Overview

overview

8

Static

static

7.hta

windows7-x64

7

7.hta

windows10-2004-x64

8

Resubmissions

26-12-2022 04:45

221226-fdvy2sff4t 8

21-12-2022 23:37

221221-3mj98sgg4z 8

Analysis

  • max time kernel
    72s
  • max time network
    41s
  • platform
    windows7_x64
  • resource
    win7-20220812-en
  • resource tags

    arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
  • submitted
    21-12-2022 23:37

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    7.hta

  • Size

    1.4MB

  • MD5

    dd5b29f38ada264a89dbafab6ed35ec3

  • SHA1

    c77ce7470ff68d53825cc664cec35302e0d197c7

  • SHA256

    1faa9cb2b997e1a07e82087c1722fe12ea1fe5b48897d6edf34c8171b88e12f3

  • SHA512

    3778863b14860a7d939ecc2bf96dd6a79e8ea4452222150d9c5860cb54e1668de731e1989d1490885c824ced9bd24de5822b86669ed64a6769e2546ee13fe1fc

  • SSDEEP

    24576:1jduwC1N3WLIxP456UKkcCByVidDdlYhCNcql2BeqKflYhBepIjmXlcLI:NdA33Kz0ZQDP9Gqnl

Score
7/10

Malware Config

Signatures

  • Loads dropped DLL 6 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

  • Modifies Internet Explorer settings 1 TTPs 3 IoCs
    adwarespyware
  • Modifies registry class 30 IoCs
  • Suspicious behavior: EnumeratesProcesses 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 1 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Windows\SysWOW64\mshta.exe
    C:\Windows\SysWOW64\mshta.exe "C:\Users\Admin\AppData\Local\Temp\7.hta"
    1⤵
    • Loads dropped DLL
    • Modifies Internet Explorer settings
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of WriteProcessMemory
    PID:1376
    • C:\windows\explorer.exe
      "C:\windows\explorer.exe" C:\Users\Public\Music\0P4rd
      2⤵
        PID:960
    • C:\Windows\explorer.exe
      C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding
      1⤵
      • Modifies Internet Explorer settings
      • Modifies registry class
      • Suspicious use of SetWindowsHookEx
      PID:912

    Network

    MITRE ATT&CK Enterprise v6

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Public\Music\0P4rd\2aeS0a.lnk
      Filesize

      1KB

      MD5

      a575064ac20ed9b97c4a79d668878025

      SHA1

      00a23d656f539cca6cef936e1030a1a2fcddea12

      SHA256

      33e41d60ba3dcc8c9ed2c7b17e9d86ab6b63aa3bcc6fe1528aebe221f7c01753

      SHA512

      c54b27b74e43eb1dbf4b408bc8be79021906eb2b536e31ef39c03e9ed0bea5350aa6f13679915cf23cb0ce61954bb48bc42f480f6c4451fe305fba51e63ad3f7

      Download Submit

    • C:\Users\Public\Music\0P4rd\BkD9Nj.lnk
      Filesize

      1KB

      MD5

      a575064ac20ed9b97c4a79d668878025

      SHA1

      00a23d656f539cca6cef936e1030a1a2fcddea12

      SHA256

      33e41d60ba3dcc8c9ed2c7b17e9d86ab6b63aa3bcc6fe1528aebe221f7c01753

      SHA512

      c54b27b74e43eb1dbf4b408bc8be79021906eb2b536e31ef39c03e9ed0bea5350aa6f13679915cf23cb0ce61954bb48bc42f480f6c4451fe305fba51e63ad3f7

      Download Submit

    • C:\Users\Public\Music\0P4rd\E1N8Kh.lnk
      Filesize

      1KB

      MD5

      a575064ac20ed9b97c4a79d668878025

      SHA1

      00a23d656f539cca6cef936e1030a1a2fcddea12

      SHA256

      33e41d60ba3dcc8c9ed2c7b17e9d86ab6b63aa3bcc6fe1528aebe221f7c01753

      SHA512

      c54b27b74e43eb1dbf4b408bc8be79021906eb2b536e31ef39c03e9ed0bea5350aa6f13679915cf23cb0ce61954bb48bc42f480f6c4451fe305fba51e63ad3f7

      Download Submit

    • C:\Users\Public\Music\0P4rd\Qa3BKt.lnk
      Filesize

      1KB

      MD5

      a575064ac20ed9b97c4a79d668878025

      SHA1

      00a23d656f539cca6cef936e1030a1a2fcddea12

      SHA256

      33e41d60ba3dcc8c9ed2c7b17e9d86ab6b63aa3bcc6fe1528aebe221f7c01753

      SHA512

      c54b27b74e43eb1dbf4b408bc8be79021906eb2b536e31ef39c03e9ed0bea5350aa6f13679915cf23cb0ce61954bb48bc42f480f6c4451fe305fba51e63ad3f7

      Download Submit

    • C:\Users\Public\Music\0P4rd\RRC122.lnk
      Filesize

      1KB

      MD5

      a575064ac20ed9b97c4a79d668878025

      SHA1

      00a23d656f539cca6cef936e1030a1a2fcddea12

      SHA256

      33e41d60ba3dcc8c9ed2c7b17e9d86ab6b63aa3bcc6fe1528aebe221f7c01753

      SHA512

      c54b27b74e43eb1dbf4b408bc8be79021906eb2b536e31ef39c03e9ed0bea5350aa6f13679915cf23cb0ce61954bb48bc42f480f6c4451fe305fba51e63ad3f7

