Overview
overview
10Static
static
107zS8A52FD1...f3.exe
windows7_x64
87zS8A52FD1...f3.exe
windows10-2004_x64
87zS8A52FD1...62.exe
windows7_x64
77zS8A52FD1...62.exe
windows10-2004_x64
77zS8A52FD1...9a.exe
windows7_x64
107zS8A52FD1...9a.exe
windows10-2004_x64
107zS8A52FD1...8a.exe
windows7_x64
107zS8A52FD1...8a.exe
windows10-2004_x64
107zS8A52FD1...f5.exe
windows7_x64
17zS8A52FD1...f5.exe
windows10-2004_x64
17zS8A52FD1...68.exe
windows7_x64
77zS8A52FD1...68.exe
windows10-2004_x64
77zS8A52FD1...41.exe
windows7_x64
77zS8A52FD1...41.exe
windows10-2004_x64
77zS8A52FD1...cd.exe
windows7_x64
87zS8A52FD1...cd.exe
windows10-2004_x64
87zS8A52FD1...71.exe
windows7_x64
57zS8A52FD1...71.exe
windows10-2004_x64
57zS8A52FD1...9c.exe
windows7_x64
107zS8A52FD1...9c.exe
windows10-2004_x64
107zS8A52FD1...0d.exe
windows7_x64
17zS8A52FD1...0d.exe
windows10-2004_x64
17zS8A52FD1...ff.exe
windows7_x64
107zS8A52FD1...ff.exe
windows10-2004_x64
107zS8A52FD1...68.exe
windows7_x64
107zS8A52FD1...68.exe
windows10-2004_x64
107zS8A52FD1...-1.dll
windows7_x64
37zS8A52FD1...-1.dll
windows10-2004_x64
37zS8A52FD1...-6.dll
windows7_x64
37zS8A52FD1...-6.dll
windows10-2004_x64
37zS8A52FD1...-1.dll
windows7_x64
17zS8A52FD1...-1.dll
windows10-2004_x64
1Analysis
-
max time kernel
150s -
max time network
46s -
platform
windows7_x64 -
resource
win7-20220414-en -
submitted
09-06-2022 14:12
Behavioral task
behavioral1
Sample
7zS8A52FD1B/62a1ea227dc1c_17ee33ef3.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
7zS8A52FD1B/62a1ea227dc1c_17ee33ef3.exe
Resource
win10v2004-20220414-en
Behavioral task
behavioral3
Sample
7zS8A52FD1B/62a1ea23342ae_c77562.exe
Resource
win7-20220414-en
Behavioral task
behavioral4
Sample
7zS8A52FD1B/62a1ea23342ae_c77562.exe
Resource
win10v2004-20220414-en
Behavioral task
behavioral5
Sample
7zS8A52FD1B/62a1ea23da745_6e68c9a.exe
Resource
win7-20220414-en
Behavioral task
behavioral6
Sample
7zS8A52FD1B/62a1ea23da745_6e68c9a.exe
Resource
win10v2004-20220414-en
Behavioral task
behavioral7
Sample
7zS8A52FD1B/62a1ea243386e_a4f8a5d8a.exe
Resource
win7-20220414-en
Behavioral task
behavioral8
Sample
7zS8A52FD1B/62a1ea243386e_a4f8a5d8a.exe
Resource
win10v2004-20220414-en
Behavioral task
behavioral9
Sample
7zS8A52FD1B/62a1ea2501f48_0371f5.exe
Resource
win7-20220414-en
Behavioral task
behavioral10
Sample
7zS8A52FD1B/62a1ea2501f48_0371f5.exe
Resource
win10v2004-20220414-en
Behavioral task
behavioral11
Sample
7zS8A52FD1B/62a1ea2a20759_b7a66dc968.exe
Resource
win7-20220414-en
Behavioral task
behavioral12
Sample
7zS8A52FD1B/62a1ea2a20759_b7a66dc968.exe
Resource
win10v2004-20220414-en
Behavioral task
behavioral13
Sample
7zS8A52FD1B/62a1ea2b65292_c4804f5141.exe
Resource
win7-20220414-en
Behavioral task
behavioral14
Sample
7zS8A52FD1B/62a1ea2b65292_c4804f5141.exe
Resource
win10v2004-20220414-en
Behavioral task
behavioral15
Sample
7zS8A52FD1B/62a1ea2d09364_3056ccd.exe
Resource
win7-20220414-en
Behavioral task
behavioral16
Sample
7zS8A52FD1B/62a1ea2d09364_3056ccd.exe
Resource
win10v2004-20220414-en
Behavioral task
behavioral17
Sample
7zS8A52FD1B/62a1ea2df066e_add786971.exe
Resource
win7-20220414-en
Behavioral task
behavioral18
Sample
7zS8A52FD1B/62a1ea2df066e_add786971.exe
Resource
win10v2004-20220414-en
Behavioral task
behavioral19
Sample
