Overview

overview

6

Static

static

1

a7264090c7...81.exe

windows7-x64

6

a7264090c7...81.exe

windows10-2004-x64

6

Analysis

  • max time kernel
    137s
  • max time network
    160s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20220812-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
  • submitted
    09-02-2023 10:47

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    a7264090c78482bf467d95dfb21c088d65eb65d5755c3eeca5374a4411884781.exe

  • Size

    1.4MB

  • MD5

    487650228b28c84c13d305280bfcea7b

  • SHA1

    7b62228e19cab4222b351422d1485705b0e9e255

  • SHA256

    a7264090c78482bf467d95dfb21c088d65eb65d5755c3eeca5374a4411884781

  • SHA512

    9942a65446761e9a27b29d24982c859fcb31849623e348dcf1a1aac879bd56737b44b5b0f80df6a9db52a66510e8c75c58c33bdb5638365378ebd6eb7ba64654

  • SSDEEP

    24576:JHPn34MhTCilQoR1Ke2xnk6c/gfsGfhyQemrNDgPUzCgnextHWUziJm4IFMesbTK:RP9RbGGc9eTYmEbTrL1OImr0Imr+pYZP

Score
6/10
bootkitevasionpersistencetrojan

Malware Config

Signatures

  • Checks whether UAC is enabled 1 TTPs 1 IoCs
    evasiontrojan
  • Writes to the Master Boot Record (MBR) 1 TTPs 1 IoCs

    Bootkits write to the MBR to gain persistence at a level below the operating system.

    bootkitpersistence
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

  • Modifies Internet Explorer settings 1 TTPs 58 IoCs
    adwarespyware
  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 8 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\a7264090c78482bf467d95dfb21c088d65eb65d5755c3eeca5374a4411884781.exe
    "C:\Users\Admin\AppData\Local\Temp\a7264090c78482bf467d95dfb21c088d65eb65d5755c3eeca5374a4411884781.exe"
    1⤵
    • Checks whether UAC is enabled
    • Writes to the Master Boot Record (MBR)
    • Modifies Internet Explorer settings
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of SetWindowsHookEx
    PID:4972
  • C:\Program Files (x86)\Internet Explorer\ielowutil.exe
    "C:\Program Files (x86)\Internet Explorer\ielowutil.exe" -CLSID:{D5E8041D-920F-45e9-B8FB-B1DEB82C6E5E} -Embedding
    1⤵
      PID:1300
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" -startmediumtab -Embedding
      1⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:1424
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1424 CREDAT:17410 /prefetch:2
        2⤵
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:4692

    Network

    MITRE ATT&CK Enterprise v6

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\0DA515F703BB9B49479E8697ADB0B955_4136D3715888E22D65EBE484B233D81B
      Filesize

      1KB

      MD5

      2cd3cf7aa6b7a0ac7fed4b19c2dc929c

      SHA1

      dd555788b684281337f96b84eeda2cac7e601932

      SHA256

      3d78efeeaa268e61ceb0ac843756fa16a08c2e09f00f04bc6d66c95c350191f4

      SHA512

      91e25a40f027cace3d1e50e9f68c73f39131227dc7add8011eaa77ec5d779825591dc3fe6d1bec5888105b4a0316828d7fb448a0888cbc7166371ec9b137ac2c

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\349D186F1CB5682FA0194D4F3754EF36_97A2CB43E01F27293633B7B57353C80B
      Filesize

      1KB

      MD5

      f1cfb3bff3738dfe066b8c1ab6cdbadf

      SHA1

      095c3269653775729821eecf252a72110ea1fe19

      SHA256

      6c6eab72576626ba342486fd3d2a340b3b33aca8c2ee8bc310a5490b5ecddab0

      SHA512

      8034d2f75f1a660e1f5901b81d7b871c4cf0d756b7bd08223cef695ba10ee1494981f64f2320ed5b75f890145fb7b0849f8b58aeee70f70f7ca25cccf0f61ae0

