Overview

overview

10

Static

static

10

020db58e3c...4c.exe

windows7-x64

10

06cbef0e90...f8.exe

windows7-x64

9

083c5b43df...fb.exe

windows7-x64

10

15cb04fa5c...4f.exe

windows7-x64

9

22a1f50db9...85.exe

windows7-x64

9

24cb5e44b6...8d.exe

windows7-x64

10

27c9f44e0c...d6.exe

windows7-x64

10

2c2aa8458f...3d.exe

windows7-x64

7

2e9e18954a...d1.exe

windows7-x64

10

2ebb2a34dd...c6.exe

windows7-x64

10

2fff52aa0c...21.exe

windows7-x64

10

37ca1cfa1f...60.exe

windows7-x64

10

38cd67a044...4c.exe

windows7-x64

9

3d4f84e20d...96.exe

windows7-x64

49cff73125...4b.exe

windows7-x64

10

4c0153b979...a5.exe

windows7-x64

10

4ded976d2e...5a.exe

windows7-x64

3

4ee95ee627...68.exe

windows7-x64

10

5b439daac4...d7.exe

windows7-x64

10

67df6d4554...78.exe

windows7-x64

3

6b3bf710cf...2e.exe

windows7-x64

6

6df64a0a92...fe.exe

windows7-x64

10

75b45fea60...34.exe

windows7-x64

10

82e6b71b99...5a.exe

windows7-x64

10

8a6aa9e5d5...47.exe

windows7-x64

10

8bcfb60733...fd.exe

windows7-x64

10

8bf1319fd0...6c.exe

windows7-x64

10

8d76a9a577...20.exe

windows7-x64

10

8dd283ca01...4c.exe

windows7-x64

10

8edaee2550...e7.exe

windows7-x64

10

9bff71afad...75.exe

windows7-x64

10

9d7fb7050c...20.exe

windows7-x64

10

Resubmissions

13-07-2024 09:54

240713-lxbx6swdmm 10

13-07-2024 09:50

240713-lvbvdsyapd 10

13-07-2024 09:46

240713-lr1dksyajd 10

Analysis

  • max time kernel
    845s
  • max time network
    847s
  • platform
    windows7_x64
  • resource
    win7-20240708-en
  • resource tags

    arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
  • submitted
    13-07-2024 09:50

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    6b3bf710cf4a0806b2c5eaa26d2d91ca57575248ff0298f6dee7180456f37d2e.exe

  • Size

    145KB

  • MD5

    9f16d35de8c312ba0b6f9efd558487fe

  • SHA1

    93040ad968110a6c96c9e2f74f6902aa52b71057

  • SHA256

    6b3bf710cf4a0806b2c5eaa26d2d91ca57575248ff0298f6dee7180456f37d2e

  • SHA512

    1534d12e38937d0c9597f67540b1c849728a637eb7dcd1286e28c9bd72a463bdbc492247beffd16e47986157323134edc84eb1d1f2e857d5c4a136427fe99699

  • SSDEEP

    1536:6Cpb2XbbPD1c2lB4a9wL7vkYq0Hk5rR5JkVJ4y/uU/rLV9YYccquTrX7YeOzk+7J:ZyXbt4aEcTrR5OVZ/rLV9Yrcqu3

Score
6/10
persistenceransomware

Malware Config

Signatures

  • Adds Run key to start application 2 TTPs 1 IoCs
    persistence
  • Sets desktop wallpaper using registry 2 TTPs 1 IoCs
    ransomware
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Modifies Internet Explorer settings 1 TTPs 34 IoCs
    adwarespyware
  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of FindShellTrayWindow 2 IoCs
  • Suspicious use of SendNotifyMessage 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 16 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\6b3bf710cf4a0806b2c5eaa26d2d91ca57575248ff0298f6dee7180456f37d2e.exe
    "C:\Users\Admin\AppData\Local\Temp\6b3bf710cf4a0806b2c5eaa26d2d91ca57575248ff0298f6dee7180456f37d2e.exe"
    1⤵
    • Adds Run key to start application
    • Sets desktop wallpaper using registry
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    • Suspicious use of WriteProcessMemory
    PID:2292
    • C:\Windows\SysWOW64\NOTEPAD.EXE
      "C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\AppData\Roaming\Read Me First!.txt
      2⤵
        PID:2796
      • C:\Windows\SysWOW64\cmd.exe
        "C:\Windows\System32\cmd.exe" /c @echo off & echo github: https://t.me/temon_69 & start https://t.me/temon_69
        2⤵
        • Suspicious use of WriteProcessMemory
        PID:2664
        • C:\Program Files\Internet Explorer\iexplore.exe
          "C:\Program Files\Internet Explorer\iexplore.exe" https://t.me/temon_69
          3⤵
          • Modifies Internet Explorer settings
          • Suspicious use of FindShellTrayWindow
          • Suspicious use of SetWindowsHookEx
          • Suspicious use of WriteProcessMemory
          PID:2644
          • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
            "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2644 CREDAT:275457 /prefetch:2
            4⤵
            • Modifies Internet Explorer settings
            • Suspicious use of SetWindowsHookEx
            PID:3040

