Overview

overview

7

Static

static

1

GlyceriaHa...ee.jpg

windows7-x64

3

GlyceriaHa...ee.jpg

windows10-2004-x64

3

Mainprizer...nd.lnk

windows7-x64

3

Mainprizer...nd.lnk

windows10-2004-x64

3

StanesBese...ly.cmd

windows7-x64

3

StanesBese...ly.cmd

windows10-2004-x64

7

StanesBese...ne.jpg

windows7-x64

3

StanesBese...ne.jpg

windows10-2004-x64

3

chuhraFond...ia.wsf

windows7-x64

3

chuhraFond...ia.wsf

windows10-2004-x64

7

chuhraFond...le.exe

windows7-x64

chuhraFond...le.exe

windows10-2004-x64

1

Analysis

  • max time kernel
    106s
  • max time network
    143s
  • platform
    windows7_x64
  • resource
    win7-20230220-en
  • resource tags

    arch:x64arch:x86image:win7-20230220-enlocale:en-usos:windows7-x64system
  • submitted
    24-03-2023 11:23

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    chuhraFondled/longeveEctocondyle/UndersortPodalgia.wsf

  • Size

    308KB

  • MD5

    1dcf754fad54c2b87a00606217d004db

  • SHA1

    a10b9e0d84058df4c8e61f9ec9a9a453640e9f60

  • SHA256

    1b6f1d744c48df52231fe303f3c2911b3daf8b6e849d026916ced7e98948b946

  • SHA512

    311d63d4c3cc24607380c93b4828d6bfa99ba981e598c4e5ce996c462a9eb90ca0f132687888045754a18a982cfb9ae3101737cdee52a21bae942c07f2a3e2c9

  • SSDEEP

    6144:sU+pm3bu/2htEx/ooE1XRiXIJ4H/qYCWsh96bioMUv/76BPBoLFFaZDe9tNBq:sU+OZtJ4XIPcuozrzCf

Score
3/10

Malware Config

Signatures

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

  • Modifies Internet Explorer settings 1 TTPs 36 IoCs
    adwarespyware
  • Suspicious behavior: EnumeratesProcesses 2 IoCs
  • Suspicious use of AdjustPrivilegeToken 2 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 16 IoCs

Processes

  • C:\Windows\System32\WScript.exe
    "C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\chuhraFondled\longeveEctocondyle\UndersortPodalgia.wsf"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2008
    • C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
      "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" $tripod = Get-ItemProperty -Path HKCU:\SOFTWARE\tripod | %{$_.UnrespectablyOvershot}; powershell -windowstyle Minimized -encodedcommand $tripod
      2⤵
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of WriteProcessMemory
      PID:1036
      • C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
        "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -windowstyle Minimized -encodedcommand
        3⤵
        • Suspicious behavior: EnumeratesProcesses
        • Suspicious use of AdjustPrivilegeToken
        PID:1104
    • C:\Windows\System32\cmd.exe
      "C:\Windows\System32\cmd.exe" /c start https://learn.microsoft.com/microsoft-365/troubleshoot/
      2⤵
      • Suspicious use of WriteProcessMemory
      PID:692
      • C:\Program Files\Internet Explorer\iexplore.exe
        "C:\Program Files\Internet Explorer\iexplore.exe" https://learn.microsoft.com/microsoft-365/troubleshoot/
        3⤵
        • Modifies Internet Explorer settings
        • Suspicious use of FindShellTrayWindow
        • Suspicious use of SetWindowsHookEx
        • Suspicious use of WriteProcessMemory
        PID:976
        • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
          "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:976 CREDAT:275457 /prefetch:2
          4⤵
          • Modifies Internet Explorer settings
          • Suspicious use of SetWindowsHookEx
          PID:1304

Network

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

System Information Discovery

1
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
    Filesize

    61KB

    MD5

    e71c8443ae0bc2e282c73faead0a6dd3

    SHA1

    0c110c1b01e68edfacaeae64781a37b1995fa94b

    SHA256

    95b0a5acc5bf70d3abdfd091d0c9f9063aa4fde65bd34dbf16786082e1992e72

    SHA512

    b38458c7fa2825afb72794f374827403d5946b1132e136a0ce075dfd351277cf7d957c88dc8a1e4adc3bcae1fa8010dae3831e268e910d517691de24326391a6

