Analysis
-
max time kernel
88s -
max time network
46s -
platform
windows7_x64 -
resource
win7-20220812-en -
resource tags
-
submitted
01-11-2022 07:28
General
-
Target
i.exe
-
Size
3.0MB
-
MD5
365d7fdc34a8c57a60a4d1cd548e507b
-
SHA1
eb635b6e7fa6fe1e3a83026fd47c87bc78753006
-
SHA256
cf2667a5f76796a5ccc9995582737765e20eaf53b70b3688885974877f1d2d75
-
SHA512
ca7e0f0c3aa1034b90bb613908eac6f1aeb443b5dccb4c0c5d315747baa2843b67cfee3ae020c68c9a7cd7e9f197a5a870936f382c1e252aa12333396e403bf2
-
SSDEEP
12288:ny4zXZXBJ+LgSRQTy3pFjIwUOIojNoEFjwqIHGRGvFvaPw+3Y12wW:vrJ+LgTTy3pFjIwUOPVFjv8dvaPNI4D
Malware Config
Signatures
-
UPX packed file 9 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Loads dropped DLL 7 IoCs
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.
-
Modifies Internet Explorer settings 1 TTPs 2 IoCs
-
Modifies registry class 49 IoCs
-
Suspicious behavior: EnumeratesProcesses 1 IoCs
-
Suspicious use of FindShellTrayWindow 1 IoCs
-
Suspicious use of WriteProcessMemory 4 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\i.exe"C:\Users\Admin\AppData\Local\Temp\i.exe"1⤵
- Loads dropped DLL
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of FindShellTrayWindow
- Suspicious use of WriteProcessMemory
-
C:\Windows\explorer.exe"C:\Windows\explorer.exe" C:\Users\Public\Music\dafndp2⤵
-
C:\Windows\explorer.exeC:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding1⤵
- Modifies Internet Explorer settings
- Modifies registry class
Network
MITRE ATT&CK Matrix ATT&CK v6
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Public\Music\dafndp\aluwtl.lnkFilesize
1KB
MD584187a3ab929473894a7a4923687c390
SHA1f0a823ca36e086d23d18d66fe5cd37acaedf6372
SHA256bb61fa0c602eee498b158dda4a65580d4ea2bcd555ff104fe09769a54eaa6341
SHA5122b0d4477d9620994af5e20547669c076ba726e1ff49a99d8c07ef465e73a5138730a986217d88d17c2be5305479b3b397287d8044e25f8f2406cd07b6d13dd43
-
C:\Users\Public\Music\dafndp\atfcttc.urlFilesize
136B
MD57326f2e70420d4d0b1a57170b9c3b9a4
SHA1a6ae9435dcca17ae36901bd49fee52d4301183fe
SHA2569d444739e3e59247181fc7a84fea16b589b9a1d36ff0a8d0c94288642b7e9616
SHA51263fe3cadb6c6f619e00bfd7dc4cd510b4e98969efd7ab754b387097fe27c9c662461caa38b061d3af2bdb85b8d68c8179570c857d4297cd287d78b21ad08d91f
-
C:\Users\Public\Music\dafndp\bcvqdgl.urlFilesize
136B
MD57326f2e70420d4d0b1a57170b9c3b9a4
SHA1a6ae9435dcca17ae36901bd49fee52d4301183fe
SHA2569d444739e3e59247181fc7a84fea16b589b9a1d36ff0a8d0c94288642b7e9616
SHA51263fe3cadb6c6f619e00bfd7dc4cd510b4e98969efd7ab754b387097fe27c9c662461caa38b061d3af2bdb85b8d68c8179570c857d4297cd287d78b21ad08d91f
-
C:\Users\Public\Music\dafndp\dgsrcca.urlFilesize
136B
MD57326f2e70420d4d0b1a57170b9c3b9a4
SHA1a6ae9435dcca17ae36901bd49fee52d4301183fe
SHA2569d444739e3e59247181fc7a84fea16b589b9a1d36ff0a8d0c94288642b7e9616
SHA51263fe3cadb6c6f619e00bfd7dc4cd510b4e98969efd7ab754b387097fe27c9c662461caa38b061d3af2bdb85b8d68c8179570c857d4297cd287d78b21ad08d91f
-
C:\Users\Public\Music\dafndp\eoreol.lnkFilesize
1KB
MD584187a3ab929473894a7a4923687c390
SHA1f0a823ca36e086d23d18d66fe5cd37acaedf6372
