Overview

overview

10

Static

static

10

ฺฺฺà...ฺฺ

windows10_x64

ฺฺฺà...ฺฺ

windows10_x64

ฺฺฺà...ฺฺ

windows10_x64

8

ฺฺฺà...ฺฺ

windows10_x64

10

ฺฺฺà...ฺฺ

windows10_x64

10

ฺฺฺà...ฺฺ

windows10_x64

7

ฺฺฺà...ฺฺ

windows10_x64

10

ฺฺฺà...ฺฺ

windows10_x64

10

ฺฺฺà...ฺฺ

windows10_x64

1

ฺฺฺà...ฺฺ

windows10_x64

10

ฺฺฺà...ฺฺ

windows10_x64

10

ฺฺฺà...ฺฺ

windows10_x64

8

ฺฺฺà...ฺฺ

windows10_x64

1

ฺฺฺà...ฺฺ

windows10_x64

10

ฺฺฺà...ฺฺ

windows10_x64

8

ฺฺฺà...ฺฺ

windows10_x64

10

ฺฺฺà...ฺฺ

windows10_x64

ฺฺฺà...ฺฺ

windows10_x64

10

ฺฺฺà...ฺฺ

windows10_x64

10

ฺฺฺà...ฺฺ

windows10_x64

9

ฺฺฺà...ฺฺ

windows10_x64

10

ฺฺฺà...ฺฺ

windows10_x64

8

ฺฺฺà...ฺฺ

windows10_x64

10

ฺฺฺà...ฺฺ

windows10_x64

5

ฺฺฺà...ฺฺ

windows10_x64

10

ฺฺฺà...ฺฺ

windows10_x64

10

ฺฺฺà...ฺฺ

windows10_x64

10

ฺฺฺà...ฺฺ

windows10_x64

10

ฺฺฺà...ฺฺ

windows10_x64

ฺฺฺà...ฺฺ

windows10_x64

10

ฺฺฺà...ฺฺ

windows10_x64

8

ฺฺฺà...ฺฺ

windows10_x64

10

Resubmissions

24-08-2023 11:16

230824-nda8msdf8z 10

05-08-2023 22:52

230805-2tn2bsfa82 10

24-07-2023 06:25

230724-g6s6laag35 10

22-07-2023 15:57

230722-tee6wabg5w 10

20-07-2023 23:19

230720-3bb5gsbf5v 10

20-07-2023 23:06

230720-23f23sba63 10

03-02-2021 11:43

210203-6bgge2nfan 10

22-11-2020 06:42

201122-6x1at779dj 10

Analysis

  • max time kernel
    302s
  • max time network
    311s
  • platform
    windows10_x64
  • resource
    win10v20201028
  • submitted
    03-02-2021 11:43

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    Endermanch@LPS2019.exe

  • Size

    1.1MB

  • MD5

    2eb3ce80b26345bd139f7378330b19c1

  • SHA1

    10122bd8dd749e20c132d108d176794f140242b0

  • SHA256

    8abed3ea04d52c42bdd6c9169c59212a7d8c649c12006b8278eda5aa91154cd2

  • SHA512

    e3223cd07d59cd97893304a3632b3a66fd91635848160c33011c103cca2badbfe9b78fe258666b634e455872f3a98889ede5a425d8fae91cae6983da1ea1190a

Score
8/10
persistenceransomware

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Adds Run key to start application 2 TTPs 1 IoCs
    persistence
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

    ransomware
  • Drops file in Program Files directory 4 IoCs
  • Modifies Internet Explorer settings 1 TTPs 61 IoCs
    adwarespyware
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of FindShellTrayWindow 38 IoCs
  • Suspicious use of SendNotifyMessage 37 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 7 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\Endermanch@LPS2019.exe
    "C:\Users\Admin\AppData\Local\Temp\Endermanch@LPS2019.exe"
    1⤵
    • Drops file in Program Files directory
    • Suspicious use of WriteProcessMemory
    PID:1320
    • C:\Program Files (x86)\HjuTygFcvX\lpsprt.exe
      "C:\Program Files (x86)\HjuTygFcvX\lpsprt.exe"
      2⤵
      • Executes dropped EXE
      • Adds Run key to start application
      • Suspicious behavior: GetForegroundWindowSpam
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SendNotifyMessage
      • Suspicious use of WriteProcessMemory
      PID:1084
      • C:\Program Files\Internet Explorer\iexplore.exe
        "C:\Program Files\Internet Explorer\iexplore.exe" http://www.porntube.com
        3⤵
        • Modifies Internet Explorer settings
        • Suspicious use of FindShellTrayWindow
        • Suspicious use of SetWindowsHookEx
        • Suspicious use of WriteProcessMemory
        PID:2084
        • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
          "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2084 CREDAT:82945 /prefetch:2
          4⤵
          • Modifies Internet Explorer settings
          • Suspicious use of SetWindowsHookEx
          PID:3176

