Overview

overview

7

Static

static

1.rar

windows7-x64

7

1.rar

windows10-2004-x64

7

Analysis

  • max time kernel
    196s
  • max time network
    212s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20220812-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
  • submitted
    15-09-2022 01:37

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    1.rar

  • Size

    3.2MB

  • MD5

    b53dbf0106a7eae3a7b073b254162c16

  • SHA1

    6ca3fa39a0c07c0e26ff5339adb7496b310452a9

  • SHA256

    60e03e1dfc1606c12dd7a590306a0c2766f36f0e9d75fc0d441e4ccb31bf0f66

  • SHA512

    7ed532840789c0294c34b8a8596b619d4cfab7201e66311f07530a9d81cf8e68a9a0b9715ee7fc8ce7f52978a080f2ca6ce6437f92b773c6e514282d4a7979ab

  • SSDEEP

    98304:2jrxn7HBzkcomean6DKOGAt6Ni4iIOundiQE:qdnjBzDb0L76NEIO3QE

Score
7/10

Malware Config

Signatures

  • Loads dropped DLL 6 IoCs
  • Enumerates connected drives 3 TTPs 48 IoCs

    Attempts to read the root path of hard drives other than the default C: drive.

  • Drops file in Windows directory 13 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

  • Modifies registry class 2 IoCs
  • Suspicious behavior: EnumeratesProcesses 2 IoCs
  • Suspicious use of AdjustPrivilegeToken 56 IoCs
  • Suspicious use of FindShellTrayWindow 3 IoCs
  • Suspicious use of SetWindowsHookEx 1 IoCs
  • Suspicious use of WriteProcessMemory 5 IoCs

Processes

  • C:\Windows\system32\cmd.exe
    cmd /c C:\Users\Admin\AppData\Local\Temp\1.rar
    1⤵
    • Modifies registry class
    PID:4400
  • C:\Windows\system32\OpenWith.exe
    C:\Windows\system32\OpenWith.exe -Embedding
    1⤵
    • Modifies registry class
    • Suspicious use of SetWindowsHookEx
    PID:4916
  • C:\Windows\System32\rundll32.exe
    C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
    1⤵
      PID:4248
    • C:\Program Files\7-Zip\7zG.exe
      "C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\AppData\Local\Temp\" -an -ai#7zMap22360:82:7zEvent26517
      1⤵
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of FindShellTrayWindow
      PID:4192
    • C:\Windows\System32\msiexec.exe
      "C:\Windows\System32\msiexec.exe" /i "C:\Users\Admin\AppData\Local\Temp\182d30fb29b6bff76dd557e55246b8ef.msi"
      1⤵
      • Enumerates connected drives
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of FindShellTrayWindow
      PID:4268
    • C:\Windows\system32\msiexec.exe
      C:\Windows\system32\msiexec.exe /V
      1⤵
      • Enumerates connected drives
      • Drops file in Windows directory
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of WriteProcessMemory
      PID:5052
      • C:\Windows\syswow64\MsiExec.exe
        C:\Windows\syswow64\MsiExec.exe -Embedding 86F48A42550050A1EAF8F55E18C59981
        2⤵
        • Loads dropped DLL
        PID:1496
      • C:\Windows\System32\MsiExec.exe
        C:\Windows\System32\MsiExec.exe -Embedding 27D7D0ED6ADC52BB9FA8C07F82A559BA
        2⤵
        • Loads dropped DLL
        PID:1240

    Network

    MITRE ATT&CK Enterprise v6

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\Local\Temp\182d30fb29b6bff76dd557e55246b8ef.msi
      Filesize

      108.4MB

      MD5

      182d30fb29b6bff76dd557e55246b8ef

      SHA1

      7bb2e25286c3b41d6f7c20d60cda076ad87cea77

      SHA256

      f2d5f80d595128a9c80fd661673655a01912c4eaca381d9e4e484fcbe6af6554

      SHA512

      1f8122e6efadee856a507109731e60b00a4cae3403bac55dffdd676e5a7a81fd08c8532cd04b250fd6a9509099c358635cc99ba25e8b4348c1409a5a83f71e21

