Overview

overview

7

Static

static

1

42e4def647...bd.exe

windows7-x64

3

42e4def647...bd.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    31s
  • max time network
    34s
  • platform
    windows7_x64
  • resource
    win7-20230220-en
  • resource tags

    arch:x64arch:x86image:win7-20230220-enlocale:en-usos:windows7-x64system
  • submitted
    18-04-2023 19:32

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    42e4def6476d318a9bfadd9ce84cf1a6fddd7950c8b3418c2e3bd1f2ce5afdbd.exe

  • Size

    2.1MB

  • MD5

    88bf60d3a425bb68de8ad4d32417b3e2

  • SHA1

    4e59f5b4c6e279d15d7ff6cd65ae3b12ff480078

  • SHA256

    42e4def6476d318a9bfadd9ce84cf1a6fddd7950c8b3418c2e3bd1f2ce5afdbd

  • SHA512

    a96d4f27b532fb51c29f6c815a7c9fafb1847923b5016bc5712c7680eb11ab0bb6f1610fc56b8a0da20b74c5fb6fb0c65d9898f973393f0d7763d13d53108469

  • SSDEEP

    49152:bzy0qcLCVWBorny6Sd9VXnlhNoME4G89:bz9hBwsDXE4G8

Score
3/10

Malware Config

Signatures

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

  • Modifies Internet Explorer settings 1 TTPs 16 IoCs
    adwarespyware
  • Suspicious behavior: EnumeratesProcesses 8 IoCs
  • Suspicious use of FindShellTrayWindow 2 IoCs
  • Suspicious use of SetWindowsHookEx 2 IoCs
  • Suspicious use of WriteProcessMemory 18 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\42e4def6476d318a9bfadd9ce84cf1a6fddd7950c8b3418c2e3bd1f2ce5afdbd.exe
    "C:\Users\Admin\AppData\Local\Temp\42e4def6476d318a9bfadd9ce84cf1a6fddd7950c8b3418c2e3bd1f2ce5afdbd.exe"
    1⤵
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:1308
    • C:\Windows\SysWOW64\rundll32.exe
      "C:\Windows\System32\rundll32.exe" inetcpl.cpl,ClearMyTracksByProcess 8
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      PID:1204
    • C:\Windows\SysWOW64\rundll32.exe
      "C:\Windows\System32\rundll32.exe" inetcpl.cpl,ClearMyTracksByProcess 1
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of WriteProcessMemory
      PID:1368
      • C:\Program Files (x86)\Internet Explorer\iexplore.exe
        "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -ResetDestinationList
        3⤵
          PID:808

    Network

    MITRE ATT&CK Enterprise v6

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • memory/1204-61-0x0000000000850000-0x0000000000851000-memory.dmp

      Filesize

      4KB

      Download

    • memory/1308-54-0x0000000000230000-0x0000000000231000-memory.dmp

      Filesize

      4KB

      Download

    • memory/1308-55-0x0000000000400000-0x000000000061A000-memory.dmp

      Filesize

      2.1MB

      Download

    • memory/1308-60-0x0000000000400000-0x000000000061A000-memory.dmp

      Filesize

      2.1MB

      Download

    • memory/1368-62-0x00000000003E0000-0x00000000003E1000-memory.dmp

      Filesize

      4KB

      Download