Analysis
-
max time kernel
86s -
max time network
49s -
platform
windows7_x64 -
resource
win7-20220901-en -
resource tags
-
submitted
01-10-2022 13:08
General
-
Target
čĩéįååŽĸåįčŖåč¯æ¯@.exe
-
Size
560KB
-
MD5
70af047bd1f94a5a73629ef27bde5fab
-
SHA1
61caa47e65ed8a7c68863b608fe3fb71eb85e43f
-
SHA256
e88911e434654723cc1d9a1b248f9c67fe9b96a2259502822ab5634bd7ea184c
-
SHA512
d92d1b9bccd5e0b29b419200a7a29e497240281e554665ec0cf0b1929094615e7f1ffd36144fc78ba7299e1f3d3787e796c0eedf95cb89a022832a875449975e
-
SSDEEP
12288:Qm/xg6QD7AMZ/9WY+iuMMHGHzlkdaaRwz5GQMq+y2vXqsyOtCriP8Wh:hKj/9WYzuMuGTlHcQl2vry+Crih
Malware Config
Signatures
-
UPX packed file 9 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Loads dropped DLL 7 IoCs
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.
-
Modifies Internet Explorer settings 1 TTPs 2 IoCs
-
Modifies registry class 49 IoCs
-
Suspicious behavior: EnumeratesProcesses 1 IoCs
-
Suspicious use of FindShellTrayWindow 1 IoCs
-
Suspicious use of WriteProcessMemory 4 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\čĩéįååŽĸåįčŖåč¯æ¯@.exe"C:\Users\Admin\AppData\Local\Temp\čĩéįååŽĸåįčŖåč¯æ¯@.exe"1⤵
- Loads dropped DLL
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of FindShellTrayWindow
- Suspicious use of WriteProcessMemory
-
C:\Windows\explorer.exe"C:\Windows\explorer.exe" C:\Users\Public\Music\gcayac2⤵
-
C:\Windows\explorer.exeC:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding1⤵
- Modifies Internet Explorer settings
- Modifies registry class
Network
MITRE ATT&CK Matrix ATT&CK v6
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Public\Music\gcayac\hckglfv.urlFilesize
136B
MD546b47de0f2803810ba6f269d5236773f
SHA15140b49f796d78af63631ca55402ade8f767e459
SHA256527f7edeab10b37336b905f53998a31a19a9334a32190ebe8d402c90cb4320f9
SHA5125f0c31258a2158e9d87c318ba1b7d029535cdd8e7d41f72265fa018badc1f9b454e6a4c4b2bed9f2af637733d2d1d603ab8ae2878c528df77825c747574322d7
-
C:\Users\Public\Music\gcayac\hhkpdi.lnkFilesize
1KB
MD51d83838a38bda28bead99ed3cc91d810
SHA15d2cd3e38cfffafaca0121bcdf9bd71a67dc25a1
SHA25603825b40c1376db9270fb584c14ba64747990b0fd5d8aae2221e98dee1002b0b
SHA512c2a6c65b2ee1501995f5f83125fc7bab4aef13397aa649321565142aa64bf5a575f79e1481e24c8deff8414f21716ce56ae7a1d1fd5303b86fb5321123242863
-
C:\Users\Public\Music\gcayac\kmbnda.lnkFilesize
1KB
MD51d83838a38bda28bead99ed3cc91d810
SHA15d2cd3e38cfffafaca0121bcdf9bd71a67dc25a1
SHA25603825b40c1376db9270fb584c14ba64747990b0fd5d8aae2221e98dee1002b0b
SHA512c2a6c65b2ee1501995f5f83125fc7bab4aef13397aa649321565142aa64bf5a575f79e1481e24c8deff8414f21716ce56ae7a1d1fd5303b86fb5321123242863
-
C:\Users\Public\Music\gcayac\lelgqkt.urlFilesize
136B
MD546b47de0f2803810ba6f269d5236773f
SHA15140b49f796d78af63631ca55402ade8f767e459
SHA256527f7edeab10b37336b905f53998a31a19a9334a32190ebe8d402c90cb4320f9
SHA5125f0c31258a2158e9d87c318ba1b7d029535cdd8e7d41f72265fa018badc1f9b454e6a4c4b2bed9f2af637733d2d1d603ab8ae2878c528df77825c747574322d7
-
C:\Users\Public\Music\gcayac\lmnsyig.urlFilesize
136B
MD546b47de0f2803810ba6f269d5236773f
SHA15140b49f796d78af63631ca55402ade8f767e459
