Overview

overview

3

Static

static

1

start.exe

windows7-x64

3

start.exe

windows10-2004-x64

3

Analysis

  • max time kernel
    97s
  • max time network
    134s
  • platform
    windows7_x64
  • resource
    win7-20230220-en
  • resource tags

    arch:x64arch:x86image:win7-20230220-enlocale:en-usos:windows7-x64system
  • submitted
    18/04/2023, 15:27

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    start.exe

  • Size

    12KB

  • MD5

    1df9e9acc548902abdbb2f5c5df3e93d

  • SHA1

    f235a21d075d79c2858b3daf090c6349e366f217

  • SHA256

    2a181b6674118d23e18f8d95e46f0149a12bb5c41a4b0efe3dea60fa35880bc1

  • SHA512

    6ecac4c480409ca3dd835b8601c3f3e3d330e9f9a6e9a683867ae804f6ae47469df4a23fa253dc032292871f14cc4240be6f70fee4134e56d5f19882d190e6f2

  • SSDEEP

    192:VT3fvS/Q10wCWXyY7ULerKBbPbqvv5+iAsAVesQ5tfMc3K:NHS/Q10wPiY76KKBbPOvRsX

Score
3/10

Malware Config

Signatures

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

  • Modifies Internet Explorer settings 1 TTPs 36 IoCs
    adwarespyware
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 10 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\start.exe
    "C:\Users\Admin\AppData\Local\Temp\start.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:1232
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" https://t.me/leshashved
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:1104
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1104 CREDAT:275457 /prefetch:2
        3⤵
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:1496
    • C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /c chunk.tmp
      2⤵
        PID:2032

    Network

    MITRE ATT&CK Enterprise v6

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      7ad01b693c570f963748a0287fce23a6

      SHA1

      3f95916536e5e0697f1ff3582ca2e57b549eeab7

      SHA256

      b49ff002c374d37fd861e04fc7d7448ff2ba26dca932d07fd4d09cbe3148f5d3

      SHA512

      0aa758366d061865f6460fc7d1aa828045fb400088ec6a32b51e83057608b351e542e7d16abd59372445e1a59014b9638eab9e8742a77fe8638811497d7ecc20

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      60d5c2cb9ec5a0ddef00cfffd8053daa

      SHA1

      6dab28706656232a01a79f11dcaa62ac2d4e6cd6

      SHA256

      6cb3645a5c90052edee13694e41a0e0f75100f6c8f6aadab98c1a6fa8595dbe3

      SHA512

      b7159c410c3093ede522aaa293e7d885eb163d6d58af66ab8db61d7f45801fafad3e8268df811057cd072a4ebe311777a0a002bbc0cee9d11aed03c6e87a08b8

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      0d58fa9892fda33551454f6203f12add

      SHA1

      9b2c21fc2ab458c1cc6045f3effb634ec7c27ba0

      SHA256

      6448b502e4e61e128e2f6dbf5a68ddec01f475d4a111b09864d2b63e628d0a76

      SHA512

      5b0021024c593a379de6dd456739baa42b33cc48423e93b624c50cb7fec5bc2d0d2a749ab9a2714fc6ac49886e82f39061402dddd6c67dce84646f2769c08539

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      929c229b77bc221b93d78de5fce9881e

      SHA1

      99d56f2f98d57c72765e31d71cbc15300a61788f

      SHA256

      80bbea9d56c6bb75db071649babe2fbdc322acd55ee47c0e1a926783e3e8ada9

      SHA512

      cda5798c04f2b46af91f94d942d7cf6f70ddc0b69ec1a8dd68c9495fdd6b3cf23529813f0271a9fe6a41c5c2e83e676063b34461cf7adc535d794293737775de

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      c6b4d95f21e5e10089aca0aa50554aee

      SHA1

      b454c871952ed60e942d14e7e957648d2da06a37

      SHA256

      1461e3efab63ae20120807660c7ddfc46f77ec1eed0f1077f38e02a64e94dff0

      SHA512

      402f512f923033a909f94b7ef4ff104126cbf159126371c04bca196623763ad535c05867d489b064349303cf4df761efc2ca52ed2ad8a36022b550755af659e6

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      af59a5cbf20be117ccd8d2b8c4f71c79

      SHA1

      0aa63acf0074d84cb4c664b24c8fd62dd8df0540

      SHA256

      b0456d2fa16972d3a8debc1e5fbdda5b11b177bfc9d136a37edb290b77644473

      SHA512

      e788e315bbe61b70922687d95067337602ecd905ebaeffcc52f49768e118f6b2a53953165d2f2f2a0906f95a43be7fc5c65d8a14a508e66b8fa62bf6e1ea84fd