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      345259d770f37ac794fdd1d0ab253ce6

      SHA1

      9ad99035995a6e95ca287741ee5eaa92944800aa

      SHA256

      01b94ba4f1d6e186820c64a769e73fae296fe6e1f006cc3414919f711df630b9

      SHA512

      c1b570c6633d6f56f7b6b34d21a60e2bcce9ab99ba6061c55d879e1f9c77dfaac2b4e7702e111bc377461d305129e3106c87bf0c0b88e3eabe75ea95648aa186

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      de8ce0093099fb6ea41644ea06031a35

      SHA1

      9b8c2fc6ef9c31cc61f09e5f3f0ede7735710e2c

      SHA256

      77994741f8dcc6bb997133a9f41fc75c1cb5e94b5f5efe8a26cab6a09952209c

      SHA512

      14eabef44ef8344889ffb57ec66f03e955884fd190c665f3d873037a533d022775d0cb48e33b99726ad8ac6e0e336824300e1d1dd7d5bc6c4fb8e941ec8809db

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      9c1141fc2b458f03d1a1f73425c16101

      SHA1

      bca83a70d74e5139e2ad8e66d2c80b466e32a2f1

      SHA256

      878a7ab0d2055bb3b2ea9d02470e7e61f650acbe1023058119957c3a73685e50

      SHA512

      c319a117f06dd0e8f84411500c39260c8f727465e7be6d51036734ab23568d5b44298d321d32390d72bbcc0263f43dd42ec7d6f4b1eca164197ae3983a891173

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      6311c2c153221a30a0e813b095d05b56

      SHA1

      886e353c38a27f636931becb916902217805c1bd

      SHA256

      5eaefdb21d24fbfddc596ef99346c02ba455da72bd769e23aebed2e1cfcd838c

      SHA512

      d71bb3936f0b6cb53958a016739c0474d18dc9ea04a454b6f9535f0ce850d2cecfa133d50504a11d095768052de2c22b84ae342c34b3c7a7adc991a16ced9bfe

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      b4d70bf3e8e63d67181d4a38e4207545

      SHA1

      4539ca4b3a0034520163a912af750c6377f15983

      SHA256

      be9ad58a19c91d779bb0df475de7767d3f6614774bd6204012004e1d4721c448

      SHA512

      dfa59cc7fefc854c5321f8bfcac044fc2b3702a6e6037b2d13e49f52f547534902491876655badc62dcbbe9c8974726b0cb4ae372c931c6259d552f42e0d8cf2

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      18953af3d84bd1a10451e0ab10dcd453

      SHA1

      4bdd5c3cf425ef75b8204781393736ada0da43d9

      SHA256

      0b179ad8e1b98b950dfc2afbea7b6e408923431982201e9d9a18ab9539766cd0

      SHA512

      f187ab5d7d82d66534f76c072b9e66d43bcec7d02155d9ca89479796d2fba575de78e44a9decc0fc0e0f7066cbc47fc2581db1b6adb37813e1bf6665e10073d3

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      e4f3bfa24ce4525af2584d12e4389d33

      SHA1

      db1b509559d74a0f74be90391929c45094c8eb50

      SHA256

      98381c5129a0e9dd2f40af9297b67f5d91b5c03d07aeace12087e8c055e094a9

      SHA512

      66677a53a2744cd4dba19d637fd0708c71bff3814138ac4548cea256ec9d9e05a9d5756af655705ef5ef5cbe9220a3d7830a36a80873801b8ef57ff204b2587a

