Overview

overview

8

Static

static

1

0bd4fcdcbd...57.exe

windows7-x64

3

0bd4fcdcbd...57.exe

windows10-2004-x64

8

Analysis

  • max time kernel
    150s
  • max time network
    153s
  • platform
    windows7_x64
  • resource
    win7-20230220-en
  • resource tags

    arch:x64arch:x86image:win7-20230220-enlocale:en-usos:windows7-x64system
  • submitted
    07/03/2023, 23:34

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    0bd4fcdcbd8742f9d6013215784b468ce76b647e1ffcea919c63bfe70b54b457.exe

  • Size

    790KB

  • MD5

    4e684d79bfb7ce0656df64f822880785

  • SHA1

    27e32fd4bed5aa83cef0e65f2b89c581652ac7d9

  • SHA256

    0bd4fcdcbd8742f9d6013215784b468ce76b647e1ffcea919c63bfe70b54b457

  • SHA512

    b3cbbe66ecd10e9cfaf959cc3846773528b85e06ca4e042b44a3ff04f3b4ad98facc1ce7b7d3cfa8e94afb8ec21831d44c93890296b3f6e272274c0aab389ee4

  • SSDEEP

    12288:6tvs2ttd1PuZUiMqylDxljISy1G41To6lG4/ehhWXozx:6tvs2ttd1WSiDyxxJTy44Zo6lG4Wh6oN

Score
3/10

Malware Config

Signatures

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

  • Modifies Internet Explorer settings 1 TTPs 44 IoCs
    adwarespyware
  • Modifies system certificate store 2 TTPs 2 IoCs
    evasionspywaretrojan
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 8 IoCs
  • Suspicious use of WriteProcessMemory 8 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\0bd4fcdcbd8742f9d6013215784b468ce76b647e1ffcea919c63bfe70b54b457.exe
    "C:\Users\Admin\AppData\Local\Temp\0bd4fcdcbd8742f9d6013215784b468ce76b647e1ffcea919c63bfe70b54b457.exe"
    1⤵
    • Modifies system certificate store
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:1972
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" https://www.oneptp.com/ax/?uid=507801&ad=7
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:1624
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1624 CREDAT:275457 /prefetch:2
        3⤵
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:2028

Network

        MITRE ATT&CK Enterprise v6

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
          Filesize

          61KB

          MD5

          e71c8443ae0bc2e282c73faead0a6dd3

          SHA1

          0c110c1b01e68edfacaeae64781a37b1995fa94b

          SHA256

          95b0a5acc5bf70d3abdfd091d0c9f9063aa4fde65bd34dbf16786082e1992e72

          SHA512

          b38458c7fa2825afb72794f374827403d5946b1132e136a0ce075dfd351277cf7d957c88dc8a1e4adc3bcae1fa8010dae3831e268e910d517691de24326391a6

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
          Filesize

          61KB

          MD5

          e71c8443ae0bc2e282c73faead0a6dd3

          SHA1

          0c110c1b01e68edfacaeae64781a37b1995fa94b

          SHA256

          95b0a5acc5bf70d3abdfd091d0c9f9063aa4fde65bd34dbf16786082e1992e72

          SHA512

          b38458c7fa2825afb72794f374827403d5946b1132e136a0ce075dfd351277cf7d957c88dc8a1e4adc3bcae1fa8010dae3831e268e910d517691de24326391a6

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\B398B80134F72209547439DB21AB308D_23FFFDCAABB8E63694AD1202ED02BF57
          Filesize

          471B

          MD5

          1b52bce0d5eb764e6a9161d387192246

          SHA1

          1a0afca76a2048b7ef3ff2616ad75630a122eef8

          SHA256

          b23acc86950aec7879e44da217352e74407d4016ae3f1b3ac11d06cf6f316578

          SHA512

          edb07a8a0f23baa69893e8fdb5d9065d5127171d65f61647ec33d8cf021009029105afa917945880d434ce0e4483f70319fc500fa762a97d991d68d464ef0141

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\FA0A17BC17FF10008872A7205D0D43E2_608DEF97DFACECDA8E97C6F270153A4F
          Filesize

          471B

          MD5

          8e94c67afbc8bc5bf72cae2b7112acb7

          SHA1

          a43bc7e3997d1e2a791baf773db98a0ebc753b7e

          SHA256

          5e0c646415d73dca8ab2e45cf5ae925e620acb6eca62fde449f286fb014ef387

          SHA512

          a3070d5ea87e504b3e6749b52196f2d61f3dd15cba63a47e71f47440c12729b3b32603354028050c324d73c467e68b9ecd56e5ae45629b432ce11425d51ccb94

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\8F8712BCE78D28F9C5E3E950CD93EADA_14710590B65AFFBD0C6D41C40596B3CC
          Filesize

