Overview

overview

7

Static

static

13372c9ee3...9c.exe

windows7_x64

4

13372c9ee3...9c.exe

windows10-2004_x64

7

Analysis

  • max time kernel
    144s
  • max time network
    168s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-en-20220113
  • submitted
    05-02-2022 19:04

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    13372c9ee33607078c92df2537d9600a4c4d3dd8b991fb56aacf281e10a9239c.exe

  • Size

    14.9MB

  • MD5

    a2e629210482c695662cd4febf670577

  • SHA1

    4583167b578350ed5f33e2dabb8ff9d973089b09

  • SHA256

    13372c9ee33607078c92df2537d9600a4c4d3dd8b991fb56aacf281e10a9239c

  • SHA512

    7b231d57af0ca7cb5a0ce5085bb2e282c8365b52f02cc0f6d7ba9cf716688e20ab82cb1e8aae6a7f84abbb866bfbcadd2919cea0f4ac707e1f82222166251bb4

Score
7/10

Malware Config

Signatures

  • Checks computer location settings 2 TTPs 1 IoCs

    Looks up country code configured in the registry, likely geofence.

  • Drops file in Windows directory 6 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

  • Modifies Internet Explorer settings 1 TTPs 4 IoCs
    adwarespyware
  • Modifies registry class 32 IoCs
  • Suspicious behavior: AddClipboardFormatListener 1 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 6 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 2 IoCs
  • Suspicious use of WriteProcessMemory 2 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\13372c9ee33607078c92df2537d9600a4c4d3dd8b991fb56aacf281e10a9239c.exe
    "C:\Users\Admin\AppData\Local\Temp\13372c9ee33607078c92df2537d9600a4c4d3dd8b991fb56aacf281e10a9239c.exe"
    1⤵
    • Checks computer location settings
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of WriteProcessMemory
    PID:1464
    • C:\Windows\explorer.exe
      "C:\Windows\explorer.exe" C:\Users\Admin\Desktop\RevoUninstallerPro_Portable
      2⤵
        PID:2788
    • C:\Windows\explorer.exe
      C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding
      1⤵
      • Modifies Internet Explorer settings
      • Modifies registry class
      • Suspicious behavior: AddClipboardFormatListener
      • Suspicious behavior: GetForegroundWindowSpam
      • Suspicious use of SetWindowsHookEx
      PID:1048
    • C:\Windows\System32\rundll32.exe
      C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
      1⤵
        PID:5096
      • C:\Windows\system32\svchost.exe
        C:\Windows\system32\svchost.exe -k netsvcs -p -s wuauserv
        1⤵
        • Drops file in Windows directory
        • Suspicious use of AdjustPrivilegeToken
        PID:2604

      Network

      MITRE ATT&CK Matrix ATT&CK v6

      Initial Access

      Execution

      Persistence

      Privilege Escalation

      Defense Evasion

      Modify Registry

      1
      T1112

      Credential Access

      Discovery

      Query Registry

      1
      T1012

      System Information Discovery

      2
      T1082

      Lateral Movement

      Collection

      Exfiltration

      Command and Control

      Impact

      Replay Monitor

      Loading Replay Monitor...

      Downloads

      • C:\Users\Admin\Desktop\RevoUninstallerPro_Portable\RevoUPPort.exe
        MD5

        2bd423a31680a629d49706e0ead97da1

        SHA1

        1cc33dd011f9d97d45f8ae39712316196e015641

        SHA256

        0771b98294719f47447123fcc3a819db4710eef00f38b6232b5e06abd86d850c

        SHA512

        10644e6cb8faccfe26b2c4eed6b6f13d5ce6c4b702de02865a947ee010d46d051e341e41666c2c294a389d582483cba757ab477a2b44ef1fe248871ce0df74c1

        Download Submit
      • memory/2604-134-0x000001C603B90000-0x000001C603BA0000-memory.dmp
        Filesize

        64KB

        Download
      • memory/2604-141-0x000001C606810000-0x000001C606814000-memory.dmp
        Filesize

        16KB

        Download