Overview

overview

10

Static

static

8

07a66d269e...aa.exe

windows7_x64

8

07a66d269e...aa.exe

windows10_x64

8

0829ef5ac4...cb.exe

windows7_x64

8

0829ef5ac4...cb.exe

windows10_x64

10

0a6621f3e6...0b.exe

windows7_x64

8

0a6621f3e6...0b.exe

windows10_x64

8

0bcadf9e23...a4.exe

windows7_x64

1

0bcadf9e23...a4.exe

windows10_x64

1

10c410851b...78.exe

windows7_x64

1

10c410851b...78.exe

windows10_x64

1

15b40c27e6...fa.exe

windows7_x64

8

15b40c27e6...fa.exe

windows10_x64

8

18d74af2b4...9f.exe

windows7_x64

10

18d74af2b4...9f.exe

windows10_x64

10

Bat-To-Exe...er-x64

linux_amd64

Bat-To-Exe...er-x86

linux_amd64

25ac59efdf...c7.exe

windows7_x64

10

25ac59efdf...c7.exe

windows10_x64

8

3523671dc7...2a.exe

windows7_x64

8

3523671dc7...2a.exe

windows10_x64

8

3cb01d4470...1c.exe

windows7_x64

10

3cb01d4470...1c.exe

windows10_x64

10

4a32ef4d91...8a.exe

windows7_x64

8

4a32ef4d91...8a.exe

windows10_x64

8

678938a9ce...25.exe

windows7_x64

1

678938a9ce...25.exe

windows10_x64

1

6f081f8143...3b.exe

windows7_x64

10

6f081f8143...3b.exe

windows10_x64

10

701cab0774...45.exe

windows7_x64

1

701cab0774...45.exe

windows10_x64

1

79b2065107...61.exe

windows7_x64

8

79b2065107...61.exe

windows10_x64

10

Analysis

  • max time kernel
    147s
  • max time network
    147s
  • platform
    windows7_x64
  • resource
    win7-en-20210920
  • submitted
    24-09-2021 10:47

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    79b2065107cb362001a2f8a8cd8e2e20678b2eb2c0372ef760495d9fff407361.exe

  • Size

    851KB

  • MD5

    d711578ec74c9394de520aedae7effb5

  • SHA1

    42d8823cb39ace83f004c73971fd435b786b9f5b

  • SHA256

    79b2065107cb362001a2f8a8cd8e2e20678b2eb2c0372ef760495d9fff407361

  • SHA512

    af8f03c93f5beec894091d429cb0c6df33101eab96e6ef0fde527307206267de2644f479cef5c3e7354791bb12dd7418bfcdeaea9beb509c92a6bff195e2f06a

Score
8/10

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 3 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

  • Suspicious behavior: EnumeratesProcesses 1 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\79b2065107cb362001a2f8a8cd8e2e20678b2eb2c0372ef760495d9fff407361.exe
    "C:\Users\Admin\AppData\Local\Temp\79b2065107cb362001a2f8a8cd8e2e20678b2eb2c0372ef760495d9fff407361.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of WriteProcessMemory
    PID:1348
    • C:\Users\Admin\AppData\Roaming\ZeroNet Filesharing Tool\zeronet-downloader.exe
      "C:\Users\Admin\AppData\Roaming\ZeroNet Filesharing Tool\zeronet-downloader.exe"
      2⤵
      • Executes dropped EXE
      PID:972

Network

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

1
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Roaming\ZeroNet Filesharing Tool\zeronet-downloader.exe
    MD5

    9e0722e16793b9e6ffd8b48f4033a236

    SHA1

    b76ebcc61e0d16a93feca87525966d0c4f571ec3

    SHA256

    b5782642408eb1aa19df1781e8de277e0f586f66632b3171069630651c11e988

    SHA512

    f12b277330eeac8e04d3d5b69b37c690897fc49c6586e4ec9c5aa412cd64c07fd9c4edfe6607d01fa49ec6efb3d594af6277555ce70cf0d970d1c29ef5f04bd9

    Download Submit
  • \Users\Admin\AppData\Roaming\ZeroNet Filesharing Tool\zeronet-downloader.exe
    MD5

    9e0722e16793b9e6ffd8b48f4033a236

    SHA1

    b76ebcc61e0d16a93feca87525966d0c4f571ec3

    SHA256

    b5782642408eb1aa19df1781e8de277e0f586f66632b3171069630651c11e988

    SHA512

    f12b277330eeac8e04d3d5b69b37c690897fc49c6586e4ec9c5aa412cd64c07fd9c4edfe6607d01fa49ec6efb3d594af6277555ce70cf0d970d1c29ef5f04bd9

    Download Submit
  • \Users\Admin\AppData\Roaming\ZeroNet Filesharing Tool\zeronet-downloader.exe
    MD5

    9e0722e16793b9e6ffd8b48f4033a236

    SHA1

    b76ebcc61e0d16a93feca87525966d0c4f571ec3

    SHA256

    b5782642408eb1aa19df1781e8de277e0f586f66632b3171069630651c11e988

    SHA512

    f12b277330eeac8e04d3d5b69b37c690897fc49c6586e4ec9c5aa412cd64c07fd9c4edfe6607d01fa49ec6efb3d594af6277555ce70cf0d970d1c29ef5f04bd9

    Download Submit
  • \Users\Admin\AppData\Roaming\ZeroNet Filesharing Tool\zeronet-downloader.exe
    MD5

    9e0722e16793b9e6ffd8b48f4033a236

    SHA1

    b76ebcc61e0d16a93feca87525966d0c4f571ec3

    SHA256

    b5782642408eb1aa19df1781e8de277e0f586f66632b3171069630651c11e988

    SHA512

    f12b277330eeac8e04d3d5b69b37c690897fc49c6586e4ec9c5aa412cd64c07fd9c4edfe6607d01fa49ec6efb3d594af6277555ce70cf0d970d1c29ef5f04bd9

    Download Submit
  • memory/972-57-0x0000000000000000-mapping.dmp
    Download
  • memory/1348-54-0x000007FEFBFD1000-0x000007FEFBFD3000-memory.dmp
    Filesize

    8KB

    Download