Overview

overview

7

Static

static

1

MessinesBr...ce.wsf

windows7-x64

3

MessinesBr...ce.wsf

windows10-2004-x64

7

abrogative...ns.lnk

windows7-x64

3

abrogative...ns.lnk

windows10-2004-x64

3

prepolice/...ed.exe

windows7-x64

prepolice/...ed.exe

windows10-2004-x64

1

prepolice/...ey.cmd

windows7-x64

3

prepolice/...ey.cmd

windows10-2004-x64

7

prepolice/...ss.jpg

windows7-x64

3

prepolice/...ss.jpg

windows10-2004-x64

3

Analysis

  • max time kernel
    107s
  • max time network
    140s
  • platform
    windows7_x64
  • resource
    win7-20230220-en
  • resource tags

    arch:x64arch:x86image:win7-20230220-enlocale:en-usos:windows7-x64system
  • submitted
    02/03/2023, 01:15

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    MessinesBroggle/Practice.wsf

  • Size

    301KB

  • MD5

    9fbb03199ddcd8e0721d26678a93a85b

  • SHA1

    a89af303deab99205ccd02b8daf03f517829350f

  • SHA256

    922e91442d3c5d76371a35bbb05d85185ad885d4810f8226b30ca283d354e0c6

  • SHA512

    9c1bf0fa65fc341d94c0056d11146abac769c9049b8b18f14f2613d452e5aeb1763fce4e2fae5802de0e84dd528de052535712f9f147525f084b4ff82f8061ce

  • SSDEEP

    6144:W2eUlkn0MKxEuTZaHqmxOnpW/ewuXIfuZFdaziCN4wJscHPBtwtZy/:7lk/KxE6ZaHBIgnoIf4YH5OHy/

Score
3/10

Malware Config

Signatures

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

  • Modifies Internet Explorer settings 1 TTPs 36 IoCs
    adwarespyware
  • Suspicious behavior: EnumeratesProcesses 2 IoCs
  • Suspicious use of AdjustPrivilegeToken 2 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 16 IoCs

Processes

  • C:\Windows\System32\WScript.exe
    "C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\MessinesBroggle\Practice.wsf"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:1988
    • C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
      "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" $Disexcommunicate = Get-ItemProperty -Path HKCU:\SOFTWARE\Disexcommunicate | %{$_.pachymeterCeltization}; powershell -windowstyle Minimized -encodedcommand $Disexcommunicate
      2⤵
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of WriteProcessMemory
      PID:592
      • C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
        "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -windowstyle Minimized -encodedcommand
        3⤵
        • Suspicious behavior: EnumeratesProcesses
        • Suspicious use of AdjustPrivilegeToken
        PID:2040
    • C:\Windows\System32\cmd.exe
      "C:\Windows\System32\cmd.exe" /c start https://learn.microsoft.com/microsoft-365/troubleshoot/
      2⤵
      • Suspicious use of WriteProcessMemory
      PID:1636
      • C:\Program Files\Internet Explorer\iexplore.exe
        "C:\Program Files\Internet Explorer\iexplore.exe" https://learn.microsoft.com/microsoft-365/troubleshoot/
        3⤵
        • Modifies Internet Explorer settings
        • Suspicious use of FindShellTrayWindow
        • Suspicious use of SetWindowsHookEx
        • Suspicious use of WriteProcessMemory
        PID:1548
        • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
          "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1548 CREDAT:275457 /prefetch:2
          4⤵
          • Modifies Internet Explorer settings
          • Suspicious use of SetWindowsHookEx
          PID:748

Network

        MITRE ATT&CK Enterprise v6

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
          Filesize

          61KB

          MD5

          e71c8443ae0bc2e282c73faead0a6dd3

          SHA1

          0c110c1b01e68edfacaeae64781a37b1995fa94b

          SHA256

          95b0a5acc5bf70d3abdfd091d0c9f9063aa4fde65bd34dbf16786082e1992e72

          SHA512

          b38458c7fa2825afb72794f374827403d5946b1132e136a0ce075dfd351277cf7d957c88dc8a1e4adc3bcae1fa8010dae3831e268e910d517691de24326391a6

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          342B

          MD5

          dace3428b67d96b9f711d6001b50eca7

          SHA1

          755538b2b67ccdb5de28425f45f86043e0b2ab4c

          SHA256

          279cd16fc53b817f1ba2ea6abee44c4555aea6b52a277d1cd6fda0888b0b5d52

          SHA512

          bce402e857c6374e1e9748700fcd6800684691a4703bd8cc549c64630881bf9177e209ae377375dd23b8851012d7f439f2274530a07a5f94eadc9e6071dd2519

