Overview

overview

7

Static

static

1

DNSBench.exe

windows7-x64

7

DNSBench.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    26s
  • max time network
    29s
  • platform
    windows7_x64
  • resource
    win7-20230220-en
  • resource tags

    arch:x64arch:x86image:win7-20230220-enlocale:en-usos:windows7-x64system
  • submitted
    03-04-2023 22:04

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    DNSBench.exe

  • Size

    159KB

  • MD5

    154ee28facb62e73e1dcaf3562c2d6ec

  • SHA1

    570b1f2153c735ea0f9e5680c8f21cc581cd69e9

  • SHA256

    ab42c94fc03ddbf446319772518b229d7b2e2546fdddaae7c01abe0fa8a02be1

  • SHA512

    b000502243b66e9dc535b0eb6fbd9212ba6adabc519c0ca4c44d65ace1c659efa8be12a843f480e3e8ff436246d919ba19e5307e9aedd81893b77343274d7735

  • SSDEEP

    3072:XSww+ICvU0Qv8Z9yzvSh3gzaDKzHDa4cn2qTWM9gbYfNjh:XSwwPC08CzvSh3geOzm4cn2AWM9gb4

Score
7/10

Malware Config

Signatures

  • Unexpected DNS network traffic destination 10 IoCs

    Network traffic to other servers than the configured DNS servers was detected on the DNS port.

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

  • Modifies Internet Explorer settings 1 TTPs 25 IoCs
    adwarespyware
  • Modifies system certificate store 2 TTPs 2 IoCs
    evasionspywaretrojan
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 4 IoCs
  • Suspicious use of WriteProcessMemory 8 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\DNSBench.exe
    "C:\Users\Admin\AppData\Local\Temp\DNSBench.exe"
    1⤵
    • Modifies system certificate store
    • Suspicious use of WriteProcessMemory
    PID:1320
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" http://www.grc.com/dns/benchmark.htm
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:1720
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1720 CREDAT:275457 /prefetch:2
        3⤵
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:1152
  • C:\Windows\explorer.exe
    "C:\Windows\explorer.exe"
    1⤵
      PID:1344

    Network

    MITRE ATT&CK Enterprise v6

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\B398B80134F72209547439DB21AB308D_A4CF52CCA82D7458083F7280801A3A04
      Filesize

      471B

      MD5

      de2418c5a15e64ff68f5f37989cfe2d1

      SHA1

      2403a66a4b9ca9b2e731bcb28648b3951da4103e

      SHA256

      0a69665f8b602c5464a72a33d892956072865217b9c19644cdfd1f826582214a

      SHA512

      8df3716f62d65330fbf6133a7024689e10b2f8fcd16fa6996acb6a7478a249745b474a7e3156d12493c863ef2a80c894853d59333c822b26a11469dad46712fb

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      dd2aaed02417141165f41d69ed965838

      SHA1

      616d3d3f11d0d3d73a4a5096bd1085c608808150

      SHA256

      2971f17a633b11ce3439883a6131d827f3a528504bd2c417028bff6c00d005d5

      SHA512

      4ca374c62a5227b5b6535eb595b01986a3003989ed7240b6fbab48d4f53093db66e8cafdb8a8c360e2ea8e49da766a25ca910722c53707c0725d324edbc52d64

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\B398B80134F72209547439DB21AB308D_A4CF52CCA82D7458083F7280801A3A04
      Filesize

      430B

      MD5

      43dd825d6f4e87f8041866b586ffb3b7

      SHA1

      c529f828c97f0072912c84b679fb7b72bf99dc31

      SHA256

      a76abdf41368dbce2cd94693d4ff4ddef998535ab29741bbd047d3b8df5ff684

      SHA512

      4c82a09ec18bc867fe23def6322e123ac5cd88920db68f4122096fd4e83ae488edfe522f6ef7fced18c070534616373b8f8424b75929280dafaebd7d96f5bc4d

      Download Submit

    • C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\imagestore\p734dsx\imagestore.dat
      Filesize

      6KB

      MD5

      fe298d3000b9c78084e0e9e67fd09548

      SHA1

      9331f4975e7027d0f104e04f1c5d25d6211c76e8

      SHA256

      73784d709a108762d3f57791d5e3f203c3e079cf1f72602775f423ac8e405466

      SHA512

      30223e1e95ecb0831edacb6519b4f86f50aeebd0705eca43c088beaa57b378f1353e1748242ec1700bbe1c700152b2b65261e7ff85e7ffd73b3444daf24fe019

      Download Submit

    • C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\NZTPJYNO\apple-touch-icon[1].png
      Filesize

      2KB

      MD5

      b0f8203e175986bddaeba0d2eef67878

      SHA1

      8759e241defabc1e74fb1d8aba36cf2b56cb4007

      SHA256

      c535a84faddac9f95c9dd679eeb97f467e20d6203bb08a863ccc609b39b3a552

      SHA512

      d0690f0775c8c6893eac77cb76faed1ff5bf2da849fa3b6c13bce6d2f97563d3954ea4bebaeaf5d61f4987f76bb64e6f6df18e952cc6eb3c0d2ff7245a897f97

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\Cab5E57.tmp
      Filesize

      61KB

      MD5

      fc4666cbca561e864e7fdf883a9e6661

      SHA1

      2f8d6094c7a34bf12ea0bbf0d51ee9c5bb7939a5

      SHA256

      10f3deb6c452d749a7451b5d065f4c0449737e5ee8a44f4d15844b503141e65b

      SHA512

      c71f54b571e01f247f072be4bbebdf5d8410b67eb79a61e7e0d9853fe857ab9bd12f53e6af3394b935560178107291fc4be351b27deb388eba90ba949633d57d

      Download Submit

    • memory/1320-54-0x0000000000400000-0x00000000004AA000-memory.dmp

      Filesize

      680KB

      Download

    • memory/1320-55-0x0000000000020000-0x0000000000023000-memory.dmp

      Filesize

      12KB

      Download

    • memory/1320-56-0x0000000000400000-0x00000000004AA000-memory.dmp

      Filesize

      680KB

      Download

    • memory/1320-82-0x0000000000400000-0x00000000004AA000-memory.dmp

      Filesize

      680KB

      Download