Overview

overview

3

Static

static

3

wfilmorav1...co.exe

windows7-x64

1

wfilmorav1...co.exe

windows10-2004-x64

1

Analysis

  • max time kernel
    120s
  • max time network
    124s
  • platform
    windows7_x64
  • resource
    win7-20230712-en
  • resource tags

    arch:x64arch:x86image:win7-20230712-enlocale:en-usos:windows7-x64system
  • submitted
    06-08-2023 22:43

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    wfilmorav12302341-zmco.exe

  • Size

    21.3MB

  • MD5

    a639a2dc429cd3a67714b77fe41e2bd5

  • SHA1

    a4caf31a934e0bcc5ef18f28be6629b7d0a2ba6c

  • SHA256

    874b4ebc5e0a19a943ccb68776dad911731c2f34606fffd7c861f7c4a304e64b

  • SHA512

    b198481e3949fe1b3ea4bd9f29141f6744f4aaf4ff6f7abd2fea5935b2c38738333c6eed2b5b028b308d979b5b3c305fdd4a626a114ddbd96fc018db9a9fb3b1

  • SSDEEP

    393216:imwfdzbYPePzWsOaEsX7SFRFy5/cUyPfhMGEIGwwGZymnE0Q71kihihjGzkrBd:/adzboeP7ORjFR45kUMfrEIvwdZ71khf

Score
1/10

Malware Config

Signatures

  • Modifies Internet Explorer settings 1 TTPs 36 IoCs
    adwarespyware
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 4 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\wfilmorav12302341-zmco.exe
    "C:\Users\Admin\AppData\Local\Temp\wfilmorav12302341-zmco.exe"
    1⤵
      PID:2316
    • C:\Windows\explorer.exe
      "C:\Windows\explorer.exe"
      1⤵
        PID:296
      • C:\Program Files\Internet Explorer\iexplore.exe
        "C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\Desktop\WaitInstall.htm
        1⤵
        • Modifies Internet Explorer settings
        • Suspicious use of FindShellTrayWindow
        • Suspicious use of SetWindowsHookEx
        • Suspicious use of WriteProcessMemory
        PID:2572
        • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
          "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2572 CREDAT:275457 /prefetch:2
          2⤵
          • Modifies Internet Explorer settings
          • Suspicious use of SetWindowsHookEx
          PID:3032

      Network

      MITRE ATT&CK Enterprise v15

      Replay Monitor

      Loading Replay Monitor...

      Downloads

      • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
        Filesize

        344B

        MD5

        ce7a3a73a506f69e99c9d212556b085d

        SHA1

        0433683a34e5457ade021f6ccc8c1de57671f0ee

        SHA256

        4bc7683e22988bba60e4b601d1821dca96cb885fdcefd06ad96482c222392874

        SHA512

        6a7b52bcaaa664f09e7dbb69e897306bbe36bc0502b10b9eefe003c4e1dac55848582c042f919fd56d078809e83707b0201ef97a94153617fe3d106ca7fff614

        Download Submit

      • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
        Filesize

        344B

        MD5

        365c74715c43afcee0277833c3a0a718

        SHA1

        db3008461146782f3a710fa17fcb287db2b65748

        SHA256

        55e96baf7ae893487c6ebb6a2c66581bc4bcf83a1b6a521c9c45b2bbb2f441c9

        SHA512

        58b5402c14293a9f8293d49980f0f40448c27c9928da10ae12a2b8634faf76bda51dcfa4ccb1e8f2683cdaaf6e0244c4dc00ad21c5e89d0d4eca4388ffb288f5

        Download Submit

      • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
        Filesize

        344B

        MD5

        2c4f82e58715453abc86d5bacb534631

        SHA1

        5e013141a3d0d8a0754d5ccda5e9730986fe6cee

        SHA256

        593f2e9b2bb84d49707ceadd27db3c842ec08515570bad4c8a3f3d689c0cce51

        SHA512

        f65f88217202cc7da678a0fa866ce307ceee7ce586b30c9ad3fe2b533683faf66be87433d6a8a923520c1bbf2ace90120b9e5621694fc2ef1c2331084b04731c

