Overview

overview

10

Static

static

7

066d06ca00...81.exe

windows7-x64

10

06d6f22d02...bc.exe

windows7-x64

8

09f1d49065...d1.exe

windows7-x64

10

208cca124d...45.exe

windows7-x64

10

241f67ece2...79.exe

windows7-x64

1

30616f6c48...60.exe

windows7-x64

10

44f28cd6ea...7e.exe

windows7-x64

3

4b190a407b...5f.exe

windows7-x64

10

72ddceebe7...6b.exe

windows7-x64

9

7b53a00b3a...b2.exe

windows7-x64

7

7cf39ebb44...57.exe

windows7-x64

10

8c42a08427...51.exe

windows7-x64

7

9d081b734c...91.exe

windows7-x64

4

b25cc31472...15.exe

windows7-x64

10

b2ec72de35...8f.exe

windows7-x64

6

b4c2ffccfe...dd.exe

windows7-x64

5

bab7af3306...be.exe

windows7-x64

9

c531015ec0...86.exe

windows7-x64

8

dc7ab2e7ed...60.exe

windows7-x64

8

debfd1fb34...d8.exe

windows7-x64

8

df36e2aaae...37.exe

windows7-x64

9

df99316e57...27.exe

windows7-x64

4

e60fc4473a...60.exe

windows7-x64

10

Analysis

  • max time kernel
    839s
  • max time network
    844s
  • platform
    windows7_x64
  • resource
    win7-20240903-en
  • resource tags

    arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
  • submitted
    12-11-2024 19:27

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    dc7ab2e7ed26554a11da51a184e95b01e685b1a2f99c7fc77d54d5966530bf60.exe

  • Size

    969KB

  • MD5

    93cb0053e883fb262f9f795f327152f8

  • SHA1

    a53b53bcc0250f7d01af7b507150cde9d4b65735

  • SHA256

    dc7ab2e7ed26554a11da51a184e95b01e685b1a2f99c7fc77d54d5966530bf60

  • SHA512

    db3f13bae7ff1a80a879a6e9c8a9295536a49f522068ef32578df796b2d9f3e0267daf6248fa204a51b439b870b784636d97c28c82205d32f83869d8327a7d8d

  • SSDEEP

    24576:1X5DkQZ0vl/m5OOWxrQ0SvuAs4uKWYLsUy:9CfvxYW0vTluKW+sUy

Score
8/10
discoveryransomware

Malware Config

Signatures

  • Contacts a large (770) amount of remote hosts 1 TTPs

    This may indicate a network scan to discover remotely running services.

    discovery
  • Sets desktop wallpaper using registry 2 TTPs 2 IoCs
    ransomware
  • Drops file in Program Files directory 64 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Modifies Internet Explorer settings 1 TTPs 36 IoCs
    adwarespyware
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 8 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\dc7ab2e7ed26554a11da51a184e95b01e685b1a2f99c7fc77d54d5966530bf60.exe
    "C:\Users\Admin\AppData\Local\Temp\dc7ab2e7ed26554a11da51a184e95b01e685b1a2f99c7fc77d54d5966530bf60.exe"
    1⤵
    • Sets desktop wallpaper using registry
    • Drops file in Program Files directory
    • System Location Discovery: System Language Discovery
    • Suspicious use of WriteProcessMemory
    PID:1640
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\Desktop\=_THIS_TO_FIX_QwEM.html
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:2760
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2760 CREDAT:275457 /prefetch:2
        3⤵
        • System Location Discovery: System Language Discovery
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:2736
  • C:\Windows\system32\NOTEPAD.EXE
    "C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\Desktop\=_THIS_TO_FIX_QwEM.txt
    1⤵
      PID:2592

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Program Files\Common Files\System\ado\de-DE\=_THIS_TO_FIX_QwEM.html
      Filesize

      835B

      MD5

      efdfb2301040c7094986170dc4f18bea

      SHA1

      a3c0cc61219638ad640d23f46424b9d9c389eebb

      SHA256

      8924f49c2a72ee29186f7407487a3a976148d35b0cdba42c3ca15babc65a0ba7

      SHA512

      e26771db6120fcec607c4453491ddca675706ee19033964afc9ac00c6100b1b1b543d096782aa4f7b8f828aa576550186edcdc44e2adf158fa5151044893dc1c