Network

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

1
T1060

Privilege Escalation

Defense Evasion

Modify Registry

2
T1112

Credential Access

Discovery

System Information Discovery

1
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Program Files (x86)\HjuTygFcvX\lpsprt.exe
    MD5

    2e6360eeebcafd207ad6f4cfc81afdb3

    SHA1

    6d85d48c8c809ad0ee5f7b1b20ef79e871466072

    SHA256

    3a31f386f4a68827d8cbfeb087c017f871d80ab4565a2266f692fbe6cfea9c3b

    SHA512

    36e1cadeff91158c0e96585d7550dc193a6470f5fccf3cf98845c4291becc6dae39609771cc8157493bc6cb405446ac55a1790108c6c213293bf4a56ecf381e4

    Download Submit
  • C:\Program Files (x86)\HjuTygFcvX\lpsprt.exe
    MD5

    2e6360eeebcafd207ad6f4cfc81afdb3

    SHA1

    6d85d48c8c809ad0ee5f7b1b20ef79e871466072

    SHA256

    3a31f386f4a68827d8cbfeb087c017f871d80ab4565a2266f692fbe6cfea9c3b

    SHA512

    36e1cadeff91158c0e96585d7550dc193a6470f5fccf3cf98845c4291becc6dae39609771cc8157493bc6cb405446ac55a1790108c6c213293bf4a56ecf381e4

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\223DE96EE265046957A660ED7C9DD9E7_EFF9B9BA98DEAA773F261FA85A0B1771
    MD5

    dc471d66d8d39980f4cc48e0f9ebef4b

    SHA1

    0568c3e7ab864a6231397d5d8b564f59a95926f9

    SHA256

    d843ad22a2227147f68a0aaa10000e3bd1393834585d9c327dd01ba8e8a7d0f9

    SHA512

    5f3afd3aa359859aa41a64e625096ac566c1b35cbace865bcf17fcac068cea34d684285a4c4e3e2a8ff0a662048fa2aa52bb7121d78550e972b70978a712944e

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\31E633C8E5ED10E55A221F8495D79731_D54F8269420A91D55073E6A828D9BBF4
    MD5

    78779334bdb955d20c8df9d8c310a5f1

    SHA1

    f247f0e91d8d92de6858813ce58e79748f9ed021

    SHA256

    db8cfacdf3991b5d7559104d319087ded494a8c4d9bd4536b1658416158c18dd

    SHA512

    0f41698a69182d2b0844bce6a4fbb6c209e52a8f82c8472bbe8f437e6043142a75a7f1cb2ea5664e3dfd88e8d7b10c6055c7342f06dff6565303e790417f7891

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776
    MD5

    e30f24f9ca1fd9dca05e0c1a3ab3a390

    SHA1

    7386c5807a111e41e7d8bb7b913c1a1da5f2171c

    SHA256

    3244ee6bfa745395ab664bf04f2efd22090b1ccdd4184b29a7bd3db4e6f03667

    SHA512

    756e2a1dcffb02a8f8931efacf163e3b8223e56ee6994f5a16b49726dc56ef2a9b707e55f4eae86065f454241e68beac4a5b36e0a8c4d122cf2d5c58ab020d62

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\EB2C4AB8B68FFA4B7733A9139239A396_D76DB901EE986B889F30D8CC06229E2D
    MD5

    9e41c5ca971105e16df1f908dc7815a8

    SHA1

    75d6a55bcda138c4f5df58741015aab9647b676c

    SHA256

    7caed1f44b14dc4c9f2eb038cf78ee8386554fbc69d98e3733ec995b864a1a67

    SHA512

    d34865f3ed741499f356e92eedb87d2bbb01c694e11b05e3749541579d5ceb2fc4335a45004106301a8719e58bd9cf91d257b5ca1ab41f851b3967bb856a418e

