Overview

overview

8

Static

static

1

97d5b89a5a...da.exe

windows7-x64

3

97d5b89a5a...da.exe

windows10-2004-x64

8

Analysis

  • max time kernel
    150s
  • max time network
    153s
  • platform
    windows7_x64
  • resource
    win7-20230220-en
  • resource tags

    arch:x64arch:x86image:win7-20230220-enlocale:en-usos:windows7-x64system
  • submitted
    07-03-2023 23:37

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    97d5b89a5a782aa7000c9d251a4f81e50de024d143b45b275f3fcacff89b53da.exe

  • Size

    790KB

  • MD5

    83c89709ab484ce2fcebdbeb5fc841b7

  • SHA1

    b10e23cf877bf499cb6684f05c8a022b512d813c

  • SHA256

    97d5b89a5a782aa7000c9d251a4f81e50de024d143b45b275f3fcacff89b53da

  • SHA512

    78a1d552ad01243ffbcc0ec41d84df7f9b69cb0286a8491204481ad2e9860ea21e271b0aaaa528389403d0b8f6599c810348939c6201ff4a329066cd318d99c7

  • SSDEEP

    12288:6tvs2ttd1PuZUiMqylDxljISy1G41To6lG4/ehhWXo5:6tvs2ttd1WSiDyxxJTy44Zo6lG4Wh6o5

Score
3/10

Malware Config

Signatures

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

  • Modifies Internet Explorer settings 1 TTPs 44 IoCs
    adwarespyware
  • Modifies system certificate store 2 TTPs 2 IoCs
    evasionspywaretrojan
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 8 IoCs
  • Suspicious use of WriteProcessMemory 8 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\97d5b89a5a782aa7000c9d251a4f81e50de024d143b45b275f3fcacff89b53da.exe
    "C:\Users\Admin\AppData\Local\Temp\97d5b89a5a782aa7000c9d251a4f81e50de024d143b45b275f3fcacff89b53da.exe"
    1⤵
    • Modifies system certificate store
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:1100
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" https://www.oneptp.com/ax/?uid=507801&ad=13
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:1792
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1792 CREDAT:275457 /prefetch:2
        3⤵
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:812

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\14561BF7422BB6F70A9CB14F5AA8A7DA_167DA3064BAF5ED8B745431FB0462FB5
    Filesize

    727B

    MD5

    0378f4d724c818870237af09f43f1612

    SHA1

    9e9aa2daa7a17c6e0ad1b2371ea30aff3c3d16cc

    SHA256

    761a757cc2e09385d98980c7a40d11446ae2048fd73bd728034f9b870ae268a5

    SHA512

    f86f3c78b2a28085c644ba752495fccba864631c56ad714bd5dc5ee0cf4a40ab087c4bffc2ef1c01b1916fdc27be452b4d03fb32857d726c3ef9127b4f5d481a

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\1BA79029EC3FFD076F5DAC2F70A18685
    Filesize

    1KB

    MD5

    10acdcbd363e8bb18bef42973fc98b5a

    SHA1

    b000860b66aa964c8b7073fe736d6c84aeb69f7d

    SHA256

    5c353cd9f6e85a408242f8e0bc0158b8e3b975173253f4c8e553b1acd5a836d9

    SHA512

    a642545beb57fc22fb18d34471be79bc7f0279266b2e317af1433e01c426062a0048d6087b5955001126a64dbe79a189c70074daf16048716b48a4d6b6dc7665

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
    Filesize

    61KB

    MD5

    e71c8443ae0bc2e282c73faead0a6dd3

    SHA1

    0c110c1b01e68edfacaeae64781a37b1995fa94b

    SHA256

    95b0a5acc5bf70d3abdfd091d0c9f9063aa4fde65bd34dbf16786082e1992e72

    SHA512

    b38458c7fa2825afb72794f374827403d5946b1132e136a0ce075dfd351277cf7d957c88dc8a1e4adc3bcae1fa8010dae3831e268e910d517691de24326391a6

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
    Filesize

    61KB

    MD5

    e71c8443ae0bc2e282c73faead0a6dd3

    SHA1

    0c110c1b01e68edfacaeae64781a37b1995fa94b

    SHA256

    95b0a5acc5bf70d3abdfd091d0c9f9063aa4fde65bd34dbf16786082e1992e72

    SHA512

    b38458c7fa2825afb72794f374827403d5946b1132e136a0ce075dfd351277cf7d957c88dc8a1e4adc3bcae1fa8010dae3831e268e910d517691de24326391a6