      Download Submit

    • C:\Program Files\Common Files\System\ado\de-DE\=_THIS_TO_FIX_QwEM.txt
      Filesize

      326B

      MD5

      156c36d8e37379c91da178f861f80f28

      SHA1

      51daacc6be995af49653e2800318b959dda047f2

      SHA256

      a978d554d4c7eb4ec30dba547b889c0ee076f11a82764b2bd3e63090fe9608f8

      SHA512

      a681c0e489832c1dff6632ae73dfb9ac2187c67446ce13f7407798fda62ee1e13aa117c3715cbe2964aad194a32956c19edc0cf04638f6e9a21435178a85c70a

      Download Submit

    • C:\Program Files\Common Files\System\ado\de-DE\=_THIS_TO_FIX_QwEM.url
      Filesize

      129B

      MD5

      efac35e2be97bf59f4811bf6f5d23054

      SHA1

      990e945c5b400e7ea21269817c6909bae1beff6a

      SHA256

      dec0268d752309ddb244c1a6f02ea32a3d21189575011effd619d9113dd66f6b

      SHA512

      e062d5cb72701215506d435c13db6fd976af84eab015b81db6b40375e323962273ffc5a3224780875bb97f0cfb3e9d96e83fe38c93b7b92cb7d8429035f3ec5f

      Download Submit

    • C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.httpclient4.feature_3.9.1.v20140827-1444\epl-v10.html.QwEM
      Filesize

      12KB

      MD5

      b2a7b4b3c1f62c69d6d24f78dcf821ba

      SHA1

      cf0bf2e274fd5f0c58f409e57e362a6d907509cf

      SHA256

      95e1fb64c9d316d2c0a48ffe3f16921d6644337f5e9f1cd5b8c47c9b9303fc99

      SHA512

      7f79d0607efc296cd6ab6ecbc90bd9bc539640c7f71b773bc3d1cf8417b66d088f07765d15fd91dfbe892646d9a04bfbdab5db3bfaabe7c251abbdbbd4f5a709

      Download Submit

    • C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.httpclient4.feature_3.9.1.v20140827-1444\license.html.QwEM
      Filesize

      8KB

      MD5

      9d00155ed12125d0293943bd45c302e4

      SHA1

      94be479a8e0e9b66d5d8b5f99b2616ad5bdfa2ce

      SHA256

      0b017e3963d63e54473f58342ce5143ede7feae0d6a4fd2819a770f309fc7b57

      SHA512

      3438900f7642e38adb384ba537ad24a503dab6af2896504bf687837b967a456c5301fca437df826d057bc8bfc16216c6f09ee986b47d63a581821212ffe9a7cc

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      53a04730b051be7441ff767674437d09

      SHA1

      e4f8182b4e2b515cd3ad225bb610a7063df6a6f8

      SHA256

      88355f8eee83789710db2c3a728bbcb8aa9f86d29d321393974454074bdb1c1f

      SHA512

      44db9eb223c6891348298fb2226ad4833ac02e8a14ea70cbe4bd7076db75e7e053fdb2b42dcef6c082afe1189213b3754e9627673e592616663601d825b8dcb4

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      5cf6ef2ea84ac17ff7017923fd22b670

      SHA1

      c997493647395fe50b4fe79a44711cf5ad997f5e

      SHA256

      63e050e7aabe88c44c513367e5fb53171b935843cc17c98f5c092a28e8ec8c19

      SHA512

      e51e67a89fc668adee79ec27398bb410e0982da3ae6e57ff8d826778c63678590838fcf7d9e7c11b453e8c10deb969870c9adf775fc39f9141cc5e947e704738

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      3c810e7c0750b18416b6a28aedaf9d68

      SHA1

      d42c5875fd871822a4e7474dda1a9db1923375d7

      SHA256

      b8a0efc34294eba6f9a8cc7d1739feb6af348c60c1ddc98f25262d089f2dde39

      SHA512

      02983248679ce433e87b4c7dfbd903b78044d1f6386c7e0c751ac2a7a5bd520b57b25fd123ce92ccde66c6b84e70e5cd810e2b8049ebc86b05779aa5139f92b0

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      86d60308f62b0d2def4b786b6303d517