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          342B

          MD5

          52455dff18a76ad35c51710d9e5151b9

          SHA1

          e08c9e91ec1cf59da1e1712785568dd49fe7e894

          SHA256

          65501959806d5e4fe6878a8f2cb9fb51f0a8cb05d3c3c8c231f4bc8672701716

          SHA512

          c583caca80a198e242d7c67e7c04ab413ad8bc2e8826b8b83a5871c1d34b988983ff6cea06cc2e065f55ecb6a0381d0371b3d26eff3a921544c8b41e46227676

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          342B

          MD5

          d15058f4011b553b583b49f5ec29d6b1

          SHA1

          7ad63c235e6100a35c70bcd795086d3977088080

          SHA256

          992a5b48b44db4443f9db5a1e821467a09f66466801c356925910a0bdc879ce4

          SHA512

          2d1653d1cfe35f0522c4674f0c5e3b92e3bbb8cc6fffd335b7107c9452f15da33fc8f828fd9060ebdf8739c5ddd6818b4a346056dec1ec60354c1fe32b00b123

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          342B

          MD5

          83667e154e3374e218ba0bb9c3f2f0fe

          SHA1

          be892d9d601355c42c37a4aba68b32416743bdd8

          SHA256

          134967d460b97ea6ad96ed8c6b59e6a220709dfc35c8d9eef88507b073be18de

          SHA512

          b54bd12b43ef00ea8190b7a068625696c7cb4ac8f3028c409a9b6c9550bbe22d944bb95378e56e32fb864f8a8063e14a942fc3f139faf2039f6e2ceb28fb01bf

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          342B

          MD5

          fa8e67c67603d709b0257969052cd34c

          SHA1

          cdd8062e517715c08e6ccc8dfd939e582ea6b007

          SHA256

          f478c7f71ad5610a66e2646d2254049391ebd4ad6a996b2755b12ab294ee416b

          SHA512

          020b73502f52b105bdf00d96ec79f44662782b5e078fbbd670a6ea48902684a903a11899294319b7c1c4e27107680ffffaff29f32828b118860cefae1dc923f1

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          342B

          MD5

          d5ac65262470789b1a9c80e66c62bced

          SHA1

          4fb662b6537dc8b3aab5de9e449bc11718eb28d6

          SHA256

          7f72c77199ea76184f432a6c65c34199ddec1abf741010ffea60dab9654fecce

          SHA512

          6d9e3d44aa294c842062926d0e7c295e493505708d1ea9a744b0ad47a36f070abbc9395261b17a6758b8dc2fb431db1cf4aa8965c934880cee510f42312d05af

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          342B

          MD5

          5c4238e58199b66ce1949f6768d57876

          SHA1

          bb842e8234276e31680973a84ae9554bec12167b

          SHA256

          a59dc377aca9ebe2b5ebe44c5482ec8fa0a6a1791dca67cfac1a2870a91714e5

          SHA512

          045ad1cd7cfaaac42313eb132e495e2d67859b6a1f01a22f54c1496404abb6bc04fb3d978a8c95a00415a598c82bb01f72c75221504c1bb8b97c3dea765b7b00

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          342B

          MD5

          4a3208bde5b4c9a7ad874a3f4886fda5

          SHA1

          9e4b7df70e5fbeb1aa5a473e88502dca56fb9f7a

          SHA256

          d83e9c066e15bb8df148e3b70727aa38249bfde25f5ccbd24657356bee01fed9

          SHA512

          aca7267168e20c87034eaaca438096556cb312b61647c5b92e3cad66f1d071eb8ed20549b5e26f61f157d1ebc121d6b3d2c0c148cd4a4fcedcaf87ffa7b0f37c

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          342B

          MD5

          63f12d056e17961c57a2b8ede74764a0

          SHA1

          638c9b947259f1292a9446c3d9f4c233b2e53024

          SHA256

          825cf72f91454cf2682f2ba24244f3a8ec92059791a55dc4522fcbe4b502b8b5

          SHA512

          712c88d61e3c31101a99d27e98764eb6823adc4feebf0601fbeb486d0435fdd1234c72508f1c1f0e1eb25179f153280ae6c50d8ed5a2f89949bdfd4d3baa4eba

          Download Submit

        • C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ACT9UUKV\suggestions[1].en-US
          Filesize