        Download Submit

      • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
        Filesize

        344B

        MD5

        e402489dead207b8f79bb5b83a7b1b7e

        SHA1

        b9ed61209b5313f33ccd86bb7ce3cb0a34b61383

        SHA256

        057001ca6680907575f9b896c3fcef82982b86d7a222d91809ad4b770a29260a

        SHA512

        a6ea168add23a4d6ff7c5579b9fb2b2b5f77b5e61254389e3c9c82722ba3159c8cdc914774e5f664f747c292ed28f167a44e1feb4e8b76fc25c2b11fd2fb57d8

        Download Submit

      • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
        Filesize

        344B

        MD5

        eeac131a52af62f7661686d70098b5d1

        SHA1

        10b53bbd9944117faa470aa2a640f5ca7e446cf3

        SHA256

        908c3e290b6627eaded15c587005274415b0e5bd03951f6b060727197c707a92

        SHA512

        1988264e836e13ee8ccc64136452685c80c5ebd10237a1376f594bac88701775ea14ac40069d0b33fb3eb3899c57ce3afa411442c746de87ae04b32dd8966b1e

        Download Submit

      • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
        Filesize

        344B

        MD5

        bac323abc187cfa45978f2689bed2462

        SHA1

        438ef3fa1d7b307c2bc9edd8402b4bd1b168646b

        SHA256

        2062634b671a83dd8e1ffeca40cf5d505c5ca2acd23a018db3791e9fe72edb9d

        SHA512

        7875552624773d04b0e5198e5810db211d96b10b961bb6dcd4ff4b32eb6baff87f3a9e19aa28cc1576fef0fc04357bd53193467f3b3ad9f39637f228b95990ef

        Download Submit

      • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
        Filesize

        344B

        MD5

        fb17bc5980d19588525d9092adad25d6

        SHA1

        68181188b8a6823d18b716c311ddcacd4b2e6941

        SHA256

        b569edc903258b3a18ee5ccc842950029d445a8f2518baca35add0a2b81153d1

        SHA512

        055d5e3de0cf85eaed6e44ca9bcd525a6ef00409b1407c5b285985876e337c0c7da4185e6a3410d1fb71b9d280cf8f66db4afd4485565528f502a31fe05d0155

        Download Submit

      • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
        Filesize

        344B

        MD5

        5b279c1d54419d7d80ecf4fe77c8c12e

        SHA1

        7d6aa65a47c9c4b643589b9cb38ecf06cd3d4c3c

        SHA256

        0d8d6e67e87da2e9eb008de09570095fce2d32f6c92b52c3d8fdfd0f025ba98b

        SHA512

        885c3aaea0736ef944126871d02f1e020de2ef55cc4d3ed99984bca4dfdc85048f91ec0f2fa8edfa0a6f859b8793fbdd7a079c374fc33eb0615c1ad70b36486a

        Download Submit

      • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
        Filesize

        344B

        MD5

        0eafbb275ce410c070018c97ba52c9a7

        SHA1

        0d20a32dfbe9fa12c1916c21c01d7e3ed28cef19

        SHA256

        c12766c59eb4e90ec947c212cc37e44c0c4564fa4291aa85aeb00a33d8b0d287

        SHA512

        b90c420397799a27c2b4ce89269eb52559a083e50394358f5b55b8871111db9005f4a210341e8e81201a07cad4145ca9dd265dc13ace32fd8585d787de3cfd85

        Download Submit

      • C:\Users\Admin\AppData\Local\Temp\CabD127.tmp
        Filesize

        62KB

        MD5

        3ac860860707baaf32469fa7cc7c0192

        SHA1

        c33c2acdaba0e6fa41fd2f00f186804722477639

        SHA256

        d015145d551ecd14916270efad773bbc9fd57fad2228d2c24559f696c961d904

        SHA512

        d62ad2408c969a95550fb87efda50f988770ba5e39972041bf85924275baf156b8bec309ecc6409e5acdd37ec175dea40eff921ab58933b5b5b5d35a6147567c

