Overview

overview

7

Static

static

7

377a55d325...ad.exe

windows7-x64

5

377a55d325...ad.exe

windows10-2004-x64

5

Analysis

  • max time kernel
    140s
  • max time network
    143s
  • platform
    windows7_x64
  • resource
    win7-20230220-en
  • resource tags

    arch:x64arch:x86image:win7-20230220-enlocale:en-usos:windows7-x64system
  • submitted
    16-03-2023 04:57

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    377a55d325a90655aadb2f44be952682cfbee2d9b922064447481c5115b8e5ad.exe

  • Size

    642KB

  • MD5

    795aacba9dac3f2b90a4fa0967f43963

  • SHA1

    21ec7aa748b7215a1cd2b6af505538706f40311d

  • SHA256

    377a55d325a90655aadb2f44be952682cfbee2d9b922064447481c5115b8e5ad

  • SHA512

    932dc696118f9d5cf42c5b0b626bbf75d2540535736b8af95ed2be720abf80b1f32b3057f3f5123e429dce48e6a5d01fad736908bc2280c84ebbda0c0c0a13d3

  • SSDEEP

    12288:AfOMTqlIilNtVhyqGxwX0SC/OXVptKGA2WQ1+FGZMSIzjsmLD:AfTqlXxhVv0SC/4VbALSIzgmv

Score
5/10

Malware Config

Signatures

  • Drops file in System32 directory 22 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

  • Modifies Internet Explorer settings 1 TTPs 36 IoCs
    adwarespyware
  • Modifies registry class 5 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 8 IoCs
  • Suspicious use of WriteProcessMemory 8 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\377a55d325a90655aadb2f44be952682cfbee2d9b922064447481c5115b8e5ad.exe
    "C:\Users\Admin\AppData\Local\Temp\377a55d325a90655aadb2f44be952682cfbee2d9b922064447481c5115b8e5ad.exe"
    1⤵
    • Drops file in System32 directory
    • Modifies registry class
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:1584
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" http://www.51kj.com.cn/bbs/index.asp?boardid=65
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:1032
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1032 CREDAT:275457 /prefetch:2
        3⤵
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:784

Network

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

System Information Discovery

1
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
    Filesize

    61KB

    MD5

    e71c8443ae0bc2e282c73faead0a6dd3

    SHA1

    0c110c1b01e68edfacaeae64781a37b1995fa94b

    SHA256

    95b0a5acc5bf70d3abdfd091d0c9f9063aa4fde65bd34dbf16786082e1992e72

    SHA512

    b38458c7fa2825afb72794f374827403d5946b1132e136a0ce075dfd351277cf7d957c88dc8a1e4adc3bcae1fa8010dae3831e268e910d517691de24326391a6

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    5087267d0dd5fc7b59311743c02c0f8d

    SHA1

    812cfb881bce753fb8abdb5b2b2e380a992216b5

    SHA256

    289c0faee1af8c3522ea7fe1bf8f7d0b1c6fcf414e4c2e705970737ea835c776

    SHA512

    55c9cda756ddb84016988f08836986cf784cbce55c9a22fcabc1c056821ee2bab099bf2aa1024449d52bc28907e5203169548c5662883260bedeb24612f48e38

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    a49625da2e836a6dffeaf0c67d42b962

    SHA1

    a10308b9398c70527a7aeb623af578107b69f6d7

    SHA256

    dd8f4d1766ed936819b7c1f259aa544b0192d9f4a10099d70bff657c0bead95b

    SHA512

    767971e81259597fd663900edfb00d3863965c395f2d1dd8741f2275d076f00ddbb5e5a23bcc9063fefbdfe41ae55c6efe186c541167d767ea9b0bd0adb83f4a

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    ef75158f7939681335348fbddcae49c0

    SHA1

    7358098a894103daa04a0880468df0859df59549

    SHA256

    2700d53e9629d5757031329fc19c6b0151cac8818389e2204fc4881da4946fad

    SHA512

    5ccaf85329da480ca7ab4e7ca78edc8aebb1aa52b2f3f422de8a0a7dad993300837646d9dfe03e456b8fab39acf47313b93ec489e54aac5889f670d8006e8174

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    52be1b8b49c0adcaf439e7e826d73319

