Overview

overview

6

Static

static

1

394c34e88e...b3.exe

windows7-x64

6

394c34e88e...b3.exe

windows10-2004-x64

6

Analysis

  • max time kernel
    139s
  • max time network
    147s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20230221-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20230221-enlocale:en-usos:windows10-2004-x64system
  • submitted
    04-04-2023 05:01

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    394c34e88e9a1d367faee6bea55fba3e0168447fea01479a40c49df429350eb3.exe

  • Size

    1.3MB

  • MD5

    05a059fdaab7e3f5190c0d410f83dbab

  • SHA1

    b043cb3070c3f86b6c877a73ea1f24f069f0bb2f

  • SHA256

    394c34e88e9a1d367faee6bea55fba3e0168447fea01479a40c49df429350eb3

  • SHA512

    07fa92386a9cabb5a3db78f2feb5d9303218eddaec76e9b4d48bad85d9ae9a3b41147a2abf71ac005a2c358365596c2f5406debcec25469cccb34cd9de8a7c8d

  • SSDEEP

    24576:5lwiv/pny32/NX/0re04fl0aPv70gLoKjVOECI/a1vEFCi0VxUHsUXzSd+P3lpe7:5+M3VPtlt+4zU2oAmuSawfwhe4tE63JE

Score
6/10
bootkitevasionpersistencetrojan

Malware Config

Signatures

  • Checks whether UAC is enabled 1 TTPs 1 IoCs
    evasiontrojan
  • Writes to the Master Boot Record (MBR) 1 TTPs 1 IoCs

    Bootkits write to the MBR to gain persistence at a level below the operating system.

    bootkitpersistence
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

  • Modifies Internet Explorer settings 1 TTPs 53 IoCs
    adwarespyware
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 8 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\394c34e88e9a1d367faee6bea55fba3e0168447fea01479a40c49df429350eb3.exe
    "C:\Users\Admin\AppData\Local\Temp\394c34e88e9a1d367faee6bea55fba3e0168447fea01479a40c49df429350eb3.exe"
    1⤵
    • Checks whether UAC is enabled
    • Writes to the Master Boot Record (MBR)
    • Modifies Internet Explorer settings
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of SetWindowsHookEx
    PID:636
  • C:\Program Files (x86)\Internet Explorer\ielowutil.exe
    "C:\Program Files (x86)\Internet Explorer\ielowutil.exe" -CLSID:{D5E8041D-920F-45e9-B8FB-B1DEB82C6E5E} -Embedding
    1⤵
      PID:1652
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" -startmediumtab -Embedding
      1⤵
      • Modifies Internet Explorer settings
      • Suspicious behavior: GetForegroundWindowSpam
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:1608
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1608 CREDAT:17410 /prefetch:2
        2⤵
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:4324

    Network

    MITRE ATT&CK Enterprise v6

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\0DA515F703BB9B49479E8697ADB0B955_4136D3715888E22D65EBE484B233D81B
      Filesize

      1KB

      MD5

      7c0ea06de3961b8af4789a180f615c1a

      SHA1

      5a1a836decbebee1de4f523b9430d89c5b19ab40

      SHA256

      9f17f77ea39c7833d1dd304d8b17223eb43656236ed8d3cd52b3a4e799479d53

      SHA512

      f3f6eddaa2232cc9668650e7b51a4ce2930ab8152469cf8331a5f645a657861894ed97922319aa8c11bca2b8ce3d6074b936b8532a01404c4b6d647c2bce4ed4

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\349D186F1CB5682FA0194D4F3754EF36_97A2CB43E01F27293633B7B57353C80B
      Filesize

      1KB

      MD5

      ed7a8b1aabc02f907daee1c31f098fc0

      SHA1

      7e442ca78dabc8308ad7ffd737a58f193eb6e3b7

      SHA256

      ddc9caee1e487d4fe4b84b1eb07056382020b193b2bb79c236a8f5c1e5cdb0a2

      SHA512

      e6f15d79887b1c203671502a830a377ab4f0e008adf4d72fb4957ee95023487e6fcc9cc1c404fa99c2e1bbce6b57c7143066bb65fd749ea40b3c1d54044d8798

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776
      Filesize

      471B

      MD5

      8b82e64a7691fb70aec48c12c37eb312

      SHA1

      96084b73e24ced2adea93695f71a62092771ce79

      SHA256

      5e1b36f0cccb94221d862d2fe35c892d699d397a87f74f18a668a57ba7ef8d5e

      SHA512

      36802e6043f76d717a376d762f84e89be4bf5b6675bcc662f9f768dfe6487582654333ede1f871cadaa5b5120ad5147ca81bd79b5092623d38f1fbf4037237f8

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\B039FEA45CB4CC4BBACFC013C7C55604_50D7940D5D3FEDD8634D83074C7A46A3
      Filesize

      1KB

      MD5

      82b48626d26c2acafb916e34a2836e9d

      SHA1

      b3f01d88d2e84cef7afebc55d34d89d2ff8947f3

      SHA256

      1f98fe77397100cb90a6f7478d45542d2c361e1b94e4e0e49144cd0a28e88e92

      SHA512

      a6b8693373ad0cf065b779202bc45b4440d86f8e04f36b854c148f92f80c2991a58d7fe700b35ef19f785a2f019bb2a8d75bee1ed410a0df47d91949f9b6c3b4

