Analysis
-
max time kernel
97s -
max time network
125s -
platform
windows10-2004_x64 -
resource
win10v2004-20220721-en -
resource tags
arch:x64arch:x86image:win10v2004-20220721-enlocale:en-usos:windows10-2004-x64system -
submitted
25-07-2022 01:22
Static task
static1
Behavioral task
behavioral1
Sample
56e513ef36c46d14e199eb96706aa42cfbcebc7ac8897bfcd26cf53893eafa01.exe
Resource
win7-20220715-en
Behavioral task
behavioral2
Sample
56e513ef36c46d14e199eb96706aa42cfbcebc7ac8897bfcd26cf53893eafa01.exe
Resource
win10v2004-20220721-en
General
-
Target
56e513ef36c46d14e199eb96706aa42cfbcebc7ac8897bfcd26cf53893eafa01.exe
-
Size
257KB
-
MD5
7c65e80b914e89ef4d66d9a11da8810a
-
SHA1
87db4d7e89f3034a1e5ca2a81e903db4c803b3c0
-
SHA256
56e513ef36c46d14e199eb96706aa42cfbcebc7ac8897bfcd26cf53893eafa01
-
SHA512
254c00a1edb54a8872096e0334175b8914d7cdb06c6a5657cb0f6a661fa9ad1ee404744272a30ac8e1337fbf005bed5d549c657b1684b25ffd6b04e62ba6bf48
Malware Config
Signatures
-
suricata: ET MALWARE ETag HTTP Header Observed at JPCERT Sinkhole
suricata: ET MALWARE ETag HTTP Header Observed at JPCERT Sinkhole
-
Maps connected drives based on registry 3 TTPs 2 IoCs
Disk information is often read in order to detect sandboxing environments.
Processes:
56e513ef36c46d14e199eb96706aa42cfbcebc7ac8897bfcd26cf53893eafa01.exedescription ioc process Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\services\disk\enum 56e513ef36c46d14e199eb96706aa42cfbcebc7ac8897bfcd26cf53893eafa01.exe Key value enumerated \REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\disk\Enum 56e513ef36c46d14e199eb96706aa42cfbcebc7ac8897bfcd26cf53893eafa01.exe -
Drops file in Windows directory 1 IoCs
Processes:
56e513ef36c46d14e199eb96706aa42cfbcebc7ac8897bfcd26cf53893eafa01.exedescription ioc process File created C:\Windows\Tasks\EasyFix.job 56e513ef36c46d14e199eb96706aa42cfbcebc7ac8897bfcd26cf53893eafa01.exe