Overview

overview

10

Static

static

22F93B97E4...C5.exe

windows7_x64

10

22F93B97E4...C5.exe

windows10_x64

10

Analysis

  • max time kernel
    16s
  • max time network
    39s
  • platform
    windows7_x64
  • resource
    win7v20210408
  • submitted
    29-06-2021 20:14

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    22F93B97E4EE74C1AF48CBDCF878A983CBE2FBA7EEFC5.exe

  • Size

    3.1MB

  • MD5

    52bbd67fdb23378f2ad43efb150abdc4

  • SHA1

    9d138f1bf129473cb0d74c0d94ec8af2daa311c7

  • SHA256

    22f93b97e4ee74c1af48cbdcf878a983cbe2fba7eefc5cd639814dc942cbaa8d

  • SHA512

    7cf115c532466de78abd369ba202f738a3520f7c2b87c4847a8d8e59dc6e2c0d7cd9da1995d019690edd92b3ed154a9d659b7a6932c091e9c042192a66049755

Score
10/10
evasion

Malware Config

Signatures

  • Modifies security service 2 TTPs 1 IoCs
    evasion
  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 1 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of FindShellTrayWindow 2 IoCs
  • Suspicious use of SendNotifyMessage 2 IoCs
  • Suspicious use of WriteProcessMemory 7 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\22F93B97E4EE74C1AF48CBDCF878A983CBE2FBA7EEFC5.exe
    "C:\Users\Admin\AppData\Local\Temp\22F93B97E4EE74C1AF48CBDCF878A983CBE2FBA7EEFC5.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    • Suspicious use of WriteProcessMemory
    PID:1832
    • C:\ProgramData\Setup.exe
      C:\ProgramData\Setup.exe
      2⤵
      • Modifies security service
      • Executes dropped EXE
      • Suspicious behavior: GetForegroundWindowSpam
      PID:1940

Network

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Modify Existing Service

1
T1031

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

System Information Discovery

1
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\ProgramData\Setup.exe
    MD5

    1d3072caa9c82faea4ce0aff3c267d5f

    SHA1

    45431656c6d6e841c40bc8e80bed891193caff21

    SHA256

    48efc1e775c88e01600b049e1e55831fefaea5d624d94892a6efaa632181e2fe

    SHA512

    9d26e856ace8d48382d16346bff089439f7263b2c3f9c4dbc2cd8a797a704ab2d447df0e303b4a40cead274d0871aec1819ee81c40697efb7c759cae27ff76f5

    Download Submit
  • C:\ProgramData\Setup.exe
    MD5

    1d3072caa9c82faea4ce0aff3c267d5f

    SHA1

    45431656c6d6e841c40bc8e80bed891193caff21

    SHA256

    48efc1e775c88e01600b049e1e55831fefaea5d624d94892a6efaa632181e2fe

    SHA512

    9d26e856ace8d48382d16346bff089439f7263b2c3f9c4dbc2cd8a797a704ab2d447df0e303b4a40cead274d0871aec1819ee81c40697efb7c759cae27ff76f5

    Download Submit
  • \ProgramData\Setup.exe
    MD5

    1d3072caa9c82faea4ce0aff3c267d5f

    SHA1

    45431656c6d6e841c40bc8e80bed891193caff21

    SHA256

    48efc1e775c88e01600b049e1e55831fefaea5d624d94892a6efaa632181e2fe

    SHA512

    9d26e856ace8d48382d16346bff089439f7263b2c3f9c4dbc2cd8a797a704ab2d447df0e303b4a40cead274d0871aec1819ee81c40697efb7c759cae27ff76f5

    Download Submit
  • memory/1832-60-0x0000000075801000-0x0000000075803000-memory.dmp
    Filesize

    8KB

    Download
  • memory/1940-62-0x0000000000000000-mapping.dmp
    Download