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776
      Filesize

      471B

      MD5

      2897da34e63dc7264119c1358edce0ae

      SHA1

      05ae97dc53f07ac4d0e98aa52af47863191a0197

      SHA256

      357487c69e685e8c74d3aae7995be2092b33b991b5232215146b70a91589bca2

      SHA512

      fc8d4a3934f90d475d477b671889638ea860e213417f5195a15da9326f5566e887d46321621ced75c2bd1a2eaa0f34cfe8762b7e55d5ae1f15c19dc869f70935

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\B039FEA45CB4CC4BBACFC013C7C55604_50D7940D5D3FEDD8634D83074C7A46A3
      Filesize

      1KB

      MD5

      bf69ceec9f6a5f53c79f92d7beec771e

      SHA1

      6194debebd9006bd987325f9ffe79a8d9fa7bd53

      SHA256

      ecd89c20702f2c1ab35dcd110479ee1440d6b1a807baab808b783ae266633839

      SHA512

      d84d9ffc38d6259ce373b80204b5cc8c065ba3e68786b2f53331e700c114f30fe316b616548fc79828ff1e6202aa12a08ce777b3a42bbafdeb8558249e4a5b1f

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\0DA515F703BB9B49479E8697ADB0B955_4136D3715888E22D65EBE484B233D81B
      Filesize

      508B

      MD5

      a0cd6d31dc8011deafafb85dfa81f7b6

      SHA1

      800acc5bd214c5e78ae78dbdb2807f475eb88168

      SHA256

      100aa514d865c4de5a9c7ad8ce9e3d09c3f009ec95dc42f8c19dbe5d755c67be

      SHA512

      35ee4ade9aa45de93be6676d6c097191b786d4c4b3b57fe5f9e2898388954501b32fb5f0a77d9b7d209659e47a97635f094bb9f326332a607e125f8847cb9f38

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\349D186F1CB5682FA0194D4F3754EF36_97A2CB43E01F27293633B7B57353C80B
      Filesize

      532B

      MD5

      898c82f2fe7fb6eda00a6b27ad729724

      SHA1

      aee3bdbd6faabf4d3d4aef2ce52de8229c3e7a14

      SHA256

      1299cb92a83ebf072092e8d7cd6d456e38ed9d24179cc3ad3b210d17c5983c48

      SHA512

      ada07ba7bb9c7c2fb4572b1f8d6c0affc4bad5e5b72b5b352756e04e320f31a7d5938c5419e2d0f4bb18f5ca8b9341de1e313cceb3b84724274b813e59d5931e

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776
      Filesize

      434B

      MD5

      cc6a2fe3f8c295b9ed06f41272adfdc1

      SHA1

      45ff907d57a70a8bdeddb08dbc96dcd9733d15ee

      SHA256

      1ad786d640205b80c60cd3929f54242e2ec3b18ecef40ef5d05379f5adaf9351

      SHA512

      6f2cfcb2d44af33fe3526e18da5a6ef8ab1393766f77a43eb6f074a6db5c5f7c58e8b122d772ce877524830de9956bc4b4ad30506f7d965689c9a255858bc29e

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\B039FEA45CB4CC4BBACFC013C7C55604_50D7940D5D3FEDD8634D83074C7A46A3
      Filesize

      506B

      MD5

      bad6817aa1549e39b6136053c08f5dd5

      SHA1

      87a353878ba878691a7d0cfd108256c30f41fc51

      SHA256

      13d421a2e7acd2834df693def992ec961768d8090bcd063d611d705cd78e86c8

      SHA512

      b25d2c0257c0377385fa9c027df7fa949574af927c827e8390cb90da5f75fed8ced9877161fd55e521e6eb161f449c8da7bddfde211a340f09b702523fba39ef

      Download Submit

    • C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\imagestore\z2evvp3\imagestore.dat
      Filesize

      1KB

      MD5

      247ac97f801a790473bba84120283c3d

      SHA1

      75489d707cb7fc6481dc243e815524b83e1192dc

      SHA256

      2add3dd226da7743c995a0a018ffece7cae8e6c246e4385b04373007eb2dd51c

      SHA512

      ad443a0f313ecd1029358f981ad7333ba7a941083c839ada397f357fb754c3ca34494002e2726a45f1404a320154eb77c3f02493d1aec51f0b5d499d62838472

      Download Submit