Overview

overview

8

Static

static

1

0195f82964...43.exe

windows7-x64

3

0195f82964...43.exe

windows10-2004-x64

8

Analysis

  • max time kernel
    150s
  • max time network
    154s
  • platform
    windows7_x64
  • resource
    win7-20230220-en
  • resource tags

    arch:x64arch:x86image:win7-20230220-enlocale:en-usos:windows7-x64system
  • submitted
    08/03/2023, 08:32

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    0195f82964521c3d9c62d478c8a2c1e8d0a3a15a710f081e5d21e8d92228f943.exe

  • Size

    790KB

  • MD5

    c30991a129c01a6559b49cb0f82c1a2e

  • SHA1

    b633c2564de6633d1c6e2a84a833b1543acf2e25

  • SHA256

    0195f82964521c3d9c62d478c8a2c1e8d0a3a15a710f081e5d21e8d92228f943

  • SHA512

    3f39b1ada0b529c3559049103c1da3b002067168dbcab56d71b910318c189b707788e43b59b97f4641c708c630c5d2d2a60b195cd10763f1a023f48af546a378

  • SSDEEP

    12288:AqzXbaUrzJRmKQiKyl+G7LdDy1GPWboTlG4Oe5IWLBPr:AqzXbaUrzbvQZyoGXxy4P8oTlG4b5bLp

Score
3/10

Malware Config

Signatures

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

  • Modifies Internet Explorer settings 1 TTPs 47 IoCs
    adwarespyware
  • Modifies system certificate store 2 TTPs 5 IoCs
    evasionspywaretrojan
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 8 IoCs
  • Suspicious use of WriteProcessMemory 8 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\0195f82964521c3d9c62d478c8a2c1e8d0a3a15a710f081e5d21e8d92228f943.exe
    "C:\Users\Admin\AppData\Local\Temp\0195f82964521c3d9c62d478c8a2c1e8d0a3a15a710f081e5d21e8d92228f943.exe"
    1⤵
    • Modifies system certificate store
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:2012
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" https://www.oneptp.com/ax/?uid=507801&ad=12
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:1388
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1388 CREDAT:275457 /prefetch:2
        3⤵
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:1364

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
    Filesize

    61KB

    MD5

    e71c8443ae0bc2e282c73faead0a6dd3

    SHA1

    0c110c1b01e68edfacaeae64781a37b1995fa94b

    SHA256

    95b0a5acc5bf70d3abdfd091d0c9f9063aa4fde65bd34dbf16786082e1992e72

    SHA512

    b38458c7fa2825afb72794f374827403d5946b1132e136a0ce075dfd351277cf7d957c88dc8a1e4adc3bcae1fa8010dae3831e268e910d517691de24326391a6

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
    Filesize

    61KB

    MD5

    e71c8443ae0bc2e282c73faead0a6dd3

    SHA1

    0c110c1b01e68edfacaeae64781a37b1995fa94b

    SHA256

    95b0a5acc5bf70d3abdfd091d0c9f9063aa4fde65bd34dbf16786082e1992e72

    SHA512

    b38458c7fa2825afb72794f374827403d5946b1132e136a0ce075dfd351277cf7d957c88dc8a1e4adc3bcae1fa8010dae3831e268e910d517691de24326391a6

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\FA0A17BC17FF10008872A7205D0D43E2_608DEF97DFACECDA8E97C6F270153A4F
    Filesize

    471B

    MD5

    8e94c67afbc8bc5bf72cae2b7112acb7

    SHA1

    a43bc7e3997d1e2a791baf773db98a0ebc753b7e

    SHA256

    5e0c646415d73dca8ab2e45cf5ae925e620acb6eca62fde449f286fb014ef387

    SHA512

    a3070d5ea87e504b3e6749b52196f2d61f3dd15cba63a47e71f47440c12729b3b32603354028050c324d73c467e68b9ecd56e5ae45629b432ce11425d51ccb94

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    12544cc94764e158a1528d05a63caa99

    SHA1

    3087b7154ffea7269c1e7ddfe977652cb5604346

    SHA256

    e39445a0b561efb565a2c82a6de519bef51d0a967605c4d8f72181cd5befc54e

    SHA512

    8e9fdaec34b9d79b2dc4f29dc833a9fbc2d2c1bae438a0054681f8173f2ff87697ca355dab638d245d6992f5c0967e48c031cb83c2232fa909d0734b0f009e14

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    28615caf7ec28648524a438ea7575bf6

    SHA1

    1e03b95d62d75a6cb278ef503038354be89663e4

    SHA256

    d7833853f7a34a22c7fb224ea6610c0a779a8723f7d7849174094030d173f23f

    SHA512

    7218ab1dc68719a43f5bfde284b75fd01ab6a888925fd226f4a03338cad0964aae52cc315f09accf2f83c5f4d358e35d961e6f66ad359cfa5240ed937de6665c

