Overview

overview

3

Static

static

3

install-in...on.exe

windows7-x64

1

install-in...on.exe

windows10-2004-x64

1

Analysis

  • max time kernel
    30s
  • max time network
    16s
  • platform
    windows7_x64
  • resource
    win7-20240508-en
  • resource tags

    arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system
  • submitted
    23-05-2024 02:20

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    install-interception.exe

  • Size

    459KB

  • MD5

    0f0b50d92e030b8965ce669c8058fa6e

  • SHA1

    257b3f0402285a29f4618b32958c208b3e9d4c4d

  • SHA256

    e137863a79da797f08e7a137280ff2a123809044a888fd75ce9c973198915abe

  • SHA512

    fc7c384fd6f682ad01b598abf87c522b38068f4488cea6dc7bd6dedd66e995e4d8fb583c54c6afed0c4c7a9a2318bb6ed257bb3cbd0e48fae83a7819d1167d79

  • SSDEEP

    6144:+sglhAWORQG8O1dMDmJPjQy4xZWLUKc2:+s4LjGvMk74+B

Score
1/10

Malware Config

Signatures

  • Modifies Internet Explorer settings 1 TTPs 1 IoCs
    adwarespyware
  • Opens file in notepad (likely ransom note) 1 IoCs
    ransomware

Processes

  • C:\Users\Admin\AppData\Local\Temp\install-interception.exe
    "C:\Users\Admin\AppData\Local\Temp\install-interception.exe"
    1⤵
      PID:3052
    • C:\Windows\system32\NOTEPAD.EXE
      "C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\Desktop\OutFormat.ps1xml
      1⤵
      • Opens file in notepad (likely ransom note)
      PID:2188
    • C:\Windows\SysWOW64\mshta.exe
      "C:\Windows\SysWOW64\mshta.exe" "C:\Users\Admin\Desktop\CheckpointLimit.hta"
      1⤵
      • Modifies Internet Explorer settings
      PID:2672

    Network

    MITRE ATT&CK Matrix ATT&CK v13

    Replay Monitor

    Loading Replay Monitor...

    Downloads