Overview

overview

8

Static

static

baef3d2a96...f8.exe

windows7-x64

8

baef3d2a96...f8.exe

windows10-2004-x64

8

Analysis

  • max time kernel
    170s
  • max time network
    183s
  • platform
    windows7_x64
  • resource
    win7-20220812-en
  • resource tags

    arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
  • submitted
    06/12/2022, 08:22

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    baef3d2a96bb7c1baab7cc31bf319dd93f7f153c7db02e88f1c6267918cdcaf8.exe

  • Size

    10.3MB

  • MD5

    0b66d0aab53443b67125798e868484e4

  • SHA1

    e8a1d09728ef0f3365d7c85d9af4de6c395e832e

  • SHA256

    baef3d2a96bb7c1baab7cc31bf319dd93f7f153c7db02e88f1c6267918cdcaf8

  • SHA512

    e173a1b56d5db2a829891509050c7cf5c5bc982f96ccfa3a4cb92f509567ff68534b7802c225ef182e61e07e8eb4350b17ba59229bbe7e38af92b478e94576a3

  • SSDEEP

    196608:mM38+eI7nruZnXQUDgvBigflIdNlsC26xJ8vFFanBQI2UhVxdXuo:mBXI7ndCgvYgIdNlJ2uJ2y2Uheo

Score
8/10
evasionpersistencetrojan

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Sets service image path in registry 2 TTPs 1 IoCs
    persistence
  • Loads dropped DLL 3 IoCs
  • Checks whether UAC is enabled 1 TTPs 1 IoCs
    evasiontrojan
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

  • Modifies Internet Explorer settings 1 TTPs 36 IoCs
    adwarespyware
  • Runs net.exe
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 8 IoCs
  • Suspicious use of WriteProcessMemory 28 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\baef3d2a96bb7c1baab7cc31bf319dd93f7f153c7db02e88f1c6267918cdcaf8.exe
    "C:\Users\Admin\AppData\Local\Temp\baef3d2a96bb7c1baab7cc31bf319dd93f7f153c7db02e88f1c6267918cdcaf8.exe"
    1⤵
    • Sets service image path in registry
    • Loads dropped DLL
    • Suspicious use of WriteProcessMemory
    PID:1352
    • C:\Windows\SysWOW64\Net.exe
      Net Stop PcaSvc
      2⤵
      • Suspicious use of WriteProcessMemory
      PID:1600
      • C:\Windows\SysWOW64\net1.exe
        C:\Windows\system32\net1 Stop PcaSvc
        3⤵
          PID:1996
      • C:\Users\Admin\AppData\Local\Temp\g86A29\eXtreme.Movie.Manager.Pro.v6.2.5.0.exe
        C:\Users\Admin\AppData\Local\Temp\g86A29\eXtreme.Movie.Manager.Pro.v6.2.5.0.exe
        2⤵
        • Executes dropped EXE
        • Loads dropped DLL
        • Checks whether UAC is enabled
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:1192
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" -startmediumtab -Embedding
      1⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:684
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:684 CREDAT:275457 /prefetch:2
        2⤵
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:832

    Network

          MITRE ATT&CK Enterprise v6

          Replay Monitor

          Loading Replay Monitor...

          Downloads

          • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
            Filesize

            61KB

            MD5

            fc4666cbca561e864e7fdf883a9e6661

            SHA1

            2f8d6094c7a34bf12ea0bbf0d51ee9c5bb7939a5

            SHA256

            10f3deb6c452d749a7451b5d065f4c0449737e5ee8a44f4d15844b503141e65b

            SHA512

            c71f54b571e01f247f072be4bbebdf5d8410b67eb79a61e7e0d9853fe857ab9bd12f53e6af3394b935560178107291fc4be351b27deb388eba90ba949633d57d

            Download Submit

          • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
            Filesize

            304B

            MD5

            36021a22e52cc10f75bffb576f5ffa3e

            SHA1

            397e38dd07429ee09c9ef4d987f1cfb2d2afaf3b

            SHA256

            9ee419f13ab66aa08c1f969ce4038c0c433d809e5089c2105be3cea3eee06784

            SHA512

            4bc917758a69561cb74de25d80e2a2e251cfe4b161e612ae736f182108cf2651a06618283c7314c082fc261ea82cbc226e50726c0f7959e6e5560554b88df8ef

