Overview

overview

7

Static

static

3

03497224ae...b6.exe

windows7-x64

7

03497224ae...b6.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    118s
  • max time network
    168s
  • platform
    windows7_x64
  • resource
    win7-20231215-en
  • resource tags

    arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
  • submitted
    24/12/2023, 15:14

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    03497224aede09bbbe875a52f08a29b6.exe

  • Size

    92KB

  • MD5

    03497224aede09bbbe875a52f08a29b6

  • SHA1

    f5a4ab27b5bd5dc5ed96490c68fdcd9389b4a6b5

  • SHA256

    88e58fa4cbd8fdd5262adfeff432538e37a1ba05d1e51561a8231aeb639d7649

  • SHA512

    514f2aa202e8d557a7280e4379ddc4e09e217a2ff1c3bf7e4d29ae3eb2825be3ce0126111092b764b6c9d56672d424e58f4c33452652e8a909d3f965a1b0abba

  • SSDEEP

    1536:i214kKQADzFVcn6I7cjz5uqm0x6JHDXP9u+j7S:LFBAD5VcnKi8+HS

Score
7/10

Malware Config

Signatures

  • Deletes itself 1 IoCs
  • Executes dropped EXE 1 IoCs
  • Drops file in System32 directory 47 IoCs
  • Modifies data under HKEY_USERS 64 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of FindShellTrayWindow 8 IoCs
  • Suspicious use of SetWindowsHookEx 4 IoCs
  • Suspicious use of WriteProcessMemory 16 IoCs
  • Uses Task Scheduler COM API 1 TTPs

    The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.

    persistence
  • Uses Volume Shadow Copy WMI provider

    The Volume Shadow Copy service is used to manage backups/snapshots.

    ransomware
  • Uses Volume Shadow Copy service COM API

    The Volume Shadow Copy service is used to manage backups/snapshots.

    ransomware

Processes

  • C:\Users\Admin\AppData\Local\Temp\03497224aede09bbbe875a52f08a29b6.exe
    "C:\Users\Admin\AppData\Local\Temp\03497224aede09bbbe875a52f08a29b6.exe"
    1⤵
    • Drops file in System32 directory
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:1456
    • C:\Windows\SysWOW64\cmd.exe
      C:\Windows\system32\cmd.exe /c del C:\Users\Admin\AppData\Local\Temp\034972~1.EXE > nul
      2⤵
      • Deletes itself
      PID:2820
  • C:\Windows\SysWOW64\knbrx.exe
    C:\Windows\SysWOW64\knbrx.exe
    1⤵
    • Executes dropped EXE
    • Drops file in System32 directory
    • Suspicious use of WriteProcessMemory
    PID:2228
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe"
      2⤵
      • Drops file in System32 directory
      • Modifies data under HKEY_USERS
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:2680
      • C:\Windows\System32\ie4uinit.exe
        "C:\Windows\System32\ie4uinit.exe" -ShowQLIcon
        3⤵
        • Drops file in System32 directory
        • Modifies data under HKEY_USERS
        PID:1956
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2680 CREDAT:275457 /prefetch:2
        3⤵
        • Drops file in System32 directory
        • Modifies data under HKEY_USERS
        • Suspicious use of SetWindowsHookEx
        PID:2568

Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Windows\SysWOW64\knbrx.exe
          Filesize

          92KB

          MD5

          03497224aede09bbbe875a52f08a29b6

          SHA1

          f5a4ab27b5bd5dc5ed96490c68fdcd9389b4a6b5

          SHA256

          88e58fa4cbd8fdd5262adfeff432538e37a1ba05d1e51561a8231aeb639d7649

          SHA512

          514f2aa202e8d557a7280e4379ddc4e09e217a2ff1c3bf7e4d29ae3eb2825be3ce0126111092b764b6c9d56672d424e58f4c33452652e8a909d3f965a1b0abba

          Download Submit

        • C:\Windows\SysWOW64\temp.aaa
          Filesize

          9B

          MD5

          4e184222df2a25c33142111d845f15fb

          SHA1

          802cacefd05f4db447f609daa2d53c72ebcc0b03

          SHA256

          5114f628c15caf15d6ea390b6e020856d178292a6a95bb431397f8448c0b27ba

          SHA512

          99678c0a05bf41ed59989390dab50f391be4e681ce7e655d5a8a21bd591be91d4ac69e9fda9b550aebee3f5c4b71646d14fba89c2e67135f3de4e53ef0e20d1a