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    fb035d411d2ab2dfa9a4e63966ddcc81

    SHA1

    0b09b019b2e40f8c63a998e918bc76e183451549

    SHA256

    b281abe4f782f85d4d05145825b4ddbfdb9eb823c54fa3f19e5d868971cbf296

    SHA512

    9439d068d637b72c21f89154d3d6e5ccdebe8a3626a20bb2a12aaf22d5e54cabcfe1768b00536e514876eb354cea8a7d5b2de2054ccd2e264daba0cfb453e8bc

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    a083820e9e5c5cbaa67e936cf2843c5f

    SHA1

    a506444b5f804472d4e9346bd924168db48479e3

    SHA256

    52191a24f8859e3ba0ac1ead63217ed97c1646e2bb460950c8a8cc04c173cd3e

    SHA512

    ef74722f83e27c9cf2313e90bc8831867019b321598a9d61323ae79c1fcaf281d7909511a558e506fc65e9aacfcae410cd532b4d1c53e66e54cb09c0de523cb9

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\FA0A17BC17FF10008872A7205D0D43E2_608DEF97DFACECDA8E97C6F270153A4F
    Filesize

    394B

    MD5

    88ead5a710b37226ead06b7badea673b

    SHA1

    56071d38c888d7cb5efeea314ed4927e8deb4518

    SHA256

    49f05b6cebb0f6b2da51da56a765ff5da75d367bd97b5e11ec51332fde0ee83a

    SHA512

    d24dc1b6f5dfb01ccc3dc97370c8cabe1fa795ea81abf10dfdfc228fc85f9615e1994a891baf063dbe454cd67877437dd6b1514fd38fdad88d4927fd36dbaa61

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\OJEOHAOD\ad.oneptp[1].xml
    Filesize

    137B

    MD5

    a6a3517336d3310059a71391fcd1b15d

    SHA1

    69c931bd8eae9f3fcc37010919d089d12a5a3721

    SHA256

    fef895ef871c4f1453f618d9deed3dcc89402e46727bf8b4f59da5c6827b6780

    SHA512

    2648490382194f22194b02c8dc8d9887bc3538cec85164d09858be7e2029c1924ab982540a47d884cacac1102595c3cdb96fef4953279cd4bd25e440d6920049

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DomainSuggestions\en-US.1
    Filesize

    17KB

    MD5

    5a34cb996293fde2cb7a4ac89587393a

    SHA1

    3c96c993500690d1a77873cd62bc639b3a10653f

    SHA256

    c6a5377cbc07eece33790cfc70572e12c7a48ad8296be25c0cc805a1f384dbad

    SHA512

    e1b7d0107733f81937415104e70f68b1be6fd0ca65dccf4ff72637943d44278d3a77f704aedff59d2dbc0d56a609b2590c8ec0dd6bc48ab30f1dad0c07a0a3ee

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\imagestore\62yy7f8\imagestore.dat
    Filesize

    8KB

    MD5

    4d145085c7dfe1e2de53039b8332deb5

    SHA1

    0d29cea50b20481ddfe1939f70fed7580399003e

    SHA256

    9e76d75cc1166594abbc02e7861e4f5bbadcb94ade8461ce5ddb911ae221bc0f

    SHA512

    b4ddac2e9585385a222f5f4f31593ebcab8591cac59c1c72cf73744d69e156d6ba0db91d9c3c90e8ce97fcc5ff0e605c5ea714d77840c72e1e2031fb16565604

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BJWXLGAS\19_htm[1].htm
    Filesize

    65KB

    MD5

    3795e20f48f4b1ab85c58646abcc7711

    SHA1

    4566a7ddd745e8e587950702ae81b6ecffac6083

    SHA256

    8ef2dcce5f169f9e3748e04306afaa3ee3477588d30eb396f9c92e7dced327bc

    SHA512

    61302bb072edb790d6b9ef3f9666944f85113155fa586bee0452846147d0918fdac11d7c0c6606c59acfa45bfcf8745061e5cea5be344a48b8bbbbc46361e191

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\T22XS5WA\1.7.2.min[1].js
    Filesize

    92KB

    MD5

    b8d64d0bc142b3f670cc0611b0aebcae

    SHA1

    abcd2ba13348f178b17141b445bc99f1917d47af

    SHA256

    47b68dce8cb6805ad5b3ea4d27af92a241f4e29a5c12a274c852e4346a0500b4

    SHA512

    a684abbe37e8047c55c394366b012cc9ae5d682d29d340bc48a37be1a549aeced72de6408bedfed776a14611e6f3374015b236fbf49422b2982ef18125ff47dc

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\T22XS5WA\2.3[1].js
    Filesize

