Overview

overview

8

Static

static

myfile.exe

windows10-1703-x64

8

Resubmissions

21-10-2022 10:18

221021-mcf7tsfcap 8

16-07-2020 11:43

200716-73zeyv4bja 6

Analysis

  • max time kernel
    226s
  • max time network
    231s
  • platform
    windows10-1703_x64
  • resource
    win10-20220812-en
  • resource tags

    arch:x64arch:x86image:win10-20220812-enlocale:en-usos:windows10-1703-x64system
  • submitted
    21-10-2022 10:18

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    myfile.exe

  • Size

    4.3MB

  • MD5

    cde3f2732fcf5a3b990fd6e33c6757cf

  • SHA1

    3e6903a3635ae53207bfdbc98119860e924fe839

  • SHA256

    e3942b398296e89e5f5ace5f17b52540e6a2543248b3c7992e19a0688befca13

  • SHA512

    f9cbfffecacfd31cb42d6a25baa0ef697f185d403b65439161ce8167aa791f616f529fc01886360b88da085ca2818c503fa9c003341202b83c7cab1e0d232e89

  • SSDEEP

    49152:y/pJyy4FUXoebtp7JRSFV30nQhbWE/Hb2X8CWmxWTjv/+WNptHJymrgs:8wU4e5f0/knsbNjv/+S

Score
8/10
ransomware

Malware Config

Signatures

  • Modifies extensions of user files 2 IoCs

    Ransomware generally changes the extension on encrypted files.

    ransomware
  • Checks processor information in registry 2 TTPs 3 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Enumerates system info in registry 2 TTPs 3 IoCs
  • GoLang User-Agent 1 IoCs

    Uses default user-agent string defined by GoLang HTTP packages.

  • Modifies Internet Explorer settings 1 TTPs 12 IoCs
    adwarespyware
  • Suspicious behavior: AddClipboardFormatListener 2 IoCs
  • Suspicious use of SetWindowsHookEx 8 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\myfile.exe
    "C:\Users\Admin\AppData\Local\Temp\myfile.exe"
    1⤵
    • Modifies extensions of user files
    PID:3824
  • C:\Windows\System32\rundll32.exe
    C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
    1⤵
      PID:4404
    • C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE
      "C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE" /n "C:\Users\Admin\AppData\Local\Temp\README.doc" /o ""
      1⤵
      • Checks processor information in registry
      • Enumerates system info in registry
      • Modifies Internet Explorer settings
      • Suspicious behavior: AddClipboardFormatListener
      • Suspicious use of SetWindowsHookEx
      PID:4152

    Network

    MITRE ATT&CK Enterprise v6

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\Local\Temp\README.doc
      Filesize

      261B

      MD5

      221d3eb3b9bbb02dbb399e38c4358597

      SHA1

      7d316ec74f09e503265b4c233d9fd89dcd35cdf2

      SHA256

      ff0373d4c2c4542c96ecafe3df741fae165824272ad66bea20080b0d7c81b60b

      SHA512

      b329f7b4637666d0ccb4f4572f1bcdf903cf7f4d188d789d2cac9c5d2739634e8559b27c1a90b0911bb344e801669292dfc24c65e6d4ca3260b72e2f4d3a52d5

