Overview

overview

8

Static

static

1

1e4d13e22f...ba.exe

windows7-x64

3

1e4d13e22f...ba.exe

windows10-2004-x64

8

Analysis

  • max time kernel
    150s
  • max time network
    152s
  • platform
    windows7_x64
  • resource
    win7-20230220-en
  • resource tags

    arch:x64arch:x86image:win7-20230220-enlocale:en-usos:windows7-x64system
  • submitted
    08/03/2023, 00:59

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    1e4d13e22fb5df4ad5e468fdc95ba242ac1bb3c8a3e21cfe090c0a75f34057ba.exe

  • Size

    790KB

  • MD5

    b4a7f29901880fc7cdd85c20f426d3a3

  • SHA1

    acd1f0f2a46f17569950ac05d686e5db40b6a8a6

  • SHA256

    1e4d13e22fb5df4ad5e468fdc95ba242ac1bb3c8a3e21cfe090c0a75f34057ba

  • SHA512

    5ed8ecd6083d71eb5470c0ca7a63fce36f23105d56ce95404476b0c8c676df84f56674e699e320c3982177aa2ad0b8b09608bfbc1bd35d5162961353df9a7e93

  • SSDEEP

    12288:AqzXbaUrzJRmKQiKyl+G7LdDy1GPWboTlG4Oe5IWLBr:AqzXbaUrzbvQZyoGXxy4P8oTlG4b5bL1

Score
3/10

Malware Config

Signatures

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

  • Modifies Internet Explorer settings 1 TTPs 41 IoCs
    adwarespyware
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 8 IoCs
  • Suspicious use of WriteProcessMemory 8 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\1e4d13e22fb5df4ad5e468fdc95ba242ac1bb3c8a3e21cfe090c0a75f34057ba.exe
    "C:\Users\Admin\AppData\Local\Temp\1e4d13e22fb5df4ad5e468fdc95ba242ac1bb3c8a3e21cfe090c0a75f34057ba.exe"
    1⤵
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:2020
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" https://www.oneptp.com/ax/?uid=507801&ad=12
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:1656
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1656 CREDAT:275457 /prefetch:2
        3⤵
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:1732

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
    Filesize

    61KB

    MD5

    e71c8443ae0bc2e282c73faead0a6dd3

    SHA1

    0c110c1b01e68edfacaeae64781a37b1995fa94b

    SHA256

    95b0a5acc5bf70d3abdfd091d0c9f9063aa4fde65bd34dbf16786082e1992e72

    SHA512

    b38458c7fa2825afb72794f374827403d5946b1132e136a0ce075dfd351277cf7d957c88dc8a1e4adc3bcae1fa8010dae3831e268e910d517691de24326391a6

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    13f7cb14899ccae49cd046d933ce1e7c

    SHA1

    cee0e3582929bf7302bf55a7ad68bef1dc631f59

    SHA256

    8c3c33734a8c1de4cb9532c6c088258d061dc90e76d3e7991ec61a5249998f28

    SHA512

    d4d21a6a7b2385835aa5eab27558ee3b547fc9afbf2c108cfb9f5031ee509d2e14a21e83e9e73a13cca538bef1c1738e133e712f6146c4adedcb01cc54671382

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    7e575449a2a1e04b66ac0a57c97101c8

    SHA1

    3c708b078350d80f9de4f2ac60e5cc49a9e5fe9a

    SHA256

    5c2cd618037f3352ef266c7580bf2813a6ded9f962ac56800b21af85e92919ec

    SHA512

    ad6179d1927218a8e1a22a3a05b3cd984e86e85a2be4a11932c118983775c9bce26fc2d06ddd3437eb99bdfca479d6e32b6a9be3d42af915919d7275365bfe3b

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    d259dd5612943b5ed167d98cc612258d

    SHA1

    0e7c19f74fa2cb1a0f508c02a6fdbf6a55bee6c5

    SHA256

    d6ffe8aaa6229c06d18d489d405a4a270c0b2cf2ab19224ac6c6aeb54d7d0d73

    SHA512

    5a621ab513dcb7c7a47be3b6d3fca9c708c50aeb8ae02db5721d7cc51dc968b5da0ac6dc85edd9ee0cbf746ad7eaee72172eda5f0fab0df9592ca8c7cfd4cf6b

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    ccae8d3cddbd01cd631f2a367aad9751

    SHA1

    6b60ef31481cd7f0af16d3a003e6f74380c6cc9c

    SHA256

    3385cdeb83e64614f286ef559ffefff569165b5cae5b34c256ddc187dbcf0340

    SHA512

    df0cb223229290a2b16e6708d1bdcd7d1d88b3de5eb2548fad974a76176865cc4fd0823d4c8156df5f76b49880f647509d2efe5f31322dba06d482c7db6e7a45

