Overview

overview

8

Static

static

c219955852...63.exe

windows7-x64

8

c219955852...63.exe

windows10-2004-x64

8

Analysis

  • max time kernel
    208s
  • max time network
    288s
  • platform
    windows7_x64
  • resource
    win7-20221111-en
  • resource tags

    arch:x64arch:x86image:win7-20221111-enlocale:en-usos:windows7-x64system
  • submitted
    23-11-2022 15:28

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    c219955852517964f6b6e795a52b1d0c425bd30ada4f061afe21f3d535642c63.exe

  • Size

    3.2MB

  • MD5

    60d87145479d73dae26ffdce16c1a071

  • SHA1

    0206ace501f3760edf5be079951fcadd17c52c7b

  • SHA256

    c219955852517964f6b6e795a52b1d0c425bd30ada4f061afe21f3d535642c63

  • SHA512

    cb90cc27e5f53e2b00e187d203191ef76e432592a5de1c2ca820b920c90e4b9999925da0ac25ed0890e360e7f3baa694003ffa811b45cdf96d74cb4833e57195

  • SSDEEP

    98304:xFNW00i+rCrOZk8mXENd5VY8ScDnOsahMtAnZ:x9Tg4OZkdXEv0wODhMM

Score
8/10
persistence

Malware Config

Signatures

  • Executes dropped EXE 2 IoCs
  • Checks BIOS information in registry 2 TTPs 4 IoCs

    BIOS information is often read in order to detect sandboxing environments.

  • Loads dropped DLL 2 IoCs
  • Adds Run key to start application 2 TTPs 2 IoCs
    persistence
  • Drops file in Program Files directory 4 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

  • Modifies registry class 39 IoCs
  • NTFS ADS 2 IoCs
  • Suspicious use of AdjustPrivilegeToken 8 IoCs
  • Suspicious use of SetWindowsHookEx 1 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\c219955852517964f6b6e795a52b1d0c425bd30ada4f061afe21f3d535642c63.exe
    "C:\Users\Admin\AppData\Local\Temp\c219955852517964f6b6e795a52b1d0c425bd30ada4f061afe21f3d535642c63.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:1796
    • C:\Users\Admin\AppData\Local\Temp\c219955852517964f6b6e795a52b1d0c425bd30ada4f061afe21f3d535642c63.exe
      "C:\Users\Admin\AppData\Local\Temp\c219955852517964f6b6e795a52b1d0c425bd30ada4f061afe21f3d535642c63.exe"
      2⤵
      • Checks BIOS information in registry
      • Loads dropped DLL
      • Drops file in Program Files directory
      • Modifies registry class
      • Suspicious use of AdjustPrivilegeToken
      PID:544
      • \??\c:\Program Files\Javascript\Windows Up.EXE
        "c:\Program Files\Javascript\Windows Up.EXE"
        3⤵
        • Executes dropped EXE
        PID:1800
        • \??\c:\Program Files\Javascript\Windows Up.EXE
          "c:\Program Files\Javascript\Windows Up.EXE"
          4⤵
          • Executes dropped EXE
          • Checks BIOS information in registry
          • Adds Run key to start application
          • Drops file in Program Files directory
          • Modifies registry class
          • NTFS ADS
          • Suspicious use of AdjustPrivilegeToken
          • Suspicious use of SetWindowsHookEx
          PID:1780

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Program Files\Javascript\Windows Up.EXE
    Filesize

    2.0MB

    MD5

    06fc08f4f00dc5e98e498e3e99859a77

    SHA1

    6177caa516a7aa72746bb4607364acfc572174cf

    SHA256

    6dd5cba03075fdb4c555e718c2d80877aed428836dda6ba9d05af4dee7a76d56

    SHA512

    13f744fdf416c95e367d6088e21dc08be2d54e13dbf48bcfba5defc2e22fcf63bc558bf2a44c10016cda787eb1ab7379b1a862b18e6221879be64cef80f25865

