Overview

overview

10

Static

static

397bf70b55...d1.exe

windows7-x64

10

397bf70b55...d1.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    152s
  • max time network
    57s
  • platform
    windows7_x64
  • resource
    win7-20220812-en
  • resource tags

    arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
  • submitted
    02/10/2022, 00:51

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    397bf70b55224927505a71070669dad2190d4a897e0d9852c769927d2b77ffd1.exe

  • Size

    228KB

  • MD5

    6dd4f6fc9408bda3ab46f40236652fc9

  • SHA1

    b814e6375f343c3ed2193a8d1b927ebdc09ced35

  • SHA256

    397bf70b55224927505a71070669dad2190d4a897e0d9852c769927d2b77ffd1

  • SHA512

    8558fcd6b8785a803b079be2f2a02739730a7cf64a6da8d6ce88cc73ea89d008f0a015bb4966baff727b2f365f8f71b457b56cabeb0147be7806843aa8f397b0

  • SSDEEP

    6144:hGtFwzWQTi2+OMcppIRW30d+h8wZ2Uf/T11cradKtvr1K/fObT/bGipKgJJeZ4c7:OFwrKOMcppIRW3M+hwUf/Z1craduvr1K

Score
10/10
evasionpersistence

Malware Config

Signatures

  • Modifies visiblity of hidden/system files in Explorer 2 TTPs 2 IoCs
    evasion
  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 2 IoCs
  • Adds Run key to start application 2 TTPs 54 IoCs
    persistence
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of SetWindowsHookEx 2 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\397bf70b55224927505a71070669dad2190d4a897e0d9852c769927d2b77ffd1.exe
    "C:\Users\Admin\AppData\Local\Temp\397bf70b55224927505a71070669dad2190d4a897e0d9852c769927d2b77ffd1.exe"
    1⤵
    • Modifies visiblity of hidden/system files in Explorer
    • Loads dropped DLL
    • Adds Run key to start application
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:856
    • C:\Users\Admin\looveiz.exe
      "C:\Users\Admin\looveiz.exe"
      2⤵
      • Modifies visiblity of hidden/system files in Explorer
      • Executes dropped EXE
      • Adds Run key to start application
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of SetWindowsHookEx
      PID:1156

Network

        MITRE ATT&CK Enterprise v6

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Users\Admin\looveiz.exe
          Filesize

          228KB

          MD5

          751990c2a09798e3c3796fd3603cdd1c

          SHA1

          d8f721931ac553929967eaa10b3b96a57120a5d0

          SHA256

          93952b27d0547c6686a332cd70cf115fca9d2d065770d31eb33be7cb7365cf6f

          SHA512

          af6fba31b46dc790061003a11481c3049e61bf8952fc5bae4432a5ff4423081950f66fe06cc6419eec432f83601e6bc0f727a39c1e22c2b6e5d7e7103ed2ef6e

          Download Submit

        • C:\Users\Admin\looveiz.exe
          Filesize

          228KB

          MD5

          751990c2a09798e3c3796fd3603cdd1c

          SHA1

          d8f721931ac553929967eaa10b3b96a57120a5d0

          SHA256

          93952b27d0547c6686a332cd70cf115fca9d2d065770d31eb33be7cb7365cf6f

          SHA512

          af6fba31b46dc790061003a11481c3049e61bf8952fc5bae4432a5ff4423081950f66fe06cc6419eec432f83601e6bc0f727a39c1e22c2b6e5d7e7103ed2ef6e

          Download Submit

        • \Users\Admin\looveiz.exe
          Filesize

          228KB

          MD5

          751990c2a09798e3c3796fd3603cdd1c

          SHA1

          d8f721931ac553929967eaa10b3b96a57120a5d0

          SHA256

          93952b27d0547c6686a332cd70cf115fca9d2d065770d31eb33be7cb7365cf6f

          SHA512

          af6fba31b46dc790061003a11481c3049e61bf8952fc5bae4432a5ff4423081950f66fe06cc6419eec432f83601e6bc0f727a39c1e22c2b6e5d7e7103ed2ef6e

          Download Submit

        • \Users\Admin\looveiz.exe
          Filesize

          228KB

          MD5

          751990c2a09798e3c3796fd3603cdd1c

          SHA1

          d8f721931ac553929967eaa10b3b96a57120a5d0

          SHA256

          93952b27d0547c6686a332cd70cf115fca9d2d065770d31eb33be7cb7365cf6f

          SHA512

          af6fba31b46dc790061003a11481c3049e61bf8952fc5bae4432a5ff4423081950f66fe06cc6419eec432f83601e6bc0f727a39c1e22c2b6e5d7e7103ed2ef6e

          Download Submit

        • memory/856-56-0x0000000076151000-0x0000000076153000-memory.dmp

          Filesize

          8KB

          Download