      Download Submit

    • C:\Windows\Installer\MSIC37A.tmp
      Filesize

      376KB

      MD5

      e12c5bcc254c953b1a46d1434804f4d2

      SHA1

      99f67acf34af1294f3c6e5eb521c862e1c772397

      SHA256

      5316cfae8b4d28ab7cbc5cab60e27b0c0f5a3210a921a4b0560769c5021c911b

      SHA512

      9a61aa00b651fc616cd09d28f4a6b872889a026c61d818595a82c58fdff187e3ad57916c2b8690d1e7016d73a05435e13a85758917cfb89029b34c4a1685aa0b

      Download Submit

    • C:\Windows\Installer\MSIC37A.tmp
      Filesize

      376KB

      MD5

      e12c5bcc254c953b1a46d1434804f4d2

      SHA1

      99f67acf34af1294f3c6e5eb521c862e1c772397

      SHA256

      5316cfae8b4d28ab7cbc5cab60e27b0c0f5a3210a921a4b0560769c5021c911b

      SHA512

      9a61aa00b651fc616cd09d28f4a6b872889a026c61d818595a82c58fdff187e3ad57916c2b8690d1e7016d73a05435e13a85758917cfb89029b34c4a1685aa0b

      Download Submit

    • C:\Windows\Installer\MSID59C.tmp
      Filesize

      376KB

      MD5

      e12c5bcc254c953b1a46d1434804f4d2

      SHA1

      99f67acf34af1294f3c6e5eb521c862e1c772397

      SHA256

      5316cfae8b4d28ab7cbc5cab60e27b0c0f5a3210a921a4b0560769c5021c911b

      SHA512

      9a61aa00b651fc616cd09d28f4a6b872889a026c61d818595a82c58fdff187e3ad57916c2b8690d1e7016d73a05435e13a85758917cfb89029b34c4a1685aa0b

      Download Submit

    • C:\Windows\Installer\MSID59C.tmp
      Filesize

      376KB

      MD5

      e12c5bcc254c953b1a46d1434804f4d2

      SHA1

      99f67acf34af1294f3c6e5eb521c862e1c772397

      SHA256

      5316cfae8b4d28ab7cbc5cab60e27b0c0f5a3210a921a4b0560769c5021c911b

      SHA512

      9a61aa00b651fc616cd09d28f4a6b872889a026c61d818595a82c58fdff187e3ad57916c2b8690d1e7016d73a05435e13a85758917cfb89029b34c4a1685aa0b

      Download Submit

    • C:\Windows\Installer\MSID791.tmp
      Filesize

      376KB

      MD5

      e12c5bcc254c953b1a46d1434804f4d2

      SHA1

      99f67acf34af1294f3c6e5eb521c862e1c772397

      SHA256

      5316cfae8b4d28ab7cbc5cab60e27b0c0f5a3210a921a4b0560769c5021c911b

      SHA512

      9a61aa00b651fc616cd09d28f4a6b872889a026c61d818595a82c58fdff187e3ad57916c2b8690d1e7016d73a05435e13a85758917cfb89029b34c4a1685aa0b

      Download Submit

    • C:\Windows\Installer\MSID791.tmp
      Filesize

      376KB

      MD5

      e12c5bcc254c953b1a46d1434804f4d2

      SHA1

      99f67acf34af1294f3c6e5eb521c862e1c772397

      SHA256

      5316cfae8b4d28ab7cbc5cab60e27b0c0f5a3210a921a4b0560769c5021c911b

      SHA512

      9a61aa00b651fc616cd09d28f4a6b872889a026c61d818595a82c58fdff187e3ad57916c2b8690d1e7016d73a05435e13a85758917cfb89029b34c4a1685aa0b

      Download Submit

    • C:\Windows\Installer\MSID7B1.tmp
      Filesize

      860KB

      MD5

      71b541254864bd52f85e932e2040cbe8

      SHA1

      713766e1818f8d7ca814c86109c9cdd5d57914ef

      SHA256

      b29ab4744ff6c8c9c440e878abf6f76255c538e71564e6a6279513b543be0538

      SHA512

      4d2e0a30fd6729eb40fad358795db152327b0441da574052a371762f33c9f9e7b9a77c4a4762207bcb401a2d3ef6438730c245916f4a81cd20f748857d5170d2