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\0DA515F703BB9B49479E8697ADB0B955_4136D3715888E22D65EBE484B233D81B
      Filesize

      508B

      MD5

      e170e1c5745ce3ac9615987319cd324b

      SHA1

      a467e38719d9ae0e5a4ca5282e9fd4660debab91

      SHA256

      aaa7a6b1b84fcab35012706d204d8a38042f77181a606310062a322c25dd7b36

      SHA512

      fbe1c8fe5eafe8bcf57c900fb0a35eb84de54ee1b013ce88e626510666612411f58e1524708d7d04927dc355d4b7b9705c221ffe4ba951a8529f0521acf619e5

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\349D186F1CB5682FA0194D4F3754EF36_97A2CB43E01F27293633B7B57353C80B
      Filesize

      532B

      MD5

      8ed58d3b2c75a6350d168b04608614ca

      SHA1

      6fe776ba2c533fe75a9c44958368225206d9571c

      SHA256

      2d80af4970bb3624ae514151fb526f387a4f288de3535c7cc2bf1454681378dc

      SHA512

      44622d1019761b2d091f31566140d758cf6c24057bc8465eacf1d3d83b9bb97cae91c96f21cc0f3be233edcff159d8d2e5cf05b804879156711c82da91eeaa01

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776
      Filesize

      404B

      MD5

      9fa6791ce08b52f4fd41ce3d304e2e10

      SHA1

      6cfadc768653ee6497d0f079701ce95e5b8794a1

      SHA256

      3b6facfd29236be50421b19dc1bcaccbf1a1e0f0d329dd22615a25ffb59c9ea6

      SHA512

      68ce6c3892ed7b4ea212f0087af56b32091ff8117fb7f6a114ec5d75007f0579bbe4c238f6a0e864b1adc53a3aea8f0f31dffa40bf0be1a9d1f2a3ad9cdf1b29

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\B039FEA45CB4CC4BBACFC013C7C55604_50D7940D5D3FEDD8634D83074C7A46A3
      Filesize

      506B

      MD5

      f597646f6d1bf6cae1b505597c1c2cf1

      SHA1

      eb9111a64deed8322e08c13e97de83f43b0d3eeb

      SHA256

      61d48fbfb323065012a18044c277df723fa4face9c07e4ac32325d6a33bde044

      SHA512

      a573f74a46db4042b8392b86d6fc5398d37a24a1b4bc2300b2c3cd5a6188a0912206172ae64d2c1ae770d7668834e7de79d7dbd26bd3d9828b136dfa17917c49

      Download Submit

    • C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\VersionManager\verA12.tmp
      Filesize

      15KB

      MD5

      1a545d0052b581fbb2ab4c52133846bc

      SHA1

      62f3266a9b9925cd6d98658b92adec673cbe3dd3

      SHA256

      557472aeaebf4c1c800b9df14c190f66d62cbabb011300dbedde2dcddd27a6c1

      SHA512

      bd326d111589d87cd6d019378ec725ac9ac7ad4c36f22453941f7d52f90b747ede4783a83dfff6cae1b3bb46690ad49cffa77f2afda019b22863ac485b406e8d

      Download Submit

    • C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\imagestore\cz9baam\imagestore.dat
      Filesize

      1KB

      MD5

      9f93ccd68ca3a35af629451da91165ac

      SHA1

      d8c27a252634f7e0ed56c499c448a58c68f17fd3

      SHA256

      2d38e32bb1d276021a761951994871725c6155f46ed56856f70f36cdb0257910

      SHA512

      7de780bd892514b69f36a1676d42bc47b01fefb6a2d79172ef425105cffcf43349ba22bcf67b6b56899a37063007001ed35b9775eb18e68ee794f334948a315f

      Download Submit

    • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\GPVLIKPI\favicon[1].ico
      Filesize

      1KB

      MD5

      e2a12d30813a67034ecef52f8f5447d9

      SHA1

      87cbf0958c40d8c61c591020fae3f5e2b5dfb6de

      SHA256

      22489aa1578915c922e7d16566a5b926a6c430961f3327e90f0b10dad21f0781

      SHA512

      f9743821b5f4a1253e600813a3ffc81ee37bdc0774379227f9b5dfb2fd7aad3270b01246580fd73e8d42cc0611b6d4078ef09b4b53f2edb2cc6cfa2c83d54c48

      Download Submit

    • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\RPW4GWWI\suggestions[1].en-US
      Filesize

      17KB

      MD5

      5a34cb996293fde2cb7a4ac89587393a

      SHA1

      3c96c993500690d1a77873cd62bc639b3a10653f

      SHA256

      c6a5377cbc07eece33790cfc70572e12c7a48ad8296be25c0cc805a1f384dbad

      SHA512

      e1b7d0107733f81937415104e70f68b1be6fd0ca65dccf4ff72637943d44278d3a77f704aedff59d2dbc0d56a609b2590c8ec0dd6bc48ab30f1dad0c07a0a3ee

      Download Submit

    • memory/636-133-0x0000000000410000-0x0000000000568000-memory.dmp

      Filesize

      1.3MB

      Download

    • memory/636-144-0x0000000000410000-0x0000000000568000-memory.dmp

      Filesize

      1.3MB

      Download