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\223DE96EE265046957A660ED7C9DD9E7_EFF9B9BA98DEAA773F261FA85A0B1771
    MD5

    60e4247b68cac2984e9328284e0c2665

    SHA1

    933fc9e01f3836851de2a650c22e462c981e93d1

    SHA256

    1960186f8d3d10770030c8a50fc2983c312818da2aae561ebcb004e88c7cb0fe

    SHA512

    9698e04a72d19a4fbd94c4eea6438c6b4a2c25d13fcbbd3ea65e12171a28951a76e50b9421e0ae4a15e4cb5635d33bf63464cd8c0a299ba4216c44f35bf96f57

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\31E633C8E5ED10E55A221F8495D79731_D54F8269420A91D55073E6A828D9BBF4
    MD5

    4bee0d3765559f8b4689a13d8fde748b

    SHA1

    a46cd0c762d7dd71f82374b42232e3013739b499

    SHA256

    4fec2dbcb369463918cdf26609f708705ce57a03cd6eb1cc39e58880fd97aeab

    SHA512

    90c05c2296731d77efce3a9c2a538c883e17e548d5b8b7b60c5d6fa9c0bbc01b0e41ebca279259fb8ff801df296d6628bfbafa53334a0a655cbce73f0560b8a9

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776
    MD5

    86960371dbd98d3193b80cb537abbcfb

    SHA1

    ea237cd61bea7c05bb1b6206a372322e1d8167c7

    SHA256

    d5f267140ee225d993abf8059550a9fe696361a66d5ba28457497527efa0aa8f

    SHA512

    2edcf5d5c53e48f6a0792a3c305b06be2e3b70adf1b057866d20564556cb57667b03603b4f5f105c6204c1fac9f185fff7882821c603cbd188c893746f93574c

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\EB2C4AB8B68FFA4B7733A9139239A396_D76DB901EE986B889F30D8CC06229E2D
    MD5

    eafdfa049ea15af177d16e8af590e8c4

    SHA1

    05d5003387ec51f5b48c182b6d417c5bd69d5c74

    SHA256

    8c605c1a91fdf5de8055170b1203453c64c8b4686d5b0a4314e7f0c2fa167972

    SHA512

    15ceaaa5509bb4cde5a9eebd95c63b89db39b49cb039ff53894232b46a5d2f42e12b39b78e669bd74c2a7498912d87d89f4ca2cda847b30e27645dc9c2ed2554

    Download Submit
  • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCookies\4FQX0M3Q.cookie
    MD5

    1a2c1cd420f6541211b501788e68f2cc

    SHA1

    974ef2e94baa47fc6abe136281c32e745dd2b15f

    SHA256

    3082d5dfdae80278e41086aec9ee379f3883454f7a6b85f5090112409fb31b87

    SHA512

    720d6eb5783c53a0ac7f4bc990c0d199e9103bcef10194c74af0345388cdfe7c4052fb737cfd2133f5a3a6b40b8e0fa01251092f7d688f0d19752174e9268082

    Download Submit
  • memory/1084-8-0x00000000022B0000-0x00000000022B2000-memory.dmp
    Filesize

    8KB

    Download
  • memory/1084-11-0x00000000022B6000-0x00000000022B8000-memory.dmp
    Filesize

    8KB

    Download
  • memory/1084-10-0x00000000022B5000-0x00000000022B6000-memory.dmp
    Filesize

    4KB

    Download
  • memory/1084-9-0x00000000022B4000-0x00000000022B5000-memory.dmp
    Filesize

    4KB

    Download
  • memory/1084-3-0x0000000000000000-mapping.dmp
    Download
  • memory/1084-7-0x00007FF8DA490000-0x00007FF8DAE30000-memory.dmp
    Filesize

    9.6MB

    Download
  • memory/1084-6-0x00007FF8F09C0000-0x00007FF8F0A3E000-memory.dmp
    Filesize

    504KB

    Download
  • memory/2084-12-0x0000000000000000-mapping.dmp
    Download
  • memory/3176-13-0x0000000000000000-mapping.dmp
    Download