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\B398B80134F72209547439DB21AB308D_23FFFDCAABB8E63694AD1202ED02BF57
    Filesize

    471B

    MD5

    1b52bce0d5eb764e6a9161d387192246

    SHA1

    1a0afca76a2048b7ef3ff2616ad75630a122eef8

    SHA256

    b23acc86950aec7879e44da217352e74407d4016ae3f1b3ac11d06cf6f316578

    SHA512

    edb07a8a0f23baa69893e8fdb5d9065d5127171d65f61647ec33d8cf021009029105afa917945880d434ce0e4483f70319fc500fa762a97d991d68d464ef0141

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\FA0A17BC17FF10008872A7205D0D43E2_608DEF97DFACECDA8E97C6F270153A4F
    Filesize

    471B

    MD5

    8e94c67afbc8bc5bf72cae2b7112acb7

    SHA1

    a43bc7e3997d1e2a791baf773db98a0ebc753b7e

    SHA256

    5e0c646415d73dca8ab2e45cf5ae925e620acb6eca62fde449f286fb014ef387

    SHA512

    a3070d5ea87e504b3e6749b52196f2d61f3dd15cba63a47e71f47440c12729b3b32603354028050c324d73c467e68b9ecd56e5ae45629b432ce11425d51ccb94

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\1BA79029EC3FFD076F5DAC2F70A18685
    Filesize

    186B

    MD5

    d0bf3b0e8142e63ba9453c5a8454f6a3

    SHA1

    41cfbe32ec1bf9de38f3f699d01b012eaeb2689f

    SHA256

    c6792466221fe1f6d75b6c45b359192b983c052f9bb2ac070cc39202f129cddb

    SHA512

    9e6ffefdb6a95a950da48230d03a2daf97572b7235db8b81980094be1d360f08a978a394d210d2e56af0f1e9b1c85b256f343eb961f7f123064fb1ce3f1bb0ba

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    5afae53fa26bdd37c859a2789a415afc

    SHA1

    bed9da6d272ca91b4cd6cfea15aff8783418df47

    SHA256

    f9d31d6f556b38e86ecbd24af923b6d931b1e72521497b4e4278cb62843e27d7

    SHA512

    cd2c9ff2185162bece339a71a068cda41ede09bf281b1ac8a7a8dbd4b90047e110ed3f6f0b7571980fe756aaadacb48e2072a20aea1db45cc2a7c4e9c17eb620

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    5a854f20b59f3618909b27efd2c0caf0

    SHA1

    b42d42ebeba5077e6f735a72efbf9efd6f02a992

    SHA256

    cc119a79a47b9e71696f35f6278bedf2b0768bf34c81d3aa41cd98bb0ba61841

    SHA512

    49d86427a838c534a67c77027e87437239bee4a21e004a78f4584b9a3eed1d42611508433c63e136588698a00223dca4cbac685eb4db5b9a64ff3afba9e17b0b

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    20aec674431ea91f9c6f56eb5a7248b0

    SHA1

    eff0870af24fcf136c50bea6f1aaa1117d405c5f

    SHA256

    0d86ef270b3e6ea2c3f65cb0967015c9410bf28eb441482fb41217b6f6628447

    SHA512

    ccc001345f9363a1031518b4edd465ce876ee17bab67c415a8ce75b7bf7065c3b7893e760f06ea4b514db276d28686f7656630dd54ba7876f4b95d0c3a7ddab9

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    c840b2e5b7460e9de76d4c8b3dc5bc61

    SHA1

    48ca295ec83960df5a7988cf9584639fff9a4dd5

    SHA256

    6e0f25b15ae27a0bc4a9f7ae1d7e7ef4e71b92b60f097bc137471099098531a4

    SHA512

    4b3f7852115e7f4e0d177cefd9f748e41032a4a60ddb7347db838ecca7d3418ee9ab9035fd8568137ec015a8531a97d00a8715831b3fe178bf13ff1cb1e351d0

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    9ee20e4b1fb351a52aa94c7ab93f8c2d

    SHA1

    a0f9691b42419f755bdfa86b7641480e2a3ee8b2

    SHA256

    44de79f3e1074cae150d48ae4c0630339b1fb118ebeec4e72a71751f465e49c8

    SHA512

    d7d38eb2db4ff5ae76a1a63ac7a011ed3fb4401d8549b9497c741a062d103a03182368994080b613db50508d2190c1a59ace523d7f3ae155eadb448ff4bd1c9d

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\FA0A17BC17FF10008872A7205D0D43E2_608DEF97DFACECDA8E97C6F270153A4F
    Filesize

