93d0f30c88760cb422d73064fc2f68c41fb1bb3879910771e462c5fe6e4721b1

Analysis

max time kernel
148s
max time network
150s
platform
windows7_x64
resource
win7-20230220-en
resource tags

arch:x64arch:x86image:win7-20230220-enlocale:en-usos:windows7-x64system
submitted
18/04/2023, 08:21

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

93d0f30c88760cb422d73064fc2f68c41fb1bb3879910771e462c5fe6e4721b1.exe
Size

3.9MB
MD5

04add74d44dc5d6eab35a5768541b78f
SHA1

eb42989927fa08826fc8ac94ed323b248f8e20fd
SHA256

93d0f30c88760cb422d73064fc2f68c41fb1bb3879910771e462c5fe6e4721b1
SHA512

f3e400576027041345bfe24a089f482247a6cd490a915ff7eeaadfdd511b58bef6c3865ed88e270d2cac4321be4faa3c483ca30fc625985fc1b71836e0ec71e2
SSDEEP

98304:p3M+tVrX063j93PFiqVkCPEGQ2JEnvWJG2m:KIVR3RtBlEGQcoWg

Score

3^/10

Malware Config

Signatures

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

System Information Discovery
T1082

Modifies Internet Explorer settings 1 TTPs 1 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3430344531-3702557399-3004411149-1000\Software\Microsoft\Internet Explorer\Main	93d0f30c88760cb422d73064fc2f68c41fb1bb3879910771e462c5fe6e4721b1.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
1136	93d0f30c88760cb422d73064fc2f68c41fb1bb3879910771e462c5fe6e4721b1.exe

Suspicious use of SetWindowsHookEx 2 IoCs

pid	Process
1136	93d0f30c88760cb422d73064fc2f68c41fb1bb3879910771e462c5fe6e4721b1.exe
1136	93d0f30c88760cb422d73064fc2f68c41fb1bb3879910771e462c5fe6e4721b1.exe

C:\Users\Admin\AppData\Local\Temp\93d0f30c88760cb422d73064fc2f68c41fb1bb3879910771e462c5fe6e4721b1.exe
"C:\Users\Admin\AppData\Local\Temp\93d0f30c88760cb422d73064fc2f68c41fb1bb3879910771e462c5fe6e4721b1.exe"
1⤵
- Modifies Internet Explorer settings
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
PID:1136

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\HEUactivation\bpx2lr.tmp

Filesize
72B

MD5
a602ac9d03cffedc03fa841c9a12df5a

SHA1
e42f39093e29f5c6c7aad8a973d69035e860659e

SHA256
f5d09365810dd11ef1204b35bfede3158a07d5592a9c9cfa449dd534f9964aa9

SHA512
78d0f33871a43d65abc4156fb3518190d5dd80c260a88a3de4e0ad4c129cfddafa3286af42d6748b7f16a6eb124a24d24d6025d1f3bf7ebc201403c431a013dc

Download Submit
C:\Users\Admin\AppData\Local\kmsactivation\cfginst.log

Filesize
15B

MD5
a17ff50902e040f803c449c06acdc03d

SHA1
d3f8e4a83d306276aa533456484b7f582d61f947

SHA256
f12f7785967807260664e08038247c82b494e20150e0fc19ecbf7086ed261698

SHA512
bf962288cbffcab6b808fe2bb5a02463eb9d75098b704e5094c3898cc10125b7b377c28f41645f052b64f2f4f327ee184efe5f861b791f15a334c2bb77263629

Download Submit
memory/1136-56-0x0000000000560000-0x0000000000561000-memory.dmp

Filesize
4KB

Download
memory/1136-55-0x00000000009B0000-0x00000000009B1000-memory.dmp

Filesize
4KB

Download
memory/1136-54-0x0000000000550000-0x0000000000551000-memory.dmp

Filesize
4KB

Download
memory/1136-57-0x00000000009C0000-0x00000000009C2000-memory.dmp

Filesize
8KB

Download