Overview

overview

10

Static

static

10

ฺฺฺ�...ฺฺ

windows10_x64

ฺฺฺ�...ฺฺ

windows10_x64

ฺฺฺ�...ฺฺ

windows10_x64

8

ฺฺฺ�...ฺฺ

windows10_x64

10

ฺฺฺ�...ฺฺ

windows10_x64

10

ฺฺฺ�...ฺฺ

windows10_x64

7

ฺฺฺ�...ฺฺ

windows10_x64

10

ฺฺฺ�...ฺฺ

windows10_x64

10

ฺฺฺ�...ฺฺ

windows10_x64

1

ฺฺฺ�...ฺฺ

windows10_x64

10

ฺฺฺ�...ฺฺ

windows10_x64

10

ฺฺฺ�...ฺฺ

windows10_x64

8

ฺฺฺ�...ฺฺ

windows10_x64

1

ฺฺฺ�...ฺฺ

windows10_x64

10

ฺฺฺ�...ฺฺ

windows10_x64

8

ฺฺฺ�...ฺฺ

windows10_x64

10

ฺฺฺ�...ฺฺ

windows10_x64

ฺฺฺ�...ฺฺ

windows10_x64

10

ฺฺฺ�...ฺฺ

windows10_x64

10

ฺฺฺ�...ฺฺ

windows10_x64

9

ฺฺฺ�...ฺฺ

windows10_x64

10

ฺฺฺ�...ฺฺ

windows10_x64

8

ฺฺฺ�...ฺฺ

windows10_x64

10

ฺฺฺ�...ฺฺ

windows10_x64

5

ฺฺฺ�...ฺฺ

windows10_x64

10

ฺฺฺ�...ฺฺ

windows10_x64

10

ฺฺฺ�...ฺฺ

windows10_x64

10

ฺฺฺ�...ฺฺ

windows10_x64

10

ฺฺฺ�...ฺฺ

windows10_x64

ฺฺฺ�...ฺฺ

windows10_x64

10

ฺฺฺ�...ฺฺ

windows10_x64

8

ฺฺฺ�...ฺฺ

windows10_x64

10

Resubmissions

03-07-2024 22:59

240703-2yn7wszhlp 10

03-07-2024 16:13

240703-tn93lsyglf 10

03-07-2024 16:11

240703-tm84xsyfma 10

10-05-2024 16:25

240510-tw1h5shh47 10

24-08-2023 11:16

230824-nda8msdf8z 10

Analysis

  • max time kernel
    305s
  • max time network
    317s
  • platform
    windows10_x64
  • resource
    win10v20201028
  • submitted
    03-02-2021 11:43

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    [email protected]

  • Size

    739KB

  • MD5

    382430dd7eae8945921b7feab37ed36b

  • SHA1

    c95ddaebe2ae8fbcb361f3bf080d95a7bb5bf128

  • SHA256

    70e5e902d0ac7534838b743c899f484fe10766aefacc6df697219387a8e3d06b

  • SHA512

    26abc02bde77f0b94613edc32e0843ac71a0a8f3d8ba01cb94a42c047d0be7befef52a81984e9a0fa867400082a8905e7a63aaaf85fa32a03d27f7bc6a548c3b

Score
10/10
evasionransomwaretrojanupx

Malware Config

Signatures

  • Windows security bypass 2 TTPs
    evasiontrojan
  • Disables RegEdit via registry modification
    evasion
  • Executes dropped EXE 2 IoCs
  • UPX packed file 4 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Windows security modification 2 TTPs 3 IoCs
    evasiontrojan
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

    ransomware
  • Drops file in Windows directory 10 IoCs
  • Modifies Internet Explorer settings 1 TTPs 3 IoCs
    adwarespyware
  • Modifies Internet Explorer start page 1 TTPs 2 IoCs
    stealer
  • Modifies registry class 2283 IoCs
  • Suspicious use of SetWindowsHookEx 1 IoCs
  • Suspicious use of WriteProcessMemory 18 IoCs
  • System policy modification 1 TTPs 4 IoCs
    evasion
  • Views/modifies file attributes 1 TTPs 1 IoCs
    evasion

Processes

  • C:\Users\Admin\AppData\Local\Temp\[email protected]
    "C:\Users\Admin\AppData\Local\Temp\[email protected]"
    1⤵
    • Drops file in Windows directory
    • Suspicious use of WriteProcessMemory
    PID:1176
    • C:\WINDOWS\302746537.exe
      "C:\WINDOWS\302746537.exe"
      2⤵
      • Executes dropped EXE
      • Suspicious use of WriteProcessMemory
      PID:636
      • C:\Windows\SysWOW64\cmd.exe
        C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\B0C7.tmp\302746537.bat" "
        3⤵
        • Suspicious use of WriteProcessMemory
        PID:2824
        • C:\Windows\SysWOW64\regsvr32.exe
          regsvr32 /s c:\windows\comctl32.ocx
          4⤵
          • Modifies registry class
          PID:972
        • C:\Windows\SysWOW64\regsvr32.exe
          regsvr32 /s c:\windows\mscomctl.ocx
          4⤵
          • Modifies registry class
          PID:808
        • \??\c:\windows\antivirus-platinum.exe
          c:\windows\antivirus-platinum.exe
          4⤵
          • Executes dropped EXE
          • Windows security modification
          • Modifies Internet Explorer settings
          • Modifies Internet Explorer start page
          • Suspicious use of SetWindowsHookEx
          • System policy modification
          PID:744
        • C:\Windows\SysWOW64\attrib.exe
          attrib +h c:\windows\antivirus-platinum.exe
          4⤵
          • Drops file in Windows directory
          • Views/modifies file attributes
          PID:2968

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads