Overview

overview

10

Static

static

10

ฺฺฺà...ฺฺ

windows10_x64

ฺฺฺà...ฺฺ

windows10_x64

ฺฺฺà...ฺฺ

windows10_x64

8

ฺฺฺà...ฺฺ

windows10_x64

10

ฺฺฺà...ฺฺ

windows10_x64

10

ฺฺฺà...ฺฺ

windows10_x64

7

ฺฺฺà...ฺฺ

windows10_x64

10

ฺฺฺà...ฺฺ

windows10_x64

10

ฺฺฺà...ฺฺ

windows10_x64

1

ฺฺฺà...ฺฺ

windows10_x64

10

ฺฺฺà...ฺฺ

windows10_x64

10

ฺฺฺà...ฺฺ

windows10_x64

8

ฺฺฺà...ฺฺ

windows10_x64

1

ฺฺฺà...ฺฺ

windows10_x64

10

ฺฺฺà...ฺฺ

windows10_x64

8

ฺฺฺà...ฺฺ

windows10_x64

10

ฺฺฺà...ฺฺ

windows10_x64

ฺฺฺà...ฺฺ

windows10_x64

10

ฺฺฺà...ฺฺ

windows10_x64

10

ฺฺฺà...ฺฺ

windows10_x64

9

ฺฺฺà...ฺฺ

windows10_x64

10

ฺฺฺà...ฺฺ

windows10_x64

8

ฺฺฺà...ฺฺ

windows10_x64

10

ฺฺฺà...ฺฺ

windows10_x64

5

ฺฺฺà...ฺฺ

windows10_x64

10

ฺฺฺà...ฺฺ

windows10_x64

10

ฺฺฺà...ฺฺ

windows10_x64

10

ฺฺฺà...ฺฺ

windows10_x64

10

ฺฺฺà...ฺฺ

windows10_x64

ฺฺฺà...ฺฺ

windows10_x64

10

ฺฺฺà...ฺฺ

windows10_x64

8

ฺฺฺà...ฺฺ

windows10_x64

10

Resubmissions

24-08-2023 11:16

230824-nda8msdf8z 10

05-08-2023 22:52

230805-2tn2bsfa82 10

24-07-2023 06:25

230724-g6s6laag35 10

22-07-2023 15:57

230722-tee6wabg5w 10

20-07-2023 23:19

230720-3bb5gsbf5v 10

20-07-2023 23:06

230720-23f23sba63 10

03-02-2021 11:43

210203-6bgge2nfan 10

22-11-2020 06:42

201122-6x1at779dj 10

Analysis

  • max time kernel
    247s
  • max time network
    265s
  • platform
    windows10_x64
  • resource
    win10v20201028
  • submitted
    03-02-2021 11:43

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    Endermanch@AnViPC2009.exe

  • Size

    1.2MB

  • MD5

    910dd666c83efd3496f21f9f211cdc1f

  • SHA1

    77cd736ee1697beda0ac65da24455ec566ba7440

  • SHA256

    06effc4c15d371b5c40a84995a7bae75324b690af9fbe2e8980f8c0e0901bf45

  • SHA512

    467d3b4d45a41b90c8e29c8c3d46ddfbdee9875606cd1c1b7652c2c7e26d60fedac54b24b75def125d450d8e811c75974260ba48a79496d2bdaf17d674eddb47

Score
8/10
ransomware

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 3 IoCs
  • JavaScript code in executable 2 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

    ransomware
  • Drops file in Program Files directory 10 IoCs
  • Script User-Agent 2 IoCs

    Uses user-agent string associated with script host/environment.

  • Suspicious use of FindShellTrayWindow 2 IoCs
  • Suspicious use of SendNotifyMessage 1 IoCs
  • Suspicious use of SetWindowsHookEx 2 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\Endermanch@AnViPC2009.exe
    "C:\Users\Admin\AppData\Local\Temp\Endermanch@AnViPC2009.exe"
    1⤵
    • Drops file in Program Files directory
    • Suspicious use of WriteProcessMemory
    PID:1096
    • C:\Program Files (x86)\antiviruspc2009\avpc2009.exe
      "C:\Program Files (x86)\antiviruspc2009\avpc2009.exe"
      2⤵
      • Executes dropped EXE
      • Loads dropped DLL
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SendNotifyMessage
      • Suspicious use of SetWindowsHookEx
      PID:3516

