Overview

overview

8

Static

static

1

818103fb74...5d.exe

windows7-x64

3

818103fb74...5d.exe

windows10-2004-x64

8

Analysis

  • max time kernel
    150s
  • max time network
    153s
  • platform
    windows7_x64
  • resource
    win7-20230220-en
  • resource tags

    arch:x64arch:x86image:win7-20230220-enlocale:en-usos:windows7-x64system
  • submitted
    07/03/2023, 23:31

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    818103fb74ab7cfb6345cef429d989ae944f6c025feb6552679b4a3e77e6ef5d.exe

  • Size

    790KB

  • MD5

    8b528931914d500aabac2d76786f23eb

  • SHA1

    8b25bae16d0107521b04d334d4db2b5f49c81044

  • SHA256

    818103fb74ab7cfb6345cef429d989ae944f6c025feb6552679b4a3e77e6ef5d

  • SHA512

    79d48f7283ab462ab0d9481dda37fb27351142d1d489b990c05ebffc2f1ca66343930a53230dd899b6352e0812a78c2176b6e583b87cb6df4c2eb682d080714a

  • SSDEEP

    12288:AqzXbaUrzJRmKQiKyl+G7LdDy1GPWboTlG4Oe5IWLBD:AqzXbaUrzbvQZyoGXxy4P8oTlG4b5bLB

Score
3/10

Malware Config

Signatures

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

  • Modifies Internet Explorer settings 1 TTPs 38 IoCs
    adwarespyware
  • Modifies system certificate store 2 TTPs 2 IoCs
    evasionspywaretrojan
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 8 IoCs
  • Suspicious use of WriteProcessMemory 8 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\818103fb74ab7cfb6345cef429d989ae944f6c025feb6552679b4a3e77e6ef5d.exe
    "C:\Users\Admin\AppData\Local\Temp\818103fb74ab7cfb6345cef429d989ae944f6c025feb6552679b4a3e77e6ef5d.exe"
    1⤵
    • Modifies system certificate store
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:1204
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" https://www.oneptp.com/ax/?uid=507801&ad=7
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:1640
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1640 CREDAT:275457 /prefetch:2
        3⤵
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:2000

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
    Filesize

    61KB

    MD5

    e71c8443ae0bc2e282c73faead0a6dd3

    SHA1

    0c110c1b01e68edfacaeae64781a37b1995fa94b

    SHA256

    95b0a5acc5bf70d3abdfd091d0c9f9063aa4fde65bd34dbf16786082e1992e72

    SHA512

    b38458c7fa2825afb72794f374827403d5946b1132e136a0ce075dfd351277cf7d957c88dc8a1e4adc3bcae1fa8010dae3831e268e910d517691de24326391a6

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
    Filesize

    61KB

    MD5

    e71c8443ae0bc2e282c73faead0a6dd3

    SHA1

    0c110c1b01e68edfacaeae64781a37b1995fa94b

    SHA256

    95b0a5acc5bf70d3abdfd091d0c9f9063aa4fde65bd34dbf16786082e1992e72

    SHA512

    b38458c7fa2825afb72794f374827403d5946b1132e136a0ce075dfd351277cf7d957c88dc8a1e4adc3bcae1fa8010dae3831e268e910d517691de24326391a6

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\FA0A17BC17FF10008872A7205D0D43E2_608DEF97DFACECDA8E97C6F270153A4F
    Filesize

    471B

    MD5

    8e94c67afbc8bc5bf72cae2b7112acb7

    SHA1

    a43bc7e3997d1e2a791baf773db98a0ebc753b7e

    SHA256

    5e0c646415d73dca8ab2e45cf5ae925e620acb6eca62fde449f286fb014ef387

    SHA512

    a3070d5ea87e504b3e6749b52196f2d61f3dd15cba63a47e71f47440c12729b3b32603354028050c324d73c467e68b9ecd56e5ae45629b432ce11425d51ccb94

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    4ae437ceb13022639569542d6b3604e0

