Overview

overview

6

Static

static

1

394c34e88e...b3.exe

windows7-x64

6

394c34e88e...b3.exe

windows10-2004-x64

6

Analysis

  • max time kernel
    108s
  • max time network
    151s
  • platform
    windows7_x64
  • resource
    win7-20230220-en
  • resource tags

    arch:x64arch:x86image:win7-20230220-enlocale:en-usos:windows7-x64system
  • submitted
    04-04-2023 05:01

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    394c34e88e9a1d367faee6bea55fba3e0168447fea01479a40c49df429350eb3.exe

  • Size

    1.3MB

  • MD5

    05a059fdaab7e3f5190c0d410f83dbab

  • SHA1

    b043cb3070c3f86b6c877a73ea1f24f069f0bb2f

  • SHA256

    394c34e88e9a1d367faee6bea55fba3e0168447fea01479a40c49df429350eb3

  • SHA512

    07fa92386a9cabb5a3db78f2feb5d9303218eddaec76e9b4d48bad85d9ae9a3b41147a2abf71ac005a2c358365596c2f5406debcec25469cccb34cd9de8a7c8d

  • SSDEEP

    24576:5lwiv/pny32/NX/0re04fl0aPv70gLoKjVOECI/a1vEFCi0VxUHsUXzSd+P3lpe7:5+M3VPtlt+4zU2oAmuSawfwhe4tE63JE

Score
6/10
bootkitevasionpersistencetrojan

Malware Config

Signatures

  • Checks whether UAC is enabled 1 TTPs 1 IoCs
    evasiontrojan
  • Writes to the Master Boot Record (MBR) 1 TTPs 1 IoCs

    Bootkits write to the MBR to gain persistence at a level below the operating system.

    bootkitpersistence
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

  • Modifies Internet Explorer settings 1 TTPs 55 IoCs
    adwarespyware
  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 8 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\394c34e88e9a1d367faee6bea55fba3e0168447fea01479a40c49df429350eb3.exe
    "C:\Users\Admin\AppData\Local\Temp\394c34e88e9a1d367faee6bea55fba3e0168447fea01479a40c49df429350eb3.exe"
    1⤵
    • Checks whether UAC is enabled
    • Writes to the Master Boot Record (MBR)
    • Modifies Internet Explorer settings
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of SetWindowsHookEx
    PID:1100
  • C:\Windows\system32\AUDIODG.EXE
    C:\Windows\system32\AUDIODG.EXE 0x2f4
    1⤵
      PID:2024
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" -startmediumtab -Embedding
      1⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:1896
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1896 CREDAT:275457 /prefetch:2
        2⤵
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:1036

    Network

    MITRE ATT&CK Enterprise v6

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\0DA515F703BB9B49479E8697ADB0B955_4136D3715888E22D65EBE484B233D81B
      Filesize

      1KB

      MD5

      7c0ea06de3961b8af4789a180f615c1a

      SHA1

      5a1a836decbebee1de4f523b9430d89c5b19ab40

      SHA256

      9f17f77ea39c7833d1dd304d8b17223eb43656236ed8d3cd52b3a4e799479d53

      SHA512

      f3f6eddaa2232cc9668650e7b51a4ce2930ab8152469cf8331a5f645a657861894ed97922319aa8c11bca2b8ce3d6074b936b8532a01404c4b6d647c2bce4ed4

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\349D186F1CB5682FA0194D4F3754EF36_97A2CB43E01F27293633B7B57353C80B
      Filesize

      1KB

      MD5

      ed7a8b1aabc02f907daee1c31f098fc0

      SHA1

      7e442ca78dabc8308ad7ffd737a58f193eb6e3b7

      SHA256

      ddc9caee1e487d4fe4b84b1eb07056382020b193b2bb79c236a8f5c1e5cdb0a2

      SHA512

      e6f15d79887b1c203671502a830a377ab4f0e008adf4d72fb4957ee95023487e6fcc9cc1c404fa99c2e1bbce6b57c7143066bb65fd749ea40b3c1d54044d8798

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\B039FEA45CB4CC4BBACFC013C7C55604_50D7940D5D3FEDD8634D83074C7A46A3
      Filesize

      1KB

      MD5

      b73f67e61df2ed46baefda9dcf6e59fa

      SHA1

      1a18a3d6ebc4955d7a38e8a47142204829a924bc

      SHA256

      d4fece2809e2a3aab4ff59a4e4825b206fbecfcdde59ae712f5415c55b4ea58d

      SHA512

      a917f7d872036787771bcf11996325e5163e02b7f3a6174fa6abb0de5a22d3fa1c989d8dea76863aeb5f40a56fdd0e0b7eb2c1c8b8ea0b3e96bb061396e3dd5d

