Overview

overview

10

Static

static

8

Photoshop_Set-Up.exe

windows7-x64

8

Photoshop_Set-Up.exe

windows10-2004-x64

10

out.exe

windows7-x64

out.exe

windows10-2004-x64

Analysis

  • max time kernel
    46s
  • max time network
    51s
  • platform
    windows7_x64
  • resource
    win7-20220812-es
  • resource tags

    arch:x64arch:x86image:win7-20220812-eslocale:es-esos:windows7-x64systemwindows
  • submitted
    13-01-2023 02:45

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    Photoshop_Set-Up.exe

  • Size

    2.7MB

  • MD5

    6f191d573daa38f8681fcd4706fc0714

  • SHA1

    79b89c090b8ba63b84a35ee2b3097be3eb1ed8a0

  • SHA256

    4cccca217deedf489369b8fd76fb969f823f013b9817bfb963252d2c37292b20

  • SHA512

    e969ecc805a8b40e2ab09311b9a08ce3c133d22f842eec0093babaaeed72c97a2c505059f27c534c0105a600f3c70c8555b48d092a5df42b393bf740eec6eac5

  • SSDEEP

    49152:VGTEMisXVCgvAZ6X/b5Bvd11LkrgCuygbwEF2m8U:VGIMis04Agz5/L8jkl

Score
8/10
upx

Malware Config

Signatures

  • UPX packed file 2 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

  • Checks processor information in registry 2 TTPs 3 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Enumerates system info in registry 2 TTPs 4 IoCs
  • Modifies Internet Explorer settings 1 TTPs 57 IoCs
    adwarespyware
  • Modifies system certificate store 2 TTPs 2 IoCs
    evasionspywaretrojan
  • Suspicious use of FindShellTrayWindow 2 IoCs
  • Suspicious use of SetWindowsHookEx 10 IoCs
  • Suspicious use of WriteProcessMemory 16 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\Photoshop_Set-Up.exe
    "C:\Users\Admin\AppData\Local\Temp\Photoshop_Set-Up.exe"
    1⤵
    • Checks processor information in registry
    • Enumerates system info in registry
    • Modifies Internet Explorer settings
    • Modifies system certificate store
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:1776
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" http://www.adobe.com/go/download_PHSP_es_ES?mv=product&mv2=accc
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:1076
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1076 CREDAT:275457 /prefetch:2
        3⤵
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:584
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" http://www.adobe.com/go/download_PHSP_es_ES?mv=product&mv2=accc
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:948
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:948 CREDAT:275457 /prefetch:2
        3⤵
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:1628

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\B398B80134F72209547439DB21AB308D_A4CF52CCA82D7458083F7280801A3A04
    Filesize

    471B

    MD5

    75749bd11a5eca16e9afb3b2ee4f94c2

    SHA1

    f890a9b99fd390ad33cadd414dd8d7c76672c83e

    SHA256

    ec742c6d4115aac0672677f2331e0d7d8301b22f8800036ed70c068f22e42de9

    SHA512

    ef961555a24c7d32a5d69835e11325ee0083d2e4749a16e6ddec3d1c8505af807b2827a1bda165dd05d269e67d021e8e03d746dbbafb21a3ac42428c06fb654d

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\E573CDF4C6D731D56A665145182FD759_34122A3DEA3C0812F9F2562C4EF3BE97
    Filesize

    471B

    MD5

    d4051c81d55034cc747ce8473e766c20

    SHA1

    2a94091df0e4197e7b946fb493f75b71074b89db

    SHA256

    fb5a1adcf741168b63928e222a13211e87de3955df545794b3861a83880e91c4

    SHA512

    d0d3e8852dd59ede1aae34d7b3a9a548d65cf31ee9ce6ba820b747e8662dcf412b459923c93fe0421744a31f8ff266383fde257948253e00c19930fc930a086d

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\E573CDF4C6D731D56A665145182FD759_34122A3DEA3C0812F9F2562C4EF3BE97
    Filesize

    471B

    MD5

    d4051c81d55034cc747ce8473e766c20

    SHA1

    2a94091df0e4197e7b946fb493f75b71074b89db

    SHA256

    fb5a1adcf741168b63928e222a13211e87de3955df545794b3861a83880e91c4

    SHA512

    d0d3e8852dd59ede1aae34d7b3a9a548d65cf31ee9ce6ba820b747e8662dcf412b459923c93fe0421744a31f8ff266383fde257948253e00c19930fc930a086d

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    340B

    MD5

    a8f70fc321c0080a46526df86af40504

    SHA1

    f83c60d851b9857587ae0416b3e274a30e9de8df

    SHA256

    7ca21fe27b3e3d2ea337b4b436a3d484aad978b2050e4a807defb3b16fc892c5

    SHA512

    0cf0d5807b2182342aee24979aa015b2026406f963dca5eea608ad7276c58bf37ef9853c18a18a7bbc70361c44d4af7b253e315272fabebf6ceeaad2fed084c1

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\B398B80134F72209547439DB21AB308D_A4CF52CCA82D7458083F7280801A3A04
    Filesize

    430B

    MD5

    669540e65e2c55e0fa2f17af6470a65e

    SHA1

    a065c95cf91f08b91845040f8107c4c848c2f7ca

    SHA256

    bc6413b7244c9563a9f1532c13719c7b59bbd653b12029f63e97a2ab59e79cc4

    SHA512

    ebd0bf8d8afa3b33c590e3bbb8bef43efe02ed0d9abb3938ca01082190d34e5499ff75712a0e9878a26f063974e713c14ee6d8444e25270e28811a53ac0063c3

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\E573CDF4C6D731D56A665145182FD759_34122A3DEA3C0812F9F2562C4EF3BE97
    Filesize

    426B

    MD5

    dbc321e98c6fbdd37c8b7442eec1c871

    SHA1

    8a42b6d803cd918f734e336628dcf83965d95c3b

    SHA256

    385fe5c1ff25acd0edab2b015c6e5a909c80d8508acda686b53d64ef120c598d

    SHA512

    dbc3574850e8c2bd310abea170e75125c91de9e6bbbe0d8c757dbf23609dc3ddcd78a257e7de27bd6e0e88210e09801f2fe2d0097dbc05c925ca3f93f6be676c

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\E573CDF4C6D731D56A665145182FD759_34122A3DEA3C0812F9F2562C4EF3BE97
    Filesize

    426B

    MD5

    2c5bcbadee658409138f985e939e3536

    SHA1

    cf6269036b2cad0ef3dab8b3073726e99e020289

    SHA256

    bd8e75f907f3b16b33a56056ef9327a77a40a67a56ab1b24eb6dd646c1cdd591

    SHA512

    32407c6d0d994c199b27bc20ec5fad34fcf5e0166c4d517e1205804fa7cd97fa5bcc71071bfcff93d0b95ee0cbbfe3c9d2301b600f9ed9a7d520a34972579471

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{C5458301-92F4-11ED-8EA2-EE38AA991E65}.dat
    Filesize

    5KB

    MD5

    5121ba6d5f36f05c8d30a7c0e65e7b91

    SHA1

    cc72cb7965706dc422528b269b10bd9143436185

    SHA256

    06e1e9fd38ebb1458a107bff4552713975e95c46bde1c2835d6d0330a53fbca2

    SHA512

    0b1f40a6bb39ea644560b6f4ea5e6e132d44375eb6853d3d95bb20d6f90c099a2b69262d6579d9449f8409f585a4d135bfa46da053343450c4a4bd5a976ede13

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{C547E461-92F4-11ED-8EA2-EE38AA991E65}.dat
    Filesize

    3KB

    MD5

    55d8bd8d40f0689bfb7571bd63428779

    SHA1

    1bed82007416e7935968ff2bef67c65b39749cfb

    SHA256

    306cadd8a37c348dbfd7f689b7819a29f3a64fb5cb5290626d477b3aff9d7e5a

    SHA512

    a1001f00a4100049185199b8ce89dc4fd5f2ef080f9a30b82847cb8ed9450584b7e064c086655beb70646471444e8b52c9cd5ceebaa588ca58d09f104401c385

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0LYNQJM7\unsupportedBrowser[2].htm
    Filesize

    795B

    MD5

    8376969e5faa046e5e14738801fc6f08

    SHA1

    952a8a571dc41bf1398279e637227c74d9e14164

    SHA256

    87ef5cf6b7a08353a095f0c8c91c419484f560bf0236c5730321a69d9b8c0870

    SHA512

    417b39f8a6cd907f901b75e2843a72d65090d304689b6b9f5a1fb1ac570f6f0758a40d82080c47b7f0281ef9c38204384d60513715686b2b231734e3df8ad89c

    Download Submit

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\U6L4O06V.txt
    Filesize

    882B

    MD5

    f9083b3332233e57ed3894f3a4e76dda

    SHA1

    20e8b4e5d99306dd1258edd39ba7a51c43a5740a

    SHA256

    c5cf7de67cada6311039b54a324fc9b243a56bd38c9601bee7d6e27b88ecdc03

    SHA512

    9d1a470d554de7f8761ec4d215569c95344744fec5097e102cae47a08f87da6348e1dac8e703674e86a1dc0d77fb683798b9f3c29d7eb5673a54b8744948eb82

    Download Submit

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\ZD9Z7CHO.txt
    Filesize

    882B

    MD5

    266f55debceb0099bfe09001fcf987c1

    SHA1

    2bd596ccadab64a787c0cc4b07d849dec3ef5623

    SHA256

    927770c405a4c11911efcb2524a8b23618c579d0ec23319888fd561f0955385d

    SHA512

    0a4a42f809aca20acb369677f15c8d2abcf74077dd1fe13bf62a625c5272d3cbbb7777c1297895c996ad2e7ceaea90cd296a1d983115f25ddd933bad79b2651a

    Download Submit

  • memory/1776-54-0x0000000076651000-0x0000000076653000-memory.dmp

    Filesize

    8KB

    Download

  • memory/1776-57-0x0000000000A70000-0x0000000001358000-memory.dmp

    Filesize

    8.9MB

    Download

  • memory/1776-56-0x0000000074C81000-0x0000000074C83000-memory.dmp

    Filesize

    8KB

    Download

  • memory/1776-55-0x0000000000A70000-0x0000000001358000-memory.dmp

    Filesize

    8.9MB

    Download