      Download Submit

    • C:\Windows\Installer\MSID7B1.tmp
      Filesize

      860KB

      MD5

      71b541254864bd52f85e932e2040cbe8

      SHA1

      713766e1818f8d7ca814c86109c9cdd5d57914ef

      SHA256

      b29ab4744ff6c8c9c440e878abf6f76255c538e71564e6a6279513b543be0538

      SHA512

      4d2e0a30fd6729eb40fad358795db152327b0441da574052a371762f33c9f9e7b9a77c4a4762207bcb401a2d3ef6438730c245916f4a81cd20f748857d5170d2

      Download Submit

    • C:\Windows\Installer\MSIE147.tmp
      Filesize

      376KB

      MD5

      e12c5bcc254c953b1a46d1434804f4d2

      SHA1

      99f67acf34af1294f3c6e5eb521c862e1c772397

      SHA256

      5316cfae8b4d28ab7cbc5cab60e27b0c0f5a3210a921a4b0560769c5021c911b

      SHA512

      9a61aa00b651fc616cd09d28f4a6b872889a026c61d818595a82c58fdff187e3ad57916c2b8690d1e7016d73a05435e13a85758917cfb89029b34c4a1685aa0b

      Download Submit

    • C:\Windows\Installer\MSIE147.tmp
      Filesize

      376KB

      MD5

      e12c5bcc254c953b1a46d1434804f4d2

      SHA1

      99f67acf34af1294f3c6e5eb521c862e1c772397

      SHA256

      5316cfae8b4d28ab7cbc5cab60e27b0c0f5a3210a921a4b0560769c5021c911b

      SHA512

      9a61aa00b651fc616cd09d28f4a6b872889a026c61d818595a82c58fdff187e3ad57916c2b8690d1e7016d73a05435e13a85758917cfb89029b34c4a1685aa0b

      Download Submit

    • C:\Windows\Installer\MSIEE0B.tmp
      Filesize

      106.2MB

      MD5

      eeac072023b4dcdb28f7a9c48b46f88a

      SHA1

      c59d0edcc7e4caca877074978b5f0cabc7631500

      SHA256

      5e71693441b2efb7c09a64e130d683289023481134dc83a4a5b6c10135495182

      SHA512

      d21f3bae49d2ebe4d37456512fe24e16ae6fb1d979219e95eca61428176c4e7b94f5a41c767586907a957eb7ab0c2e008ea9b97e019b5460c46d2dc71d30f177

      Download Submit

    • C:\Windows\Installer\MSIEE0B.tmp
      Filesize

      106.2MB

      MD5

      eeac072023b4dcdb28f7a9c48b46f88a

      SHA1

      c59d0edcc7e4caca877074978b5f0cabc7631500

      SHA256

      5e71693441b2efb7c09a64e130d683289023481134dc83a4a5b6c10135495182

      SHA512

      d21f3bae49d2ebe4d37456512fe24e16ae6fb1d979219e95eca61428176c4e7b94f5a41c767586907a957eb7ab0c2e008ea9b97e019b5460c46d2dc71d30f177

      Download Submit

    • memory/1240-147-0x00007FFECB7A0000-0x00007FFECC261000-memory.dmp

      Filesize

      10.8MB

      Download

    • memory/1240-148-0x000002094BC90000-0x000002094BD90000-memory.dmp

      Filesize

      1024KB

      Download

    • memory/1240-149-0x00007FFECB7A0000-0x00007FFECC261000-memory.dmp

      Filesize

      10.8MB

      Download

    • memory/1240-150-0x000002094BC90000-0x000002094BD90000-memory.dmp

      Filesize

      1024KB

      Download

    • memory/1240-151-0x00007FFECB7A0000-0x00007FFECC261000-memory.dmp

      Filesize

      10.8MB

      Download