      Download Submit

    • memory/3824-120-0x0000000077600000-0x000000007778E000-memory.dmp

      Filesize

      1.6MB

      Download

    • memory/3824-121-0x0000000077600000-0x000000007778E000-memory.dmp

      Filesize

      1.6MB

      Download

    • memory/3824-122-0x0000000077600000-0x000000007778E000-memory.dmp

      Filesize

      1.6MB

      Download

    • memory/3824-123-0x0000000077600000-0x000000007778E000-memory.dmp

      Filesize

      1.6MB

      Download

    • memory/3824-124-0x0000000077600000-0x000000007778E000-memory.dmp

      Filesize

      1.6MB

      Download

    • memory/3824-125-0x0000000077600000-0x000000007778E000-memory.dmp

      Filesize

      1.6MB

      Download

    • memory/3824-126-0x0000000077600000-0x000000007778E000-memory.dmp

      Filesize

      1.6MB

      Download

    • memory/3824-127-0x0000000077600000-0x000000007778E000-memory.dmp

      Filesize

      1.6MB

      Download

    • memory/3824-128-0x0000000077600000-0x000000007778E000-memory.dmp

      Filesize

      1.6MB

      Download

    • memory/3824-129-0x0000000077600000-0x000000007778E000-memory.dmp

      Filesize

      1.6MB

      Download

    • memory/3824-130-0x0000000077600000-0x000000007778E000-memory.dmp

      Filesize

      1.6MB

      Download

    • memory/3824-131-0x0000000077600000-0x000000007778E000-memory.dmp

      Filesize

      1.6MB

      Download

    • memory/3824-132-0x0000000077600000-0x000000007778E000-memory.dmp

      Filesize

      1.6MB

      Download

    • memory/3824-134-0x0000000077600000-0x000000007778E000-memory.dmp

      Filesize

      1.6MB

      Download

    • memory/3824-133-0x0000000077600000-0x000000007778E000-memory.dmp

      Filesize

      1.6MB

      Download

    • memory/3824-136-0x0000000077600000-0x000000007778E000-memory.dmp

      Filesize

      1.6MB

      Download

    • memory/3824-135-0x0000000077600000-0x000000007778E000-memory.dmp

      Filesize

      1.6MB

      Download

    • memory/3824-137-0x0000000077600000-0x000000007778E000-memory.dmp

      Filesize

      1.6MB

      Download

    • memory/3824-138-0x0000000077600000-0x000000007778E000-memory.dmp

      Filesize

      1.6MB

      Download

    • memory/3824-139-0x0000000077600000-0x000000007778E000-memory.dmp

      Filesize

      1.6MB

      Download

    • memory/3824-140-0x0000000077600000-0x000000007778E000-memory.dmp

      Filesize

      1.6MB

      Download

    • memory/3824-141-0x0000000077600000-0x000000007778E000-memory.dmp

      Filesize

      1.6MB

      Download

    • memory/3824-142-0x0000000077600000-0x000000007778E000-memory.dmp

      Filesize

      1.6MB

      Download

    • memory/3824-143-0x0000000077600000-0x000000007778E000-memory.dmp

      Filesize

      1.6MB

      Download

    • memory/3824-144-0x0000000077600000-0x000000007778E000-memory.dmp

      Filesize

      1.6MB

      Download

    • memory/3824-145-0x0000000077600000-0x000000007778E000-memory.dmp

      Filesize

      1.6MB

      Download

    • memory/3824-146-0x0000000077600000-0x000000007778E000-memory.dmp

      Filesize

      1.6MB

      Download

    • memory/3824-147-0x0000000077600000-0x000000007778E000-memory.dmp

      Filesize

      1.6MB

      Download

    • memory/3824-148-0x0000000077600000-0x000000007778E000-memory.dmp

      Filesize

      1.6MB

      Download

    • memory/3824-149-0x0000000077600000-0x000000007778E000-memory.dmp

      Filesize

      1.6MB

      Download

    • memory/3824-150-0x0000000077600000-0x000000007778E000-memory.dmp

      Filesize

      1.6MB

      Download

    • memory/3824-151-0x0000000077600000-0x000000007778E000-memory.dmp

      Filesize

      1.6MB

      Download

    • memory/3824-152-0x0000000077600000-0x000000007778E000-memory.dmp

      Filesize

      1.6MB

      Download

    • memory/3824-153-0x0000000077600000-0x000000007778E000-memory.dmp

      Filesize

      1.6MB

      Download

    • memory/3824-154-0x0000000077600000-0x000000007778E000-memory.dmp

      Filesize

      1.6MB

      Download

    • memory/3824-155-0x0000000077600000-0x000000007778E000-memory.dmp

      Filesize

      1.6MB

      Download

    • memory/3824-156-0x0000000077600000-0x000000007778E000-memory.dmp

      Filesize

      1.6MB

      Download

    • memory/3824-157-0x0000000077600000-0x000000007778E000-memory.dmp

      Filesize

      1.6MB

      Download

    • memory/3824-158-0x0000000077600000-0x000000007778E000-memory.dmp

      Filesize

      1.6MB

      Download

    • memory/3824-159-0x0000000077600000-0x000000007778E000-memory.dmp

      Filesize

      1.6MB

      Download

    • memory/3824-160-0x0000000077600000-0x000000007778E000-memory.dmp

      Filesize

      1.6MB

      Download

    • memory/3824-161-0x0000000077600000-0x000000007778E000-memory.dmp

      Filesize

      1.6MB

      Download

    • memory/3824-162-0x0000000077600000-0x000000007778E000-memory.dmp

      Filesize

      1.6MB

      Download

    • memory/3824-163-0x0000000077600000-0x000000007778E000-memory.dmp

      Filesize

      1.6MB

      Download

    • memory/4152-164-0x00007FFA93810000-0x00007FFA93820000-memory.dmp

      Filesize

      64KB

      Download

    • memory/4152-165-0x00007FFA93810000-0x00007FFA93820000-memory.dmp

      Filesize

      64KB

      Download

    • memory/4152-166-0x00007FFA93810000-0x00007FFA93820000-memory.dmp

      Filesize

      64KB

      Download

    • memory/4152-167-0x00007FFA93810000-0x00007FFA93820000-memory.dmp

      Filesize

      64KB

      Download

    • memory/4152-170-0x00007FFA90A40000-0x00007FFA90A50000-memory.dmp

      Filesize

      64KB

      Download

    • memory/4152-171-0x00007FFA90A40000-0x00007FFA90A50000-memory.dmp

      Filesize

      64KB

      Download

    • memory/4152-380-0x00007FFA93810000-0x00007FFA93820000-memory.dmp

      Filesize

      64KB

      Download

    • memory/4152-381-0x00007FFA93810000-0x00007FFA93820000-memory.dmp

      Filesize

      64KB

      Download

    • memory/4152-382-0x00007FFA93810000-0x00007FFA93820000-memory.dmp

      Filesize

      64KB

      Download

    • memory/4152-383-0x00007FFA93810000-0x00007FFA93820000-memory.dmp

      Filesize

      64KB

      Download