Overview

overview

10

Static

static

7b7ba3a06b...08.exe

windows7-x64

10

7b7ba3a06b...08.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    151s
  • max time network
    46s
  • platform
    windows7_x64
  • resource
    win7-20220812-en
  • resource tags

    arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
  • submitted
    11/10/2022, 01:49

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    7b7ba3a06b003b95dcda44a0b88a76fb897a0b035175d58f279707aefb8fef08.exe

  • Size

    136KB

  • MD5

    62d7c7f909de7092f9b24ad279d10e40

  • SHA1

    5865e13c37c44f6840db4489299e09d13dc1a27f

  • SHA256

    7b7ba3a06b003b95dcda44a0b88a76fb897a0b035175d58f279707aefb8fef08

  • SHA512

    ac007c2db8c82234a0b0c8b6b4f860ce15790a31b59e7b2c5cc3cbb3ff267ab782630db0e597a2663dd1ce789031744e715f2cc4135c881dc9f80a02d5a713b2

  • SSDEEP

    3072:BmtqOywjBfQn7WbIqH0ybZBiOllyEmcP82+aVdOt66VGegmI:BmhQn7WbIqH0ybZBiOllyE5D+aVkjseN

Score
10/10
evasionpersistence

Malware Config

Signatures

  • Modifies visiblity of hidden/system files in Explorer 2 TTPs 1 IoCs
    evasion
  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 2 IoCs
  • Adds Run key to start application 2 TTPs 50 IoCs
    persistence
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of SetWindowsHookEx 2 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\7b7ba3a06b003b95dcda44a0b88a76fb897a0b035175d58f279707aefb8fef08.exe
    "C:\Users\Admin\AppData\Local\Temp\7b7ba3a06b003b95dcda44a0b88a76fb897a0b035175d58f279707aefb8fef08.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:1920
    • C:\Users\Admin\luiejek.exe
      "C:\Users\Admin\luiejek.exe"
      2⤵
      • Modifies visiblity of hidden/system files in Explorer
      • Executes dropped EXE
      • Adds Run key to start application
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of SetWindowsHookEx
      PID:1388

Network

        MITRE ATT&CK Enterprise v6

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Users\Admin\luiejek.exe
          Filesize

          136KB

          MD5

          adbefcf8eaa03b6f8a67a0cf1f292fa9

          SHA1

          54eac3f766bd5a5aec5996dca34f34d255f7a5cc

          SHA256

          3acb7e6a7fd0cf90fea44ddef921122a2e0c43d97de5be9c49a86d54665708f8

          SHA512

          735410b55114308ce3f396701bd4f1f65a44f7ffec8a66b7aa3a421baca5d2f9e741ac3d2c1d3d40f27cc8796ea958eeccb058d61d6a3b64f040b6c91ff65568

          Download Submit

        • C:\Users\Admin\luiejek.exe
          Filesize

          136KB

          MD5

          adbefcf8eaa03b6f8a67a0cf1f292fa9

          SHA1

          54eac3f766bd5a5aec5996dca34f34d255f7a5cc

          SHA256

          3acb7e6a7fd0cf90fea44ddef921122a2e0c43d97de5be9c49a86d54665708f8

          SHA512

          735410b55114308ce3f396701bd4f1f65a44f7ffec8a66b7aa3a421baca5d2f9e741ac3d2c1d3d40f27cc8796ea958eeccb058d61d6a3b64f040b6c91ff65568

          Download Submit

        • \Users\Admin\luiejek.exe
          Filesize

          136KB

          MD5

          adbefcf8eaa03b6f8a67a0cf1f292fa9

          SHA1

          54eac3f766bd5a5aec5996dca34f34d255f7a5cc

          SHA256

          3acb7e6a7fd0cf90fea44ddef921122a2e0c43d97de5be9c49a86d54665708f8

          SHA512

          735410b55114308ce3f396701bd4f1f65a44f7ffec8a66b7aa3a421baca5d2f9e741ac3d2c1d3d40f27cc8796ea958eeccb058d61d6a3b64f040b6c91ff65568

          Download Submit

        • \Users\Admin\luiejek.exe
          Filesize

          136KB

          MD5

          adbefcf8eaa03b6f8a67a0cf1f292fa9

          SHA1

          54eac3f766bd5a5aec5996dca34f34d255f7a5cc

          SHA256

          3acb7e6a7fd0cf90fea44ddef921122a2e0c43d97de5be9c49a86d54665708f8

          SHA512

          735410b55114308ce3f396701bd4f1f65a44f7ffec8a66b7aa3a421baca5d2f9e741ac3d2c1d3d40f27cc8796ea958eeccb058d61d6a3b64f040b6c91ff65568

          Download Submit

        • memory/1920-56-0x00000000763F1000-0x00000000763F3000-memory.dmp

          Filesize

          8KB

          Download