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    304B

    MD5

    9c470138bf178b29b0baad9050473f77

    SHA1

    78164273b3f21bbb2e927141f9c1d2b8db9cd25d

    SHA256

    dd3d1f6c355d23945b31568e149d6838980be60902482bde804bdd249c2ddb1b

    SHA512

    846311c9ba01bd43c78204dbefe3493cccdbd41949bfaca0aa460906c5597872e4850b5ffcd29de8ef75c5a2bc28b71a30aac62d464aed98fce71bc06d951321

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    304B

    MD5

    e65a2fcc70f85c39624f04a9da57d6d3

    SHA1

    ae02a7f2586f2072d72418281ac714cd1b10c3f5

    SHA256

    6b72096c9090dbd2b6677e66302b704deda0e3eab17f94b6be5ef1b560a4110d

    SHA512

    fad696077c317fc393c3b9bb8454e79466deff2ec146b7b28c5a2174bfeaa5e0e8dd2eb67b93c8fe052486f8a2801793c76da8b3b90d730f1dc3f68aeef20bb7

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    304B

    MD5

    e65a2fcc70f85c39624f04a9da57d6d3

    SHA1

    ae02a7f2586f2072d72418281ac714cd1b10c3f5

    SHA256

    6b72096c9090dbd2b6677e66302b704deda0e3eab17f94b6be5ef1b560a4110d

    SHA512

    fad696077c317fc393c3b9bb8454e79466deff2ec146b7b28c5a2174bfeaa5e0e8dd2eb67b93c8fe052486f8a2801793c76da8b3b90d730f1dc3f68aeef20bb7

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    304B

    MD5

    e60bf8377c5a127c6edd9ff851457e06

    SHA1

    f8be84f61588b68f9892771042d4510be060a3b8

    SHA256

    4ca5c043051077e4a1384887893852a59e30a876ef10fff2c68cafd598171156

    SHA512

    2859718184c483461c9cf289221490e7094798311cdd4059cd2685d3017ef8722c1907bf0fa8d2cf01ff17d90a4cc7000fac9dca780e7590eb8512e45f1d178d

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    304B

    MD5

    3e4c0940c7d8d6b7722118008c1fe51b

    SHA1

    d573a3786b13f06067667e29f23dbbd0e79ace1b

    SHA256

    6dfb0dfc81efafaf9714c50b56fa1a9debcd93ce3d553e275f2c9455e6043da2

    SHA512

    0223ec728288632a28e73240e63f1d4da6c463f3b987fcff5449cc88c51cf5d3eb3d21bc742986ccbcf61befedaf5c74f865fe81da80302fa22e118a7592f5fb

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    304B

    MD5

    0a4bceea9363a88a67c3a36fde2f6ba0

    SHA1

    cd434319166ef6c021b5543c6a128b15e154d38d

    SHA256

    eeb9226ae4774299e53cdb4834ef046e6fcae25ab856e4876640479171493262

    SHA512

    5e4e1b01017ff90617579fa0cf2230a20c3df849a066a309379dd06984b9ad76a58661648ca2fdf3d2d60150a334b5612bdc326d322a94e2181d74746de0f9e1

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    304B

    MD5

    5c20c2bb2b002beed9de87d4d85de62a

    SHA1

    1196b057f0ff80565c8f03062bd0fbe44c94ad34

    SHA256

    3377a151495cadfd4048f24926abc94e083885e10e82077b52c17ccbe1a64db0

    SHA512

    1665b29b82d4bbb0fe6efa0c5b69376320e52fa52be85195917f0d6b20abeae895598659a6dea39517acaea55f8d4fd1d72adf4fcb82c85986cf64697ff6acdb

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    304B

    MD5

    e82044681440f52a465a7bf9c6becbed

    SHA1

    a4fed51c592f6ee17491bd9b785fcaded2326704

    SHA256

    bcdf61302295b2d1741a3de83c64f3271b6f8451d790edf654b8960874073b37

    SHA512

    5e52288658f2b79fd8e1892b5f7a44be215553b95267a5dafe0293a1445b276fcebf27736a607bdba42315d070ae8ac8093015f265d50410fe8c4958e3309494

    Download Submit
  • C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DomainSuggestions\en-US.1
    Filesize

