad5145dce08

  • SSDEEP

    768:W58tw1IhwJywL/LcbiU4OkbzZR/9f+3xsduAdZBwA6Yzf349YX/r4rmtX1oO3evv:WAwWU+hDA5bTxzoOoxaoxf/0llsQVAu

Score
8/10

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 3 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

  • Modifies Internet Explorer settings 1 TTPs 28 IoCs
    adwarespyware
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 7 IoCs
  • Suspicious use of WriteProcessMemory 12 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\837103031ef3a1f93c4fb646ac3f60f9d8e562bd2ae931249fe028bd7634ed1b.exe
    "C:\Users\Admin\AppData\Local\Temp\837103031ef3a1f93c4fb646ac3f60f9d8e562bd2ae931249fe028bd7634ed1b.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious use of WriteProcessMemory
    PID:1904
    • C:\Users\Admin\AppData\Local\Temp\~sfx0021FADE44\Original Pagg V.37.exe
      "C:\Users\Admin\AppData\Local\Temp\~sfx0021FADE44\Original Pagg V.37.exe"
      2⤵
      • Executes dropped EXE
      • Loads dropped DLL
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:996
      • C:\Program Files\Internet Explorer\iexplore.exe
        "C:\Program Files\Internet Explorer\iexplore.exe" http://originalpagg.co.cc/
        3⤵
        • Modifies Internet Explorer settings
        • Suspicious use of FindShellTrayWindow
        • Suspicious use of SetWindowsHookEx
        • Suspicious use of WriteProcessMemory
        PID:2036
        • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
          "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2036 CREDAT:275457 /prefetch:2
          4⤵
          • Modifies Internet Explorer settings
          • Suspicious use of SetWindowsHookEx
          PID:800

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
    Filesize

    61KB

    MD5

    fc4666cbca561e864e7fdf883a9e6661

    SHA1

    2f8d6094c7a34bf12ea0bbf0d51ee9c5bb7939a5

    SHA256

    10f3deb6c452d749a7451b5d065f4c0449737e5ee8a44f4d15844b503141e65b

    SHA512

    c71f54b571e01f247f072be4bbebdf5d8410b67eb79a61e7e0d9853fe857ab9bd12f53e6af3394b935560178107291fc4be351b27deb388eba90ba949633d57d

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    43f804f0acdf4d8aca9cdceb5bb10ea6

    SHA1

    643df1dab023fae3b1b924e3239840163ee51d51

    SHA256

    3eae6a55628e266d6743e3332e68dbb271dfbb8481b7524cc97123cad6b36733

    SHA512

    33a3d498d9fcc9e1e14b9f9a797c25850bda9ad147182cceec2a044850abfdd951e5d7d9e6554c6f5a2fa4023d4098ebb8f5708400b1504a1b7e8be98b8a0c1f

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\~sfx0021FADE44\Original Pagg V.37.exe
    Filesize

    36KB

    MD5

    627146fa4cf858d1d8c3c5174d5426da

    SHA1

    35873a591879f460c9ce22f483bfb9ed74736d2f

    SHA256

    57a002e2a96a9b92d7bc9369e2768ed1adf6760f14904a69164e0d891b45eee4

    SHA512

    6803b85c0ce49d0d989d1b80329fe88eff6b0d7e159b591575584a3959cdd69b346806bfdb711c72a6ba340922babbee5fd2e777484a1b4faef9a5adf6c1299f

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\~sfx0021FADE44\Original Pagg V.37.exe
    Filesize

    36KB

    MD5

    627146fa4cf858d1d8c3c5174d5426da

    SHA1

    35873a591879f460c9ce22f483bfb9ed74736d2f

    SHA256

    57a002e2a96a9b92d7bc9369e2768ed1adf6760f14904a69164e0d891b45eee4

    SHA512

    6803b85c0ce49d0d989d1b80329fe88eff6b0d7e159b591575584a3959cdd69b346806bfdb711c72a6ba340922babbee5fd2e777484a1b4faef9a5adf6c1299f

    Download Submit

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\VOBIG5MB.txt
    Filesize

    602B

    MD5

    dd35d70330f4800974ead351b343ed30

    SHA1

    b018376ba578bd1bb3272663421d1682383542f8

    SHA256

    0b20a22f5b135f513c134d208e066d554ce2bd72c6228d8769dc453ac2785790

    SHA512

    2764361800e47e075c1801556ec19c09602a8e64645278af14e4ea77a600c412c2d8cbd3bb7a95a7a5104f12c11103b89669e650b327da12090010f90acfc728

    Download Submit

  • \Users\Admin\AppData\Local\Temp\~sfx0021FADE44\Original Pagg V.37.exe
    Filesize

    36KB

    MD5

    627146fa4cf858d1d8c3c5174d5426da

    SHA1

    35873a591879f460c9ce22f483bfb9ed74736d2f

    SHA256

    57a002e2a96a9b92d7bc9369e2768ed1adf6760f14904a69164e0d891b45eee4

    SHA512

    6803b85c0ce49d0d989d1b80329fe88eff6b0d7e159b591575584a3959cdd69b346806bfdb711c72a6ba340922babbee5fd2e777484a1b4faef9a5adf6c1299f

    Download Submit

  • \Users\Admin\AppData\Local\Temp\~sfx0021FADE44\Original Pagg V.37.exe
    Filesize

    36KB

    MD5

    627146fa4cf858d1d8c3c5174d5426da

    SHA1

    35873a591879f460c9ce22f483bfb9ed74736d2f

    SHA256

    57a002e2a96a9b92d7bc9369e2768ed1adf6760f14904a69164e0d891b45eee4

    SHA512

    6803b85c0ce49d0d989d1b80329fe88eff6b0d7e159b591575584a3959cdd69b346806bfdb711c72a6ba340922babbee5fd2e777484a1b4faef9a5adf6c1299f

    Download Submit

  • \Users\Admin\AppData\Local\Temp\~sfx0021FADE44\Original Pagg V.37.exe
    Filesize

    36KB

    MD5

    627146fa4cf858d1d8c3c5174d5426da

    SHA1

    35873a591879f460c9ce22f483bfb9ed74736d2f

    SHA256

    57a002e2a96a9b92d7bc9369e2768ed1adf6760f14904a69164e0d891b45eee4

    SHA512

    6803b85c0ce49d0d989d1b80329fe88eff6b0d7e159b591575584a3959cdd69b346806bfdb711c72a6ba340922babbee5fd2e777484a1b4faef9a5adf6c1299f

    Download Submit

  • memory/996-57-0x0000000000000000-mapping.dmp

    Download

  • memory/1904-54-0x0000000076DC1000-0x0000000076DC3000-memory.dmp

    Filesize

    8KB

    Download