    Download Submit

  • C:\Program Files\Javascript\Windows Up.EXE
    Filesize

    2.0MB

    MD5

    06fc08f4f00dc5e98e498e3e99859a77

    SHA1

    6177caa516a7aa72746bb4607364acfc572174cf

    SHA256

    6dd5cba03075fdb4c555e718c2d80877aed428836dda6ba9d05af4dee7a76d56

    SHA512

    13f744fdf416c95e367d6088e21dc08be2d54e13dbf48bcfba5defc2e22fcf63bc558bf2a44c10016cda787eb1ab7379b1a862b18e6221879be64cef80f25865

    Download Submit

  • C:\ProgramData\Licenses\0C6E3D0636B8B23B2.Lic
    Filesize

    127B

    MD5

    6a360392f66d6f84b38a9270d533640b

    SHA1

    b65502a9dcd9d287e5ac32060c02294623387f77

    SHA256

    e94e3a414283e1090a11b71519dd1ca27f49d139b157ef16e5cc6277ba0f541c

    SHA512

    c72e571678ee67f03b66e718455fd1884f35c49f5fcb28f39936e2e5b0c1e09373f2c6fc5005cbb57fb4f488105d65e07e6f1ea4ad0d7935f9e93a5ef1a6d2d9

    Download Submit

  • \??\c:\Program Files\Javascript\Windows Up.EXE
    Filesize

    2.0MB

    MD5

    06fc08f4f00dc5e98e498e3e99859a77

    SHA1

    6177caa516a7aa72746bb4607364acfc572174cf

    SHA256

    6dd5cba03075fdb4c555e718c2d80877aed428836dda6ba9d05af4dee7a76d56

    SHA512

    13f744fdf416c95e367d6088e21dc08be2d54e13dbf48bcfba5defc2e22fcf63bc558bf2a44c10016cda787eb1ab7379b1a862b18e6221879be64cef80f25865

    Download Submit

  • \Program Files\Javascript\Windows Up.EXE
    Filesize

    2.0MB

    MD5

    06fc08f4f00dc5e98e498e3e99859a77

    SHA1

    6177caa516a7aa72746bb4607364acfc572174cf

    SHA256

    6dd5cba03075fdb4c555e718c2d80877aed428836dda6ba9d05af4dee7a76d56

    SHA512

    13f744fdf416c95e367d6088e21dc08be2d54e13dbf48bcfba5defc2e22fcf63bc558bf2a44c10016cda787eb1ab7379b1a862b18e6221879be64cef80f25865

    Download Submit

  • \Program Files\Javascript\Windows Up.EXE
    Filesize

    2.0MB

    MD5

    06fc08f4f00dc5e98e498e3e99859a77

    SHA1

    6177caa516a7aa72746bb4607364acfc572174cf

    SHA256

    6dd5cba03075fdb4c555e718c2d80877aed428836dda6ba9d05af4dee7a76d56

    SHA512

    13f744fdf416c95e367d6088e21dc08be2d54e13dbf48bcfba5defc2e22fcf63bc558bf2a44c10016cda787eb1ab7379b1a862b18e6221879be64cef80f25865

