Overview

overview

10

Static

static

662f15eb95...97.exe

windows7-x64

10

662f15eb95...97.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    150s
  • max time network
    47s
  • platform
    windows7_x64
  • resource
    win7-20220812-en
  • resource tags

    arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
  • submitted
    30/10/2022, 20:15

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    662f15eb95942698632e207f165a28a257fa41c7b5413281008bed1b35ce1c97.exe

  • Size

    240KB

  • MD5

    a0f9141089f07892cf433d13c9557fd0

  • SHA1

    414ab7d7dea03fe1a3b5887a11ab5c2b14fe263d

  • SHA256

    662f15eb95942698632e207f165a28a257fa41c7b5413281008bed1b35ce1c97

  • SHA512

    221736be9952cc848f78315928ef244d9c358bf9b6abab60069318203114026c2f764de796d49366a9c35056a32aae1d497d8098911bbcb944480e0d0948ffee

  • SSDEEP

    3072:MGVU/RW+zbfMjS2BXeWBFcAfqTEBRjefrfRLfN561PHuh01W6goN:M2yFD2peScAfA0jCfr5671b

Score
10/10
evasionpersistence

Malware Config

Signatures

  • Modifies visiblity of hidden/system files in Explorer 2 TTPs 2 IoCs
    evasion
  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 2 IoCs
  • Adds Run key to start application 2 TTPs 29 IoCs
    persistence
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of SetWindowsHookEx 2 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\662f15eb95942698632e207f165a28a257fa41c7b5413281008bed1b35ce1c97.exe
    "C:\Users\Admin\AppData\Local\Temp\662f15eb95942698632e207f165a28a257fa41c7b5413281008bed1b35ce1c97.exe"
    1⤵
    • Modifies visiblity of hidden/system files in Explorer
    • Loads dropped DLL
    • Adds Run key to start application
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:1184
    • C:\Users\Admin\puajon.exe
      "C:\Users\Admin\puajon.exe"
      2⤵
      • Modifies visiblity of hidden/system files in Explorer
      • Executes dropped EXE
      • Adds Run key to start application
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of SetWindowsHookEx
      PID:1776

Network

        MITRE ATT&CK Enterprise v6

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Users\Admin\puajon.exe
          Filesize

          240KB

          MD5

          62bc643907c2301ce5fe0f8315e80a8a

          SHA1

          ea237452e768d8d438f4f60b8c7c8b730ff01d03

          SHA256

          bda89d16c0d24659dc129b64aeae01570b4978411df0e800c351d07029de2f82

          SHA512

          a864972b8a617c210121b5ff22fbb941923e392ad3b89160afd8a9c3f90aaf0b8aad09a024282ffebe0ff4d8249011b5fed1050668e1a31f643920b3d3f82807

          Download Submit

        • C:\Users\Admin\puajon.exe
          Filesize

          240KB

          MD5

          62bc643907c2301ce5fe0f8315e80a8a

          SHA1

          ea237452e768d8d438f4f60b8c7c8b730ff01d03

          SHA256

          bda89d16c0d24659dc129b64aeae01570b4978411df0e800c351d07029de2f82

          SHA512

          a864972b8a617c210121b5ff22fbb941923e392ad3b89160afd8a9c3f90aaf0b8aad09a024282ffebe0ff4d8249011b5fed1050668e1a31f643920b3d3f82807

          Download Submit

        • \Users\Admin\puajon.exe
          Filesize

          240KB

          MD5

          62bc643907c2301ce5fe0f8315e80a8a

          SHA1

          ea237452e768d8d438f4f60b8c7c8b730ff01d03

          SHA256

          bda89d16c0d24659dc129b64aeae01570b4978411df0e800c351d07029de2f82

          SHA512

          a864972b8a617c210121b5ff22fbb941923e392ad3b89160afd8a9c3f90aaf0b8aad09a024282ffebe0ff4d8249011b5fed1050668e1a31f643920b3d3f82807

          Download Submit

        • \Users\Admin\puajon.exe
          Filesize

          240KB

          MD5

          62bc643907c2301ce5fe0f8315e80a8a

          SHA1

          ea237452e768d8d438f4f60b8c7c8b730ff01d03

          SHA256

          bda89d16c0d24659dc129b64aeae01570b4978411df0e800c351d07029de2f82

          SHA512

          a864972b8a617c210121b5ff22fbb941923e392ad3b89160afd8a9c3f90aaf0b8aad09a024282ffebe0ff4d8249011b5fed1050668e1a31f643920b3d3f82807

          Download Submit

        • memory/1184-56-0x0000000074BB1000-0x0000000074BB3000-memory.dmp

          Filesize

          8KB

          Download