    SHA1

    c704aa68fe89c8285aa53f844705028b8c985bce

    SHA256

    aab68d21f8c0ae78f6812d3fd0fc41ebdbb73894f539929184689bafe37d3c7c

    SHA512

    93efbebee336601bc2121e701407f508da2e5acc934c560903bc87f0ec9be31e555ac069ea076bfd78089eb2beb381a1ba22813f634cf12cbe85a888f3915304

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    b070e65292401c349c2f4589e5dddcd6

    SHA1

    4597c135a39dfa023d60c22688cb18bdff0bf3bd

    SHA256

    a20da31dc47131944e0280a3b4c0dfa403f3b2b626153741a35b26cb3c43f5f0

    SHA512

    95a876aa5ce05cfe6c5e075a15b1b2f72ad6702df6d77a9ba927941c23b6f8768e131f0ac16bd9767c462ce9cc86712cfad0a81b435471357cf57fb3da20cea9

    Download Submit
  • C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EV74ZOZO\suggestions[1].en-US
    Filesize

    17KB

    MD5

    5a34cb996293fde2cb7a4ac89587393a

    SHA1

    3c96c993500690d1a77873cd62bc639b3a10653f

    SHA256

    c6a5377cbc07eece33790cfc70572e12c7a48ad8296be25c0cc805a1f384dbad

    SHA512

    e1b7d0107733f81937415104e70f68b1be6fd0ca65dccf4ff72637943d44278d3a77f704aedff59d2dbc0d56a609b2590c8ec0dd6bc48ab30f1dad0c07a0a3ee

    Download Submit
  • C:\Users\Admin\AppData\Local\Temp\16163\8458\14078\1640557819\ywsinid
    Filesize

    8B

    MD5

    90bf63fa7217a4e5a60f421b64ab30eb

    SHA1

    1614df9f3cb1b5e1dc040b2d7dd942f355994509

    SHA256

    e6c767aaabb678ed4d3fb4f5c9193c55abf9739f641095705e94f198f08010f9

    SHA512

    b88e6d9bccdf292ef62a18f9d080b7bfbbc893f5a3b892634f855558adc6b332e158a629365e0bf319c3d949215f0b878837c2f813b087769671fced831a7955

    Download Submit
  • C:\Users\Admin\AppData\Local\Temp\CabD9A0.tmp
    Filesize

    61KB

    MD5

    fc4666cbca561e864e7fdf883a9e6661

    SHA1

    2f8d6094c7a34bf12ea0bbf0d51ee9c5bb7939a5

    SHA256

    10f3deb6c452d749a7451b5d065f4c0449737e5ee8a44f4d15844b503141e65b

    SHA512

    c71f54b571e01f247f072be4bbebdf5d8410b67eb79a61e7e0d9853fe857ab9bd12f53e6af3394b935560178107291fc4be351b27deb388eba90ba949633d57d

    Download Submit
  • C:\Users\Admin\AppData\Local\Temp\TarDB3D.tmp
    Filesize

    161KB

    MD5

    be2bec6e8c5653136d3e72fe53c98aa3

    SHA1

    a8182d6db17c14671c3d5766c72e58d87c0810de

    SHA256

    1919aab2a820642490169bdc4e88bd1189e22f83e7498bf8ebdfb62ec7d843fd

    SHA512

    0d1424ccdf0d53faf3f4e13d534e12f22388648aa4c23edbc503801e3c96b7f73c7999b760b5bef4b5e9dd923dffe21a21889b1ce836dd428420bf0f4f5327ff

    Download Submit
  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\0AP2ER47.txt
    Filesize

    604B

    MD5

    dd166de0b7fd27277e3a5a71b73ef1f6

    SHA1

    d45df3dc999ff425e47ebe5a2e1603b846af3337

    SHA256

    9e240ce97218fff5d3b917ea69357d2d15a3e44c8d613dc1c98024e2c581d137

    SHA512

    dc478996d1455c3cf391c707edaf297c7cccf3980017b956dac3248110b8d76992cdb0bf47fb87e09dc309a74ca02e91957d9d0996da04bf6cc4b86b8a845bff

    Download Submit
  • memory/1584-54-0x0000000000220000-0x0000000000221000-memory.dmp
    Filesize

    4KB

    Download
  • memory/1584-125-0x0000000000220000-0x0000000000221000-memory.dmp
    Filesize

    4KB

    Download
  • memory/1584-606-0x0000000000400000-0x00000000005A9000-memory.dmp
    Filesize

    1.7MB

    Download
  • memory/1584-124-0x0000000000400000-0x00000000005A9000-memory.dmp
    Filesize

    1.7MB

    Download