Overview

overview

10

Static

static

75c3b8e8b0...aa.exe

windows7-x64

10

75c3b8e8b0...aa.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    152s
  • max time network
    78s
  • platform
    windows7_x64
  • resource
    win7-20220812-en
  • resource tags

    arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
  • submitted
    03/10/2022, 03:18

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    75c3b8e8b0cf42f020c093329c092c628d7e45d2afba2024c44966800bf292aa.exe

  • Size

    100KB

  • MD5

    603f22e09c68ebb653a2acf241d9ed80

  • SHA1

    e73e1ccce0a0dd583e82ba44360bcd6b08d342fd

  • SHA256

    75c3b8e8b0cf42f020c093329c092c628d7e45d2afba2024c44966800bf292aa

  • SHA512

    1ecb1beb7077cdde1a47ccdf822699ba73772874396da32b29c68e606ae22de80b9676d120214ea62b34d32e189aa544e0bc59311034fbdab692d7a1045265e9

  • SSDEEP

    1536:hSH0cLOBn6zgO9+dGrNsjmJzNuKuFr1u5BRQbCcImv:AOB6MO9+VjO+7v

Score
10/10
evasionpersistence

Malware Config

Signatures

  • Modifies visiblity of hidden/system files in Explorer 2 TTPs 2 IoCs
    evasion
  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 2 IoCs
  • Adds Run key to start application 2 TTPs 52 IoCs
    persistence
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of SetWindowsHookEx 2 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\75c3b8e8b0cf42f020c093329c092c628d7e45d2afba2024c44966800bf292aa.exe
    "C:\Users\Admin\AppData\Local\Temp\75c3b8e8b0cf42f020c093329c092c628d7e45d2afba2024c44966800bf292aa.exe"
    1⤵
    • Modifies visiblity of hidden/system files in Explorer
    • Loads dropped DLL
    • Adds Run key to start application
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:656
    • C:\Users\Admin\qeaiqez.exe
      "C:\Users\Admin\qeaiqez.exe"
      2⤵
      • Modifies visiblity of hidden/system files in Explorer
      • Executes dropped EXE
      • Adds Run key to start application
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of SetWindowsHookEx
      PID:1104

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\qeaiqez.exe
    Filesize

    100KB

    MD5

    be4eecfa82b0ea8632ab8f976b8f746a

    SHA1

    25c8e018fc47475b07c5c8582755b15bbf411cac

    SHA256

    1cc58117230f846c881618b87eebb2a8fb1f8fb6883cf49044946f38b3edc2a3

    SHA512

    63e1c77eb61080e45290cb1fd4fdc081075e34cb7dcbafc42452da10fa394286325fa0e707133160f8cd7993818a7bf287002eb925ebf5c99767b6881ed5ba4b

    Download Submit

  • C:\Users\Admin\qeaiqez.exe
    Filesize

    100KB

    MD5

    be4eecfa82b0ea8632ab8f976b8f746a

    SHA1

    25c8e018fc47475b07c5c8582755b15bbf411cac

    SHA256

    1cc58117230f846c881618b87eebb2a8fb1f8fb6883cf49044946f38b3edc2a3

    SHA512

    63e1c77eb61080e45290cb1fd4fdc081075e34cb7dcbafc42452da10fa394286325fa0e707133160f8cd7993818a7bf287002eb925ebf5c99767b6881ed5ba4b

    Download Submit

  • \Users\Admin\qeaiqez.exe
    Filesize

    100KB

    MD5

    be4eecfa82b0ea8632ab8f976b8f746a

    SHA1

    25c8e018fc47475b07c5c8582755b15bbf411cac

    SHA256

    1cc58117230f846c881618b87eebb2a8fb1f8fb6883cf49044946f38b3edc2a3

    SHA512

    63e1c77eb61080e45290cb1fd4fdc081075e34cb7dcbafc42452da10fa394286325fa0e707133160f8cd7993818a7bf287002eb925ebf5c99767b6881ed5ba4b

    Download Submit

  • \Users\Admin\qeaiqez.exe
    Filesize

    100KB

    MD5

    be4eecfa82b0ea8632ab8f976b8f746a

    SHA1

    25c8e018fc47475b07c5c8582755b15bbf411cac

    SHA256

    1cc58117230f846c881618b87eebb2a8fb1f8fb6883cf49044946f38b3edc2a3

    SHA512

    63e1c77eb61080e45290cb1fd4fdc081075e34cb7dcbafc42452da10fa394286325fa0e707133160f8cd7993818a7bf287002eb925ebf5c99767b6881ed5ba4b

    Download Submit

  • memory/656-69-0x0000000000400000-0x0000000000421000-memory.dmp

    Filesize

    132KB

    Download

  • memory/656-57-0x0000000075131000-0x0000000075133000-memory.dmp

    Filesize

    8KB

    Download

  • memory/656-56-0x0000000000400000-0x0000000000421000-memory.dmp

    Filesize

    132KB

    Download

  • memory/656-65-0x0000000002EB0000-0x0000000002ED1000-memory.dmp

    Filesize

    132KB

    Download

  • memory/656-66-0x0000000002EB0000-0x0000000002ED1000-memory.dmp

    Filesize

    132KB

    Download

  • memory/656-70-0x0000000002EB0000-0x0000000002ED1000-memory.dmp

    Filesize

    132KB

    Download

  • memory/1104-67-0x0000000000400000-0x0000000000421000-memory.dmp

    Filesize

    132KB

    Download

  • memory/1104-71-0x0000000000400000-0x0000000000421000-memory.dmp

    Filesize

    132KB

    Download