      SHA1

      e0df47c5d007a2350456ab2cb4b45b032c7431ab

      SHA256

      eb292fc48bfb4b08f036ba18d21e1e73ce8a8d0acc50de8c4b454a794b493a91

      SHA512

      34a31ba2462d26f90114649bae0652ffe1d24d66212756f99eb65b86f27cf0b97228e5891188e8a0d12c9c0e546ac4a5d7d964ba573bd3106d5fe087d6608e0d

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      f64df03ed5710e144711e935bc06f851

      SHA1

      ff89d027dbd0dc4a4d111f123bf22e879cec2e0b

      SHA256

      ad208b1b915bc618b6ca41b1188606d49351370b92789d89cabf97e339bf2e69

      SHA512

      72ac220640eae2cd83411e8be90f9a386c3bc093de3bbac9ee570bc7789ea4cfb6019f61baa51672ae179f6a1bc326a6910cc699ca8178adf983a8064002f4b6

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      b9e63d044a5f2aca128ed769aa99a2a1

      SHA1

      a7fa331ccb468fabb56b8b130f78d8fc9cf0bd47

      SHA256

      810533896a0ec8f5c21143d074ac7542a6019b0718f345a5a3347a7dc999d162

      SHA512

      ab4fcaa1b56447f36ed442e461c53341cb3ec8c4927bafec5b9a03e5303c155a56b298119a0ea8f229193326bbe346b28fa98fb9b3de590c55c4de269a916cf3

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      253e6d5ec31d1288a9676d4a567712de

      SHA1

      8c8a7044f80a84daad607e17b4a9b9e1c8823a06

      SHA256

      1e3439fd711aed193d91e1a5243fc41858879e7da0316027df6cb33792cb6600

      SHA512

      5092eed50b993968097155221dd72dba6dd176016ea7c9e8fbee15cd2836d7b1680030e24460b99a3f2d4b1a44821c917c3b019d97fff6f630dd5918486ab116

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      e89425998c4823d2850aae99f292efcd

      SHA1

      f5ed63c9127f3f2c10867dcf75f7977cb0d40ff9

      SHA256

      e32395d4d4972a8495a89b5e86a72609ee0ea2973ff77f3b770674aedec73504

      SHA512

      055612c71020cc22ebaf45a2312405fdbb2ec96de925d1949c6eb77841165de81876f059e7a8af0b14f4e7d0e736bbabdece771cf3208493b70a9fc9bf5747c5

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      d8987760c2e55ca687cb0f73de376791

      SHA1

      2576d391ffc7f53ac84dfc8a3d002bf8ffbf9766

      SHA256

      42d0f24c63fe603d05c9615212cc7b00bc90637fb33bd842c361b6a03d16ccff

      SHA512

      d98f823e7c415195ccd260025d80043af0066ea6d1a579073e58fa127ed40d35b228731882e27339156b4ce60026814c444555782c1570d4d5030d33abc47ff2

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      61555ecf94bdb2c621881412dcf54b6e

      SHA1

      7c0df8f3c89483edbe1035b54647ef863d47615e

      SHA256

      78590dad0945c97f1dd548d931c1761f4eedba8de709473fa85d0950dc1361a3

      SHA512

      038a728aa98636aff927b235a8dc848efd3e15416e4c7079e34da02f559e2fef72edb23244bf9c785c55e74e0dceaa8f554c696499bd29e5ededa3776996ac47

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      0cbb1c543e7fec567e987011eb01edf1

      SHA1

      a5c740660abb66fd6a8016bdd910d509cd2ecef9

      SHA256

      e6f8a636cd79f9dc3b96c83eb5850ea9effd022cab6654dec31af89833a7a88c

      SHA512

      9a3555c69e05132c9c8fee2f54f5edc2bf54a004ae0a07c7384d1ad9acc014154246ee1a0eb965a89097110d16acb4343a355851251a91420862e965b686ad3f

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      e44d0ba2f2ac7248c3716fd5b6b75a9a

      SHA1

      9e09583b64cd538bffbc8dce42773d23d97d2f62

      SHA256

      aaf2e2397489ae38075dfbc75f220dc78cd89af1fb4fbc96b0d823d86ad4a88c

      SHA512

      d2543bbe4dfdee81112f425b31a65775e9c99f080c14af7480d72e1161d9e5068783ba8a73cb3043065f287ff2c7a3b4f022a988bb6a5a697ce16ea2162f7db2

