Overview
overview
10Static
static
8trojan/1.exe
windows7_x64
10trojan/1.exe
windows10-2004_x64
10trojan/10.exe
windows7_x64
10trojan/10.exe
windows10-2004_x64
8trojan/2.exe
windows7_x64
3trojan/2.exe
windows10-2004_x64
5trojan/3.exe
windows7_x64
10trojan/3.exe
windows10-2004_x64
10trojan/4.exe
windows7_x64
8trojan/4.exe
windows10-2004_x64
8trojan/5.exe
windows7_x64
8trojan/5.exe
windows10-2004_x64
8trojan/6.exe
windows7_x64
10trojan/6.exe
windows10-2004_x64
10trojan/7.exe
windows7_x64
10trojan/7.exe
windows10-2004_x64
10trojan/8.exe
windows7_x64
trojan/8.exe
windows10-2004_x64
10trojan/9.exe
windows7_x64
8trojan/9.exe
windows10-2004_x64
8Analysis
-
max time kernel
220s -
max time network
210s -
platform
windows7_x64 -
resource
win7-20220414-en -
submitted
07-07-2022 09:24
Static task
static1
Behavioral task
behavioral1
Sample
trojan/1.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
trojan/1.exe
Resource
win10v2004-20220414-en
Behavioral task
behavioral3
Sample
trojan/10.exe
Resource
win7-20220414-en
Behavioral task
behavioral4
Sample
trojan/10.exe
Resource
win10v2004-20220414-en
Behavioral task
behavioral5
Sample
trojan/2.exe
Resource
win7-20220414-en
Behavioral task
behavioral6
Sample
trojan/2.exe
Resource
win10v2004-20220414-en
Behavioral task
behavioral7
Sample
trojan/3.exe
Resource
win7-20220414-en
Behavioral task
behavioral8
Sample
trojan/3.exe
Resource
win10v2004-20220414-en
Behavioral task
behavioral9
Sample
trojan/4.exe
Resource
win7-20220414-en
Behavioral task
behavioral10
Sample
trojan/4.exe
Resource
win10v2004-20220414-en
Behavioral task
behavioral11
Sample
trojan/5.exe
Resource
win7-20220414-en
Behavioral task
behavioral12
Sample
trojan/5.exe
Resource
win10v2004-20220414-en
Behavioral task
behavioral13
Sample
trojan/6.exe
Resource
win7-20220414-en
Behavioral task
behavioral14
Sample
trojan/6.exe
Resource
win10v2004-20220414-en
Behavioral task
behavioral15
Sample
trojan/7.exe
Resource
win7-20220414-en
Behavioral task
behavioral16
Sample
trojan/7.exe
Resource
win10v2004-20220414-en
Behavioral task
behavioral17
Sample
trojan/8.exe
Resource
win7-20220414-en
Behavioral task
behavioral18
Sample
trojan/8.exe
Resource
win10v2004-20220414-en
Behavioral task
behavioral19
Sample
trojan/9.exe
Resource
win7-20220414-en
Behavioral task
behavioral20
Sample
trojan/9.exe
Resource
win10v2004-20220414-en
General
-
Target
trojan/7.exe
-
Size
127KB
-
MD5
a202914a34dc528aa137bd394518d9b0
-
SHA1
4724934b61687cb1abe96bab137c7b1d4476f271
-
SHA256
f110528a354648070a7ef4cbc43046ca427adced8aad6c936bdc9e8932e01225
-
SHA512
c18ece9e156c2020cc34e3aa77e00efaeda2cca2d5a99b0c0e6cf170b723a009dbaa775b14a7673ba076aefbb7aba1a0fec12e3db7d580c5b43841cb1659a8d6
Malware Config
Extracted
C:\HELP_DECRYPT_YOUR_FILES.TXT
enc0@dr.com
enc1@usa.com
Extracted
C:\HELP_DECRYPT_YOUR_FILES.HTML
enc0@dr.com<br>
enc1@usa.com<br>
Signatures
-
Adds Run key to start application 2 TTPs 4 IoCs
Processes:
7.exedescription ioc process Set value (str) \REGISTRY\USER\S-1-5-21-2277218442-1199762539-2004043321-1000\Software\Microsoft\Windows\CurrentVersion\RunOnce\*Chrome Reader Update32 = "\"C:\\Users\\Admin\\AppData\\Local\\Temp\\trojan\\7.exe\"" 7.exe Set value (str) \REGISTRY\USER\S-1-5-21-2277218442-1199762539-2004043321-1000\Software\Microsoft\Windows\CurrentVersion\Run\ChromeFlashPlayersHardWare = "\"C:\\Users\\Admin\\AppData\\Roaming\\ChromeFlashPlayer_f86d0abd1c9b74ea.exe\"" 7.exe Set value (str) \REGISTRY\USER\S-1-5-21-2277218442-1199762539-2004043321-1000\Software\Microsoft\Windows\CurrentVersion\RunOnce\*ChromeFlashPlayers32 = "\"C:\\Users\\Admin\\AppData\\Roaming\\ChromeFlashPlayer_f86d0abd1c9b74ea.exe\"" 7.exe Set value (str) \REGISTRY\USER\S-1-5-21-2277218442-1199762539-2004043321-1000\Software\Microsoft\Windows\CurrentVersion\Run\Chrome Reader UpdateHardWare = "\"C:\\Users\\Admin\\AppData\\Local\\Temp\\trojan\\7.exe\"" 7.exe -
Enumerates connected drives 3 TTPs 2 IoCs
Attempts to read the root path of hard drives other than the default C: drive.
Processes:
7.exedescription ioc process File opened (read-only) \??\A: 7.exe File opened (read-only) \??\B: 7.exe -
Drops file in Program Files directory 8 IoCs
Processes:
7.exedescription ioc process File opened for modification C:\Program Files\HELP_DECRYPT_YOUR_FILES.HTML 7.exe File created C:\Program Files (x86)\HELP_DECRYPT_YOUR_FILES.TXT 7.exe File opened for modification C:\Program Files (x86)\HELP_DECRYPT_YOUR_FILES.TXT 7.exe File created C:\Program Files (x86)\HELP_DECRYPT_YOUR_FILES.HTML 7.exe File opened for modification C:\Program Files (x86)\HELP_DECRYPT_YOUR_FILES.HTML 7.exe File created C:\Program Files\HELP_DECRYPT_YOUR_FILES.TXT 7.exe File opened for modification C:\Program Files\HELP_DECRYPT_YOUR_FILES.TXT 7.exe File created C:\Program Files\HELP_DECRYPT_YOUR_FILES.HTML 7.exe