Overview

overview

8

Static

static

1

48fb5ea7ef...17.exe

windows7-x64

3

48fb5ea7ef...17.exe

windows10-2004-x64

8

Analysis

  • max time kernel
    150s
  • max time network
    153s
  • platform
    windows7_x64
  • resource
    win7-20230220-en
  • resource tags

    arch:x64arch:x86image:win7-20230220-enlocale:en-usos:windows7-x64system
  • submitted
    08/03/2023, 08:29

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    48fb5ea7effbebde47b65accd620f99d30582b2b004caa79dfc21b1aba9ff217.exe

  • Size

    790KB

  • MD5

    6ea5a4b23d2a0e9c8b16e2f92ec5e48e

  • SHA1

    6062c934748fc59f3365bcbc3b39f2c772e8dda2

  • SHA256

    48fb5ea7effbebde47b65accd620f99d30582b2b004caa79dfc21b1aba9ff217

  • SHA512

    57329cfebab311cec5c5b28c855cb27dc8f5bf2b2b45b2f0d9e60b5b25fa02f106195c796d5cbda8d86a253507ec49a237cdba6853796a9af1ca9ab6652ccc3e

  • SSDEEP

    12288:AqzXbaUrzJRmKQiKyl+G7LdDy1GPWboTlG4Oe5IWLBv:AqzXbaUrzbvQZyoGXxy4P8oTlG4b5bLh

Score
3/10

Malware Config

Signatures

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

  • Modifies Internet Explorer settings 1 TTPs 38 IoCs
    adwarespyware
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 8 IoCs
  • Suspicious use of WriteProcessMemory 8 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\48fb5ea7effbebde47b65accd620f99d30582b2b004caa79dfc21b1aba9ff217.exe
    "C:\Users\Admin\AppData\Local\Temp\48fb5ea7effbebde47b65accd620f99d30582b2b004caa79dfc21b1aba9ff217.exe"
    1⤵
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:1728
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" https://www.oneptp.com/ax/?uid=507801&ad=9
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:1444
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1444 CREDAT:275457 /prefetch:2
        3⤵
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:824

Network

        MITRE ATT&CK Enterprise v6

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
          Filesize

          61KB

          MD5

          e71c8443ae0bc2e282c73faead0a6dd3

          SHA1

          0c110c1b01e68edfacaeae64781a37b1995fa94b

          SHA256

          95b0a5acc5bf70d3abdfd091d0c9f9063aa4fde65bd34dbf16786082e1992e72

          SHA512

          b38458c7fa2825afb72794f374827403d5946b1132e136a0ce075dfd351277cf7d957c88dc8a1e4adc3bcae1fa8010dae3831e268e910d517691de24326391a6

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
          Filesize

          61KB

          MD5

          e71c8443ae0bc2e282c73faead0a6dd3

          SHA1

          0c110c1b01e68edfacaeae64781a37b1995fa94b

          SHA256

          95b0a5acc5bf70d3abdfd091d0c9f9063aa4fde65bd34dbf16786082e1992e72

          SHA512

          b38458c7fa2825afb72794f374827403d5946b1132e136a0ce075dfd351277cf7d957c88dc8a1e4adc3bcae1fa8010dae3831e268e910d517691de24326391a6

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\FA0A17BC17FF10008872A7205D0D43E2_608DEF97DFACECDA8E97C6F270153A4F
          Filesize

          471B

          MD5

          8e94c67afbc8bc5bf72cae2b7112acb7

          SHA1

          a43bc7e3997d1e2a791baf773db98a0ebc753b7e

          SHA256

          5e0c646415d73dca8ab2e45cf5ae925e620acb6eca62fde449f286fb014ef387

          SHA512

          a3070d5ea87e504b3e6749b52196f2d61f3dd15cba63a47e71f47440c12729b3b32603354028050c324d73c467e68b9ecd56e5ae45629b432ce11425d51ccb94

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          342B

          MD5

          f8e629b5d6f5e6ceed22565e08ae3bea

          SHA1

          2a2405c057bca238e8825e3116c59165bf3e2631

          SHA256

          e3e5fe3a4e93ab5830c449d3f4c043f656ac8d4a244b68da14e1abafd9535aa9

          SHA512

          6581336822ef3ad7be3b22dd065561531b75de061e262fc2ea3f7265fe190062fe99416677c96836b3a105dbb09e652bbc817f4a772e578014fa2943aa937789