    SHA1

    494d8a7f5794b7383bcb21dd087cafb9a955be33

    SHA256

    2f0ad4e2ca2f5a2c81890f99e0a6c0ab503387b89bf864ae4c74286ea042d7f6

    SHA512

    275cacb893ec0a8d37e6e22baf1c6d3c329feeba472507be8594a865a48afa192f79e8a44b4e093a050ba83cb41905c2f2f3454a242e2c7f6c09b2addd52a4a7

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    5679152d147a6ab644d60fb964cb155c

    SHA1

    1d9b0e55dbe25987a6121873bc27399ab8c4fc0b

    SHA256

    de7afbea42ad749460afc84c9c5431a49bdf69011ffc728d58d19b6a6247fe6f

    SHA512

    d5c3cfcb2480a6a901faaab6fe2d86dc3afe2fff701cdd0ccf48ae70b91e5c6f4ae7d3ac86e9d3a7803b9c35fd3d4ba4e14f85c7f1fd2d98490578755a03e4c4

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    1a552b764b4b0c0a57a81e7344edb982

    SHA1

    6e499c9f246530896d9be81ad7ce90167303972a

    SHA256

    6d9457c2c50b3a96a1b087b7f3633709f81f7d272334207805c01e355762b44f

    SHA512

    94b7277f103e1df0cd6c1c52e5c79ea8958ac441218a730986a1d3c77d6bb9ee4fcbe83c6850620330e749f0e4a469a31f758276bd0d7e53c63a13a684733dc2

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    9a4d44460c7577dbc80e9af0425600eb

    SHA1

    15791dea73ba7710ae9a3968552cf7b84fa96f80

    SHA256

    d3a76de76adac32d25f6cafd82262ca291d038464ee08fb801fb62eb5185db86

    SHA512

    2ee39ad8887c9d8882da9794dc95ae7dc5dbdbaf491cce89d2ba7eb2a32160b953ff61c7045b0bcde570bc0830155f509cc5679025d031e7318e1fac17b09f9e

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    1451385aa5ee380bf39be85ca241b749

    SHA1

    266a884a4d011661f2d9a13f8d59e61bd9b378da

    SHA256

    3f9717a4f97c3099736b8f203673a8775457c446364e918f6d70f91f8f210b9f

    SHA512

    42a89d7bf4002a80973017602eaf4cbff73679827f7fae697dc8d7078a79ab13f4f0a0f9f6e732b101f314756d33e24606d14a8d3dfb6ab70082ee64278414ca

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\KEPWQ18G\cheku.xcar.com[1].xml
    Filesize

    118B

    MD5

    d4377e6e21c0fd82f8e742cdfb6d9292

    SHA1

    eafd5ba21355754dad9c92632ec06ce7c8a9205a

    SHA256

    9663315439ce236307b897f304da3dc9267095b3c5a834d55dc978e1f4bd8f9e

    SHA512

    e5259c85a5475e588440d134c7c9ec465aa5589ec5854c52b2980c482ae3662c4d28835f470b79d6f5723052a6cfd6766344e7767345de1b6f3defae07920eee

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\imagestore\07asiie\imagestore.dat
    Filesize

    8KB

    MD5

    c6c9cf2183083f4adf99ec781ec1e79a

    SHA1

    700b04931e4c805f880cd150076b0963a2697d00

    SHA256

    ce8d760f50857cf083472f2b38994e1f66cfc9d36dde968c660810ca1ec80cc0

    SHA512

    9dd29cb8641857aeb42375ad6b795b8cfa061524caa1b86c4a8ba5c33ab6c6da3a04ab84bd15f1641669d2297875fa405762384fc27aeb51e39329dfb9225e3e

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4D33E1QE\favicon[1].ico
    Filesize

    3KB

    MD5

    baaf7611a4a89d0821822dbc61cd85f3

    SHA1

    20ee71cd9c8ace0490b5bf1be2a0529b0c23b683

    SHA256

    da5ca5a924da32302ecc8c673e7e7f9fd73c25d6c1187d06f610b7caa8af5232

    SHA512

    2780e8f89a5286a9dd5957386836c27bdebd0dc9384a2abde0c079c3f6aa3dac089276d4d4fa7448ae34a5810e412be6004ec8d81da6f5f4c02bdaa1270d8147

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\S7FIT0B8\iwt-min[1].js
    Filesize

