Overview

overview

10

Static

static

10

6c39c5f5d1...0f.exe

windows7_x64

8

6c39c5f5d1...0f.exe

windows10-2004_x64

6

6c39c5f5d1...0f.exe

windows11_x64

Analysis

  • max time kernel
    151s
  • max time network
    138s
  • platform
    windows7_x64
  • resource
    win7-20220414-en
  • submitted
    15-06-2022 11:48

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    6c39c5f5d143700d4ad43b0aa7fb6a51e77817060467cf3462ef037176e1f50f.exe

  • Size

    54KB

  • MD5

    057d8c68bf4ce08bda3f9bd96c04bd25

  • SHA1

    60428ec831ff15fe3e5019e8517af06da1196b96

  • SHA256

    6c39c5f5d143700d4ad43b0aa7fb6a51e77817060467cf3462ef037176e1f50f

  • SHA512

    87a48943600a1d5782edaf76fd422d3d66e571a2f907dc99dddded81e25275b8fb332e04f79078d90d2a7abcdcc95c7dc10244ef91c3f272b9bbbbd180db17a4

Score
8/10
ransomwarespywarestealer

Malware Config

Signatures

  • Modifies extensions of user files 1 IoCs

    Ransomware generally changes the extension on encrypted files.

    ransomware
  • Drops startup file 1 IoCs
  • Loads dropped DLL 2 IoCs
  • Reads user/profile data of web browsers 2 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer
  • Drops desktop.ini file(s) 64 IoCs
  • Drops autorun.inf file 1 TTPs 1 IoCs

    Malware can abuse Windows Autorun to spread further via attached volumes.

  • Drops file in Program Files directory 64 IoCs
  • Drops file in Windows directory 64 IoCs
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of FindShellTrayWindow 64 IoCs
  • Suspicious use of SendNotifyMessage 64 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\6c39c5f5d143700d4ad43b0aa7fb6a51e77817060467cf3462ef037176e1f50f.exe
    "C:\Users\Admin\AppData\Local\Temp\6c39c5f5d143700d4ad43b0aa7fb6a51e77817060467cf3462ef037176e1f50f.exe"
    1⤵
    • Modifies extensions of user files
    • Drops startup file
    • Drops desktop.ini file(s)
    • Drops autorun.inf file
    • Drops file in Program Files directory
    • Drops file in Windows directory
    PID:1676
  • C:\Windows\system32\taskmgr.exe
    taskmgr.exe /2
    1⤵
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious behavior: GetForegroundWindowSpam
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    PID:284

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • \Program Files\Microsoft Office\Office14\MSOHEVI.DLL
    Filesize

    75KB

    MD5

    7cc7440baf323af4826edd99cc9a3b4a

    SHA1

    81f75ea24d3bcfbeb8136bb16c067caa8c47e02d

    SHA256

    1ec10f62373b09c3a7877fe4ff06dd43bc1f6488dd5c9637be9a1d20f278a392

    SHA512

    81f6fcdc002953416bd088357bfe8bd54092bda03a1bdae3291a0e8be77c9b7911900417c27dac628854a8d7349dbb82dbe1c91224ce57571354a90433e14c95

    Download Submit

  • \Program Files\Microsoft Office\Office14\VISSHE.DLL
    Filesize

    953KB

    MD5

    2f4759c23abcd639ac3ca7f8fa9480ac

    SHA1

    9a3fece585fa01b7b941e124ead0c39c8ce9bc7c

    SHA256

    6d66fa59407862e0fddfcb36472fe810eb308653321ca0e374ac870f9aa8cec6

    SHA512

    6ab14d6a8d3e9a751d68133e734cc804de2b50a7ef223d484d0f727cdfbd00d48f6e0666c3b86a0daf9ca42c0b726f6c2a088e5bb32c993748abfea7b5904ec6

    Download Submit

  • memory/284-55-0x000007FEFC021000-0x000007FEFC023000-memory.dmp

    Filesize

    8KB

    Download

  • memory/284-56-0x0000000140000000-0x00000001405E8000-memory.dmp

    Filesize

    5.9MB

    Download

  • memory/1676-54-0x0000000075761000-0x0000000075763000-memory.dmp

    Filesize

    8KB

    Download