f724cfb941806188e3b3ec20a8d90073356c45641b3e7b2840e2b53d829501a3

Analysis

max time kernel
13s
max time network
45s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
19-09-2022 17:15

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Hydroaeroplane.exe
Size

494KB
MD5

515ce2062be52a5ae70fb97a4f7c6866
SHA1

97d78b9a27f01ba31270b6b2d48c61464c46805a
SHA256

f724cfb941806188e3b3ec20a8d90073356c45641b3e7b2840e2b53d829501a3
SHA512

56ab8507ebbb5c8d56ce63720b279681cd68c99529b67beaf14a2bd0f4ac17b94122cae19cb97913c9a74fd22b4678332ca3da0b9cfa6d394a1bab44d87bcd5e
SSDEEP

12288:3GHmJxRHHE6mRsc9gC8NLhPtD/fJomIA1kkVzlDgRi5Rse9yRJpd3maWH:2PO/fJHkkVJDgRGg9maW

Score

6^/10

discovery

Malware Config

Signatures

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

Drops file in Windows directory 1 IoCs

description	ioc	Process
File opened for modification	C:\Windows\Fonts\Alloo.Ove	Hydroaeroplane.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

System Information Discovery
T1082

C:\Users\Admin\AppData\Local\Temp\Hydroaeroplane.exe
"C:\Users\Admin\AppData\Local\Temp\Hydroaeroplane.exe"
1⤵
- Drops file in Windows directory
PID:2020

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

\Users\Admin\AppData\Local\Temp\nso4F79.tmp\System.dll

Filesize
11KB

MD5
ca332bb753b0775d5e806e236ddcec55

SHA1
f35ef76592f20850baef2ebbd3c9a2cfb5ad8d8f

SHA256
df5ae79fa558dc7af244ec6e53939563b966e7dbd8867e114e928678dbd56e5d

SHA512
2de0956a1ad58ad7086e427e89b819089f2a7f1e4133ed2a0a736adc0614e8588ebe2d97f1b59ab8886d662aeb40e0b4838c6a65fbfc652253e3a45664a03a00

Download Submit
memory/2020-54-0x0000000075451000-0x0000000075453000-memory.dmp

Filesize
8KB

Download