    23KB

    MD5

    be15dd4e71a35e54bb29d50dabe457bf

    SHA1

    519c2efffe3158379f0c6d21e75a7729295bbab5

    SHA256

    a049cac5548c3c5e4fcf6100c888b14482f07bb5069b12a3c0444864ac3d7672

    SHA512

    e390089b52cac719b9ec79102bbacb13564f91cba4e511e838d7a0f601448bbc0ee8cd2732b866c1062bef2c625ba73526ee494b2879db01529b632dbd3f354f

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\S7FIT0B8\suggestions[1].en-US
    Filesize

    17KB

    MD5

    5a34cb996293fde2cb7a4ac89587393a

    SHA1

    3c96c993500690d1a77873cd62bc639b3a10653f

    SHA256

    c6a5377cbc07eece33790cfc70572e12c7a48ad8296be25c0cc805a1f384dbad

    SHA512

    e1b7d0107733f81937415104e70f68b1be6fd0ca65dccf4ff72637943d44278d3a77f704aedff59d2dbc0d56a609b2590c8ec0dd6bc48ab30f1dad0c07a0a3ee

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\T210ZMR0\a[1].gif
    Filesize

    43B

    MD5

    ad4b0f606e0f8465bc4c4c170b37e1a3

    SHA1

    50b30fd5f87c85fe5cba2635cb83316ca71250d7

    SHA256

    cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

    SHA512

    ebfe0c0df4bcc167d5cb6ebdd379f9083df62bef63a23818e1c6adf0f64b65467ea58b7cd4d03cf0a1b1a2b07fb7b969bf35f25f1f8538cc65cf3eebdf8a0910

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TF0W5LQL\505_htm[1].htm
    Filesize

    15KB

    MD5

    d162e73f6a8020e5770dcca37d4c7599

    SHA1

    7319ac3cb2188acd801f4f268032e106fcaeaac2

    SHA256

    70908d9cddc96195a7c6afa3e6d2d90d62716f40a599ff79c394989997d59d73

    SHA512

    ea52591857a9e692486c69ce072548e486580f39d038a61070c1a2e27e7057ef258258a6c4700cd12e85865e106e1a14b0914fdda3ebd18a8b024ae1c4ec77e1

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Cab1E3D.tmp
    Filesize

    61KB

    MD5

    fc4666cbca561e864e7fdf883a9e6661

    SHA1

    2f8d6094c7a34bf12ea0bbf0d51ee9c5bb7939a5

    SHA256

    10f3deb6c452d749a7451b5d065f4c0449737e5ee8a44f4d15844b503141e65b

    SHA512

    c71f54b571e01f247f072be4bbebdf5d8410b67eb79a61e7e0d9853fe857ab9bd12f53e6af3394b935560178107291fc4be351b27deb388eba90ba949633d57d

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Tar243D.tmp
    Filesize

    161KB

    MD5

    be2bec6e8c5653136d3e72fe53c98aa3

    SHA1

    a8182d6db17c14671c3d5766c72e58d87c0810de

    SHA256

    1919aab2a820642490169bdc4e88bd1189e22f83e7498bf8ebdfb62ec7d843fd

    SHA512

    0d1424ccdf0d53faf3f4e13d534e12f22388648aa4c23edbc503801e3c96b7f73c7999b760b5bef4b5e9dd923dffe21a21889b1ce836dd428420bf0f4f5327ff

    Download Submit

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\9A8MNIE9.txt
    Filesize

    602B

    MD5

    036395b91d2a7cfaa650555d19b25d00

    SHA1

    73e09203a8b37ca09e51fabc6cb268d9b134799b

    SHA256

    30ec17ef58c9a04841e1b9a55e9519c313fbc043de26ec37f508a442b1d0da81

    SHA512

    1ddaa7f45a943dc6af641e61a7a738ceab8593a656fea2c995da268c40dec8a22cd63884092a6e6f6ada1e3314377a7502ed45c6635b0478c97ce882ea6b49d7

    Download Submit

  • memory/1640-123-0x0000000002DB0000-0x0000000002DC0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/2000-124-0x0000000001280000-0x0000000001282000-memory.dmp

    Filesize

    8KB

    Download