          Download Submit

        • C:\Windows\System32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC
          Filesize

          914B

          MD5

          e4a68ac854ac5242460afd72481b2a44

          SHA1

          df3c24f9bfd666761b268073fe06d1cc8d4f82a4

          SHA256

          cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f

          SHA512

          5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5

          Download Submit

        • C:\Windows\System32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
          Filesize

          65KB

          MD5

          ac05d27423a85adc1622c714f2cb6184

          SHA1

          b0fe2b1abddb97837ea0195be70ab2ff14d43198

          SHA256

          c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

          SHA512

          6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

          Download Submit

        • C:\Windows\System32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357
          Filesize

          1KB

          MD5

          a266bb7dcc38a562631361bbf61dd11b

          SHA1

          3b1efd3a66ea28b16697394703a72ca340a05bd5

          SHA256

          df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e

          SHA512

          0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc

          Download Submit

        • C:\Windows\System32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC
          Filesize

          252B

          MD5

          b23c10b803f6e14a6df79fe143e1d84c

          SHA1

          41cced857b1a8b9f730d940621a3c00c3b71de85

          SHA256

          5d666436a32bdd34252945bb8c255ede96881434bf50cd2ba0352adbbfc0fc5f

          SHA512

          4bd38f574f645d12f42e6cb527316819ef59374c9e1139577a61f347e9d70ceb01a864bc9b91ff821f95a10ff12ce0a1fbf04f40fa61cec5107c11586fbceba9

          Download Submit

        • C:\Windows\System32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          344B

          MD5

          b9274c6bc0e153cdfe8d4d3609ceb7e1

          SHA1

          8471ce2ea5dfc310635732b32bd058675c1c247e

          SHA256

          e6561b2bbbd688eeccce08dd63ceff89de4c30c67d87a5e552344e23d98cafcf

          SHA512

          cd99aac5a9ad2b58df1399208d6f823679ca3e4fb5c177d2b73d5ef13db0e3682958573ed9b9b2d76313c2b4dc895737392fba68a9ff5a864adb6522325141bc

          Download Submit

        • C:\Windows\System32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          344B

          MD5

          e4172256287ddee912d43cfbb5bbdca9

          SHA1

          1b8cc64cf91e7d21ed0494aff6a5405fa7014c80

          SHA256

          6b8ec2928c1d29aa72f0f794b2efb1994e1eca2e44407b271a0a45b596c0f713

          SHA512

          56059e61cf817437275129b8368a112386734bfecc8c6bcd912620695506fc8d39838aa52e4041a5d68c45a0276812f57b00cdfd1c3538ec0fabf3578b334b87

          Download Submit

        • C:\Windows\System32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          344B

          MD5

          4d6092d5613686dd73bf73199384b6af

          SHA1

          34be8ee444bd91d63b6dd2ac362d6dc8ec07b190

          SHA256

          9d79af6bacf0601e8f290a11eec381c2f4df77403e715e2fe85d99e9a17145ef

          SHA512

          ea5a7e11dbbb9757b8f2b67e682b22fc587dde47b0ded5da3d6166a3d48480103b8375f587b6f18628d8dba1a926a9f1c23c570e16da550bda6d99325df5377d

          Download Submit

        • C:\Windows\System32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          344B

          MD5

          2484fce6bfc43b79c2d26ccabbc95022

          SHA1

          46246c9b137f1bb5a0a0326b66835255a35a0b2f

          SHA256

          f7b7bd0a8c55767c75976e95b660094e6a39a8264edf21f8bda8d1ae1c7803ae

          SHA512

          c218c12e5f7c089cfab2500a6be09be5e5d085e3eae36c16247bee8ccab4f19d8062ec188bc6c4ea4ca52964c5a05e720e5ee2c188c33bf7688d939ba73a5a93

          Download Submit

        • C:\Windows\System32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          344B

          MD5

          e28f176f570ebfe82e06baa32586f171

          SHA1

          57b3323aa596825520c35375ee6d5638f9d05acf

          SHA256

          e866d50bb3f39893f59dad3dde2196884f88af01b68782a2378d9b1bca08410e

          SHA512

          ef0b30f9d2ba5fc5f1da28d494957b74f53f660a16a67755000672682930de1053f3c3d831dbb667fa9b2facec177a5077919ca1911f175c269a7d44ea5aee03