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      b6116c9b28efcdcf9762b1c08af8e75b

      SHA1

      7b122b6774c261f4c39b32bb91e8d01ef47d50bb

      SHA256

      74f9330a8b8b726dfb4b830d025b264bb05d84c04c42b26e953e9e99bc8edc72

      SHA512

      c9f9f71bac13184fe744793d74faaeea207bcc2bece4e70a584e6bae23362dfe3f141c5450b09d893fa24aba358b139bd97ef413542f0f9e914a0a5ccedfcedf

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      5858c8293bc6b007461a50badd6e0c4c

      SHA1

      b62677b94e09d3179f7bca92ad64322d57b780ee

      SHA256

      77cb9b673b1606ac87d6e893fdc124af45f343a131a18ceba64e915128d636a0

      SHA512

      abd6d4478113493ef0ce7b8de184f647253525ef601411d30159dab57ec1fb657779e566ace9713bd3dec2f7cf0660a0c4782d59e274dc3a1f237f0efa6a377f

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      1f4efa8e02c56d0dc034e568c539d712

      SHA1

      924ea03fe99ff7abbce51c5c4581c68cd8165f35

      SHA256

      9bae1ea7d0b0c340828732a5a3519550a02b33529db93b25dc023ec277a3c871

      SHA512

      3996dafea1f0c9d154c4a961d50e57423de8d32d20ddd70d2eaddd9d23700d163758235b845d1bf5ef1e360dfb91a5fdd8777339fa05d88ddd956c91f35b7490

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      6e01916f536c04a6e264e6fa9642da8a

      SHA1

      9f3f4c94c788c9248ee4490ff620f8cffef802b5

      SHA256

      bdb6731cf2954ede86b91213d69fb3d508cd9d058bb208ac5db3debfd552041c

      SHA512

      69d8e1619b9eb9c2b7b810235d644ede48718d6c2e37173f59a18fd1f1d6b426924c52975a378b2fc66c6f22dddd48eadab79437a975f9f316d5ddb8bb521005

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      b7e504d01e95c3ebda5d2c61f96f6a03

      SHA1

      c7bac9398b9aa6b79c097530ab4a7100b56c8087

      SHA256

      b841e10e05cc1c8be5d76d297d7f3ae1dd5902ca86ecaf3f2bb10ca025d4d86e

      SHA512

      b7528633b6c9033e70c77ff79794b17b59ecaca3fde779676703b9a232ac971dacd8f8caf01b043cec4e69a2dab0d94e789335056b4064ae0695fe63a74fe56d

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      a8143320af430e65858a9e7c1ca8fd39

      SHA1

      7878690ef6dfb576746bd12975b8c822c820b3c9

      SHA256

      808b31e0018b6272425d0d8803bbbbb2ea6d3b6979e8ecc55c20d965d1bd5de8

      SHA512

      9c26c5f02a99d4c2f3e3f0bcf9df98d98557f0c7a0f42713c710760b481f4b2ed169660e77e8ec87c27c6b81100c361fffc6fd81328593de218340cfc9ec510a

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      87cbe9c2f048ce31338d8eb42ede06de

      SHA1

      3fbd298db2a81dc5a80431008202342f240d6e62

      SHA256

      4ad0f098448275cb57d75246da628489b0d48efaf07874b3aadd6aef935707d8

      SHA512

      ceb4c13f11a00a95d4ee7f6bf1aa3ccde1030381fe25775a6675a607224c32e8ff0e5f3517357ed0c437066169bc631d0224403930ecb06e979606fe14d6118c

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      3ffd90183066399307ddba3024d607b3

      SHA1

      98ac2f7eed9e526225bf9fc55915ea90649c750b

      SHA256

      bd149e882a567a28c5e7a3ef75ae77be8ef18ef535c916dccdb16310b3dd88f3

      SHA512

      07a97b59b6c7bb25d4a2c4daf52bb9f9fb72f84a69495e5b61e1ba97036c8b116981946d2ce74a1a9a985862286cc4438fe42edd0a544cc667f1521f303c90f4

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      4e038814cab6bcbb4041154cb90e7cb1

      SHA1

      ad9fe48fd75ebfe4465705fff74283900a7b1124

      SHA256

      80585fcaaf2f591841effd2ac809072c10754e2a6aea57677ed21a5f2bf44ef4

      SHA512

      57125aa9d5d9a63e2440e8427eca227d90e9651eaffe41e7cfeec268b9a65844159abe6479dd7bbc741d3a4ec1f8f4314361bb250183e54f7c6eb89a6a33a752