7zS8A52FD1B/62a1ea2f0beee_36a9ec29c.exe
Resource
win7-20220414-en
Behavioral task
behavioral20
Sample
7zS8A52FD1B/62a1ea2f0beee_36a9ec29c.exe
Resource
win10v2004-20220414-en
Behavioral task
behavioral21
Sample
7zS8A52FD1B/62a1ea2fb0309_1d35870d.exe
Resource
win7-20220414-en
Behavioral task
behavioral22
Sample
7zS8A52FD1B/62a1ea2fb0309_1d35870d.exe
Resource
win10v2004-20220414-en
Behavioral task
behavioral23
Sample
7zS8A52FD1B/62a1ea319013f_e64e1ff.exe
Resource
win7-20220414-en
Behavioral task
behavioral24
Sample
7zS8A52FD1B/62a1ea319013f_e64e1ff.exe
Resource
win10v2004-20220414-en
Behavioral task
behavioral25
Sample
7zS8A52FD1B/62a1ea3215fd5_67a668.exe
Resource
win7-20220414-en
Behavioral task
behavioral26
Sample
7zS8A52FD1B/62a1ea3215fd5_67a668.exe
Resource
win10v2004-20220414-en
Behavioral task
behavioral27
Sample
7zS8A52FD1B/libgcc_s_dw2-1.dll
Resource
win7-20220414-en
Behavioral task
behavioral28
Sample
7zS8A52FD1B/libgcc_s_dw2-1.dll
Resource
win10v2004-20220414-en
Behavioral task
behavioral29
Sample
7zS8A52FD1B/libstdc++-6.dll
Resource
win7-20220414-en
Behavioral task
behavioral30
Sample
7zS8A52FD1B/libstdc++-6.dll
Resource
win10v2004-20220414-en
Behavioral task
behavioral31
Sample
7zS8A52FD1B/libwinpthread-1.dll
Resource
win7-20220414-en
Behavioral task
behavioral32
Sample
7zS8A52FD1B/libwinpthread-1.dll
Resource
win10v2004-20220414-en
General
-
Target
7zS8A52FD1B/62a1ea2501f48_0371f5.exe
-
Size
173KB
-
MD5
72968341a0de08313bc9ab626d212f91
-
SHA1
f893e4510e600ff3b6d33cea85571fa26c270606
-
SHA256
ef9863d5358896238ef682130b38511033fd9f14354263326dd000b39358c4b4
-
SHA512
1fe2a7a5fc1e32d4a581efd8148b66525adf3249c02fe3811b24f620c1e3c8af926cabca5ad07d59740e6480a0cb3833db87cc2354ac22cbade57924eaff6346
Malware Config
Signatures
-
Checks SCSI registry key(s) 3 TTPs 3 IoCs
SCSI information is often read in order to detect sandboxing environments.
Processes:
62a1ea2501f48_0371f5.exedescription ioc process Key enumerated \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI 62a1ea2501f48_0371f5.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI 62a1ea2501f48_0371f5.exe Key queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI 62a1ea2501f48_0371f5.exe -
Suspicious behavior: EnumeratesProcesses 64 IoCs
Processes:
62a1ea2501f48_0371f5.exepid process 1856 62a1ea2501f48_0371f5.exe 1856 62a1ea2501f48_0371f5.exe 1248 1248 1248 1248 1248 1248 1248 1248 1248 1248 1248 1248 1248 1248 1248 1248 1248 1248 1248 1248 1248 1248 1248 1248 1248 1248 1248 1248 1248 1248 1248 1248 1248 1248 1248 1248 1248 1248 1248 1248 1248 1248 1248 1248 1248 1248 1248 1248 1248 1248 1248 1248 1248 1248 1248 1248 1248 1248 1248 1248 1248 1248 -
Suspicious behavior: MapViewOfSection 1 IoCs
Processes:
62a1ea2501f48_0371f5.exepid process 1856 62a1ea2501f48_0371f5.exe
Processes
Network
MITRE ATT&CK Matrix ATT&CK v6
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/1856-54-0x0000000075CE1000-0x0000000075CE3000-memory.dmpFilesize
8KB
-
memory/1856-56-0x00000000001B0000-0x00000000001B9000-memory.dmpFilesize
36KB
-
memory/1856-55-0x00000000002CE000-0x00000000002D7000-memory.dmpFilesize
36KB
-
memory/1856-57-0x0000000000400000-0x00000000008F5000-memory.dmpFilesize
5.0MB
-
memory/1856-58-0x0000000000400000-0x00000000008F5000-memory.dmpFilesize
5.0MB