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          342B

          MD5

          dca5ae407f40946711804d6410f2da8f

          SHA1

          c50aaef162247b301ad782852d44fb901b789962

          SHA256

          8d9c2470178885c39fddc48ddc1b76ca4177200976bf2f585d348d98c376adc5

          SHA512

          b7eea8beda843830317c8b35401e90b552e31ddf94e5844cce756e2a455e351cd49145d3f7e23f5d127f85c855cbe980dbc2685e2a9f8da3a5c91b8cd549a7cf

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          342B

          MD5

          bfc69322ecea5abf0ddb2de12be0187d

          SHA1

          75c7dc73bce96f3dec02ad5063776e784fcb6147

          SHA256

          8a1a31deece0917e2d0804eb064f211a4619f1d6ecf3823917baffdc1f39ba60

          SHA512

          a3d002cd15765d9c0907c7c2d5b2082508b6580408d012c4dc5c7383c04200f0559d02609716fb0a2427626d6a48f523e72c335204459668e026229edfe0e953

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          342B

          MD5

          bfc69322ecea5abf0ddb2de12be0187d

          SHA1

          75c7dc73bce96f3dec02ad5063776e784fcb6147

          SHA256

          8a1a31deece0917e2d0804eb064f211a4619f1d6ecf3823917baffdc1f39ba60

          SHA512

          a3d002cd15765d9c0907c7c2d5b2082508b6580408d012c4dc5c7383c04200f0559d02609716fb0a2427626d6a48f523e72c335204459668e026229edfe0e953

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          342B

          MD5

          a8e6047872a5ec316b6e6d7cb22abac7

          SHA1

          dfa5db9fde0cc7f46dcc57b4a055e5f08cecfb76

          SHA256

          07302d85089b273bb49d5df0bae033f6f14c0e884fdf627e13841f99d40ab85c

          SHA512

          c48a215d32d5a03c686d3499910163c46644231abd976244965b35e35f51cdc579bd73df1b73e02c8ae62618e6d7ec42e1a89cd1ad22f27a527598ddacc1561e

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          342B

          MD5

          fac4ec51fbd5105553e9ebac3e634829

          SHA1

          dbcc8032de195df2ff8f400e5d30098d78bdf183

          SHA256

          db04c566a0ce162370b43c24a372326b2e8f2da190aea5b65a9a955698b38470

          SHA512

          debcdc790e54c350efef3a68166a709d756199ea8b6ca9d8cad100cf2251d9a14acacea29d0219d84ac86b798184ab7815f1f4fbeee74e2412ca303d3a2d4a4b

          Download Submit

        • C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\HLC0WN57\cheku.xcar.com[1].xml
          Filesize

          118B

          MD5

          7081dacff6be2fc8ca868f013a3894aa

          SHA1

          bb89296c817446815e82011821c76e9c03564ac5

          SHA256

          5a8724aa8275ffa250044691308b67e902bedb25e2120915320cd5b5fd2d3289

          SHA512

          692cc48c47cc9b8945cbf95531d885e5d647867cc5419ae7230da687bce4eb271042a46f239e73d88f04f7cd39170ab8ad8fceac627fd6ce650f2b09c058f589

          Download Submit

        • C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\imagestore\z62wpf5\imagestore.dat
          Filesize

          8KB

          MD5

          24b1d9bda3fc1854a7526a4ab6c65ef1

          SHA1

          9283ba03446b95b04378c8f4e179d48ee453e31e

          SHA256

          be9af0832efd3214f74b2f9d87f80c1b4d523b82c4996ea4fd3afd5be227d19c

          SHA512

          53b51716f6517f2e697f9378d6aa64ef64f6292158a911265236636fa44005970641b1e6403d57831f93f702f71335f6ecdd7d4ef5ef3bcaa1493db92d7345c8

          Download Submit

        • C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\03S7L47X\suggestions[1].en-US
          Filesize

          17KB

          MD5

          5a34cb996293fde2cb7a4ac89587393a

          SHA1

          3c96c993500690d1a77873cd62bc639b3a10653f

          SHA256

          c6a5377cbc07eece33790cfc70572e12c7a48ad8296be25c0cc805a1f384dbad

          SHA512

          e1b7d0107733f81937415104e70f68b1be6fd0ca65dccf4ff72637943d44278d3a77f704aedff59d2dbc0d56a609b2590c8ec0dd6bc48ab30f1dad0c07a0a3ee

