Analysis

  • max time kernel
    75s
  • max time network
    75s
  • platform
    windows7_x64
  • resource
    win7-20240903-en
  • resource tags

    arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
  • submitted
    09/11/2024, 06:07

General

  • Target

    VirtualFDD.exe

  • Size

    1.1MB

  • MD5

    1bfa59a2e75e7eb03425cedbe1f5188d

  • SHA1

    f7fc483f3a07f9e163ef9740e863b4683e185d15

  • SHA256

    565322d626b984d9e9c4bb02897abe038abdfa2ba198a8c77963a507bb2bf68a

  • SHA512

    afefba7c0095de3c77c857e5200f0bdac7820ac5aff64cb883f733ac20e299c357d19b1de46357c4bc3f699254adf339cacc8e1890f14f4855a28f5242a53ac7

  • SSDEEP

    12288:dd6MsBXQECj7eg7+bYQL9bzxXs/bTs2ayYI5VWEx3gkELzdYhNq2ehNHP8kpcu:n6McgE6aXPQbTfj+6g/sq20v8Ecu

Score
3/10

Malware Config

Signatures

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

  • Modifies Internet Explorer settings 1 TTPs 36 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 7 IoCs
  • Suspicious use of WriteProcessMemory 8 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\VirtualFDD.exe
    "C:\Users\Admin\AppData\Local\Temp\VirtualFDD.exe"
    1⤵
    • System Location Discovery: System Language Discovery
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:1728
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" http://www.virtualfdd.com/
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:2944
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2944 CREDAT:275457 /prefetch:2
        3⤵
        • System Location Discovery: System Language Discovery
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:2296

Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          342B

          MD5

          958871d3e07d9f1f29e8da1746c478b6

          SHA1

          f56416e4ceaa61b10fab03b0c41fa0875780de65

          SHA256

          dd69b41c52e49f8afc7e8a3e129a4cd275d499cd948b2b0fa0129afa04b5fa23

          SHA512

          5b003896c016ad8ad95eb1fbee714b6779047cda358a60d65f047558bc52c6be550005675d7842983461e1a2cdb965e985d8b3db47eb19d26cd46f7411d92998

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          342B

          MD5

          1b8bd8bea0c8d81c4fbebce85ce92153

          SHA1

          b910516b516c52d9bb20b22f11fe5e26a6be22d0

          SHA256

          96e756d50e528941f38d0a7e1b89f870e2ae5897e9b2b217e955abcbd90a26a5

          SHA512

          0d004078c23b49c54a65de3501325cbedef675a0a306619fa6fedb7bf5cf4c40fa48d5de55f28a26249608a50d94af67c711aece47fe1535f70fc1127baf851c

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          342B

          MD5

          9adf5cc6dbf8acb46e6b513cdf0dd87e

          SHA1

          2d55eb5d41e530efdf0136882b83ded6e04a4abf

          SHA256

          1e219011f5bc1d085fd3eefd007d1af0611ffd81e5e0056d63ef126944688e3b

          SHA512

          712acc367c3143d161d3eecff571032b5c89303a30b197d37cc0d49cd53571d3d5dc8ab5704af84cfe7842e8177aa5870575891e4dae5011a06ab82fa2341d3a

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          342B

          MD5

          2dccb4a2242aac87696f6abd3778202c

          SHA1

          24f049eda903b74a43bb759e0a62b9be47ec94f0

          SHA256

          b477561ca2a82c2aa80cda2d339f624482bc501cd22f8e4501d0c79e3fd6e4b9

          SHA512

          bdf08e7da8ab29298159dcba0030d794127578135ac3dcb1c794965a4b16c5ec226803f52387ab3903d17136ee6e609b16902fbe2ff2f1d98603914e0d311927

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          342B

          MD5

          4df614eb5bc916becd5c0c5b70d285b7

          SHA1

          a9f026f794e2d6049c8bda9366a3e32fc5b3d8d0

          SHA256

          a4d0dfe60ad9e1f29cc803f871a4d9dd8d479b1bb66471c9bc6a81cfe3a9a0a4

          SHA512

          7143cbe55dc477a7f050e0c43319a28cc8dc5d956a64bc7a7a6e73c87f50708b81b2868fc80c785df62c3ceda7267af03e62cb000b1882850753053f82bf0187

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          342B

          MD5

          97a5c11f01f8876811a16986da41a3ed

          SHA1

          be5a2201ba821caf3e1343970315c8a91a926660

          SHA256

          15e6e27f4c74772c2bb6cefa0eb2c1263a84eb9ffe87dca2bfe85dd03662440d

          SHA512

          272c4faacffbf0d38cf64a745537d095026cbe813fbff0edb9a537a03a579a8cd9d23f95d1f521aaab61e5ede33e8bcdcb90669358ba4f70ecfe22c27f6985eb

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          342B

          MD5

          93061a1a6fc8a69cd8d92f6107021c14

          SHA1

          179f97fdbee2c917e30719f9287f7193e0b2be8d

          SHA256

          cdd5d4b9a5b69bbafca77c1108024f2ad3e3334755cc1e30e71651cf4f2b515d

          SHA512

          42c0b0262049ed29f17b18e88407f9eb0403b44b58f61ba27e7f124247d30e7e3addec55b5cfb20570f53201e64e989fb4c07f0a9ec8727db7bc6a91c17c5197

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          342B

          MD5

          6769dd9040454a03363f05b13febb007

          SHA1

          1c6e2937bec979222cae4d0e63f86b57f63685f3

          SHA256

          f49655485658b9ba6fadf1629aac4dd5c89d2733548db8565be02b6cbc12caae

          SHA512

          7988907567c737cb177da45b7267a767c86319be18bc52c205f377d9ce9a1003db28fff978468b02b311990ab0cd781b5399df3d9860709455fd0b0850627a55

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          342B

          MD5

          089e8de24c4916901800f9b40133b4d0

          SHA1

          84e8ba38d54720e13b69dfb6b74e058f53d66faf

          SHA256

          bde82737106f8aef4c05c5fd947eed741da8763015f1fd85e36230efb64639ee

          SHA512

          c63a5eb6c809f0597d6ad27f8ebc58d0931acfc83aa6a86819fb1dc5dc918349c8f523069acebb78c9d60bb980fd5bed311c9bc1b5a601b3d08671d385b7b945

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          342B

          MD5

          7ac9e2b0239e38eefcde69a343d83a3f

          SHA1

          827ff38ed8bb1afd5722e21161d9c6953cbd24c6

          SHA256

          247b96d4327e919f2a22cee5df3cd44dc2ce3e6fd9ddb66392fc9506a1e266cd

          SHA512

          306eae4fd4501471f2e6f1c1d0784a239c07c6517480aa65992c5f3649bfd136e6bd37573807742c784a2a9051877821914f240b3a14afb254bf64113aa17c55

        • C:\Users\Admin\AppData\Local\Temp\Cab7D7C.tmp

          Filesize

          70KB

          MD5

          49aebf8cbd62d92ac215b2923fb1b9f5

          SHA1

          1723be06719828dda65ad804298d0431f6aff976

          SHA256

          b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

          SHA512

          bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

        • C:\Users\Admin\AppData\Local\Temp\Tar7F25.tmp

          Filesize

          181KB

          MD5

          4ea6026cf93ec6338144661bf1202cd1

          SHA1

          a1dec9044f750ad887935a01430bf49322fbdcb7

          SHA256

          8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

          SHA512

          6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b