SHA256527f7edeab10b37336b905f53998a31a19a9334a32190ebe8d402c90cb4320f9
SHA5125f0c31258a2158e9d87c318ba1b7d029535cdd8e7d41f72265fa018badc1f9b454e6a4c4b2bed9f2af637733d2d1d603ab8ae2878c528df77825c747574322d7
-
C:\Users\Public\Music\gcayac\mnopmd.lnkFilesize
1KB
MD51d83838a38bda28bead99ed3cc91d810
SHA15d2cd3e38cfffafaca0121bcdf9bd71a67dc25a1
SHA25603825b40c1376db9270fb584c14ba64747990b0fd5d8aae2221e98dee1002b0b
SHA512c2a6c65b2ee1501995f5f83125fc7bab4aef13397aa649321565142aa64bf5a575f79e1481e24c8deff8414f21716ce56ae7a1d1fd5303b86fb5321123242863
-
C:\Users\Public\Music\gcayac\oglqis.lnkFilesize
1KB
MD51d83838a38bda28bead99ed3cc91d810
SHA15d2cd3e38cfffafaca0121bcdf9bd71a67dc25a1
SHA25603825b40c1376db9270fb584c14ba64747990b0fd5d8aae2221e98dee1002b0b
SHA512c2a6c65b2ee1501995f5f83125fc7bab4aef13397aa649321565142aa64bf5a575f79e1481e24c8deff8414f21716ce56ae7a1d1fd5303b86fb5321123242863
-
C:\Users\Public\Music\gcayac\omnioif.urlFilesize
136B
MD546b47de0f2803810ba6f269d5236773f
SHA15140b49f796d78af63631ca55402ade8f767e459
SHA256527f7edeab10b37336b905f53998a31a19a9334a32190ebe8d402c90cb4320f9
SHA5125f0c31258a2158e9d87c318ba1b7d029535cdd8e7d41f72265fa018badc1f9b454e6a4c4b2bed9f2af637733d2d1d603ab8ae2878c528df77825c747574322d7
-
C:\Users\Public\Music\gcayac\oytgbnd.urlFilesize
136B
MD546b47de0f2803810ba6f269d5236773f
SHA15140b49f796d78af63631ca55402ade8f767e459
SHA256527f7edeab10b37336b905f53998a31a19a9334a32190ebe8d402c90cb4320f9
SHA5125f0c31258a2158e9d87c318ba1b7d029535cdd8e7d41f72265fa018badc1f9b454e6a4c4b2bed9f2af637733d2d1d603ab8ae2878c528df77825c747574322d7
-
C:\Users\Public\Music\gcayac\trgvhl.lnkFilesize
1KB
MD51d83838a38bda28bead99ed3cc91d810
SHA15d2cd3e38cfffafaca0121bcdf9bd71a67dc25a1
SHA25603825b40c1376db9270fb584c14ba64747990b0fd5d8aae2221e98dee1002b0b
SHA512c2a6c65b2ee1501995f5f83125fc7bab4aef13397aa649321565142aa64bf5a575f79e1481e24c8deff8414f21716ce56ae7a1d1fd5303b86fb5321123242863
-
C:\Users\Public\Music\gcayac\wvapovn.urlFilesize
136B
MD546b47de0f2803810ba6f269d5236773f
SHA15140b49f796d78af63631ca55402ade8f767e459
SHA256527f7edeab10b37336b905f53998a31a19a9334a32190ebe8d402c90cb4320f9
SHA5125f0c31258a2158e9d87c318ba1b7d029535cdd8e7d41f72265fa018badc1f9b454e6a4c4b2bed9f2af637733d2d1d603ab8ae2878c528df77825c747574322d7
-
C:\Users\Public\Music\gcayac\xdsqnb.lnkFilesize
1KB
MD51d83838a38bda28bead99ed3cc91d810
SHA15d2cd3e38cfffafaca0121bcdf9bd71a67dc25a1
SHA25603825b40c1376db9270fb584c14ba64747990b0fd5d8aae2221e98dee1002b0b
SHA512c2a6c65b2ee1501995f5f83125fc7bab4aef13397aa649321565142aa64bf5a575f79e1481e24c8deff8414f21716ce56ae7a1d1fd5303b86fb5321123242863
-
C:\Users\Public\iqweq\bbfc.exeFilesize
40KB
MD5d3ed82f676591a9c47037a7b66908832
SHA149533ea0b019b76131c14936814f99b9794d506b
SHA2560ef64a90dad0929f282fa1425422b2ffd70bf2ac803371fe3c780afefad66455
SHA512c79e09b8f47200acec33042cf183ead8cb3f7f87380e2ee4b3a2d6a05d96305277dea13974714d3e8ff8dd7c4733a2e4e93e137408de66ef60b6ec6f3e862986
-
\Users\Public\Pictures\Vrice\dalygk\idbnya.exeFilesize
317KB
MD58103b92de5a64b71ff749f9d7244e4fe
SHA15e80bd53d3041a1369ebae2819c59cd031ac1092
SHA25694a8414100f07c00a751954aeed1b0415688372cb40f6201461266dcbce9c3e1