          Download Submit

        • C:\Windows\System32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          344B

          MD5

          798ab6415cc12d84a5fa544cc7c0b085

          SHA1

          55846aa6966dfd9136bbf2f77a05745bb53154b1

          SHA256

          c4ae28de320fe6e533ce7c44131399ea1e0e8eebc7306acf8f70cbaf9d2ad7bf

          SHA512

          c61985c5cc857646f19ad621678f268d1623812f3bf432db4c81f851e1f815d569cdb4a8cf4308113f861252932ced5f7a365f9c33beee15737c34234caf1e4d

          Download Submit

        • C:\Windows\System32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          344B

          MD5

          edd2f06e78a2dee7f013b14b8c938f33

          SHA1

          d12987297116f78ae120d3a40be476b3410ab367

          SHA256

          42d7a834d549d0b5e4dd96a3d8adeb86bb2a9478077dc4b8b20fa0cc5efe27af

          SHA512

          72a9fb4b1be812bbb542d11422b57a264c81511dbe9bb9ff2fb2edbb5571af5704a7542881b701a1f7fd94cd3a6027f84c2f7cb9a1460f9ba6bbf0a930593b8d

          Download Submit

        • C:\Windows\System32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357
          Filesize

          242B

          MD5

          d5279b982f7e1bd337fecb20d9c0baf8

          SHA1

          23d32b1772ec0a994340983d96b6a6e7ce93ce39

          SHA256

          8e8b86cd772b7d210cbd85b0b92c558360d641bb5dfebbfa3ea969fea5a554b4

          SHA512

          bd419f59b7c432fd7556d89a424d7b36a77f2658b4f681961fc4f64ac833adace043fad95ea37bd4c7cafbbc06ed105f54479077734e17ab51cca2ca21a90fcb

          Download Submit

        • C:\Windows\System32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357
          Filesize

          242B

          MD5

          ad9412f901f5266deb25f712a3582e8c

          SHA1

          23b23bbd10a037d67c996045406310e604db0e34

          SHA256

          e71adbc9c1c7077e97cdf5a474a5746efd43c635ff2baabc2837aafaf72c4188

          SHA512

          a0a3eb09039d9438f05250351477b410e9c7fce3a14181dee41193d4a60be3f508b383a709b0a475b3d3f9fd391ec489cdeba93c545ec5ca641dfea7bfdeb9ae

          Download Submit

        • C:\Windows\System32\config\systemprofile\AppData\LocalLow\Microsoft\Internet Explorer\Services\search_{0633EE93-D776-472f-A0FF-E1416B8B2E3A}.ico
          Filesize

          4KB

          MD5

          da597791be3b6e732f0bc8b20e38ee62

          SHA1

          1125c45d285c360542027d7554a5c442288974de

          SHA256

          5b2c34b3c4e8dd898b664dba6c3786e2ff9869eff55d673aa48361f11325ed07

          SHA512

          d8dc8358727590a1ed74dc70356aedc0499552c2dc0cd4f7a01853dd85ceb3aead5fbdc7c75d7da36db6af2448ce5abdff64cebdca3533ecad953c061a9b338e

          Download Submit

        • C:\Windows\System32\config\systemprofile\Favorites\Links\Suggested Sites.url
          Filesize

          129B

          MD5

          2578ef0db08f1e1e7578068186a1be0f

          SHA1

          87dca2f554fa51a98726f0a7a9ac0120be0c4572

          SHA256

          bdc63d9fd191114227a6e0ac32aaf4de85b91fc602fcb8555c0f3816ac8620b3

          SHA512

          b42be0e6f438362d107f0f3a7e4809753cf3491ab15145f9ffa4def413606243f4dfffc0449687bd1bb01c653e9339e26b97c286382743d14a2f0ed52e72f7ee

          Download Submit

        • C:\Windows\System32\config\systemprofile\Favorites\Links\Suggested Sites.url
          Filesize

          236B

          MD5

          11cede0563d1d61930e433cd638d6419

          SHA1

          366b26547292482b871404b33930cefca8810dbd

          SHA256

          e3ab045d746a0821cfb0c34aee9f98ce658caab2c99841464c68d49ab2cd85d9

          SHA512

          d9a4cdd3d3970d1f3812f7b5d21bb9ae1f1347d0ddfe079a1b5ef15ec1367778056b64b865b21dd52692134771655461760db75309c78dc6f372cc4d0ab7c752