    84KB

    MD5

    c0dbffd0e4a955e6e5839d7b34403e08

    SHA1

    191e3c0e8b716e11a2ad8c3181ee616bc8d9b6da

    SHA256

    86db8e690bcf18e7a952f4ed85b37efa8404d377d309e5d22878f44b2ba45b9e

    SHA512

    a8eb96bdc200d535adc6cf0da942c1ddaad83dd93fdf8f6b6ee68a29d85602b50097b04c7ac4c67d029d7baa8a3584ed4ac4026163ef49dec4c39bbd84f8cb13

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\T22XS5WA\favicon[2].ico
    Filesize

    3KB

    MD5

    baaf7611a4a89d0821822dbc61cd85f3

    SHA1

    20ee71cd9c8ace0490b5bf1be2a0529b0c23b683

    SHA256

    da5ca5a924da32302ecc8c673e7e7f9fd73c25d6c1187d06f610b7caa8af5232

    SHA512

    2780e8f89a5286a9dd5957386836c27bdebd0dc9384a2abde0c079c3f6aa3dac089276d4d4fa7448ae34a5810e412be6004ec8d81da6f5f4c02bdaa1270d8147

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UIC7WQYE\flow[1].htm
    Filesize

    553B

    MD5

    07d62e50b7d05f3029322aa3774781cb

    SHA1

    4c550a3d4ed1991c0ff89b83a84efb4323c318f7

    SHA256

    6ebef85341cf7b1849249a9ca7e55e491dfd3da0249ff750ec48d5d8b4313b34

    SHA512

    94abcf27e7fb41b21e237901dfb607f13ccde038aea155449a681f7cf7289624618195db413b81d7654ed7b4fe2fe80aa6c73a25965e9b4e8e5fe866d9f6cd5b

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UIC7WQYE\hm[1].js
    Filesize

    29KB

    MD5

    1d797e5ee989a7bbb7ff78273d6eb0c8

    SHA1

    787d41f4dd33f8786397640f5003236cb1cec890

    SHA256

    a613e629a9bb54d19d1fd9698c4be374c00542f874015390843a1ae3fab3a1f3

    SHA512

    e0c9dbdc85e0b42e8aa8fb6a41565189ce9a4566d3efb01c19a3a29435e3a9d15a7339d40bd1fc8079a064bc609f7f6df1a38131b8efa918fb824bdb6a7640ee

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\VQ77JNZF\a[1].gif
    Filesize

    43B

    MD5

    ad4b0f606e0f8465bc4c4c170b37e1a3

    SHA1

    50b30fd5f87c85fe5cba2635cb83316ca71250d7

    SHA256

    cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

    SHA512

    ebfe0c0df4bcc167d5cb6ebdd379f9083df62bef63a23818e1c6adf0f64b65467ea58b7cd4d03cf0a1b1a2b07fb7b969bf35f25f1f8538cc65cf3eebdf8a0910

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\VQ77JNZF\iwt-min[1].js
    Filesize

    23KB

    MD5

    be15dd4e71a35e54bb29d50dabe457bf

    SHA1

    519c2efffe3158379f0c6d21e75a7729295bbab5

    SHA256

    a049cac5548c3c5e4fcf6100c888b14482f07bb5069b12a3c0444864ac3d7672

    SHA512

    e390089b52cac719b9ec79102bbacb13564f91cba4e511e838d7a0f601448bbc0ee8cd2732b866c1062bef2c625ba73526ee494b2879db01529b632dbd3f354f

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Tar3377.tmp
    Filesize

    161KB

    MD5

    be2bec6e8c5653136d3e72fe53c98aa3

    SHA1

    a8182d6db17c14671c3d5766c72e58d87c0810de

    SHA256

    1919aab2a820642490169bdc4e88bd1189e22f83e7498bf8ebdfb62ec7d843fd

    SHA512

    0d1424ccdf0d53faf3f4e13d534e12f22388648aa4c23edbc503801e3c96b7f73c7999b760b5bef4b5e9dd923dffe21a21889b1ce836dd428420bf0f4f5327ff

    Download Submit

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\08NM72TK.txt
    Filesize

    608B

    MD5

    ae5b9e8de92068f9582401df72e04f4c

    SHA1

    12674ee7156ac512bab4ad03ee9baa1db94f7071

    SHA256

    8e888bd523df2e56468774b77374cd88ce6e22d3d7f5b5b9165b6084c6d53baf

    SHA512

    a4ecc309049bb5c99819838b03762356da10ddec4ef9ec4d0c949233879aa598a8f1a6b65ac32a64aaa3af96552f2d9707263acc59825507f1c9302a1a87cb71

    Download Submit

  • memory/1364-118-0x0000000001390000-0x0000000001392000-memory.dmp

    Filesize

    8KB

    Download

  • memory/1388-117-0x00000000003F0000-0x0000000000400000-memory.dmp

    Filesize

    64KB

    Download