Analysis
-
max time kernel
153s -
max time network
145s -
platform
windows10-2004_x64 -
resource
win10v2004-20220812-en -
resource tags
-
submitted
03-10-2022 12:57
General
-
Target
f7ddaa3b1fb3dfd04c5b8944c3626ad9d09d7a94fee3ab384e5c2b7e14bd4465.exe
-
Size
1.4MB
-
MD5
6d93e74fe9a8a70fff38b93a674f9ac0
-
SHA1
7863ebe4a14d46dff5c1985db249972d13178f05
-
SHA256
f7ddaa3b1fb3dfd04c5b8944c3626ad9d09d7a94fee3ab384e5c2b7e14bd4465
-
SHA512
fff01e3e4ca9ecd72545469fdb0f1f27f0bf14d80af07af7789003e711445ad8d022ba424927ecf7617e5375564a8bcb6c6e2b910c79762ee88ac9214dd02c85
-
SSDEEP
24576:YW/MfHeQFPao3rtVvGmfO4RcCHCTr4WH4y6b5rBwun5Sd5wC2c+Z08Cz/M:YqyPaIqmfO4SCHGr4WYy69rBwOUdFD+m
Malware Config
Signatures
-
Executes dropped EXE 2 IoCs
-
Checks computer location settings 2 TTPs 1 IoCs
Looks up country code configured in the registry, likely geofence.
-
Adds Run key to start application 2 TTPs 2 IoCs
-
Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.
-
Suspicious behavior: EnumeratesProcesses 64 IoCs
-
Suspicious use of SetWindowsHookEx 2 IoCs
-
Suspicious use of WriteProcessMemory 6 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\f7ddaa3b1fb3dfd04c5b8944c3626ad9d09d7a94fee3ab384e5c2b7e14bd4465.exe"C:\Users\Admin\AppData\Local\Temp\f7ddaa3b1fb3dfd04c5b8944c3626ad9d09d7a94fee3ab384e5c2b7e14bd4465.exe"1⤵
- Adds Run key to start application
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Roaming\FileHunter\FileHunter.exe"C:\Users\Admin\AppData\Roaming\FileHunter\FileHunter.exe" ""2⤵
- Executes dropped EXE
- Checks computer location settings
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Roaming\FileHunter\pumpa.exe"C:\Users\Admin\AppData\Roaming\FileHunter\pumpa.exe"3⤵
- Executes dropped EXE
-
-
Network
MITRE ATT&CK Enterprise v6
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
1.3MB
MD50d20e5522926691ec35e29c8bcf414f9
SHA17e7e1f96f265dd30c1a35dd445532525c66c002c
SHA256147e4e7b491fe7ef18b5b539208e3e5ee07c129fdd1862c856faf48d518efd90
SHA512c04253262f1973d9d5aa7258e829d5e7b68dc2121b831966e64731bd1c5ac1ebfb2dd2fef88725d61b20a5d26114ca1122576c020e421c6c7e920f1a578ab86e
-
Filesize
1.3MB
MD50d20e5522926691ec35e29c8bcf414f9
SHA17e7e1f96f265dd30c1a35dd445532525c66c002c
SHA256147e4e7b491fe7ef18b5b539208e3e5ee07c129fdd1862c856faf48d518efd90
SHA512c04253262f1973d9d5aa7258e829d5e7b68dc2121b831966e64731bd1c5ac1ebfb2dd2fef88725d61b20a5d26114ca1122576c020e421c6c7e920f1a578ab86e
-
Filesize
1.6MB
MD51a27c69c97c465f53c4b620f2afff9d0
SHA16add8e452bfdaea8a6d4db87c624c45230e4142b
SHA2563120e0e8398d70261ca56a36724980a535ea911807dbeeb5f1515db52c691e44
SHA512abdd16e98e6e0cb0d621229ea91e604aca1edbf6ba4cab73538abb514ee4585ca9c33b443601fd18ee8ce14a14bef7bbbb9ed45773e619d9b305a477d52007ef
-
Filesize
1.6MB
MD51a27c69c97c465f53c4b620f2afff9d0
SHA16add8e452bfdaea8a6d4db87c624c45230e4142b
SHA2563120e0e8398d70261ca56a36724980a535ea911807dbeeb5f1515db52c691e44
SHA512abdd16e98e6e0cb0d621229ea91e604aca1edbf6ba4cab73538abb514ee4585ca9c33b443601fd18ee8ce14a14bef7bbbb9ed45773e619d9b305a477d52007ef