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    3dacd055831ecb7cd43c702d6c2b1b75

    SHA1

    7b6dfc1c3514759060899505d470e0b44d809b9d

    SHA256

    18b5fe923203ff21bc1c7b547a3b528b5265c8e88c4c8f65daffdc56a87deb84

    SHA512

    d5a84affd3955e0ede08e6859af6ceac5736e9a66b8188887f832498f6f5663c26965bfd8f05bb1f70877935282994d8d27e21f7eda55302825569c850c186ea

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\L44X7ZDK\cheku.xcar.com[1].xml
    Filesize

    118B

    MD5

    75d06a31304e03e733b28df154da822e

    SHA1

    b5869537bb09c7cdb75343ac9544a4e95f6e7194

    SHA256

    8803ec804d6f0ea00cde2a37b0b18d3413175b890d95f37ac27df31ca186d9d5

    SHA512

    6e338a9e0406fdecb21e20e81c08116fef28f29a792af6e17f3e31dd1a786133bc2048626f4d8b3cbe09c02a46e5df9efdb8f51efb4f4e074ea6edb0fcc3d7c0

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\imagestore\jo5ozfo\imagestore.dat
    Filesize

    8KB

    MD5

    f8ef6a6851b6165006405120d3d7b345

    SHA1

    acd2974250c70f150431fb0f366386a030ab75bd

    SHA256

    6d025f319277e4e8bb9ee9d44351ab9e7931c573ea860d7c16c141a09df1fe48

    SHA512

    eab1c45b74878499370918d925f7c594bbe53558fec37d9bbd230d29a2fa47f4706c83c229e80fac7a95d3eb876ea5738304d833cae6cbba70befb91028f2319

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BA5D7P93\2.3[1].js
    Filesize

    84KB

    MD5

    c0dbffd0e4a955e6e5839d7b34403e08

    SHA1

    191e3c0e8b716e11a2ad8c3181ee616bc8d9b6da

    SHA256

    86db8e690bcf18e7a952f4ed85b37efa8404d377d309e5d22878f44b2ba45b9e

    SHA512

    a8eb96bdc200d535adc6cf0da942c1ddaad83dd93fdf8f6b6ee68a29d85602b50097b04c7ac4c67d029d7baa8a3584ed4ac4026163ef49dec4c39bbd84f8cb13

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\RYXN1WWD\a[1].gif
    Filesize

    43B

    MD5

    ad4b0f606e0f8465bc4c4c170b37e1a3

    SHA1

    50b30fd5f87c85fe5cba2635cb83316ca71250d7

    SHA256

    cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

    SHA512

    ebfe0c0df4bcc167d5cb6ebdd379f9083df62bef63a23818e1c6adf0f64b65467ea58b7cd4d03cf0a1b1a2b07fb7b969bf35f25f1f8538cc65cf3eebdf8a0910

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\RYXN1WWD\favicon[1].ico
    Filesize

    3KB

    MD5

    baaf7611a4a89d0821822dbc61cd85f3

    SHA1

    20ee71cd9c8ace0490b5bf1be2a0529b0c23b683

    SHA256

    da5ca5a924da32302ecc8c673e7e7f9fd73c25d6c1187d06f610b7caa8af5232

    SHA512

    2780e8f89a5286a9dd5957386836c27bdebd0dc9384a2abde0c079c3f6aa3dac089276d4d4fa7448ae34a5810e412be6004ec8d81da6f5f4c02bdaa1270d8147

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\RYXN1WWD\iwt-min[1].js
    Filesize

    23KB

    MD5

    be15dd4e71a35e54bb29d50dabe457bf

    SHA1

    519c2efffe3158379f0c6d21e75a7729295bbab5

    SHA256

    a049cac5548c3c5e4fcf6100c888b14482f07bb5069b12a3c0444864ac3d7672

    SHA512

    e390089b52cac719b9ec79102bbacb13564f91cba4e511e838d7a0f601448bbc0ee8cd2732b866c1062bef2c625ba73526ee494b2879db01529b632dbd3f354f

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\SKXYVKI3\937_htm[1].htm
    Filesize

    64KB

    MD5

    da579bd5a28926587ee981cdf69ac3cb

    SHA1

    44d704288c97cfddf365ba49130ba1db53f2d911

    SHA256

    f02f855402f8895f901a0cf946ee6f931c8bf27a821cf9ce20763a9b3c64d7f0

    SHA512

    abb6834557c4e4b6cc7f8bc82ae8d505aba92528b7917ec361fb4255e31cfebdc2925e2439fc81a06a29c92775703cb19c7f276b9c6d06a4df211688da57f4a8

