Overview

overview

8

Static

static

c18c638122...04.exe

windows7-x64

8

c18c638122...04.exe

windows10-2004-x64

8

Analysis

  • max time kernel
    150s
  • max time network
    49s
  • platform
    windows7_x64
  • resource
    win7-20220901-en
  • resource tags

    arch:x64arch:x86image:win7-20220901-enlocale:en-usos:windows7-x64system
  • submitted
    19/09/2022, 22:10

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    c18c6381224413ae63519eb4d3312832c6f51ea8dc90b8c98d3903e2b1b96504.exe

  • Size

    34KB

  • MD5

    48c04c677691120206ff0ff6bc0f7479

  • SHA1

    4b42ee6dcd17b59290d51c65f87b59c70aef73da

  • SHA256

    c18c6381224413ae63519eb4d3312832c6f51ea8dc90b8c98d3903e2b1b96504

  • SHA512

    3f1d57bd8d63e7c4b7a475addefa84fcc52c9acccd1a7c07572a81900aba3de31539efc2abcbfc03b09d636fe3f48524ecccb9cc4ed786f736581de82ce5bd6c

  • SSDEEP

    384:kbpj0UJHMiGrNKhj29JxOXwRe55gqi/1EzxFc23ZvgoxkpWjlymKDgKDfKDqY4J:W0SHzKEhAYXwquqitEtG2vgoOp/Y4J

Score
8/10
persistence

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Deletes itself 1 IoCs
  • Adds Run key to start application 2 TTPs 2 IoCs
    persistence
  • Drops file in Windows directory 3 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

  • Suspicious use of SetWindowsHookEx 4 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\c18c6381224413ae63519eb4d3312832c6f51ea8dc90b8c98d3903e2b1b96504.exe
    "C:\Users\Admin\AppData\Local\Temp\c18c6381224413ae63519eb4d3312832c6f51ea8dc90b8c98d3903e2b1b96504.exe"
    1⤵
    • Adds Run key to start application
    • Drops file in Windows directory
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:1292
    • C:\Windows\Syst.exe
      "C:\Windows\Syst.exe"
      2⤵
      • Executes dropped EXE
      • Deletes itself
      • Adds Run key to start application
      • Suspicious use of SetWindowsHookEx
      PID:2044

Network

        MITRE ATT&CK Enterprise v6

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Windows\Syst.exe
          Filesize

          34KB

          MD5

          48c04c677691120206ff0ff6bc0f7479

          SHA1

          4b42ee6dcd17b59290d51c65f87b59c70aef73da

          SHA256

          c18c6381224413ae63519eb4d3312832c6f51ea8dc90b8c98d3903e2b1b96504

          SHA512

          3f1d57bd8d63e7c4b7a475addefa84fcc52c9acccd1a7c07572a81900aba3de31539efc2abcbfc03b09d636fe3f48524ecccb9cc4ed786f736581de82ce5bd6c

          Download Submit

        • C:\Windows\tempSyst.dat
          Filesize

          102B

          MD5

          6b75050a03e4e2474e4fed4ea767f148

          SHA1

          12be113e6e9b3cccf400b6743b3e676ef04abdcd

          SHA256

          38f06c0765e5d9722709472769da9b9c95fb39deb7f469eb8622d8eb89bbdb84

          SHA512

          8d29ab8918e1e038f1604adc0b60dbcc3fa9c1268e7d8f758629f363cbcbf811f2eecd9b8c04bd2dd05605cb1bfb5d75463db792677f3942262f0c242e41834e

          Download Submit

        • memory/1292-54-0x00000000762E1000-0x00000000762E3000-memory.dmp

          Filesize

          8KB

          Download