          17KB

          MD5

          5a34cb996293fde2cb7a4ac89587393a

          SHA1

          3c96c993500690d1a77873cd62bc639b3a10653f

          SHA256

          c6a5377cbc07eece33790cfc70572e12c7a48ad8296be25c0cc805a1f384dbad

          SHA512

          e1b7d0107733f81937415104e70f68b1be6fd0ca65dccf4ff72637943d44278d3a77f704aedff59d2dbc0d56a609b2590c8ec0dd6bc48ab30f1dad0c07a0a3ee

          Download Submit

        • C:\Users\Admin\AppData\Local\Temp\Cab6E40.tmp
          Filesize

          61KB

          MD5

          fc4666cbca561e864e7fdf883a9e6661

          SHA1

          2f8d6094c7a34bf12ea0bbf0d51ee9c5bb7939a5

          SHA256

          10f3deb6c452d749a7451b5d065f4c0449737e5ee8a44f4d15844b503141e65b

          SHA512

          c71f54b571e01f247f072be4bbebdf5d8410b67eb79a61e7e0d9853fe857ab9bd12f53e6af3394b935560178107291fc4be351b27deb388eba90ba949633d57d

          Download Submit

        • C:\Users\Admin\AppData\Local\Temp\Tar729D.tmp
          Filesize

          161KB

          MD5

          be2bec6e8c5653136d3e72fe53c98aa3

          SHA1

          a8182d6db17c14671c3d5766c72e58d87c0810de

          SHA256

          1919aab2a820642490169bdc4e88bd1189e22f83e7498bf8ebdfb62ec7d843fd

          SHA512

          0d1424ccdf0d53faf3f4e13d534e12f22388648aa4c23edbc503801e3c96b7f73c7999b760b5bef4b5e9dd923dffe21a21889b1ce836dd428420bf0f4f5327ff

          Download Submit

        • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\CQPLADF4.txt
          Filesize

          599B

          MD5

          126ddb62874fd67be0d243a47d3c181d

          SHA1

          4e6c448c90034f7deabee1f180fb6c1a62877435

          SHA256

          bd1b4628ab37680e6723a6d080fa70467ec69d3c714a3376504d8f58356ac215

          SHA512

          58fcd35ad9ef47eeb903e0b4703eb809d5b079e4dda1c4780fb3722341f292e0b69f16dde2112d53e551b79811ea4eaaf9117802d3ab5120322dff57508a35bd

          Download Submit

        • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\590aee7bdd69b59b.customDestinations-ms
          Filesize

          7KB

          MD5

          0f6d2ba8ecebc00b306c5416d24a5284

          SHA1

          f23e4cf8fde7217681f052292fc1db5f3fd1b1ba

          SHA256

          2af100dd1ad8805cbb9408c47e1adcf6e912dd8229308a144081371fc4a13c25

          SHA512

          8c9974ff7c55a7a6f64a2109f9617ccbf10d8d68f2ae386e75c68d486ca71c8d9ca0e8aa400f8ce7e740853e7ae3e09ac4bd141b3d92afc0d7165186048fdf16

          Download Submit

        • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\D5X9BMND1J7YFW0FGG7C.temp
          Filesize

          7KB

          MD5

          0f6d2ba8ecebc00b306c5416d24a5284

          SHA1

          f23e4cf8fde7217681f052292fc1db5f3fd1b1ba

          SHA256

          2af100dd1ad8805cbb9408c47e1adcf6e912dd8229308a144081371fc4a13c25

          SHA512

          8c9974ff7c55a7a6f64a2109f9617ccbf10d8d68f2ae386e75c68d486ca71c8d9ca0e8aa400f8ce7e740853e7ae3e09ac4bd141b3d92afc0d7165186048fdf16

          Download Submit

        • memory/592-67-0x00000000022E0000-0x00000000022E8000-memory.dmp

          Filesize

          32KB

          Download

        • memory/592-64-0x000000001B270000-0x000000001B552000-memory.dmp

          Filesize

          2.9MB

          Download

        • memory/592-89-0x000000000269B000-0x00000000026D2000-memory.dmp

          Filesize

          220KB

          Download

        • memory/592-88-0x0000000002694000-0x0000000002697000-memory.dmp

          Filesize

          12KB

          Download

        • memory/748-90-0x00000000012B0000-0x00000000012B2000-memory.dmp

          Filesize

          8KB

          Download

        • memory/1548-81-0x00000000025A0000-0x00000000025B0000-memory.dmp

          Filesize

          64KB

          Download

        • memory/2040-87-0x00000000024B4000-0x00000000024B7000-memory.dmp

          Filesize

          12KB

          Download