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\SKXYVKI3\hm[1].js
    Filesize

    29KB

    MD5

    1b15955034f61281add2ef0e240263b7

    SHA1

    4c92c3a57366c0d79ec74ede37c5edf31e0c74a9

    SHA256

    0c6a74821f546d11cb9fd316d1acd778f49616e8d306bb2e683f451eb2da65d8

    SHA512

    162b44b36cfacabf1add7669b32ec5e400744d06bd633be789b477b2ab791335404ece0a13dbb05131eadab6ceed43d02386b482194d8200779849f8f836029d

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TOS3MI7U\suggestions[1].en-US
    Filesize

    17KB

    MD5

    5a34cb996293fde2cb7a4ac89587393a

    SHA1

    3c96c993500690d1a77873cd62bc639b3a10653f

    SHA256

    c6a5377cbc07eece33790cfc70572e12c7a48ad8296be25c0cc805a1f384dbad

    SHA512

    e1b7d0107733f81937415104e70f68b1be6fd0ca65dccf4ff72637943d44278d3a77f704aedff59d2dbc0d56a609b2590c8ec0dd6bc48ab30f1dad0c07a0a3ee

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Cab6098.tmp
    Filesize

    61KB

    MD5

    fc4666cbca561e864e7fdf883a9e6661

    SHA1

    2f8d6094c7a34bf12ea0bbf0d51ee9c5bb7939a5

    SHA256

    10f3deb6c452d749a7451b5d065f4c0449737e5ee8a44f4d15844b503141e65b

    SHA512

    c71f54b571e01f247f072be4bbebdf5d8410b67eb79a61e7e0d9853fe857ab9bd12f53e6af3394b935560178107291fc4be351b27deb388eba90ba949633d57d

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Cab6147.tmp
    Filesize

    61KB

    MD5

    e71c8443ae0bc2e282c73faead0a6dd3

    SHA1

    0c110c1b01e68edfacaeae64781a37b1995fa94b

    SHA256

    95b0a5acc5bf70d3abdfd091d0c9f9063aa4fde65bd34dbf16786082e1992e72

    SHA512

    b38458c7fa2825afb72794f374827403d5946b1132e136a0ce075dfd351277cf7d957c88dc8a1e4adc3bcae1fa8010dae3831e268e910d517691de24326391a6

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Tar609B.tmp
    Filesize

    161KB

    MD5

    73b4b714b42fc9a6aaefd0ae59adb009

    SHA1

    efdaffd5b0ad21913d22001d91bf6c19ecb4ac41

    SHA256

    c0cf8cc04c34b5b80a2d86ad0eafb2dd71436f070c86b0321fba0201879625fd

    SHA512

    73af3c51b15f89237552b1718bef21fd80788fa416bab2cb2e7fb3a60d56249a716eda0d2dd68ab643752272640e7eaaaf57ce64bcb38373ddc3d035fb8d57cd

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Tar61CA.tmp
    Filesize

    161KB

    MD5

    be2bec6e8c5653136d3e72fe53c98aa3

    SHA1

    a8182d6db17c14671c3d5766c72e58d87c0810de

    SHA256

    1919aab2a820642490169bdc4e88bd1189e22f83e7498bf8ebdfb62ec7d843fd

    SHA512

    0d1424ccdf0d53faf3f4e13d534e12f22388648aa4c23edbc503801e3c96b7f73c7999b760b5bef4b5e9dd923dffe21a21889b1ce836dd428420bf0f4f5327ff

    Download Submit

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\GILSNHMZ.txt
    Filesize

    606B

    MD5

    769847126e8394c063d9b70dee0c4f07

    SHA1

    5fc289f86977813fce3d9db0a6ea55d466e3364f

    SHA256

    c1f1ca83f7a045f4c528b4a68b7cf3cc1818759647b8bf95cde2188cad2e9ccc

    SHA512

    29e88c314cf6c5705f21b627ebbf4360ac15f28d61256123d5c38a90a1d1a8460907e270653cb91681813387a28ffde95b1331eeaa3958aa218670f3bf804f1d

    Download Submit

  • memory/1656-69-0x0000000002B40000-0x0000000002B50000-memory.dmp

    Filesize

    64KB

    Download

  • memory/1732-70-0x0000000002E80000-0x0000000002E82000-memory.dmp

    Filesize

    8KB

    Download