SHA256bb61fa0c602eee498b158dda4a65580d4ea2bcd555ff104fe09769a54eaa6341
SHA5122b0d4477d9620994af5e20547669c076ba726e1ff49a99d8c07ef465e73a5138730a986217d88d17c2be5305479b3b397287d8044e25f8f2406cd07b6d13dd43
-
C:\Users\Public\Music\dafndp\hauupg.lnkFilesize
1KB
MD584187a3ab929473894a7a4923687c390
SHA1f0a823ca36e086d23d18d66fe5cd37acaedf6372
SHA256bb61fa0c602eee498b158dda4a65580d4ea2bcd555ff104fe09769a54eaa6341
SHA5122b0d4477d9620994af5e20547669c076ba726e1ff49a99d8c07ef465e73a5138730a986217d88d17c2be5305479b3b397287d8044e25f8f2406cd07b6d13dd43
-
C:\Users\Public\Music\dafndp\nawvbr.lnkFilesize
1KB
MD584187a3ab929473894a7a4923687c390
SHA1f0a823ca36e086d23d18d66fe5cd37acaedf6372
SHA256bb61fa0c602eee498b158dda4a65580d4ea2bcd555ff104fe09769a54eaa6341
SHA5122b0d4477d9620994af5e20547669c076ba726e1ff49a99d8c07ef465e73a5138730a986217d88d17c2be5305479b3b397287d8044e25f8f2406cd07b6d13dd43
-
C:\Users\Public\Music\dafndp\qtqvofp.urlFilesize
136B
MD57326f2e70420d4d0b1a57170b9c3b9a4
SHA1a6ae9435dcca17ae36901bd49fee52d4301183fe
SHA2569d444739e3e59247181fc7a84fea16b589b9a1d36ff0a8d0c94288642b7e9616
SHA51263fe3cadb6c6f619e00bfd7dc4cd510b4e98969efd7ab754b387097fe27c9c662461caa38b061d3af2bdb85b8d68c8179570c857d4297cd287d78b21ad08d91f
-
C:\Users\Public\Music\dafndp\sayiox.lnkFilesize
1KB
MD584187a3ab929473894a7a4923687c390
SHA1f0a823ca36e086d23d18d66fe5cd37acaedf6372
SHA256bb61fa0c602eee498b158dda4a65580d4ea2bcd555ff104fe09769a54eaa6341
SHA5122b0d4477d9620994af5e20547669c076ba726e1ff49a99d8c07ef465e73a5138730a986217d88d17c2be5305479b3b397287d8044e25f8f2406cd07b6d13dd43
-
C:\Users\Public\Music\dafndp\ugccpp.lnkFilesize
1KB
MD584187a3ab929473894a7a4923687c390
SHA1f0a823ca36e086d23d18d66fe5cd37acaedf6372
SHA256bb61fa0c602eee498b158dda4a65580d4ea2bcd555ff104fe09769a54eaa6341
SHA5122b0d4477d9620994af5e20547669c076ba726e1ff49a99d8c07ef465e73a5138730a986217d88d17c2be5305479b3b397287d8044e25f8f2406cd07b6d13dd43
-
C:\Users\Public\Music\dafndp\upcaudm.urlFilesize
136B
MD57326f2e70420d4d0b1a57170b9c3b9a4
SHA1a6ae9435dcca17ae36901bd49fee52d4301183fe
SHA2569d444739e3e59247181fc7a84fea16b589b9a1d36ff0a8d0c94288642b7e9616
SHA51263fe3cadb6c6f619e00bfd7dc4cd510b4e98969efd7ab754b387097fe27c9c662461caa38b061d3af2bdb85b8d68c8179570c857d4297cd287d78b21ad08d91f
-
C:\Users\Public\Music\dafndp\vbugnxr.urlFilesize
136B
MD57326f2e70420d4d0b1a57170b9c3b9a4
SHA1a6ae9435dcca17ae36901bd49fee52d4301183fe
SHA2569d444739e3e59247181fc7a84fea16b589b9a1d36ff0a8d0c94288642b7e9616
SHA51263fe3cadb6c6f619e00bfd7dc4cd510b4e98969efd7ab754b387097fe27c9c662461caa38b061d3af2bdb85b8d68c8179570c857d4297cd287d78b21ad08d91f
-
C:\Users\Public\pitap\oruy.exeFilesize
40KB
MD5d3ed82f676591a9c47037a7b66908832
SHA149533ea0b019b76131c14936814f99b9794d506b
SHA2560ef64a90dad0929f282fa1425422b2ffd70bf2ac803371fe3c780afefad66455
SHA512c79e09b8f47200acec33042cf183ead8cb3f7f87380e2ee4b3a2d6a05d96305277dea13974714d3e8ff8dd7c4733a2e4e93e137408de66ef60b6ec6f3e862986
-
\Users\Public\Pictures\Vrice\exowcb\xnelfi.exeFilesize
340KB
MD583020e8c25dd7d078733fe74c80d9b46
SHA157aa17d77a4912ed48b086cc86e78ffde7646aaa