    394B

    MD5

    09a6beabe6a33dbdcb06b59b5130205c

    SHA1

    ab2eea7880304f2a1be092fc8dd9eb59d3782fa5

    SHA256

    ba9b17b6dee3328e17b89320ace72d655380b995ab0445afbd4ada0976ea802c

    SHA512

    39371873f5e206b2dbe012764f1c724191eaa61faa68392edf53a8c4d24adc57e8e24441ef868400b5728be619a1c74410dd317a87aef78fd32284e34872d746

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\BSRD55AO\cheku.xcar.com[1].xml
    Filesize

    118B

    MD5

    c2af994697aac0f7b8bc9655ab73ce8a

    SHA1

    59fe78481afcf9b8c0607ee13518cec688e117cf

    SHA256

    d11d21a63ec8d0881f2d3de5ef580caa0f633afd24962c5657e74f4b43b4ff6d

    SHA512

    342c464b5b7758763e849f7f53f624fe9fa62a04ea53ecb350f59ad31174588bb21b71c53472c217eb1dd01724af012289740464ccc183424d5b95afa8a54ddd

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\CWH5AT3C\ad.oneptp[1].xml
    Filesize

    137B

    MD5

    2e08d10c42210105280f0c9ed83a7d3b

    SHA1

    4bbd22d5e69bfe8722d42c537fb0d5b0174ea22c

    SHA256

    14e1a85f29096cec6080c9b23d0bcb48296e322e9a470560cd2478b4aa74cf7d

    SHA512

    6c1aeb1e0ad1ac4d23559930335f1aec1ca257656a7e9ef28480cebfd945a03238ab6ef7a55463c5b08506de7deae5b95ba506f526a7c51df02fb88234e217c9

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\imagestore\x4s3ygl\imagestore.dat
    Filesize

    8KB

    MD5

    d51e37c17b01e4f2f7c1c453123c55d8

    SHA1

    83ff63b0e918a80c42d6831f9a3b5fc8545ec57e

    SHA256

    9ea69ed23dafbdfcfd3cac8ffafe65b21222a9959560616a6dcade528c995b5d

    SHA512

    8e7077eaac8f74a8840c688ab6f73f6920cf2c24d5ad841a806b124f5dddda69581872273a57319234c5de361456d9a4bb02f54a47f1756bcfa28c1e3aa7890c

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\7BYN4WSI\2.3[1].js
    Filesize

    84KB

    MD5

    c0dbffd0e4a955e6e5839d7b34403e08

    SHA1

    191e3c0e8b716e11a2ad8c3181ee616bc8d9b6da

    SHA256

    86db8e690bcf18e7a952f4ed85b37efa8404d377d309e5d22878f44b2ba45b9e

    SHA512

    a8eb96bdc200d535adc6cf0da942c1ddaad83dd93fdf8f6b6ee68a29d85602b50097b04c7ac4c67d029d7baa8a3584ed4ac4026163ef49dec4c39bbd84f8cb13

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\7BYN4WSI\suggestions[1].en-US
    Filesize

    17KB

    MD5

    5a34cb996293fde2cb7a4ac89587393a

    SHA1

    3c96c993500690d1a77873cd62bc639b3a10653f

    SHA256

    c6a5377cbc07eece33790cfc70572e12c7a48ad8296be25c0cc805a1f384dbad

    SHA512

    e1b7d0107733f81937415104e70f68b1be6fd0ca65dccf4ff72637943d44278d3a77f704aedff59d2dbc0d56a609b2590c8ec0dd6bc48ab30f1dad0c07a0a3ee

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EV74ZOZO\535_htm[1].htm
    Filesize

    65KB

    MD5

    3795e20f48f4b1ab85c58646abcc7711

    SHA1

    4566a7ddd745e8e587950702ae81b6ecffac6083

    SHA256

    8ef2dcce5f169f9e3748e04306afaa3ee3477588d30eb396f9c92e7dced327bc

    SHA512

    61302bb072edb790d6b9ef3f9666944f85113155fa586bee0452846147d0918fdac11d7c0c6606c59acfa45bfcf8745061e5cea5be344a48b8bbbbc46361e191

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EV74ZOZO\a[2].gif
    Filesize

    43B

    MD5

    ad4b0f606e0f8465bc4c4c170b37e1a3

    SHA1

    50b30fd5f87c85fe5cba2635cb83316ca71250d7

    SHA256

    cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

    SHA512

    ebfe0c0df4bcc167d5cb6ebdd379f9083df62bef63a23818e1c6adf0f64b65467ea58b7cd4d03cf0a1b1a2b07fb7b969bf35f25f1f8538cc65cf3eebdf8a0910