            Download Submit

          • C:\Users\Admin\AppData\Local\Temp\g86A29\eXtreme.Movie.Manager.Pro.v6.2.5.0.exe
            Filesize

            8.4MB

            MD5

            acc2275cef3e426f6195b0125fdfd121

            SHA1

            f5aaebd1d643cb0a5d7d9c6ae268fef7af4ffefa

            SHA256

            c3b5c3310dce1a54d82a6219da80925900ce2f972e954dbcf8bbfc2a41906039

            SHA512

            3aa69b3f02169fa7845a6348b9a98d35ba34550b45fef11c33ab6d2b2a13e2bbe5aaadc8c32b9e38dfae89402f22164b045d46fefb5ea9eeac24b41226804fe5

            Download Submit

          • C:\Users\Admin\AppData\Local\Temp\g86A29\eXtreme.Movie.Manager.Pro.v6.2.5.0.exe
            Filesize

            8.4MB

            MD5

            acc2275cef3e426f6195b0125fdfd121

            SHA1

            f5aaebd1d643cb0a5d7d9c6ae268fef7af4ffefa

            SHA256

            c3b5c3310dce1a54d82a6219da80925900ce2f972e954dbcf8bbfc2a41906039

            SHA512

            3aa69b3f02169fa7845a6348b9a98d35ba34550b45fef11c33ab6d2b2a13e2bbe5aaadc8c32b9e38dfae89402f22164b045d46fefb5ea9eeac24b41226804fe5

            Download Submit

          • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\WNBLHRY3.txt
            Filesize

            608B

            MD5

            c7910cc9fc616c61b4c7e4744d27407b

            SHA1

            849a97a621eddca4204fb4d5bd2a6769f1adc620

            SHA256

            55ec1cc774118abaf229cb12a84565e76ceea2a4ffd18414fc34d0931ac48fe9

            SHA512

            7c156eea8d011df068411439125ed0bf137d39417376d25cfbc696e088e7e5bd6f14420d7e0d53554436b3f2659023aafba6e304f55a7af4c58829b41031d6cb

            Download Submit

          • \Users\Admin\AppData\Local\Temp\g86A29\eXtreme.Movie.Manager.Pro.v6.2.5.0.exe
            Filesize

            8.4MB

            MD5

            acc2275cef3e426f6195b0125fdfd121

            SHA1

            f5aaebd1d643cb0a5d7d9c6ae268fef7af4ffefa

            SHA256

            c3b5c3310dce1a54d82a6219da80925900ce2f972e954dbcf8bbfc2a41906039

            SHA512

            3aa69b3f02169fa7845a6348b9a98d35ba34550b45fef11c33ab6d2b2a13e2bbe5aaadc8c32b9e38dfae89402f22164b045d46fefb5ea9eeac24b41226804fe5

            Download Submit

          • \Users\Admin\AppData\Local\Temp\g86A29\eXtreme.Movie.Manager.Pro.v6.2.5.0.exe
            Filesize

            8.4MB

            MD5

            acc2275cef3e426f6195b0125fdfd121

            SHA1

            f5aaebd1d643cb0a5d7d9c6ae268fef7af4ffefa

            SHA256

            c3b5c3310dce1a54d82a6219da80925900ce2f972e954dbcf8bbfc2a41906039

            SHA512

            3aa69b3f02169fa7845a6348b9a98d35ba34550b45fef11c33ab6d2b2a13e2bbe5aaadc8c32b9e38dfae89402f22164b045d46fefb5ea9eeac24b41226804fe5

            Download Submit

          • \Users\Admin\AppData\Local\Temp\g86A29\eXtreme.Movie.Manager.Pro.v6.2.5.0.exe
            Filesize

            8.4MB

            MD5

            acc2275cef3e426f6195b0125fdfd121

            SHA1

            f5aaebd1d643cb0a5d7d9c6ae268fef7af4ffefa

            SHA256

            c3b5c3310dce1a54d82a6219da80925900ce2f972e954dbcf8bbfc2a41906039

            SHA512

            3aa69b3f02169fa7845a6348b9a98d35ba34550b45fef11c33ab6d2b2a13e2bbe5aaadc8c32b9e38dfae89402f22164b045d46fefb5ea9eeac24b41226804fe5

            Download Submit

          • memory/1352-54-0x0000000075601000-0x0000000075603000-memory.dmp

            Filesize

            8KB

            Download