SHA25633b1ff750a50970f7646806c41e444ce956566691efe735b2ff541c429c2b2d6
SHA5128b958749c6504874109adda9eb7bcc077e68474abd5fb2914aa1dd1212cf3e4c79c678aee7f23ef99a608fdd24fb39e12e57881db8708935a78999c999a70faa
-
\Users\Public\pitap\oruy.exeFilesize
40KB
MD5d3ed82f676591a9c47037a7b66908832
SHA149533ea0b019b76131c14936814f99b9794d506b
SHA2560ef64a90dad0929f282fa1425422b2ffd70bf2ac803371fe3c780afefad66455
SHA512c79e09b8f47200acec33042cf183ead8cb3f7f87380e2ee4b3a2d6a05d96305277dea13974714d3e8ff8dd7c4733a2e4e93e137408de66ef60b6ec6f3e862986
-
\Users\Public\pitap\oruy.exeFilesize
40KB
MD5d3ed82f676591a9c47037a7b66908832
SHA149533ea0b019b76131c14936814f99b9794d506b
SHA2560ef64a90dad0929f282fa1425422b2ffd70bf2ac803371fe3c780afefad66455
SHA512c79e09b8f47200acec33042cf183ead8cb3f7f87380e2ee4b3a2d6a05d96305277dea13974714d3e8ff8dd7c4733a2e4e93e137408de66ef60b6ec6f3e862986
-
\Users\Public\pitap\oruy.exeFilesize
40KB
MD5d3ed82f676591a9c47037a7b66908832
SHA149533ea0b019b76131c14936814f99b9794d506b
SHA2560ef64a90dad0929f282fa1425422b2ffd70bf2ac803371fe3c780afefad66455
SHA512c79e09b8f47200acec33042cf183ead8cb3f7f87380e2ee4b3a2d6a05d96305277dea13974714d3e8ff8dd7c4733a2e4e93e137408de66ef60b6ec6f3e862986
-
\Users\Public\pitap\oruy.exeFilesize
40KB
MD5d3ed82f676591a9c47037a7b66908832
SHA149533ea0b019b76131c14936814f99b9794d506b
SHA2560ef64a90dad0929f282fa1425422b2ffd70bf2ac803371fe3c780afefad66455
SHA512c79e09b8f47200acec33042cf183ead8cb3f7f87380e2ee4b3a2d6a05d96305277dea13974714d3e8ff8dd7c4733a2e4e93e137408de66ef60b6ec6f3e862986
-
\Users\Public\pitap\oruy.exeFilesize
40KB
MD5d3ed82f676591a9c47037a7b66908832
SHA149533ea0b019b76131c14936814f99b9794d506b
SHA2560ef64a90dad0929f282fa1425422b2ffd70bf2ac803371fe3c780afefad66455
SHA512c79e09b8f47200acec33042cf183ead8cb3f7f87380e2ee4b3a2d6a05d96305277dea13974714d3e8ff8dd7c4733a2e4e93e137408de66ef60b6ec6f3e862986
-
\Users\Public\pitap\oruy.exeFilesize
40KB
MD5d3ed82f676591a9c47037a7b66908832
SHA149533ea0b019b76131c14936814f99b9794d506b
SHA2560ef64a90dad0929f282fa1425422b2ffd70bf2ac803371fe3c780afefad66455
SHA512c79e09b8f47200acec33042cf183ead8cb3f7f87380e2ee4b3a2d6a05d96305277dea13974714d3e8ff8dd7c4733a2e4e93e137408de66ef60b6ec6f3e862986
-
memory/608-58-0x00000000039C0000-0x00000000039D0000-memory.dmpFilesize
64KB
-
memory/936-55-0x0000000000000000-mapping.dmp
-
memory/936-56-0x000007FEFB6D1000-0x000007FEFB6D3000-memory.dmpFilesize
8KB
-
memory/948-78-0x00000000002E0000-0x00000000002EA000-memory.dmpFilesize
40KB
-
memory/948-71-0x00000000001D0000-0x00000000001DB000-memory.dmpFilesize
44KB
-
memory/948-80-0x00000000001D0000-0x00000000001DB000-memory.dmpFilesize
44KB
-
memory/948-54-0x0000000074AB1000-0x0000000074AB3000-memory.dmpFilesize
8KB
-
memory/948-61-0x00000000001D0000-0x00000000001DB000-memory.dmpFilesize
44KB
-
memory/948-59-0x0000000074071000-0x0000000074073000-memory.dmpFilesize
8KB
-
memory/948-65-0x00000000001D0000-0x00000000001DB000-memory.dmpFilesize
44KB
-
memory/948-66-0x00000000001D0000-0x00000000001DB000-memory.dmpFilesize
44KB
-
memory/948-70-0x00000000001D0000-0x00000000001DB000-memory.dmpFilesize
44KB