      Download Submit

    • C:\Users\Public\Music\0P4rd\dPbxh9.lnk
      Filesize

      1KB

      MD5

      a575064ac20ed9b97c4a79d668878025

      SHA1

      00a23d656f539cca6cef936e1030a1a2fcddea12

      SHA256

      33e41d60ba3dcc8c9ed2c7b17e9d86ab6b63aa3bcc6fe1528aebe221f7c01753

      SHA512

      c54b27b74e43eb1dbf4b408bc8be79021906eb2b536e31ef39c03e9ed0bea5350aa6f13679915cf23cb0ce61954bb48bc42f480f6c4451fe305fba51e63ad3f7

      Download Submit

    • C:\Users\Public\wget.exe
      Filesize

      1.7MB

      MD5

      4f6ec93065e9332abff1b2100ead293d

      SHA1

      b9d40953f9094859721158cf0383a359612cb97a

      SHA256

      3b136e3c8fc3c20400903af15e3b8b2b854b1f3e5f4a828e3334a0790ddfd3bf

      SHA512

      93dfd8b729030b508163c920657b391640e4e284cfe1b01b7d64d37d807b48178834d10419fd4239f12f73b157e833328e33baf867925a646547071f1544fae7

      Download Submit

    • \Users\Public\wget.exe
      Filesize

      1.7MB

      MD5

      4f6ec93065e9332abff1b2100ead293d

      SHA1

      b9d40953f9094859721158cf0383a359612cb97a

      SHA256

      3b136e3c8fc3c20400903af15e3b8b2b854b1f3e5f4a828e3334a0790ddfd3bf

      SHA512

      93dfd8b729030b508163c920657b391640e4e284cfe1b01b7d64d37d807b48178834d10419fd4239f12f73b157e833328e33baf867925a646547071f1544fae7

      Download Submit

    • \Users\Public\wget.exe
      Filesize

      1.7MB

      MD5

      4f6ec93065e9332abff1b2100ead293d

      SHA1

      b9d40953f9094859721158cf0383a359612cb97a

      SHA256

      3b136e3c8fc3c20400903af15e3b8b2b854b1f3e5f4a828e3334a0790ddfd3bf

      SHA512

      93dfd8b729030b508163c920657b391640e4e284cfe1b01b7d64d37d807b48178834d10419fd4239f12f73b157e833328e33baf867925a646547071f1544fae7

      Download Submit

    • \Users\Public\wget.exe
      Filesize

      1.7MB

      MD5

      4f6ec93065e9332abff1b2100ead293d

      SHA1

      b9d40953f9094859721158cf0383a359612cb97a

      SHA256

      3b136e3c8fc3c20400903af15e3b8b2b854b1f3e5f4a828e3334a0790ddfd3bf

      SHA512

      93dfd8b729030b508163c920657b391640e4e284cfe1b01b7d64d37d807b48178834d10419fd4239f12f73b157e833328e33baf867925a646547071f1544fae7

      Download Submit

    • \Users\Public\wget.exe
      Filesize

      1.7MB

      MD5

      4f6ec93065e9332abff1b2100ead293d

      SHA1

      b9d40953f9094859721158cf0383a359612cb97a

      SHA256

      3b136e3c8fc3c20400903af15e3b8b2b854b1f3e5f4a828e3334a0790ddfd3bf

      SHA512

      93dfd8b729030b508163c920657b391640e4e284cfe1b01b7d64d37d807b48178834d10419fd4239f12f73b157e833328e33baf867925a646547071f1544fae7

      Download Submit

    • \Users\Public\wget.exe
      Filesize

      1.7MB

      MD5

      4f6ec93065e9332abff1b2100ead293d

      SHA1

      b9d40953f9094859721158cf0383a359612cb97a

      SHA256

      3b136e3c8fc3c20400903af15e3b8b2b854b1f3e5f4a828e3334a0790ddfd3bf

      SHA512

      93dfd8b729030b508163c920657b391640e4e284cfe1b01b7d64d37d807b48178834d10419fd4239f12f73b157e833328e33baf867925a646547071f1544fae7

      Download Submit

    • \Users\Public\wget.exe
      Filesize

      1.7MB

      MD5

      4f6ec93065e9332abff1b2100ead293d

      SHA1

      b9d40953f9094859721158cf0383a359612cb97a

      SHA256

      3b136e3c8fc3c20400903af15e3b8b2b854b1f3e5f4a828e3334a0790ddfd3bf

      SHA512

      93dfd8b729030b508163c920657b391640e4e284cfe1b01b7d64d37d807b48178834d10419fd4239f12f73b157e833328e33baf867925a646547071f1544fae7

      Download Submit

    • memory/912-59-0x0000000003740000-0x0000000003750000-memory.dmp

      Filesize

      64KB

      Download

    • memory/960-57-0x000007FEFBC01000-0x000007FEFBC03000-memory.dmp

      Filesize

      8KB

      Download

    • memory/960-56-0x0000000000000000-mapping.dmp

      Download

    • memory/1376-54-0x0000000075BD1000-0x0000000075BD3000-memory.dmp

      Filesize

      8KB

      Download

    • memory/1376-55-0x00000000718A0000-0x0000000071E4B000-memory.dmp

      Filesize

      5.7MB

      Download

    • memory/1376-73-0x00000000718A0000-0x0000000071E4B000-memory.dmp

      Filesize

      5.7MB

      Download