    17KB

    MD5

    5a34cb996293fde2cb7a4ac89587393a

    SHA1

    3c96c993500690d1a77873cd62bc639b3a10653f

    SHA256

    c6a5377cbc07eece33790cfc70572e12c7a48ad8296be25c0cc805a1f384dbad

    SHA512

    e1b7d0107733f81937415104e70f68b1be6fd0ca65dccf4ff72637943d44278d3a77f704aedff59d2dbc0d56a609b2590c8ec0dd6bc48ab30f1dad0c07a0a3ee

    Download Submit
  • C:\Users\Admin\AppData\Local\Temp\Cab8AB6.tmp
    Filesize

    61KB

    MD5

    fc4666cbca561e864e7fdf883a9e6661

    SHA1

    2f8d6094c7a34bf12ea0bbf0d51ee9c5bb7939a5

    SHA256

    10f3deb6c452d749a7451b5d065f4c0449737e5ee8a44f4d15844b503141e65b

    SHA512

    c71f54b571e01f247f072be4bbebdf5d8410b67eb79a61e7e0d9853fe857ab9bd12f53e6af3394b935560178107291fc4be351b27deb388eba90ba949633d57d

    Download Submit
  • C:\Users\Admin\AppData\Local\Temp\Tar8B59.tmp
    Filesize

    161KB

    MD5

    be2bec6e8c5653136d3e72fe53c98aa3

    SHA1

    a8182d6db17c14671c3d5766c72e58d87c0810de

    SHA256

    1919aab2a820642490169bdc4e88bd1189e22f83e7498bf8ebdfb62ec7d843fd

    SHA512

    0d1424ccdf0d53faf3f4e13d534e12f22388648aa4c23edbc503801e3c96b7f73c7999b760b5bef4b5e9dd923dffe21a21889b1ce836dd428420bf0f4f5327ff

    Download Submit
  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\Q1VS2J4I.txt
    Filesize

    603B

    MD5

    13c77e65e80e6cbdbf757c712329fa56

    SHA1

    4722976d0a7d3f683c180b8c7289060a473e1de3

    SHA256

    8ee4db42a4cc7b699121ba1da826abd26993f90341b77e42beb66a5ecd32dc23

    SHA512

    0e0c33e2e2a6fd6423c9da4767efa7a143dec530f81b6b992ef7c415407b727cabe3f7de1c980c3fb769466ca1131ef4bf5e9611f831fb816468f60c54a9ac24

    Download Submit
  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\590aee7bdd69b59b.customDestinations-ms
    Filesize

    7KB

    MD5

    e2724ec5fa13798dcd7043cf56f638f6

    SHA1

    965c7450ea752e70ed0724e72b82842cdacaed41

    SHA256

    70e8a110ed3b7393b7da64bf617bd85c82aaca462183b033c1cc61900b067599

    SHA512

    4ae22847dcc8b8834c45a93a7db2899fd0872887bb05f6c39f35939753d5608957e39246b1a6a911b6fdac592a97d076d54629da8fae426a56dc3b3710383b41

    Download Submit
  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\RIQW5805CCMSBY64P19P.temp
    Filesize

    7KB

    MD5

    e2724ec5fa13798dcd7043cf56f638f6

    SHA1

    965c7450ea752e70ed0724e72b82842cdacaed41

    SHA256

    70e8a110ed3b7393b7da64bf617bd85c82aaca462183b033c1cc61900b067599

    SHA512

    4ae22847dcc8b8834c45a93a7db2899fd0872887bb05f6c39f35939753d5608957e39246b1a6a911b6fdac592a97d076d54629da8fae426a56dc3b3710383b41

    Download Submit
  • memory/1036-70-0x00000000029E0000-0x0000000002A60000-memory.dmp
    Filesize

    512KB

    Download
  • memory/1036-67-0x00000000029E0000-0x0000000002A60000-memory.dmp
    Filesize

    512KB

    Download
  • memory/1036-64-0x0000000001F30000-0x0000000001F38000-memory.dmp
    Filesize

    32KB

    Download
  • memory/1036-61-0x000000001B3E0000-0x000000001B6C2000-memory.dmp
    Filesize

    2.9MB

    Download
  • memory/1036-72-0x00000000029E0000-0x0000000002A60000-memory.dmp
    Filesize

    512KB

    Download
  • memory/1036-90-0x00000000029EB000-0x0000000002A22000-memory.dmp
    Filesize

    220KB

    Download
  • memory/1104-89-0x00000000024C4000-0x00000000024C7000-memory.dmp
    Filesize

    12KB

    Download