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\0DA515F703BB9B49479E8697ADB0B955_4136D3715888E22D65EBE484B233D81B
      Filesize

      508B

      MD5

      57fd62a6ee0ee0969fcfcd95f9fb0b51

      SHA1

      16acf72d972fc3b470bf0db35326ca095267b319

      SHA256

      8128ae284317c44a1c03695c0b773497a493a83963683db622cf715269454a63

      SHA512

      7c0b181b72f0b70e1f09f71f2dbe32f4d314d2df4125b75cfa1d1861f5c76a773b7b37cf5fa3435abd1322122d10da10c28df4f0939fc3ea525d7af61167f1e6

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\349D186F1CB5682FA0194D4F3754EF36_97A2CB43E01F27293633B7B57353C80B
      Filesize

      532B

      MD5

      bfa754eacf8b07a327aa5ed38a1f3ffc

      SHA1

      206b2bbed3ba19dc8dae611c3d811b974694fdf4

      SHA256

      5999d560c0be3c30f755bd82dc7ec86ccb8545449af6c4aaa4825c81f7e53745

      SHA512

      a273a97fb291b32370b1bd51d7bb207727461b9b79baae45aac1c83e9f511ed1ab2ee4471858752f061a4a366a325d36c7ec7761c9338bcd6f18117682a37548

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\4B3D1CD03E2BE9D4F9CDDE390F5EFE31_4FB671D7D2E90DD5F9C49160E26552F9
      Filesize

      524B

      MD5

      d4517b10d7b6794f41fe1f2f10735535

      SHA1

      4b9654f2f190402d221bdb0b738ffcd04b24c16d

      SHA256

      2cbfd9df55350dbae0a844dfefcf5e1edefd2e22b653be37a1c114caaed7eae0

      SHA512

      a8b7ce1bbc8978a712dbb82bed41a907ded36ffdee921929855181c9a5f41fbbb566e23ca0f88a204e1cfc70703356c64ea9aa1d3683c1d55099bb7bac44abd8

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      6ef6068a7943e8c163fcae9f4bc90eba

      SHA1

      620d4f1cb3857441da3afa78fe9913ad261e6465

      SHA256

      bd35507f1626c3845d357d64dba8718a0dbcbb9ddd483a46984b674e74e56390

      SHA512

      cb853930d23bbe29e5f1e83d144c80a47a9640897aa69ec6f644972a02d131d4ef41de5bb9b0bd2a1215228e363158da4264f4db471bc47198daeadf2a880069

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      637e3ff2e46e36e119b12648659688da

      SHA1

      fe76a5c9ebd2768636bb28e7f89cfa86e9fc5a7d

      SHA256

      51bcfb612a3ee0c8f82c3d0fb0c16c21a7accecb0c9495158c210424d38929aa

      SHA512

      ae2664dbc1ef08ef6401fb438af1eeca7301cfee5903ba11070eeda1505c49915004f105763e920c0ad39c092a0fe59b41450aac83e6ef26dcf587207afe37a9

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      9cbad47e5c8c7baa07fc5d3129e74cdf

      SHA1

      8470103f984ceef084181c9cdfe507e7e62c3f4b

      SHA256

      7110c4f1317e1a6d85258d9f0668d697e8c6b85739f7502ab2bb688164937ebb

      SHA512

      630ad1d36a2b570467f72cb2eff32c0ba4b8f37babc372cca9061191eaf6fdca5901216a9ec6402727f38b684a777142ef800ca84e6db06a5e2b724bca9c02de

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      c9f8fbff60e3d7a2c7dbe1c4aa33a99a

      SHA1

      dac498df227322523189e44132eac21d48d63578

      SHA256

      83d4ecab05d37eed9fa34eeeec3cef52b3b4ce8547d01ab81484734db45de93e

      SHA512

      c4de2d577c62a950e7ba00b54d7e31df8081ddf3acbffb08923b9dd1e91ff9602b52e2bb8691caa7671f40add0c6ee64ea643d4f2cd67a326bb4d7c28d2b517e

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      19ccf4797887a780447f6b867fcc2e4d

      SHA1

      c2dadbc6784225c0987a09fb36b22ffa622a073d

      SHA256

      3ff0a9d9b9339f12c862b621439b999360d7f02f0fa22ce47851ceb051cea5a6

      SHA512

      097a4a66de26cb34877976ca96f9d17f19827b7ef923868df98c0ed3bc54597b0386275a2795cb1477dd1aca1793d68eaf84c1553770c8f893f518e6d286d148

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      912000bf9b0a26a6f2fff57ffc4cfdf6

