Overview

overview

9

Static

static

8

080540b15c...f5.exe

windows7_x64

8

080540b15c...f5.exe

windows10_x64

8

16937c50e9...9a.exe

windows7_x64

9

16937c50e9...9a.exe

windows10_x64

9

2fc4602468...5b.exe

windows7_x64

8

2fc4602468...5b.exe

windows10_x64

3

2fd826bdb8...14.exe

windows7_x64

8

2fd826bdb8...14.exe

windows10_x64

8

cool summer.exe

windows7_x64

3

cool summer.exe

windows10_x64

3

iext3.fne.dll

windows7_x64

1

iext3.fne.dll

windows10_x64

1

krnln.fnr.dll

windows7_x64

1

krnln.fnr.dll

windows10_x64

1

xplib.fne.dll

windows7_x64

1

xplib.fne.dll

windows10_x64

1

4373d18b2b...83.exe

windows7_x64

8

4373d18b2b...83.exe

windows10_x64

8

485e37b429...f9.exe

windows7_x64

1

485e37b429...f9.exe

windows10_x64

1

59c049de6d...14.exe

windows7_x64

8

59c049de6d...14.exe

windows10_x64

8

641da56f29...fc.exe

windows7_x64

9

641da56f29...fc.exe

windows10_x64

9

64b4fe7baf...60.exe

windows7_x64

1

64b4fe7baf...60.exe

windows10_x64

1

74368a064e...e0.exe

windows7_x64

8

74368a064e...e0.exe

windows10_x64

8

c087a84574...ce.exe

windows7_x64

7

c087a84574...ce.exe

windows10_x64

3

90eca63d6a...52.exe

windows7_x64

8

90eca63d6a...52.exe

windows10_x64

3

Analysis

  • max time kernel
    18s
  • max time network
    74s
  • platform
    windows10_x64
  • resource
    win10v20201028
  • submitted
    15-03-2021 23:08

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    cool summer.exe

  • Size

    26KB

  • MD5

    652aecdc55ed88c7ddccda09adda2df1

  • SHA1

    2edf5f1ec2124c94d95e2ccc35146e356d164c31

  • SHA256

    7b77c970b908b1581fcc73f94d99b1c24a0945016448993712d322d1937a5318

  • SHA512

    70a19d30f1a1452c79873a95392f62bc8eaf81545292be6f28f51d8b1060ac35be5d4fc431c4238c7b3fbb3ffa274fce7955c5a4424365a070777a98a41eac63

Score
3/10

Malware Config

Signatures

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

  • Suspicious behavior: LoadsDriver 2 IoCs
  • Suspicious use of SetWindowsHookEx 45 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\cool summer.exe
    "C:\Users\Admin\AppData\Local\Temp\cool summer.exe"
    1⤵
    • Suspicious use of SetWindowsHookEx
    PID:1144

Network

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

1
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/1144-2-0x0000000002341000-0x0000000002349000-memory.dmp
    Filesize

    32KB

    Download
  • memory/1144-3-0x0000000002C41000-0x0000000002C7B000-memory.dmp
    Filesize

    232KB

    Download