Overview

overview

3

Static

static

1

Installer.exe

windows7-x64

3

Installer.exe

windows10-2004-x64

1

Analysis

  • max time kernel
    146s
  • max time network
    148s
  • platform
    windows7_x64
  • resource
    win7-20221111-es
  • resource tags

    arch:x64arch:x86image:win7-20221111-eslocale:es-esos:windows7-x64systemwindows
  • submitted
    06-02-2023 19:13

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    Installer.exe

  • Size

    2.9MB

  • MD5

    dcb050a81038862531cf2e23a095dbd0

  • SHA1

    3340822daaacb341a036a062503db2691f652559

  • SHA256

    3c49e41f4e9be499f026246d0f28a6ee6649ebb12d91ad7ef5a3932a21e5842c

  • SHA512

    5a26a7ae54b08acd2024c16ea7e27a12f4bd5a047d6eef5bf944678faa4c2edc3ca9d6e251107793f908245123ab70d1c73296797cb0c1fb47a265fd4b591cea

  • SSDEEP

    49152:/nnZxJD+PpDTQQnN31kGMdiBvUxDnXdNDLHN0mU2nSCHwYP+tpYEfpB0Ufa6Kab:PJMTQQnN31kPdvDXbumU2nSCHwYWtpYe

Score
3/10

Malware Config

Signatures

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

  • Modifies Internet Explorer settings 1 TTPs 35 IoCs
    adwarespyware
  • Suspicious use of AdjustPrivilegeToken 4 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 7 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\Installer.exe
    "C:\Users\Admin\AppData\Local\Temp\Installer.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:948
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" https://app.traffmonetizer.com/
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:1236
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1236 CREDAT:275457 /prefetch:2
        3⤵
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:564
  • C:\Windows\System32\control.exe
    "C:\Windows\System32\control.exe" SYSTEM
    1⤵
      PID:240
    • C:\Windows\SysWOW64\DllHost.exe
      C:\Windows\SysWOW64\DllHost.exe /Processid:{06622D85-6856-4460-8DE1-A81921B41C4B}
      1⤵
        PID:700
      • C:\Windows\explorer.exe
        "C:\Windows\explorer.exe"
        1⤵
          PID:1656
        • C:\Windows\system32\AUDIODG.EXE
          C:\Windows\system32\AUDIODG.EXE 0x510
          1⤵
          • Suspicious use of AdjustPrivilegeToken
          PID:956
        • C:\Windows\system32\LogonUI.exe
          "LogonUI.exe" /flags:0x0
          1⤵
            PID:1680
          • C:\Windows\system32\LogonUI.exe
            "LogonUI.exe" /flags:0x1
            1⤵
              PID:1624

            Network

            MITRE ATT&CK Enterprise v6

            Replay Monitor

            Loading Replay Monitor...

            Downloads

            • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
              Filesize

              61KB

              MD5

              fc4666cbca561e864e7fdf883a9e6661

              SHA1

              2f8d6094c7a34bf12ea0bbf0d51ee9c5bb7939a5

              SHA256

              10f3deb6c452d749a7451b5d065f4c0449737e5ee8a44f4d15844b503141e65b

              SHA512

              c71f54b571e01f247f072be4bbebdf5d8410b67eb79a61e7e0d9853fe857ab9bd12f53e6af3394b935560178107291fc4be351b27deb388eba90ba949633d57d

              Download Submit

            • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
              Filesize

              342B

              MD5

              a920d1fb5cf512dc3ea88ec9d8abdd64

              SHA1

              9b2c82097c6429575ce6ebda42c3295ec274f3d5

              SHA256

              158c1e7b78a8a90ca8219b9e4e46c61de30e404b84ea464e7539062ab0811289

              SHA512

              46d51ec1354719a5bd0ce6c4b45529644d95b6a2affbd17d25f449a930d2c7c1935387d02a0aab4023ce2d27e5d292cadd49beac43b4ef033e5a961f32b22365

              Download Submit

            • C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\imagestore\t9o3c8r\imagestore.dat
              Filesize

              161KB

              MD5

              beeb6adb13447426fc49ab98af38fcec

              SHA1

              68d2b4cc06429ccc9d87addc8ab5184de5eef313

              SHA256

              97b1f43321595eda0fdc9650909adee1b1597cc56509ecfc5e292033f1a0ed97

              SHA512

              f40fc88258936ef6dc41d5b286ba633e8c9b56a793c4cd5e37315e69d86777e28927ec6b5c41ddc800ec375e8c539152c9473953aa1de6bb5b1bbcae8f979098

              Download Submit

            • memory/700-58-0x0000000075161000-0x0000000075163000-memory.dmp

              Filesize

              8KB

              Download

            • memory/700-59-0x00000000720F1000-0x00000000720F3000-memory.dmp

              Filesize

              8KB

              Download

            • memory/948-54-0x0000000000C80000-0x0000000000F64000-memory.dmp

              Filesize

              2.9MB

              Download

            • memory/948-55-0x000007FEFB551000-0x000007FEFB553000-memory.dmp

              Filesize

              8KB

              Download

            • memory/948-56-0x000000001B547000-0x000000001B566000-memory.dmp

              Filesize

              124KB

              Download

            • memory/948-65-0x000000001B547000-0x000000001B566000-memory.dmp

              Filesize

              124KB

              Download