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      92fc9fa77001f48c36e5c439aa0e7d89

      SHA1

      5bed2fab04e461dd9f1ad4073d344f2059fb6ec8

      SHA256

      f43b5dcab06a9beb4b4ea384f3a06705709f6216e912460cf3d3335e36249550

      SHA512

      dfa6b30a63dade4886c46e96127890c69520fe035e87818a69195ad6aac730272071caa63fa1b56574eb8e67bb7b2792afabd695b404cf588e309d5251566b5b

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      4d9ef84c676bc40e45aa6a9c42946c30

      SHA1

      737bf826156e2d9feba980505fb2edcaee808b97

      SHA256

      14ee28244573074475741c6772a2ba0e423260618ab29398ad57af829dfa396e

      SHA512

      ebb59559e5553cc9320f603993dfbe323840d20fa2cc00946c29423988a971373807f8fdb12ce1f8e34f1e13d30e1d54d222fc14f7aef51d86c3ee9327ddb16e

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      cccef7d0afc36910476f342f2ede77ee

      SHA1

      0f2832f13be6a4b56fd113a95ecb62cbd65c0cc2

      SHA256

      73dd52f196b28b90130ef0eb1a2eaa99c1dde25cfc30940cd3e7a865994c62cd

      SHA512

      9d52dad1aa8d2708aa64339feb0ab4119c8594c35072485f54cb08a3515c7c58e90426c4d8a5b663712537347f505457639cd32901b21404b46199f370385852

      Download Submit

    • C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ACT9UUKV\suggestions[1].en-US
      Filesize

      17KB

      MD5

      5a34cb996293fde2cb7a4ac89587393a

      SHA1

      3c96c993500690d1a77873cd62bc639b3a10653f

      SHA256

      c6a5377cbc07eece33790cfc70572e12c7a48ad8296be25c0cc805a1f384dbad

      SHA512

      e1b7d0107733f81937415104e70f68b1be6fd0ca65dccf4ff72637943d44278d3a77f704aedff59d2dbc0d56a609b2590c8ec0dd6bc48ab30f1dad0c07a0a3ee

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\Cab52A5.tmp
      Filesize

      61KB

      MD5

      fc4666cbca561e864e7fdf883a9e6661

      SHA1

      2f8d6094c7a34bf12ea0bbf0d51ee9c5bb7939a5

      SHA256

      10f3deb6c452d749a7451b5d065f4c0449737e5ee8a44f4d15844b503141e65b

      SHA512

      c71f54b571e01f247f072be4bbebdf5d8410b67eb79a61e7e0d9853fe857ab9bd12f53e6af3394b935560178107291fc4be351b27deb388eba90ba949633d57d

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\Cab5518.tmp
      Filesize

      61KB

      MD5

      e71c8443ae0bc2e282c73faead0a6dd3

      SHA1

      0c110c1b01e68edfacaeae64781a37b1995fa94b

      SHA256

      95b0a5acc5bf70d3abdfd091d0c9f9063aa4fde65bd34dbf16786082e1992e72

      SHA512

      b38458c7fa2825afb72794f374827403d5946b1132e136a0ce075dfd351277cf7d957c88dc8a1e4adc3bcae1fa8010dae3831e268e910d517691de24326391a6

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\Tar559A.tmp
      Filesize

      161KB

      MD5

      be2bec6e8c5653136d3e72fe53c98aa3

      SHA1

      a8182d6db17c14671c3d5766c72e58d87c0810de

      SHA256

      1919aab2a820642490169bdc4e88bd1189e22f83e7498bf8ebdfb62ec7d843fd

      SHA512

      0d1424ccdf0d53faf3f4e13d534e12f22388648aa4c23edbc503801e3c96b7f73c7999b760b5bef4b5e9dd923dffe21a21889b1ce836dd428420bf0f4f5327ff

      Download Submit

    • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\O773Q977.txt
      Filesize

      600B

      MD5

      313382dc3c31546fb9ed929ff2cf7a03

      SHA1

      c2a58e4e3fac46f9d256223d03140bd80ccbaa17

      SHA256

      f203a07e93f13abbe7be271590e0e20e60eda13b73417af668642729b10ca5e8

      SHA512

      ae96ce7b632f44e1e26b82ccfd40a5bb91891dc293de9e5f00338834bc6c61aad0a88e49663c52132f4046b8a8baf70abd6076883e25a28e54b0c888718e2b7d

      Download Submit