Overview

overview

8

Static

static

570fe93bd1...f6.exe

windows7-x64

8

570fe93bd1...f6.exe

windows10-2004-x64

8

Analysis

  • max time kernel
    152s
  • max time network
    153s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20220812-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
  • submitted
    23-11-2022 09:04

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    570fe93bd1174b7de1981d446f329e9a60eea247bce9d31486a4dbba6376aef6.exe

  • Size

    184KB

  • MD5

    a1608b21962b1fef1e87948753a8d3d2

  • SHA1

    3215288dd5ecf93b00cee7cb5670966e8f44cfb0

  • SHA256

    570fe93bd1174b7de1981d446f329e9a60eea247bce9d31486a4dbba6376aef6

  • SHA512

    efeaf181ebfd6c342e513691db4948e024f02b701de63f2bd620bcf546b4678a9041a3245086091d48bab2bbe736f9763621a3f85b55a5da4fc5810b7b3ccdc9

  • SSDEEP

    3072:84r0/5Q3FosIbwKkD07DeDrVBRpg5uJBm0RcOIJ8z:84QRGFqMh07DeD9pg5mB/2OIJ8

Score
8/10
evasiontrojan

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Checks whether UAC is enabled 1 TTPs 1 IoCs
    evasiontrojan
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

  • Modifies Internet Explorer settings 1 TTPs 16 IoCs
    adwarespyware
  • Modifies registry class 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of SetWindowsHookEx 4 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\570fe93bd1174b7de1981d446f329e9a60eea247bce9d31486a4dbba6376aef6.exe
    "C:\Users\Admin\AppData\Local\Temp\570fe93bd1174b7de1981d446f329e9a60eea247bce9d31486a4dbba6376aef6.exe"
    1⤵
    • Checks whether UAC is enabled
    • Modifies Internet Explorer settings
    • Modifies registry class
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:5052
    • C:\Users\Admin\AppData\Local\Temp\servicesc.exe
      C:\Users\Admin\AppData\Local\Temp\servicesc.exe 570fe93bd1174b7de1981d446f329e9a60eea247bce9d31486a4dbba6376aef6.exe
      2⤵
      • Executes dropped EXE
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of SetWindowsHookEx
      PID:3984

Network

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

System Information Discovery

2
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\servicesc.exe
    Filesize

    32KB

    MD5

    d542fd20caac2c34bbec498c05b0d828

    SHA1

    5deb07503e212e23e1f6d23b7fd93289da20061f

    SHA256

    d74fca83e5cf20d9081e099a12e9c70d8c6ecaf52f4ec2963246353dc447b666

    SHA512

    0e853a822008229b81a89ebc80d0d7beef08c45471cf4a2d6eb12aa1e19d56c96b6f7ae18f49cc2c317941b2a1c18be6211e8447b22eb5498dbcd17a8ea5c78b

    Download Submit
  • C:\Users\Admin\AppData\Local\Temp\servicesc.exe
    Filesize

    32KB

    MD5

    d542fd20caac2c34bbec498c05b0d828

    SHA1

    5deb07503e212e23e1f6d23b7fd93289da20061f

    SHA256

    d74fca83e5cf20d9081e099a12e9c70d8c6ecaf52f4ec2963246353dc447b666

    SHA512

    0e853a822008229b81a89ebc80d0d7beef08c45471cf4a2d6eb12aa1e19d56c96b6f7ae18f49cc2c317941b2a1c18be6211e8447b22eb5498dbcd17a8ea5c78b

    Download Submit
  • memory/3984-134-0x0000000000000000-mapping.dmp
    Download