          Download Submit

        • C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\CMIDRLTB\113_htm[1].htm
          Filesize

          242KB

          MD5

          07b76a9119bea5649a1df7658e7bb83a

          SHA1

          4ab4e0cb7e1f8005d2dda70c20301368d8119455

          SHA256

          64e0a24d129c9c670261f923a62a9e7f8d5ff56f795b957df2ff43579b8ab2c9

          SHA512

          90386c6bca81060bb80820e0ae94897465b1a475ccf323b7df7e86cf8f615ca75861b13824944850c57cd82972100d928875663771f5777ed3765ff6a86697ea

          Download Submit

        • C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\CMIDRLTB\516_htm[1].htm
          Filesize

          45KB

          MD5

          03f41e7fd9fa134aa75494a33f1b421a

          SHA1

          7ce2fa27a3fa95d7a5fb14ea87434ebdb6a153f2

          SHA256

          68e6198cec5610b8aa351238fa46cf8f6457e041a7d8a0e85d221b1a389d68a7

          SHA512

          79d33fe43e1b9b827b555ac86e1ee3ef862e668aeadd3c7a1b34b7fa84e91bcba2d6f1c27737828fdb4733672c651c94fb8d2b13f89c6f1dba425f572292b240

          Download Submit

        • C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UOYUJSME\favicon[1].ico
          Filesize

          3KB

          MD5

          baaf7611a4a89d0821822dbc61cd85f3

          SHA1

          20ee71cd9c8ace0490b5bf1be2a0529b0c23b683

          SHA256

          da5ca5a924da32302ecc8c673e7e7f9fd73c25d6c1187d06f610b7caa8af5232

          SHA512

          2780e8f89a5286a9dd5957386836c27bdebd0dc9384a2abde0c079c3f6aa3dac089276d4d4fa7448ae34a5810e412be6004ec8d81da6f5f4c02bdaa1270d8147

          Download Submit

        • C:\Users\Admin\AppData\Local\Temp\Cab6B71.tmp
          Filesize

          61KB

          MD5

          fc4666cbca561e864e7fdf883a9e6661

          SHA1

          2f8d6094c7a34bf12ea0bbf0d51ee9c5bb7939a5

          SHA256

          10f3deb6c452d749a7451b5d065f4c0449737e5ee8a44f4d15844b503141e65b

          SHA512

          c71f54b571e01f247f072be4bbebdf5d8410b67eb79a61e7e0d9853fe857ab9bd12f53e6af3394b935560178107291fc4be351b27deb388eba90ba949633d57d

          Download Submit

        • C:\Users\Admin\AppData\Local\Temp\Tar6F04.tmp
          Filesize

          161KB

          MD5

          be2bec6e8c5653136d3e72fe53c98aa3

          SHA1

          a8182d6db17c14671c3d5766c72e58d87c0810de

          SHA256

          1919aab2a820642490169bdc4e88bd1189e22f83e7498bf8ebdfb62ec7d843fd

          SHA512

          0d1424ccdf0d53faf3f4e13d534e12f22388648aa4c23edbc503801e3c96b7f73c7999b760b5bef4b5e9dd923dffe21a21889b1ce836dd428420bf0f4f5327ff

          Download Submit

        • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\O24HH6C3.txt
          Filesize

          606B

          MD5

          f156866aa327f23056df56b4a4322efa

          SHA1

          7425b1ac619a7f13bab0c50c4682a3e728ed3efd

          SHA256

          325c0f0d6d2af65eff469b620a81684ad26d470556a2683f8317908ed20f2179

          SHA512

          c5958d626989655f1a633373c83987c0019dae90a776205a9a46a6c610dec4de2b56d053382ed64340b732d7852bda69be7fab4b714ef7ae07189bdc926e28ae

          Download Submit

        • memory/824-55-0x0000000000FD0000-0x0000000000FD2000-memory.dmp

          Filesize

          8KB

          Download

        • memory/1444-54-0x0000000002FA0000-0x0000000002FB0000-memory.dmp

          Filesize

          64KB

          Download