Overview

overview

10

Static

static

b4f8d752f4...e2.exe

windows7-x64

10

b4f8d752f4...e2.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    152s
  • max time network
    48s
  • platform
    windows7_x64
  • resource
    win7-20220812-en
  • resource tags

    arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
  • submitted
    30-10-2022 20:02

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    b4f8d752f46ddae98e3f5e83329b5f6aa1c17c22a59bda6c8c5e3bf6713e05e2.exe

  • Size

    260KB

  • MD5

    a1d70650b0247293705b2994585f09c0

  • SHA1

    49ba3cdc210933b6ad8a944666e7884969c4cf04

  • SHA256

    b4f8d752f46ddae98e3f5e83329b5f6aa1c17c22a59bda6c8c5e3bf6713e05e2

  • SHA512

    a00718501098631c816896eae8fa61004bf3519deeac7ab658816e32aeb7e0776d564fb53310099880f66e7ba30a8253457324a7ac9c54928f058bac5f653cdd

  • SSDEEP

    3072:bgfAlNommvh25n/kZoSUjMqXnpWAkpAmTSrMaIOYt/jo7LAtPhjjtZnfHFEoWBf3:bdrgTSrMaIl/jcLijfHFEHWzXvjT85R

Score
10/10
evasionpersistence

Malware Config

Signatures

  • Modifies visiblity of hidden/system files in Explorer 2 TTPs 1 IoCs
    evasion
  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 2 IoCs
  • Adds Run key to start application 2 TTPs 50 IoCs
    persistence
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of SetWindowsHookEx 2 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\b4f8d752f46ddae98e3f5e83329b5f6aa1c17c22a59bda6c8c5e3bf6713e05e2.exe
    "C:\Users\Admin\AppData\Local\Temp\b4f8d752f46ddae98e3f5e83329b5f6aa1c17c22a59bda6c8c5e3bf6713e05e2.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:1492
    • C:\Users\Admin\siiyo.exe
      "C:\Users\Admin\siiyo.exe"
      2⤵
      • Modifies visiblity of hidden/system files in Explorer
      • Executes dropped EXE
      • Adds Run key to start application
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of SetWindowsHookEx
      PID:1892

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\siiyo.exe
    Filesize

    260KB

    MD5

    3c46ed0fabd7731e086dd945f1de8a74

    SHA1

    e0a32750f009a981ffe2cf6bbdd10ecbe46f5d0c

    SHA256

    83b19dd626895c738549df990bf3c33f4eca7a0a83b579e3e3a88863bc7dc4f7

    SHA512

    6b7c37ef1249897e2dc5d698494bc5019455d8b6034943f732fe0db09f7d7c5251d1a8596dac6d06008c47fae08e4fc013145b084373e84bc61d53a4cd66877e

    Download Submit

  • C:\Users\Admin\siiyo.exe
    Filesize

    260KB

    MD5

    3c46ed0fabd7731e086dd945f1de8a74

    SHA1

    e0a32750f009a981ffe2cf6bbdd10ecbe46f5d0c

    SHA256

    83b19dd626895c738549df990bf3c33f4eca7a0a83b579e3e3a88863bc7dc4f7

    SHA512

    6b7c37ef1249897e2dc5d698494bc5019455d8b6034943f732fe0db09f7d7c5251d1a8596dac6d06008c47fae08e4fc013145b084373e84bc61d53a4cd66877e

    Download Submit

  • \Users\Admin\siiyo.exe
    Filesize

    260KB

    MD5

    3c46ed0fabd7731e086dd945f1de8a74

    SHA1

    e0a32750f009a981ffe2cf6bbdd10ecbe46f5d0c

    SHA256

    83b19dd626895c738549df990bf3c33f4eca7a0a83b579e3e3a88863bc7dc4f7

    SHA512

    6b7c37ef1249897e2dc5d698494bc5019455d8b6034943f732fe0db09f7d7c5251d1a8596dac6d06008c47fae08e4fc013145b084373e84bc61d53a4cd66877e

    Download Submit

  • \Users\Admin\siiyo.exe
    Filesize

    260KB

    MD5

    3c46ed0fabd7731e086dd945f1de8a74

    SHA1

    e0a32750f009a981ffe2cf6bbdd10ecbe46f5d0c

    SHA256

    83b19dd626895c738549df990bf3c33f4eca7a0a83b579e3e3a88863bc7dc4f7

    SHA512

    6b7c37ef1249897e2dc5d698494bc5019455d8b6034943f732fe0db09f7d7c5251d1a8596dac6d06008c47fae08e4fc013145b084373e84bc61d53a4cd66877e

    Download Submit

  • memory/1492-56-0x0000000075921000-0x0000000075923000-memory.dmp

    Filesize

    8KB

    Download