          436B

          MD5

          b8619cc321b3394f894bdca17050c05d

          SHA1

          22e12f0ab51acac4c34d4a98c58ee60453739c85

          SHA256

          d52c1bafcf61c25ad57f8dc932d539a8ac14d5d3a431061cb8304efdc92f6895

          SHA512

          48eda82c161edc55393666b018368762d300d99aae151fae9d75b86e016ccfd01c0f9bde821352c48e18cf7923309eace4ed8551bf9bc39111780cd16fcb2688

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          342B

          MD5

          f5aeb29974d349cd100525402a4eeca7

          SHA1

          37e664921a763e753b2f65940c1c629ef7951478

          SHA256

          be4be406d6f86f2326e87db2fd2e9adb39b684e915687cd3ff6e1482d77c6b97

          SHA512

          d4f50a49e27a5d5653ba861be86dad6a90250c532935c74982f4bff0f51dfa3382cdf2348aa713eaf3137825497d0146ed4c3b9886dee6f95395a6fd735e1170

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          342B

          MD5

          583e9d9cf7bcfa35c4800ffa4a89ef5b

          SHA1

          205a63cde9445e685b8caa153a541efc6a22a730

          SHA256

          cfb1b17cadcdc518ac57f95780df55554693395487da148ac858ce8a7ef52e7e

          SHA512

          57092e6aeafaa4811e53be17f897f29334cb17847c1a75e31a72810de3d6ab5243d91dfb9cb3e982eb7d785faf0147bddfbe1c8342878801158e95decdb7cbf9

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          342B

          MD5

          a933af93e1f81926e48009233424bd78

          SHA1

          285de7f3b5eec7af12a6401081d053d7f2f9219a

          SHA256

          8a0c90c742894936cecaa974da64c61c5a5f9f81ddb6ab5e216fd84f49972a32

          SHA512

          831e0ccd9ab3aed563c9f35f2e313fa698e462a49e5545f3ff60f37b2935785fec2f6a825495bdc9e2199852fcc4edc08a7f839bdb7f93275fe69bd604d8a644

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          342B

          MD5

          8740cbd27fc627e60d747cdf90027015

          SHA1

          5e2236ec38f98f1b892389e0540b645b91e97412

          SHA256

          f951ae2e2b65903d9f9d0e4a9e54933239805d31afecd8c48a8d6c601d11ddef

          SHA512

          4722af477998484e428e98600bcb7d14122d25e64f28a8bd8ce47250f33932be23a17d46cb3bf80f909ae61ea91f60cb9f1519471662c49b7daf3d286b008d5a

          Download Submit

        • C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\OP3XVK82\ad.oneptp[1].xml
          Filesize

          137B

          MD5

          14e4b1f098e3eb23c0e422f7496a9378

          SHA1

          e98b58afc6c13589554051f4ce5413d5818032d6

          SHA256

          21cc0a585578ac4d9ba3c57bbd53541b7452b5940a7555975672d44f5c2dd6ad

          SHA512

          427b28ef8eb41fc7f5a9004ce7e0c520d2bcd25144b226436e3985c465c4cedb5705b837cb53a722c3c4de63965c64a586fc9c787b15325b3dc360bbf034d81c

          Download Submit

        • C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\RK6Q888S\cheku.xcar.com[1].xml
          Filesize

          118B

          MD5

          16f0a2d06aca8f06fdcbf22bb4a1dae7

          SHA1

          97a5a65f71ebc4ded1f523e7944692248b07c8e6

          SHA256

          836de65e18d93a066ff482ffb1f72331af13d9091c657ac718d38b129096a222

          SHA512

          da3680fbb1bf29f255395e6f6800857a3e7acb889d0e862e7910618ad6e7f8ce4fcc19c6d6afd8b764539d0d63d36e5e4e7930c94126b1ea6032326bd6106122

          Download Submit

        • C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\imagestore\62yy7f8\imagestore.dat
          Filesize

          8KB

          MD5

          56eef707ced44b11ba615c4164dcbad7

          SHA1

          18294b73aa094a7783dd2b53d7f89c8e529ad403

          SHA256

          9576250e4436a3129f55860d05b134822b56418e5064352fd491e75b37dfa98a

          SHA512

          05871a128ad475596774b34cfb84dcd1e1cc7effe4204b67e13eea842a1d7afbfa73bb9d9cc2c9a658874f8218dc173f9863d47d87e436e980f8facca8a188ec

          Download Submit

        • C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BJWXLGAS\35_htm[1].htm
          Filesize

          65KB

          MD5

          3795e20f48f4b1ab85c58646abcc7711

          SHA1

          4566a7ddd745e8e587950702ae81b6ecffac6083

          SHA256

          8ef2dcce5f169f9e3748e04306afaa3ee3477588d30eb396f9c92e7dced327bc

          SHA512

          61302bb072edb790d6b9ef3f9666944f85113155fa586bee0452846147d0918fdac11d7c0c6606c59acfa45bfcf8745061e5cea5be344a48b8bbbbc46361e191

