Overview

overview

10

Static

static

10

TekDefense.exe

windows7-x64

7

TekDefense.exe

windows10-2004-x64

7

index 2.html

windows7-x64

1

index 2.html

windows10-2004-x64

1

index2 2.html

windows7-x64

1

index2 2.html

windows10-2004-x64

1

index3 2.html

windows7-x64

1

index3 2.html

windows10-2004-x64

1

ransomware.exe

windows7-x64

7

ransomware.exe

windows10-2004-x64

7

tekdefense.dll

windows7-x64

10

tekdefense.dll

windows10-2004-x64

5

Analysis

  • max time kernel
    100s
  • max time network
    146s
  • platform
    windows7_x64
  • resource
    win7-20230220-en
  • resource tags

    arch:x64arch:x86image:win7-20230220-enlocale:en-usos:windows7-x64system
  • submitted
    27-03-2023 09:37

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    index 2.html

  • Size

    536B

  • MD5

    d8054b190eeae6c777bb693dc14ce497

  • SHA1

    1b7aa7a0b6d0126ed4e2771a89ffbcb0f1e50205

  • SHA256

    69392b73c989af987838d132fbe17bfe6b124917074200897197c21f6ff51716

  • SHA512

    351ad20ece4d3155fb7045a3a20de33276d76f934c88d538f86aa5e7f419a2bd1253f870e5a9e07a46c4657149dade9b93fc94c3e0d04ca565082c2ad18ded39

Score
1/10

Malware Config

Signatures

  • Modifies Internet Explorer settings 1 TTPs 38 IoCs
    adwarespyware
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" "C:\Users\Admin\AppData\Local\Temp\index 2.html"
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:1560
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1560 CREDAT:275457 /prefetch:2
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      PID:376

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
    Filesize

    61KB

    MD5

    e71c8443ae0bc2e282c73faead0a6dd3

    SHA1

    0c110c1b01e68edfacaeae64781a37b1995fa94b

    SHA256

    95b0a5acc5bf70d3abdfd091d0c9f9063aa4fde65bd34dbf16786082e1992e72

    SHA512

    b38458c7fa2825afb72794f374827403d5946b1132e136a0ce075dfd351277cf7d957c88dc8a1e4adc3bcae1fa8010dae3831e268e910d517691de24326391a6

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    c2ce4f881fa0d6eafc74b524c2e696e2

    SHA1

    d6982822d6052d645a677a4ec7e1c7dd96766d1f

    SHA256

    ec807aebb8a0409e16646f1886f0029be3deac71b89abbd95978f5d50a7b308e

    SHA512

    1c31ef897c341070c5e8812d7a4aa6d402dcb7c6d735b866ddaeb47d07f25f86b9517f41e476a6de028d387cc8a2696fdc37919dfbb849f4ae3c61b1873497bc

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    03371ab25bd148bb5e58c71b34176e29

    SHA1

    9a4cb4981569ac749b9437dcbe76d3e013128efa

    SHA256

    2f7f15b2744cb69ffdbf10d3e0a691ef46a34e3c970564d4ed3ec27fd09daed8

    SHA512

    2758507e68cb6c08905440bc6ee3239f5a45d351e2775aea7802cf7cce953c44e5e86b69eaf76a9fb20547c54cb974a8bc1cb1c9d17cf5d0f9a1cea76b513191

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    854f7f6c98c67c886816b32de7cb23a0

    SHA1

    69efa53dd63b2323235bfb134f08b26a50881991

    SHA256

    11f18533aeb3f46ad1e1273171aed6f62f5210f80a34324dc3ca95d7bc8c5bed

    SHA512

    4b502e52cdafba8561645ae714de54bae7abd079947114bc9a8fbe92362ea64c248a13d61dc7ff91a0d4dc25bb881bf6a6ec1f281a15c39178fc05cbb1787f6c

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    f93a6a77992efd1d068cb97300449bbf

    SHA1

    e666c0d0b251f5c0c6c748b984a557e28f47ab5b

    SHA256

    c490c7c9f3dddd09e0cd2cf6a64c28efd01242f9d971e5df1a699cc96f7c192f

    SHA512

    2db651286721a0ebe0e28aad76c436e89c63bad115289dfcf89796262626e1092bdea147710b0911a5ae7c1a2fc0bd9e1abbd1d021f4c33a66df034df2bc7f7f

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    77f3fcf5c7726f962f91a60b61d7cef5

