Overview

overview

10

Static

static

7cd3cb34d3...9d.exe

windows7-x64

10

7cd3cb34d3...9d.exe

windows10-2004-x64

9

Analysis

  • max time kernel
    161s
  • max time network
    152s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20220722-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20220722-enlocale:en-usos:windows10-2004-x64system
  • submitted
    31-07-2022 08:54

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    7cd3cb34d306f4f74a31c3ef4ae82b2a29e7ad522ebd39ba6bf4e7c1fdf8409d.exe

  • Size

    739KB

  • MD5

    8aa234bdb52dcf643971e8459e90bb12

  • SHA1

    6a0d73e9b3447e2728deaf19739ee4ec8314843b

  • SHA256

    7cd3cb34d306f4f74a31c3ef4ae82b2a29e7ad522ebd39ba6bf4e7c1fdf8409d

  • SHA512

    34a1e66c1949a7cb7f653cf9ec858c6a7bb207343d9f48b8243aee1ada43b10df6d706318aaf88e2089a0c16a6d7283975edfc4d0a68404f54c99f665db70f56

Score
9/10
collection

Malware Config

Signatures

  • NirSoft MailPassView 4 IoCs

    Password recovery tool for various email clients

  • NirSoft WebBrowserPassView 4 IoCs

    Password recovery tool for various web browsers

  • Nirsoft 8 IoCs
  • Checks computer location settings 2 TTPs 1 IoCs

    Looks up country code configured in the registry, likely geofence.

  • Uses the VBS compiler for execution 1 TTPs
  • Accesses Microsoft Outlook accounts 1 TTPs 1 IoCs
    collection
  • Suspicious use of SetThreadContext 3 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

  • Creates scheduled task(s) 1 TTPs 1 IoCs

    Schtasks is often used by malware for persistence or to perform post-infection execution.

    persistence
  • Suspicious behavior: EnumeratesProcesses 4 IoCs
  • Suspicious use of WriteProcessMemory 29 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\7cd3cb34d306f4f74a31c3ef4ae82b2a29e7ad522ebd39ba6bf4e7c1fdf8409d.exe
    "C:\Users\Admin\AppData\Local\Temp\7cd3cb34d306f4f74a31c3ef4ae82b2a29e7ad522ebd39ba6bf4e7c1fdf8409d.exe"
    1⤵
    • Checks computer location settings
    • Suspicious use of SetThreadContext
    • Suspicious use of WriteProcessMemory
    PID:3816
    • C:\Windows\SysWOW64\schtasks.exe
      "C:\Windows\System32\schtasks.exe" /Create /TN "Updates\pwwrSCNqpalIS" /XML "C:\Users\Admin\AppData\Local\Temp\tmp23BB.tmp"
      2⤵
      • Creates scheduled task(s)
      PID:4696
    • C:\Users\Admin\AppData\Local\Temp\7cd3cb34d306f4f74a31c3ef4ae82b2a29e7ad522ebd39ba6bf4e7c1fdf8409d.exe
      "C:\Users\Admin\AppData\Local\Temp\7cd3cb34d306f4f74a31c3ef4ae82b2a29e7ad522ebd39ba6bf4e7c1fdf8409d.exe"
      2⤵
      • Suspicious use of SetThreadContext
      • Suspicious use of WriteProcessMemory
      PID:1072
      • C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe
        "C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe" /stext "C:\Users\Admin\AppData\Local\Temp\tmp83CC.tmp"
        3⤵
        • Suspicious behavior: EnumeratesProcesses
        PID:4040
      • C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe
        "C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe" /stext "C:\Users\Admin\AppData\Local\Temp\tmpA187.tmp"
        3⤵
        • Accesses Microsoft Outlook accounts
        PID:4888

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Microsoft\CLR_v2.0_32\UsageLogs\7cd3cb34d306f4f74a31c3ef4ae82b2a29e7ad522ebd39ba6bf4e7c1fdf8409d.exe.log
    Filesize

    405B

    MD5

    bb02d2315b8c3d46390cc8852c350909

    SHA1

    c7eb57165fb7be0cec9a282a56449d35a3e39a53

    SHA256

    6b04fbf03b5064dc32c8cbc7e5f125339ca297622487ed4269da381fa50b7290

    SHA512

    e395ec8866c9ba864bd59bfb84a88538a053740d66e2fa83926597b2e4b357a55f794c5b39c5ae43353f4debc865ec6b4c60494da32a10e643582b6ae130d080

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\tmp23BB.tmp
    Filesize

    1KB

    MD5

    f0e20921e3ee2fece56d0c77cca2b1b4

    SHA1

    c81d7a42d7215f91ccb76dbef1feae65b6083816

    SHA256

    612c343aeb7bb4d3ebbf78125402976d48beb84ef41f793caf9e19222f24c9bb

    SHA512

    d99c5c29627e2b65f14755d98b0fbb1b823e526e3aa6386e8ca18093c8ac67668dea04fbf620f147dd41d0dedd02e2bceda2cb2cd9a8507ecedf031e0adaa903

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\tmp83CC.tmp
    Filesize

    4KB

    MD5

    508d12363b937319e4dbfc174a10ecba

    SHA1

    edb7ae72b83074621bc83e12d79e6ec91b28952e

    SHA256

    2e4b211b03ba5a4b727a3bdeb55afc31be43ca8605fe7189fb755befa4f4e061

    SHA512

    384f33d45223f2428c80e465ecae7e15a0dc348d2421d4ede7e01e77358e8e6eadcb8002227b9577c2ee1071199267c21a5e35554fc773d4d9f583bff0265e15

    Download Submit

  • memory/1072-139-0x00000000748C0000-0x0000000074E71000-memory.dmp

    Filesize

    5.7MB

    Download

  • memory/1072-141-0x00000000748C0000-0x0000000074E71000-memory.dmp

    Filesize

    5.7MB

    Download

  • memory/3816-132-0x00000000748C0000-0x0000000074E71000-memory.dmp

    Filesize

    5.7MB

    Download

  • memory/3816-133-0x00000000748C0000-0x0000000074E71000-memory.dmp

    Filesize

    5.7MB

    Download

  • memory/3816-140-0x00000000748C0000-0x0000000074E71000-memory.dmp

    Filesize

    5.7MB

    Download

  • memory/4040-143-0x0000000000400000-0x000000000045C000-memory.dmp

    Filesize

    368KB

    Download

  • memory/4040-145-0x0000000000400000-0x000000000045C000-memory.dmp

    Filesize

    368KB

    Download

  • memory/4040-146-0x0000000000400000-0x000000000045C000-memory.dmp

    Filesize

    368KB

    Download

  • memory/4040-147-0x0000000000400000-0x000000000045C000-memory.dmp

    Filesize

    368KB

    Download

  • memory/4888-150-0x0000000000400000-0x000000000041C000-memory.dmp

    Filesize

    112KB

    Download

  • memory/4888-152-0x0000000000400000-0x000000000041C000-memory.dmp

    Filesize

    112KB

    Download

  • memory/4888-153-0x0000000000400000-0x000000000041C000-memory.dmp

    Filesize

    112KB

    Download

  • memory/4888-154-0x0000000000400000-0x000000000041C000-memory.dmp

    Filesize

    112KB

    Download