        Download Submit

      • C:\Users\Admin\AppData\Local\Temp\TarD1C6.tmp
        Filesize

        164KB

        MD5

        4ff65ad929cd9a367680e0e5b1c08166

        SHA1

        c0af0d4396bd1f15c45f39d3b849ba444233b3a2

        SHA256

        c8733c93cc5aaf5ca206d06af22ee8dbdec764fb5085019a6a9181feb9dfdee6

        SHA512

        f530dc0d024a5a3b8903ffaaa41b608a5ccdd6da4ba1949f2c2e55a9fca475fec5c8d2119b5763cabe7ef1c3788fb9dcac621869db51d65b1d83cfe404fb4c27

        Download Submit

      • memory/2316-63-0x0000000001AE0000-0x0000000001AE1000-memory.dmp

        Filesize

        4KB

        Download

      • memory/2316-83-0x0000000000350000-0x00000000003B0000-memory.dmp

        Filesize

        384KB

        Download

      • memory/2316-66-0x00000000003F0000-0x00000000003F1000-memory.dmp

        Filesize

        4KB

        Download

      • memory/2316-67-0x0000000001B50000-0x0000000001B51000-memory.dmp

        Filesize

        4KB

        Download

      • memory/2316-73-0x0000000003510000-0x0000000003511000-memory.dmp

        Filesize

        4KB

        Download

      • memory/2316-72-0x00000000034F0000-0x00000000034F1000-memory.dmp

        Filesize

        4KB

        Download

      • memory/2316-74-0x0000000001B00000-0x0000000001B01000-memory.dmp

        Filesize

        4KB

        Download

      • memory/2316-71-0x0000000001B80000-0x0000000001B81000-memory.dmp

        Filesize

        4KB

        Download

      • memory/2316-70-0x0000000003520000-0x0000000003521000-memory.dmp

        Filesize

        4KB

        Download

      • memory/2316-68-0x0000000001DA0000-0x0000000001DA1000-memory.dmp

        Filesize

        4KB

        Download

      • memory/2316-69-0x0000000001D90000-0x0000000001D91000-memory.dmp

        Filesize

        4KB

        Download

      • memory/2316-75-0x0000000000400000-0x0000000001ADA000-memory.dmp

        Filesize

        22.9MB

        Download

      • memory/2316-76-0x0000000000350000-0x00000000003B0000-memory.dmp

        Filesize

        384KB

        Download

      • memory/2316-65-0x0000000001B10000-0x0000000001B11000-memory.dmp

        Filesize

        4KB

        Download

      • memory/2316-64-0x0000000001B40000-0x0000000001B41000-memory.dmp

        Filesize

        4KB

        Download

      • memory/2316-62-0x0000000001AF0000-0x0000000001AF1000-memory.dmp

        Filesize

        4KB

        Download

      • memory/2316-53-0x0000000000400000-0x0000000001ADA000-memory.dmp

        Filesize

        22.9MB

        Download

      • memory/2316-61-0x0000000000340000-0x0000000000341000-memory.dmp

        Filesize

        4KB

        Download

      • memory/2316-60-0x0000000000350000-0x00000000003B0000-memory.dmp

        Filesize

        384KB

        Download

      • memory/2316-59-0x00000000003C0000-0x00000000003C1000-memory.dmp

        Filesize

        4KB

        Download

      • memory/2316-58-0x0000000000320000-0x0000000000321000-memory.dmp

        Filesize

        4KB

        Download

      • memory/2316-57-0x00000000003D0000-0x00000000003D1000-memory.dmp

        Filesize

        4KB

        Download

      • memory/2316-56-0x0000000000260000-0x0000000000261000-memory.dmp

        Filesize

        4KB

        Download

      • memory/2316-55-0x00000000003B0000-0x00000000003B1000-memory.dmp

        Filesize

        4KB

        Download

      • memory/2316-54-0x00000000002F0000-0x00000000002F1000-memory.dmp

        Filesize

        4KB

        Download