SHA5123789d3a093806810baf5f77107badf3e63b38497e73e3e6ab10ea6f9399102d4e7fab47756e8245999089303fc2437da09309aeac7e6e520ab3172170d5d14fb
-
\Users\Public\iqweq\bbfc.exeFilesize
40KB
MD5d3ed82f676591a9c47037a7b66908832
SHA149533ea0b019b76131c14936814f99b9794d506b
SHA2560ef64a90dad0929f282fa1425422b2ffd70bf2ac803371fe3c780afefad66455
SHA512c79e09b8f47200acec33042cf183ead8cb3f7f87380e2ee4b3a2d6a05d96305277dea13974714d3e8ff8dd7c4733a2e4e93e137408de66ef60b6ec6f3e862986
-
\Users\Public\iqweq\bbfc.exeFilesize
40KB
MD5d3ed82f676591a9c47037a7b66908832
SHA149533ea0b019b76131c14936814f99b9794d506b
SHA2560ef64a90dad0929f282fa1425422b2ffd70bf2ac803371fe3c780afefad66455
SHA512c79e09b8f47200acec33042cf183ead8cb3f7f87380e2ee4b3a2d6a05d96305277dea13974714d3e8ff8dd7c4733a2e4e93e137408de66ef60b6ec6f3e862986
-
\Users\Public\iqweq\bbfc.exeFilesize
40KB
MD5d3ed82f676591a9c47037a7b66908832
SHA149533ea0b019b76131c14936814f99b9794d506b
SHA2560ef64a90dad0929f282fa1425422b2ffd70bf2ac803371fe3c780afefad66455
SHA512c79e09b8f47200acec33042cf183ead8cb3f7f87380e2ee4b3a2d6a05d96305277dea13974714d3e8ff8dd7c4733a2e4e93e137408de66ef60b6ec6f3e862986
-
\Users\Public\iqweq\bbfc.exeFilesize
40KB
MD5d3ed82f676591a9c47037a7b66908832
SHA149533ea0b019b76131c14936814f99b9794d506b
SHA2560ef64a90dad0929f282fa1425422b2ffd70bf2ac803371fe3c780afefad66455
SHA512c79e09b8f47200acec33042cf183ead8cb3f7f87380e2ee4b3a2d6a05d96305277dea13974714d3e8ff8dd7c4733a2e4e93e137408de66ef60b6ec6f3e862986
-
\Users\Public\iqweq\bbfc.exeFilesize
40KB
MD5d3ed82f676591a9c47037a7b66908832
SHA149533ea0b019b76131c14936814f99b9794d506b
SHA2560ef64a90dad0929f282fa1425422b2ffd70bf2ac803371fe3c780afefad66455
SHA512c79e09b8f47200acec33042cf183ead8cb3f7f87380e2ee4b3a2d6a05d96305277dea13974714d3e8ff8dd7c4733a2e4e93e137408de66ef60b6ec6f3e862986
-
\Users\Public\iqweq\bbfc.exeFilesize
40KB
MD5d3ed82f676591a9c47037a7b66908832
SHA149533ea0b019b76131c14936814f99b9794d506b
SHA2560ef64a90dad0929f282fa1425422b2ffd70bf2ac803371fe3c780afefad66455
SHA512c79e09b8f47200acec33042cf183ead8cb3f7f87380e2ee4b3a2d6a05d96305277dea13974714d3e8ff8dd7c4733a2e4e93e137408de66ef60b6ec6f3e862986
-
memory/588-58-0x00000000039C0000-0x00000000039D0000-memory.dmpFilesize
64KB
-
memory/624-56-0x000007FEFB5E1000-0x000007FEFB5E3000-memory.dmpFilesize
8KB
-
memory/624-55-0x0000000000000000-mapping.dmp
-
memory/1456-71-0x0000000000240000-0x000000000024B000-memory.dmpFilesize
44KB
-
memory/1456-79-0x0000000000460000-0x000000000046A000-memory.dmpFilesize
40KB
-
memory/1456-72-0x0000000000240000-0x000000000024B000-memory.dmpFilesize
44KB
-
memory/1456-81-0x0000000000240000-0x000000000024B000-memory.dmpFilesize
44KB
-
memory/1456-54-0x0000000075B51000-0x0000000075B53000-memory.dmpFilesize
8KB
-
memory/1456-67-0x0000000000240000-0x000000000024B000-memory.dmpFilesize
44KB
-
memory/1456-66-0x0000000000240000-0x000000000024B000-memory.dmpFilesize
44KB
-
memory/1456-63-0x0000000000240000-0x000000000024B000-memory.dmpFilesize
44KB
-
memory/1456-62-0x0000000000240000-0x000000000024B000-memory.dmpFilesize
44KB
-
memory/1456-59-0x0000000074411000-0x0000000074413000-memory.dmpFilesize
8KB