f17afcb110368b3b06d755c2208f09f7d711069254f36d489c2a3ba530764e08

Analysis

max time kernel
6s
max time network
103s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
28/10/2022, 21:37

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

f17afcb110368b3b06d755c2208f09f7d711069254f36d489c2a3ba530764e08.exe
Size

240KB
MD5

0f40fd6774ec98c4893f102c738d324d
SHA1

8fc378008d19e27173882039b968ea9dc1cd1bbd
SHA256

f17afcb110368b3b06d755c2208f09f7d711069254f36d489c2a3ba530764e08
SHA512

cea303175b3d17e40f18ab76322d725076f11ec48b7986b1274dcbcd670140e1a0d0b5adeb1b482fb480be72e6be75c17b2c9c7c7560b1bb440dcf9b58cade13
SSDEEP

6144:kob5UtO7RQjX7XN1kd9JbSDviiopNDa/N08i1/W:64xNTW

Score

3^/10

Malware Config

Signatures

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

System Information Discovery
T1082

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
1756	f17afcb110368b3b06d755c2208f09f7d711069254f36d489c2a3ba530764e08.exe

C:\Users\Admin\AppData\Local\Temp\f17afcb110368b3b06d755c2208f09f7d711069254f36d489c2a3ba530764e08.exe
"C:\Users\Admin\AppData\Local\Temp\f17afcb110368b3b06d755c2208f09f7d711069254f36d489c2a3ba530764e08.exe"
1⤵
- Suspicious use of SetWindowsHookEx
PID:1756
- C:\Users\Admin\kueixiv.exe
  "C:\Users\Admin\kueixiv.exe"
  2⤵
  PID:1000

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\kueixiv.exe

Filesize
174KB

MD5
4fac57a8fc05b45956a2dae8fada320a

SHA1
a36ece595ebfeae96c55e03a5556de7b2d999d2b

SHA256
ea75f094918ee9a321a0e7a9e2ee413a51efbc686c0cc76895ad6c39d437731a

SHA512
b10450e0f4edd5f31428ccb33f77e4776019497204d6b802592901af48bc9c800722f11d069c92b46f251b29ce74935d9f0096f04a2222c5d6e487c2fd9f7b2e

Download Submit
C:\Users\Admin\kueixiv.exe

Filesize
132KB

MD5
d11a630182690c1176e9a1c24b0d1171

SHA1
3ea0dd8d66a5c87d25c38e5d8d9f2fbdb191e158

SHA256
9fca5b992307087ef6c196af4d91de599d27eb6f8484dfdfc0803778f1b21bad

SHA512
a45ab23063740dd1f2dd2c64f8c5e1c5b2d6f5c992266a2ba61093c12cbedc68181e9c4703dcb20a6643a6ad023c5d482bea4265573aba83ba3b788438651ddb

Download Submit
\Users\Admin\kueixiv.exe

Filesize
32KB

MD5
5e71ce6598d139ecee04e1a98e6b1080

SHA1
91ad6bd96fa95cc28f0d013c8cd5e9cac3730996

SHA256
a70c0dec0a4bbb0c03d781e9e776b4a7855ebbed85d05d2e854d8b65c7131f7f

SHA512
503abc70ad633fdaed192d1c6b8c7bf84c4d124dbe4250ba81c92a97170590b724442b2529c343319e306eb330e71e7231c7b33657f88aadfecad83824f87faa

Download Submit
\Users\Admin\kueixiv.exe

Filesize
26KB

MD5
497c3fd1a52821793be4b5443a0b8c91

SHA1
f46e3ae42d3dadc112c453e0aee981c7cef55f0b

SHA256
04300c5af12feb4f3824e049c75cb00b9db03efc8477c6387149b17ce97e119b

SHA512
043f6c60bedf14c1c5d97cbbcf41bd258ea7666f34ee30276f64b5beadb12f58726dbc8b72ec402fd93125c5ba72981512bd44c7d29ebeb0b269de5f73ce9bc6

Download Submit
memory/1000-67-0x0000000000400000-0x000000000043D000-memory.dmp

Filesize
244KB

Download
memory/1756-56-0x0000000000400000-0x000000000043D000-memory.dmp

Filesize
244KB

Download
memory/1756-57-0x0000000076871000-0x0000000076873000-memory.dmp

Filesize
8KB

Download
memory/1756-65-0x00000000028D0000-0x000000000290D000-memory.dmp

Filesize
244KB

Download
memory/1756-64-0x00000000028D0000-0x000000000290D000-memory.dmp

Filesize
244KB

Download