          Download Submit

        • C:\Windows\System32\config\systemprofile\Favorites\Links\desktop.ini
          Filesize

          80B

          MD5

          3c106f431417240da12fd827323b7724

          SHA1

          2345cc77576f666b812b55ea7420b8d2c4d2a0b5

          SHA256

          e469ed17b4b54595b335dc51817a52b81fcf13aad7b7b994626f84ec097c5d57

          SHA512

          c7391b6b9c4e00494910303e8a6c4dca5a5fc0c461047ef95e3be1c8764928af344a29e2e7c92819174894b51ae0e69b5e11a9dc7cb093f984553d34d5e737bb

          Download Submit

        • C:\Windows\System32\config\systemprofile\Favorites\desktop.ini
          Filesize

          402B

          MD5

          881dfac93652edb0a8228029ba92d0f5

          SHA1

          5b317253a63fecb167bf07befa05c5ed09c4ccea

          SHA256

          a45e345556901cd98b9bf8700b2a263f1da2b2e53dbdf69b9e6cfab6e0bd3464

          SHA512

          592b24deb837d6b82c692da781b8a69d9fa20bbaa3041d6c651839e72f45ac075a86cb967ea2df08fa0635ae28d6064a900f5d15180b9037bb8ba02f9e8e1810

          Download Submit

        • C:\Windows\Temp\CabB273.tmp
          Filesize

          29KB

          MD5

          d59a6b36c5a94916241a3ead50222b6f

          SHA1

          e274e9486d318c383bc4b9812844ba56f0cff3c6

          SHA256

          a38d01d3f024e626d579cf052ac3bd4260bb00c34bc6085977a5f4135ab09b53

          SHA512

          17012307955fef045e7c13bf0613bd40df27c29778ba6572640b76c18d379e02dc478e855c9276737363d0ad09b9a94f2adaa85da9c77ebb3c2d427aa68e2489

          Download Submit

        • C:\Windows\Temp\TarB276.tmp
          Filesize

          81KB

          MD5

          b13f51572f55a2d31ed9f266d581e9ea

          SHA1

          7eef3111b878e159e520f34410ad87adecf0ca92

          SHA256

          725980edc240c928bec5a5f743fdabeee1692144da7091cf836dc7d0997cef15

          SHA512

          f437202723b2817f2fef64b53d4eb67f782bdc61884c0c1890b46deca7ca63313ee2ad093428481f94edfcecd9c77da6e72b604998f7d551af959dbd6915809c

          Download Submit

        • C:\Windows\Temp\TarC2A2.tmp
          Filesize

          171KB

          MD5

          9c0c641c06238516f27941aa1166d427

          SHA1

          64cd549fb8cf014fcd9312aa7a5b023847b6c977

          SHA256

          4276af3669a141a59388bc56a87f6614d9a9bdddf560636c264219a7eb11256f

          SHA512

          936ed0c0b0a7ff8e606b1cc4175a1f9b3699748ccbba1c3aff96203033d2e9edabf090e5148370df42fbfc4e31d7229493706ff24f19ff42ff7bef74a6baad06

          Download Submit

        • C:\Windows\Temp\wwwA064.tmp
          Filesize

          195B

          MD5

          a1fd5255ed62e10721ac426cd139aa83

          SHA1

          98a11bdd942bb66e9c829ae0685239212e966b9e

          SHA256

          d3b6eea852bacee54fbf4f3d77c6ec6d198bd59258968528a0231589f01b32f4

          SHA512

          51399b4eac1883f0e52279f6b9943d5a626de378105cadff2b3c17473edf0835d67437ae8e8d0e25e5d4b88f924fa3ac74d808123ec2b7f98eff1b248a1ab370

          Download Submit

        • C:\Windows\Temp\wwwA065.tmp
          Filesize

          216B

          MD5

          2ce792bc1394673282b741a25d6148a2

          SHA1

          5835c389ea0f0c1423fa26f98b84a875a11d19b1

          SHA256

          992031e95ad1e0f4305479e8d132c1ff14ed0eb913da33f23c576cd89f14fa48

          SHA512

          cdcc4d9967570018ec7dc3d825ff96b4817fecfbd424d30b74ba9ab6cc16cb035434f680b3d035f7959ceb0cc9e3c56f8dc78b06adb1dd2289930cc9acc87749

          Download Submit