    SHA1

    ffa1e8d9fb18d3d6c5343b47bb50c9b1f5f39060

    SHA256

    debd6d458feae69a66b8427ec1352afb900907373d05477b7f925261027e2a2e

    SHA512

    4feb2affd9447c3caeb98e3dbb50cf384a2af5b4f04b284811832c8444be92725beb574e3b3716e36be73817837af7014a95c5351cad72c7e7ecd6d37bf782cf

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    c716517481f7d0ce43f007d55d8a579a

    SHA1

    66c0577a149f70c38aaf54080a0bdc45a8837871

    SHA256

    3ddcd4e082c840fe6ac57ca0f57ab6e3665112bc59575135aec5643a0c2af568

    SHA512

    4eeb2f50d99fb346c9efd64cfa8f75ba63166373c7a889d0fe73ee2e13a6b8beae780777a45f3da0f7bc4a733e03438138ede3292ad793abd6204109c76cc967

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    e1d45022db9f2ec452cda7ba35f15280

    SHA1

    93bba4910781beaa880b1579110d22697ffa4dbd

    SHA256

    3f406d70374a936e4dbb54dd1b9d2142ea4ae44882d53e13f44f28c58e54b68d

    SHA512

    0ad4dbbef816f54d4d73ed97b59b59d1bf54e7c2a3ec927fb3804e5d38a9064982d1164e9bb635ead621436ebf1428f7b32c16a86c99aa23fc73913d00c29238

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    da093c8a852202b15482cb0539a5b1dc

    SHA1

    c03a9b722ddeb6c456586f81db9db89eed93fb4d

    SHA256

    6e3a3019f0478262767feb6310e5f38f8efcd749d70a4b4418607fed9ac2e1ca

    SHA512

    0dd0c881437630b9cc51791887c2338fd3a3f791db378931b91b8717c3d062107dbc3ae1b6b9c023a8c467a5aea4ee424b6f4de9e8a154628409ce8756873bd5

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    58f003f898f070b2d6dabdece8192baa

    SHA1

    e2fcfbfb3efd6695cfc6942b9b57133882df2884

    SHA256

    c92a7890e2b3efb6d459cf91e3c1a01af1bc191d4ef506d18e9fb812791c2df8

    SHA512

    061cead711f2e306fa22eedca14d5f8efbbea446cf5ce5deadd6c7e76a99e20b8519475d1d4b639421dd6552777fa64d861a3e66e281ed5d43ac489317e8dff3

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\RYXN1WWD\suggestions[1].en-US
    Filesize

    17KB

    MD5

    5a34cb996293fde2cb7a4ac89587393a

    SHA1

    3c96c993500690d1a77873cd62bc639b3a10653f

    SHA256

    c6a5377cbc07eece33790cfc70572e12c7a48ad8296be25c0cc805a1f384dbad

    SHA512

    e1b7d0107733f81937415104e70f68b1be6fd0ca65dccf4ff72637943d44278d3a77f704aedff59d2dbc0d56a609b2590c8ec0dd6bc48ab30f1dad0c07a0a3ee

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Cab45CA.tmp
    Filesize

    61KB

    MD5

    fc4666cbca561e864e7fdf883a9e6661

    SHA1

    2f8d6094c7a34bf12ea0bbf0d51ee9c5bb7939a5

    SHA256

    10f3deb6c452d749a7451b5d065f4c0449737e5ee8a44f4d15844b503141e65b

    SHA512

    c71f54b571e01f247f072be4bbebdf5d8410b67eb79a61e7e0d9853fe857ab9bd12f53e6af3394b935560178107291fc4be351b27deb388eba90ba949633d57d

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Tar4779.tmp
    Filesize

    161KB

    MD5

    be2bec6e8c5653136d3e72fe53c98aa3

    SHA1

    a8182d6db17c14671c3d5766c72e58d87c0810de

    SHA256

    1919aab2a820642490169bdc4e88bd1189e22f83e7498bf8ebdfb62ec7d843fd

    SHA512

    0d1424ccdf0d53faf3f4e13d534e12f22388648aa4c23edbc503801e3c96b7f73c7999b760b5bef4b5e9dd923dffe21a21889b1ce836dd428420bf0f4f5327ff

    Download Submit

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\C8CPPJAT.txt
    Filesize

    600B

    MD5

    e47a284988abcc938c15b1cd546d675e

    SHA1

    b1d431fd54bef1ee03437cfc638205bee51fac9b

    SHA256

    6f615dac3bbc4ef5def850c133c07bb5bdcbbfa280a1a77b3e65c3adce9c54d9

    SHA512

    1c04b63e683097363c87f049c75f85f607e6d383cd2234b2a0a006223c04377370cd45be6b1fb8656ba3886836dcbdfc016e0bf49645889a451e28707867de81

    Download Submit