Network

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

1
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Program Files (x86)\antiviruspc2009\avpc2009.exe
    MD5

    c18a7323332b3292a8e0f1c81df65698

    SHA1

    bcb8f34cbe0137e888d06acbcb6508417851a087

    SHA256

    9c42eca99e96a7402716fd865b57ea601fb9a18477fe2ab890bdbcd3052f68f8

    SHA512

    4d48d11f3d0a740b9193e17782c77b01f52dd6e8324755aa81188295a0caed0718d330453bb02ca8bc942ee5588928e57a0d89d90d6b1c32690338c5eae8e1ad

    Download Submit
  • C:\Program Files (x86)\antiviruspc2009\avpc2009.exe
    MD5

    c18a7323332b3292a8e0f1c81df65698

    SHA1

    bcb8f34cbe0137e888d06acbcb6508417851a087

    SHA256

    9c42eca99e96a7402716fd865b57ea601fb9a18477fe2ab890bdbcd3052f68f8

    SHA512

    4d48d11f3d0a740b9193e17782c77b01f52dd6e8324755aa81188295a0caed0718d330453bb02ca8bc942ee5588928e57a0d89d90d6b1c32690338c5eae8e1ad

    Download Submit
  • C:\Program Files (x86)\antiviruspc2009\bzip2.dll
    MD5

    4143d4973e0f5a5180e114bdd868d4d2

    SHA1

    b47fd2cf9db0f37c04e4425085fb953cbce81478

    SHA256

    da25db24809479051d980be5e186926dd53233a76dfe357a455387646befca76

    SHA512

    e21827712a4870461921e7996506ffe456dd2303b69de370aa0499dde2e4747a73d8c0e8bd7d91c5bbc414ed5ee06f36d172237489494b3dd311ccd95ba07ebc

    Download Submit
  • C:\Program Files (x86)\antiviruspc2009\libltdl3.dll
    MD5

    00a71b4afda8033235432b1c433fecc7

    SHA1

    d7b0c218aa8fec1c60ada26a09d9e0d9601985ca

    SHA256

    f9c9d2b92efb80f6d11df52735b8bddd099847cc79ba56650793b21a0923b1cd

    SHA512

    96635e66d9781ad4d2414271f6a0904cf880ed94fc19186ef4da5f88f24e14ef1591fdc90e27db15a6021847c592688d0034f20e2e50ca93bf8c6db27e8c510a

    Download Submit
  • C:\Program Files (x86)\antiviruspc2009\pthreadVC2.dll
    MD5

    0ab7d0e87f3843f8104b3670f5a9af62

    SHA1

    10c09a12e318f0fbebf70c4c42ad6ee31d9df2e5

    SHA256

    8aecab563b3c629e8f9dcd525dc2d6b1903f6c600637e63b1efe05e3c64d757b

    SHA512

    e08e17167edf461c0fca1e8b649c0c395793e80f5400f5cbb7d7906d0c99e955fcf6be2300db8663d413c4b3ffb075112a6ce5bf259553c0fd3d76200ee0d375

    Download Submit
  • \Program Files (x86)\antiviruspc2009\bzip2.dll
    MD5

    4143d4973e0f5a5180e114bdd868d4d2

    SHA1

    b47fd2cf9db0f37c04e4425085fb953cbce81478

    SHA256

    da25db24809479051d980be5e186926dd53233a76dfe357a455387646befca76

    SHA512

    e21827712a4870461921e7996506ffe456dd2303b69de370aa0499dde2e4747a73d8c0e8bd7d91c5bbc414ed5ee06f36d172237489494b3dd311ccd95ba07ebc

    Download Submit
  • \Program Files (x86)\antiviruspc2009\libltdl3.dll
    MD5

    00a71b4afda8033235432b1c433fecc7

    SHA1

    d7b0c218aa8fec1c60ada26a09d9e0d9601985ca

    SHA256

    f9c9d2b92efb80f6d11df52735b8bddd099847cc79ba56650793b21a0923b1cd

    SHA512

    96635e66d9781ad4d2414271f6a0904cf880ed94fc19186ef4da5f88f24e14ef1591fdc90e27db15a6021847c592688d0034f20e2e50ca93bf8c6db27e8c510a

    Download Submit
  • \Program Files (x86)\antiviruspc2009\pthreadVC2.dll
    MD5

    0ab7d0e87f3843f8104b3670f5a9af62

    SHA1

    10c09a12e318f0fbebf70c4c42ad6ee31d9df2e5

    SHA256

    8aecab563b3c629e8f9dcd525dc2d6b1903f6c600637e63b1efe05e3c64d757b

    SHA512

    e08e17167edf461c0fca1e8b649c0c395793e80f5400f5cbb7d7906d0c99e955fcf6be2300db8663d413c4b3ffb075112a6ce5bf259553c0fd3d76200ee0d375

    Download Submit
  • memory/3516-2-0x0000000000000000-mapping.dmp
    Download