      SHA1

      44392b07b2d852f858a8e504813f2afd6cc72454

      SHA256

      277bf35d3f7305597f8e28dc68fe1745bcbbe7c447acbb75c37efd13180a42bd

      SHA512

      cef4ad759ad63ecca1fe7490caeeaa506a1aa65c843317f66e824db166dce91aa1192f062fdb1a29c50ac0144cdee7c904ebe9061b03e67cbfbfbe9523080b3c

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      97b78a21b55916b20f295ac026505064

      SHA1

      756900b5f1dfea3aafb6778751b3187b967e1cf9

      SHA256

      794875ec2e94860058fde082141cf8a0cfc18a7ab46ee0faa55d59f3e59a8588

      SHA512

      5e56f8fb7b665def94ece3d59bf5b87a9b6180c1ef0a2229888aa84db36f696f14dbd3399d56bce2b68c19e8e38905ac0f71db7860b0a2ca5d9be3e2e73b55ce

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      0a2b16a35b3497db283ac4191bef79a1

      SHA1

      4449c201fe72cee0a2082d16d4da9525c9156cdb

      SHA256

      bc9df012095fbc3225e6736b74f6da47fb1d47f28d1affde375d32ab2e446b61

      SHA512

      84c820d1b2fa04cf23568c519b6e591e59ec2d84cb96b665225628dc8d85cf0fe01d08ad39eb0811e947ebe162772e558f7e54188b480776b0bfb02c2711aa7a

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      3fc033e20e33d171272037a9dbadf061

      SHA1

      dfe255d7a3abcf565ba1ec10b6ad8ff9248fe1f0

      SHA256

      0517a858fefba371c034005ea1abbac2c6388916f937d4999eaf26e3223d9dd8

      SHA512

      3cc00796a5e3569042c999584f1eaf71228a2f4b6dc0ccdb61c89d623352aa16a823b416c0cb807237f62d2ce418c03c49ec442289069556f351f605c0df6c6f

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      1fdc1c61d4c7d55dd42732004c524494

      SHA1

      1ba873d8559357eb034488da348d1d05d29617fe

      SHA256

      249d55c943c6299c36503866bc74d790b2d26b11cf2b404155ec455284025ffe

      SHA512

      a647834b98e59199cb3a5ce38c5af1cba661d3863d943a62d19bc6c76a8385af2d4827fb7c3ae31cb4b33590cbb350c103c9fd3caa4a6bfcc541bcdb78e75a40

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\B039FEA45CB4CC4BBACFC013C7C55604_50D7940D5D3FEDD8634D83074C7A46A3
      Filesize

      506B

      MD5

      a305767204513c5c6220c595936a9a2c

      SHA1

      2455230610b0ed3dee01388faef243d94fe4253f

      SHA256

      b0c8275f93c44843daf4de03549dfa160d732d58e28459e56d3a4c944f00e921

      SHA512

      2bdadb908235b2281282735e1dcb4c159ed61c39bff42fbfce6c384ab359cc87baaf4fafe551d68602a80fe15812da72afd87bd385600db97a0a3a6e41ed2675

      Download Submit

    • C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\imagestore\x4s3ygl\imagestore.dat
      Filesize

      5KB

      MD5

      bae05d0eeb1532ecf7999545ed64eccc

      SHA1

      23c151ea0636349faba59f5181ee89acee0553d8

      SHA256

      03602c8ddbd2b16acbf01cd68c8117f19f86f390a955629194d0c7268eabb2e9

      SHA512

      ce2311fc9c6a2208d46fc494f721d87505041fe2b61770fe720ff2fd0ab943d225aa7e07633057508e453e7d3aeeabbf8e863bfeef34a74f2e5e1e176716d5b9

      Download Submit

    • C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\HYTOKVEV\favicon[2].ico
      Filesize

      1KB

      MD5

      e2a12d30813a67034ecef52f8f5447d9

      SHA1

      87cbf0958c40d8c61c591020fae3f5e2b5dfb6de

      SHA256

      22489aa1578915c922e7d16566a5b926a6c430961f3327e90f0b10dad21f0781

      SHA512

      f9743821b5f4a1253e600813a3ffc81ee37bdc0774379227f9b5dfb2fd7aad3270b01246580fd73e8d42cc0611b6d4078ef09b4b53f2edb2cc6cfa2c83d54c48

      Download Submit

    • C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\R2EIRHNV\suggestions[1].en-US
      Filesize

      17KB

      MD5

      5a34cb996293fde2cb7a4ac89587393a

      SHA1

      3c96c993500690d1a77873cd62bc639b3a10653f

      SHA256

      c6a5377cbc07eece33790cfc70572e12c7a48ad8296be25c0cc805a1f384dbad

      SHA512

      e1b7d0107733f81937415104e70f68b1be6fd0ca65dccf4ff72637943d44278d3a77f704aedff59d2dbc0d56a609b2590c8ec0dd6bc48ab30f1dad0c07a0a3ee