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      8cb275d78c34d7e0f0b6cd03a0729c7b

      SHA1

      decf29c30d22eaf7e0565cbfe9e2c79a71e121f1

      SHA256

      a940833647cd521dffbfdf915550ec8dae352a8526a7020cdfce3c6e2a33bf1a

      SHA512

      7d40f655a2436bf0815cb340f5bdc7298903b1e85ad03eb52409ed3d7bbd90bbbcf15e0e4a741ebe462a19454db67dd2b958e3ce577e424484280244cb21622a

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      33d436282cfccd251075ca29c807a663

      SHA1

      b6c9484e9856e665336b499dfddac74cef003f32

      SHA256

      157f53b1c9c533acf561c4651d5d8a750f7fb9b2ec4cf0fc35c3f98dfc17663c

      SHA512

      3d932a13f58daa79fdb26756c9b12fdaadae1eac7120d50f4e0b14dff2fc4e31598c0886931b8a8c3523e469534b15c621eaf31ac7de606687abb8b424a407c1

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      ed1f1d9f1f1469e4cf54e5a272999c1d

      SHA1

      87c44a5648a35c3ab5d189a117b003b73acb8341

      SHA256

      6bf6702425e2431500095abb996f7667640e2b13f7891f1625dc7e5cacb00829

      SHA512

      142d5025c4ae6ed7164eecbb65adbdfe4b65cf13c1cbde8e14d45c0805aa9f48c1257c2b9d7e83c90d3f91539913af4c6eda8c058690b48ea60135cd077d66bc

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      a9240a670f95063cd1a29e37e33664b6

      SHA1

      4c6be4c6eb87f89e55a868984f7213000e444fdf

      SHA256

      fdcac959a5ed627a1ec5aeffad4dd6076385e4a7b7124b1469c77982d1ae269d

      SHA512

      ed94b1ca65b4b92798aecbb45a519aeed7912b69eb92e04ab883fc1208a655313b946e2c37a4a78cde3b6fd46967da63e45e01f5b7338fd118a6c283a2b94ffe

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\Cab36DB.tmp
      Filesize

      70KB

      MD5

      49aebf8cbd62d92ac215b2923fb1b9f5

      SHA1

      1723be06719828dda65ad804298d0431f6aff976

      SHA256

      b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

      SHA512

      bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\Tar374C.tmp
      Filesize

      181KB

      MD5

      4ea6026cf93ec6338144661bf1202cd1

      SHA1

      a1dec9044f750ad887935a01430bf49322fbdcb7

      SHA256

      8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

      SHA512

      6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

      Download Submit

    • C:\Users\Admin\AppData\Roaming\Read Me First!.txt
      Filesize

      266B

      MD5

      5efe8b27a75520511406ff8ddcbc93bc

      SHA1

      d3755c5c29e04f356c6852f64e6a318885d93579

      SHA256

      426906022fed3ebb1427364f16717af29af909bbfa08b387518ead501ef1c7a8

      SHA512

      6ee99458c294e072e7f4bfaeb34bcca1364b4440485b18dfdcf27aadfd7fad67fff11c3238326f7fbd30be8f3670d2c200c2dc9c5f38e36f0dd14d83ca3a5e7b

      Download Submit

    • memory/2292-35-0x0000000074190000-0x000000007487E000-memory.dmp

      Filesize

      6.9MB

      Download

    • memory/2292-0-0x000000007419E000-0x000000007419F000-memory.dmp

      Filesize

      4KB

      Download

    • memory/2292-1-0x0000000000F20000-0x0000000000F4A000-memory.dmp

      Filesize

      168KB

      Download

    • memory/2292-2-0x0000000074190000-0x000000007487E000-memory.dmp

      Filesize

      6.9MB

      Download

    • memory/2664-33-0x0000000002300000-0x0000000002400000-memory.dmp

      Filesize

      1024KB

      Download

    • memory/2664-36-0x0000000002300000-0x0000000002400000-memory.dmp

      Filesize

      1024KB

      Download

    • memory/2664-34-0x0000000002300000-0x0000000002400000-memory.dmp

      Filesize

      1024KB

      Download