          Download Submit

        • C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\T22XS5WA\a[2].gif
          Filesize

          43B

          MD5

          ad4b0f606e0f8465bc4c4c170b37e1a3

          SHA1

          50b30fd5f87c85fe5cba2635cb83316ca71250d7

          SHA256

          cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

          SHA512

          ebfe0c0df4bcc167d5cb6ebdd379f9083df62bef63a23818e1c6adf0f64b65467ea58b7cd4d03cf0a1b1a2b07fb7b969bf35f25f1f8538cc65cf3eebdf8a0910

          Download Submit

        • C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\VQ77JNZF\favicon[1].ico
          Filesize

          3KB

          MD5

          baaf7611a4a89d0821822dbc61cd85f3

          SHA1

          20ee71cd9c8ace0490b5bf1be2a0529b0c23b683

          SHA256

          da5ca5a924da32302ecc8c673e7e7f9fd73c25d6c1187d06f610b7caa8af5232

          SHA512

          2780e8f89a5286a9dd5957386836c27bdebd0dc9384a2abde0c079c3f6aa3dac089276d4d4fa7448ae34a5810e412be6004ec8d81da6f5f4c02bdaa1270d8147

          Download Submit

        • C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\VQ77JNZF\iwt-min[1].js
          Filesize

          23KB

          MD5

          be15dd4e71a35e54bb29d50dabe457bf

          SHA1

          519c2efffe3158379f0c6d21e75a7729295bbab5

          SHA256

          a049cac5548c3c5e4fcf6100c888b14482f07bb5069b12a3c0444864ac3d7672

          SHA512

          e390089b52cac719b9ec79102bbacb13564f91cba4e511e838d7a0f601448bbc0ee8cd2732b866c1062bef2c625ba73526ee494b2879db01529b632dbd3f354f

          Download Submit

        • C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\VQ77JNZF\suggestions[1].en-US
          Filesize

          17KB

          MD5

          5a34cb996293fde2cb7a4ac89587393a

          SHA1

          3c96c993500690d1a77873cd62bc639b3a10653f

          SHA256

          c6a5377cbc07eece33790cfc70572e12c7a48ad8296be25c0cc805a1f384dbad

          SHA512

          e1b7d0107733f81937415104e70f68b1be6fd0ca65dccf4ff72637943d44278d3a77f704aedff59d2dbc0d56a609b2590c8ec0dd6bc48ab30f1dad0c07a0a3ee

          Download Submit

        • C:\Users\Admin\AppData\Local\Temp\Cab62BA.tmp
          Filesize

          61KB

          MD5

          fc4666cbca561e864e7fdf883a9e6661

          SHA1

          2f8d6094c7a34bf12ea0bbf0d51ee9c5bb7939a5

          SHA256

          10f3deb6c452d749a7451b5d065f4c0449737e5ee8a44f4d15844b503141e65b

          SHA512

          c71f54b571e01f247f072be4bbebdf5d8410b67eb79a61e7e0d9853fe857ab9bd12f53e6af3394b935560178107291fc4be351b27deb388eba90ba949633d57d

          Download Submit

        • C:\Users\Admin\AppData\Local\Temp\Tar64C4.tmp
          Filesize

          161KB

          MD5

          be2bec6e8c5653136d3e72fe53c98aa3

          SHA1

          a8182d6db17c14671c3d5766c72e58d87c0810de

          SHA256

          1919aab2a820642490169bdc4e88bd1189e22f83e7498bf8ebdfb62ec7d843fd

          SHA512

          0d1424ccdf0d53faf3f4e13d534e12f22388648aa4c23edbc503801e3c96b7f73c7999b760b5bef4b5e9dd923dffe21a21889b1ce836dd428420bf0f4f5327ff

          Download Submit

        • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\ZZAW3CG1.txt
          Filesize

          607B

          MD5

          75b3fcc94d91f435acb773de42c42c09

          SHA1

          dbb077cd7fe31e52db210e573fd76584033a01a5

          SHA256

          a6f2fcd0f12de178a66e49e660590f02ff92d1d1cf21b530856776c6f6af4bd3

          SHA512

          22d92e98c154d4fe25b1e8a9a273b3f8bfdebffd0e1e32c743f27fd190a03be7cdfb7d994e96be25d767cb3b9f57260dc78964e799da929acefe52495556d98f

          Download Submit

        • memory/1624-71-0x00000000025C0000-0x00000000025D0000-memory.dmp

          Filesize

          64KB

          Download

        • memory/2028-72-0x0000000000F30000-0x0000000000F32000-memory.dmp

          Filesize

          8KB

          Download