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\CabBF6A.tmp
      Filesize

      61KB

      MD5

      fc4666cbca561e864e7fdf883a9e6661

      SHA1

      2f8d6094c7a34bf12ea0bbf0d51ee9c5bb7939a5

      SHA256

      10f3deb6c452d749a7451b5d065f4c0449737e5ee8a44f4d15844b503141e65b

      SHA512

      c71f54b571e01f247f072be4bbebdf5d8410b67eb79a61e7e0d9853fe857ab9bd12f53e6af3394b935560178107291fc4be351b27deb388eba90ba949633d57d

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\CabC94E.tmp
      Filesize

      61KB

      MD5

      e71c8443ae0bc2e282c73faead0a6dd3

      SHA1

      0c110c1b01e68edfacaeae64781a37b1995fa94b

      SHA256

      95b0a5acc5bf70d3abdfd091d0c9f9063aa4fde65bd34dbf16786082e1992e72

      SHA512

      b38458c7fa2825afb72794f374827403d5946b1132e136a0ce075dfd351277cf7d957c88dc8a1e4adc3bcae1fa8010dae3831e268e910d517691de24326391a6

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\TarC8BF.tmp
      Filesize

      161KB

      MD5

      73b4b714b42fc9a6aaefd0ae59adb009

      SHA1

      efdaffd5b0ad21913d22001d91bf6c19ecb4ac41

      SHA256

      c0cf8cc04c34b5b80a2d86ad0eafb2dd71436f070c86b0321fba0201879625fd

      SHA512

      73af3c51b15f89237552b1718bef21fd80788fa416bab2cb2e7fb3a60d56249a716eda0d2dd68ab643752272640e7eaaaf57ce64bcb38373ddc3d035fb8d57cd

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\TarC9F0.tmp
      Filesize

      161KB

      MD5

      be2bec6e8c5653136d3e72fe53c98aa3

      SHA1

      a8182d6db17c14671c3d5766c72e58d87c0810de

      SHA256

      1919aab2a820642490169bdc4e88bd1189e22f83e7498bf8ebdfb62ec7d843fd

      SHA512

      0d1424ccdf0d53faf3f4e13d534e12f22388648aa4c23edbc503801e3c96b7f73c7999b760b5bef4b5e9dd923dffe21a21889b1ce836dd428420bf0f4f5327ff

      Download Submit

    • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\2FZZOH97.txt
      Filesize

      608B

      MD5

      a686d4b6d5a8774f4669b75a54385bc1

      SHA1

      5330dbe682dc9d54d2c24964734377ed63b1d1e3

      SHA256

      5edf5468adf991c69946297728053d93760f0aa968c55e630d245b93999c80ba

      SHA512

      771c7086c194211f2faaee063f453bd6257e06cebe5e7a864a0f9ffe31ead62fe67c704477899643b81e81831f58995eeb53e2dba27c138cc3f7a5933c52cb7f

      Download Submit

    • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\8NO6T59H.txt
      Filesize

      94B

      MD5

      5947fec6c40340855935961a08266615

      SHA1

      ec0e05e89d0f117a6b4b73f992effe456f7ce488

      SHA256

      59148f0181a5e5285cf8eefd91121bd45cd7c33842a73f1cec0d807ac87e974f

      SHA512

      b7bd9cf1230809ebc9ab937cd08f9623eb3116c06c3f6b3d5a8887de593841d7138e52ad6ef73516a36191e604af607dc492d8d5ac4a43ebdefbe4d436f3de61

      Download Submit

    • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\OWETPR05.txt
      Filesize

      120B

      MD5

      895170529efe0c026a4c356db283dbc2

      SHA1

      b6878a7f5cee605963c783511de26ad024228d64

      SHA256

      7fd4151910e229f838d6dee49fbd6663ea82751199c3d64be09ce6dec622b13b

      SHA512

      7894eea1a8919b06c7cbb5fb5d4ced4d348ece4437ca4f0f218d07ec1091c6092271492fbf84b70722f5e30abde322bc7c748888ac2f24b744b3c62999b0436b

      Download Submit

    • memory/1100-54-0x0000000000830000-0x0000000000988000-memory.dmp

      Filesize

      1.3MB

      Download

    • memory/1100-76-0x0000000000830000-0x0000000000988000-memory.dmp

      Filesize

      1.3MB

      Download

    • memory/1100-77-0x0000000002FC0000-0x0000000002FC2000-memory.dmp

      Filesize

      8KB

      Download