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EV74ZOZO\iwt-min[1].js
    Filesize

    23KB

    MD5

    be15dd4e71a35e54bb29d50dabe457bf

    SHA1

    519c2efffe3158379f0c6d21e75a7729295bbab5

    SHA256

    a049cac5548c3c5e4fcf6100c888b14482f07bb5069b12a3c0444864ac3d7672

    SHA512

    e390089b52cac719b9ec79102bbacb13564f91cba4e511e838d7a0f601448bbc0ee8cd2732b866c1062bef2c625ba73526ee494b2879db01529b632dbd3f354f

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\HYTOKVEV\69_htm[1].htm
    Filesize

    15KB

    MD5

    d162e73f6a8020e5770dcca37d4c7599

    SHA1

    7319ac3cb2188acd801f4f268032e106fcaeaac2

    SHA256

    70908d9cddc96195a7c6afa3e6d2d90d62716f40a599ff79c394989997d59d73

    SHA512

    ea52591857a9e692486c69ce072548e486580f39d038a61070c1a2e27e7057ef258258a6c4700cd12e85865e106e1a14b0914fdda3ebd18a8b024ae1c4ec77e1

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\HYTOKVEV\favicon[2].ico
    Filesize

    3KB

    MD5

    baaf7611a4a89d0821822dbc61cd85f3

    SHA1

    20ee71cd9c8ace0490b5bf1be2a0529b0c23b683

    SHA256

    da5ca5a924da32302ecc8c673e7e7f9fd73c25d6c1187d06f610b7caa8af5232

    SHA512

    2780e8f89a5286a9dd5957386836c27bdebd0dc9384a2abde0c079c3f6aa3dac089276d4d4fa7448ae34a5810e412be6004ec8d81da6f5f4c02bdaa1270d8147

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\CabF125.tmp
    Filesize

    61KB

    MD5

    fc4666cbca561e864e7fdf883a9e6661

    SHA1

    2f8d6094c7a34bf12ea0bbf0d51ee9c5bb7939a5

    SHA256

    10f3deb6c452d749a7451b5d065f4c0449737e5ee8a44f4d15844b503141e65b

    SHA512

    c71f54b571e01f247f072be4bbebdf5d8410b67eb79a61e7e0d9853fe857ab9bd12f53e6af3394b935560178107291fc4be351b27deb388eba90ba949633d57d

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\TarF136.tmp
    Filesize

    161KB

    MD5

    73b4b714b42fc9a6aaefd0ae59adb009

    SHA1

    efdaffd5b0ad21913d22001d91bf6c19ecb4ac41

    SHA256

    c0cf8cc04c34b5b80a2d86ad0eafb2dd71436f070c86b0321fba0201879625fd

    SHA512

    73af3c51b15f89237552b1718bef21fd80788fa416bab2cb2e7fb3a60d56249a716eda0d2dd68ab643752272640e7eaaaf57ce64bcb38373ddc3d035fb8d57cd

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\TarF524.tmp
    Filesize

    161KB

    MD5

    be2bec6e8c5653136d3e72fe53c98aa3

    SHA1

    a8182d6db17c14671c3d5766c72e58d87c0810de

    SHA256

    1919aab2a820642490169bdc4e88bd1189e22f83e7498bf8ebdfb62ec7d843fd

    SHA512

    0d1424ccdf0d53faf3f4e13d534e12f22388648aa4c23edbc503801e3c96b7f73c7999b760b5bef4b5e9dd923dffe21a21889b1ce836dd428420bf0f4f5327ff

    Download Submit

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\GS0086P9.txt
    Filesize

    604B

    MD5

    04f36cce808d5491d404b7be77559fb2

    SHA1

    3b34bac02ffaa16c06513fdee53218539c36944f

    SHA256

    fc3ece349837a4a752a5dbb14b665b58dcb89902eacb06368045cde7c4562f28

    SHA512

    2405269361759d14879b1a64bf114c09bcb7829977ed34260b661afdae25155ec0cb9c527d8a6783b3d63dbf1ca625012b96455bb9e31ba3e0b8b210d52e43fe

    Download Submit

  • memory/812-80-0x0000000002A10000-0x0000000002A12000-memory.dmp

    Filesize

    8KB

    Download

  • memory/1792-79-0x0000000003180000-0x0000000003190000-memory.dmp

    Filesize

    64KB

    Download