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      9ebeeabfca44029b07f97f29ccc0f7fa

      SHA1

      0e0850fea9ee1918ea65d7d9f604a3fa9786967c

      SHA256

      1727549ad36bcb3a14145a733bdab0d0a03563db1fe7eb04f3a512857de8f4a1

      SHA512

      9618bd250f77c1d556247577fba46c5c612c260ece872da2f916aef92b494ddc87f127ed7390495d08e3398a6ddb6fd7c5a3525741162766a160bf8264fa4449

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      15f02198c7c5f9965c7e723efbc195ad

      SHA1

      9d881031fa95aa026226999899cfa21ca836c217

      SHA256

      21af8b66dd309dc3b03d0ee5fe5d4911d4c404feec1c68cf7bf84722a144bbe0

      SHA512

      6afe3e4aee19bdc43561289c55292efc5d83f82d150f09f274f8f0a5ec51e379af735efd796f6d3cb581c00800dec660a51476f85c075a425d0ea974eaeaaf4a

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      b72c0121d738964493c37de974c47a87

      SHA1

      df38b64cde196047c2bb26135c5e6cea5189778b

      SHA256

      aad0f798c194dd1adc5dfa7647e87e582fdc35b71741346e63eff45a2b5029b4

      SHA512

      267c8cd971d8adf7233cc251282f9adf115080f7b2bc83f9bf5cc10f9e04dc0c0bfd0c5863175d0f5fc8d18baf4b3ba40166b765b78b8b7929eacc9e23c37f45

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      1903a4c03743a467a739ca8999c3bd65

      SHA1

      a35108677c2386b2a74ece87f167eafe9193a932

      SHA256

      2cfb450d293ee7b017ac3f0ba2590f2ecfed503a8508bfea460ad16b43ccbdd9

      SHA512

      8b852fa5ab901bccbc5c4c24b38b4c135c502fc5ddd717ddacf505416048ce529dae2e694e54b2364cf8bc95763739e57459fdb4d6255a9ae63970774980ac5d

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      78cef6bf1435a788d2f581d7f9045670

      SHA1

      400f67bdf8dd4bced811c51427f5a537563beb35

      SHA256

      45ae44c6dcfa9a2e4a3b51374ad9fb13af9ad26c71c51880060aa10aed36927b

      SHA512

      561a8b89c39f2600b3c74f3dc61bfef8d60824429a1a2501597fc3991d204c6d92b9fcf057c1e7003f1f5a062269f31cb21cd1eabd2cfcc20e1cf24543014578

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      4ee9c6130a687aee88b449a626a77b95

      SHA1

      0bfb0a1d74f090a7e4f8d60ffba5e4032aeb3d96

      SHA256

      601c06a54950375f6129607a483cc7efc3731517c17e60297ff43966f166f1ce

      SHA512

      e92b26aae30fb5bfe63f9da2182cd58b66484878fbe25f6ac64335989cec286ad0ce4285a9b0d70b39f75e35dade922034441f66c578ba640acb662cc24fc0aa

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      d3d00abc53a0e01dcf50cfc99388b080

      SHA1

      42bf6b965fa66ff75df7526c0a59f5e3264bee00

      SHA256

      25284c1d4f0c5cb4dca9f05e7d6a918e8e08e6efb997e1f08db3ed9d5f7e8180

      SHA512

      01378e907a6ef2564dc2713c1ae540ff05fa1d9c466d06b87f7f06fa8099a799fc2e52e66fae128446a16b77308b4d10407a7fd37be7c26187b84818d702a8ca

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\Cab3D71.tmp
      Filesize

      70KB

      MD5

      49aebf8cbd62d92ac215b2923fb1b9f5

      SHA1

      1723be06719828dda65ad804298d0431f6aff976

      SHA256

      b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

      SHA512

      bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\Tar3DD1.tmp
      Filesize

      181KB

      MD5

      4ea6026cf93ec6338144661bf1202cd1

      SHA1

      a1dec9044f750ad887935a01430bf49322fbdcb7

      SHA256

      8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

      SHA512

      6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

      Download Submit

    • memory/1640-0-0x0000000000400000-0x0000000000452000-memory.dmp

      Filesize

      328KB

      Download