Overview

overview

10

Static

static

734298f0c5...b5.exe

windows7-x64

10

734298f0c5...b5.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    152s
  • max time network
    90s
  • platform
    windows7_x64
  • resource
    win7-20220812-en
  • resource tags

    arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
  • submitted
    20/10/2022, 01:38

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    734298f0c5c72206d92372ab5b3cfe81765607cd5f5d8f111adcac81b4161ab5.exe

  • Size

    224KB

  • MD5

    5bf8eb21dbbd8e02fe593dd2021d4da0

  • SHA1

    2b7897452d2edc9c06803cff05107648c8a0afe4

  • SHA256

    734298f0c5c72206d92372ab5b3cfe81765607cd5f5d8f111adcac81b4161ab5

  • SHA512

    87e3a71a2973c7b843164975ec6b2a388591007d5b56356df348e3f2154842c9a894e66d9085c7e000a2d983e688fbbc42dcdafc583854200c379514c021d447

  • SSDEEP

    3072:kro4sUW1bU4SmOLCxokVqBh91IrnXHTmchf8Yr7Br2C9fDcB/yX/4UkQp+V:kr9PhmOLm/4Bh91MnXHTmchfI/yX/4lr

Score
10/10
evasionpersistence

Malware Config

Signatures

  • Modifies visiblity of hidden/system files in Explorer 2 TTPs 2 IoCs
    evasion
  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 2 IoCs
  • Adds Run key to start application 2 TTPs 29 IoCs
    persistence
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of SetWindowsHookEx 2 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\734298f0c5c72206d92372ab5b3cfe81765607cd5f5d8f111adcac81b4161ab5.exe
    "C:\Users\Admin\AppData\Local\Temp\734298f0c5c72206d92372ab5b3cfe81765607cd5f5d8f111adcac81b4161ab5.exe"
    1⤵
    • Modifies visiblity of hidden/system files in Explorer
    • Loads dropped DLL
    • Adds Run key to start application
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:1912
    • C:\Users\Admin\wuayao.exe
      "C:\Users\Admin\wuayao.exe"
      2⤵
      • Modifies visiblity of hidden/system files in Explorer
      • Executes dropped EXE
      • Adds Run key to start application
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of SetWindowsHookEx
      PID:1708

Network

        MITRE ATT&CK Enterprise v6

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Users\Admin\wuayao.exe
          Filesize

          224KB

          MD5

          8aa03d8f920d468dece7ca933f4065fa

          SHA1

          c55cd977ba53725cc2b25d7c4e7e5b322ca2bdef

          SHA256

          7b2b3bc8edd49507832b40dbb5644a2a59b788edfe2b8fcb6a18400818b3e5ba

          SHA512

          024c3444e029640a3833ffd562cedbd23aef7041500be339648e98089664757d3fb8b00d93352dc4f15d0f57f39d8f7d61d2b771b6355119ca5cd51eff0dad74

          Download Submit

        • C:\Users\Admin\wuayao.exe
          Filesize

          224KB

          MD5

          8aa03d8f920d468dece7ca933f4065fa

          SHA1

          c55cd977ba53725cc2b25d7c4e7e5b322ca2bdef

          SHA256

          7b2b3bc8edd49507832b40dbb5644a2a59b788edfe2b8fcb6a18400818b3e5ba

          SHA512

          024c3444e029640a3833ffd562cedbd23aef7041500be339648e98089664757d3fb8b00d93352dc4f15d0f57f39d8f7d61d2b771b6355119ca5cd51eff0dad74

          Download Submit

        • \Users\Admin\wuayao.exe
          Filesize

          224KB

          MD5

          8aa03d8f920d468dece7ca933f4065fa

          SHA1

          c55cd977ba53725cc2b25d7c4e7e5b322ca2bdef

          SHA256

          7b2b3bc8edd49507832b40dbb5644a2a59b788edfe2b8fcb6a18400818b3e5ba

          SHA512

          024c3444e029640a3833ffd562cedbd23aef7041500be339648e98089664757d3fb8b00d93352dc4f15d0f57f39d8f7d61d2b771b6355119ca5cd51eff0dad74

          Download Submit

        • \Users\Admin\wuayao.exe
          Filesize

          224KB

          MD5

          8aa03d8f920d468dece7ca933f4065fa

          SHA1

          c55cd977ba53725cc2b25d7c4e7e5b322ca2bdef

          SHA256

          7b2b3bc8edd49507832b40dbb5644a2a59b788edfe2b8fcb6a18400818b3e5ba

          SHA512

          024c3444e029640a3833ffd562cedbd23aef7041500be339648e98089664757d3fb8b00d93352dc4f15d0f57f39d8f7d61d2b771b6355119ca5cd51eff0dad74

          Download Submit

        • memory/1708-67-0x0000000000400000-0x000000000044E000-memory.dmp

          Filesize

          312KB

          Download

        • memory/1912-56-0x0000000000400000-0x000000000044E000-memory.dmp

          Filesize

          312KB

          Download

        • memory/1912-57-0x0000000076041000-0x0000000076043000-memory.dmp

          Filesize

          8KB

          Download

        • memory/1912-65-0x00000000030E0000-0x000000000312E000-memory.dmp

          Filesize

          312KB

          Download

        • memory/1912-66-0x00000000030E0000-0x000000000312E000-memory.dmp

          Filesize

          312KB

          Download

        • memory/1912-69-0x0000000000400000-0x000000000044E000-memory.dmp

          Filesize

          312KB

          Download