    Download Submit

  • memory/544-112-0x0000000000409000-0x000000000040A000-memory.dmp

    Filesize

    4KB

    Download

  • memory/544-131-0x0000000000404000-0x0000000000405000-memory.dmp

    Filesize

    4KB

    Download

  • memory/544-68-0x0000000003BD0000-0x0000000003BF0000-memory.dmp

    Filesize

    128KB

    Download

  • memory/544-69-0x0000000000400000-0x00000000007B7000-memory.dmp

    Filesize

    3.7MB

    Download

  • memory/544-71-0x0000000000400000-0x00000000007B7000-memory.dmp

    Filesize

    3.7MB

    Download

  • memory/544-84-0x0000000000407000-0x0000000000408000-memory.dmp

    Filesize

    4KB

    Download

  • memory/544-83-0x0000000000401000-0x0000000000402000-memory.dmp

    Filesize

    4KB

    Download

  • memory/544-85-0x0000000000411000-0x0000000000412000-memory.dmp

    Filesize

    4KB

    Download

  • memory/544-90-0x0000000000408000-0x0000000000409000-memory.dmp

    Filesize

    4KB

    Download

  • memory/544-89-0x000000000040B000-0x000000000040C000-memory.dmp

    Filesize

    4KB

    Download

  • memory/544-88-0x000000000040C000-0x000000000040D000-memory.dmp

    Filesize

    4KB

    Download

  • memory/544-87-0x0000000000402000-0x0000000000403000-memory.dmp

    Filesize

    4KB

    Download

  • memory/544-86-0x000000000040D000-0x000000000040E000-memory.dmp

    Filesize

    4KB

    Download

  • memory/544-91-0x000000000040E000-0x000000000040F000-memory.dmp

    Filesize

    4KB

    Download

  • memory/544-92-0x0000000000410000-0x0000000000411000-memory.dmp

    Filesize

    4KB

    Download

  • memory/544-114-0x0000000000429000-0x000000000042A000-memory.dmp

    Filesize

    4KB

    Download

  • memory/544-94-0x000000000041A000-0x000000000041B000-memory.dmp

    Filesize

    4KB

    Download

  • memory/544-96-0x0000000000412000-0x0000000000413000-memory.dmp

    Filesize

    4KB

    Download

  • memory/544-95-0x0000000000419000-0x000000000041A000-memory.dmp

    Filesize

    4KB

    Download

  • memory/544-97-0x0000000000413000-0x0000000000414000-memory.dmp

    Filesize

    4KB

    Download

  • memory/544-98-0x0000000000414000-0x0000000000415000-memory.dmp

    Filesize

    4KB

    Download

  • memory/544-99-0x0000000000422000-0x0000000000423000-memory.dmp

    Filesize

    4KB

    Download

  • memory/544-100-0x0000000000423000-0x0000000000424000-memory.dmp

    Filesize

    4KB

    Download

  • memory/544-101-0x000000000041B000-0x000000000041C000-memory.dmp

    Filesize

    4KB

    Download

  • memory/544-102-0x0000000000421000-0x0000000000422000-memory.dmp

    Filesize

    4KB

    Download

  • memory/544-103-0x000000000041E000-0x000000000041F000-memory.dmp

    Filesize

    4KB

    Download

  • memory/544-104-0x000000000043A000-0x000000000043B000-memory.dmp

    Filesize

    4KB

    Download

  • memory/544-105-0x0000000000440000-0x0000000000441000-memory.dmp

    Filesize

    4KB

    Download

  • memory/544-106-0x0000000000428000-0x0000000000429000-memory.dmp

    Filesize

    4KB

    Download

  • memory/544-107-0x000000000043B000-0x000000000043C000-memory.dmp

    Filesize

    4KB

    Download

  • memory/544-108-0x0000000000415000-0x0000000000416000-memory.dmp

    Filesize

    4KB

    Download

  • memory/544-109-0x0000000000424000-0x0000000000425000-memory.dmp

    Filesize

    4KB

    Download

  • memory/544-110-0x0000000000426000-0x0000000000427000-memory.dmp

    Filesize

    4KB

    Download

  • memory/544-111-0x0000000000425000-0x0000000000426000-memory.dmp

    Filesize

    4KB

    Download

  • memory/544-1029-0x0000000004520000-0x00000000047D7000-memory.dmp

    Filesize

    2.7MB

    Download

  • memory/544-113-0x0000000000437000-0x0000000000438000-memory.dmp

    Filesize

    4KB

    Download

  • memory/544-93-0x000000000040F000-0x0000000000410000-memory.dmp

    Filesize

    4KB

    Download

  • memory/544-1026-0x0000000002240000-0x00000000023AE000-memory.dmp

    Filesize

    1.4MB

    Download

  • memory/544-67-0x0000000000400000-0x00000000007B7000-memory.dmp

    Filesize

    3.7MB

    Download

  • memory/544-117-0x0000000000442000-0x0000000000443000-memory.dmp

    Filesize

    4KB

    Download

  • memory/544-118-0x0000000000449000-0x000000000044A000-memory.dmp

    Filesize

    4KB

    Download

  • memory/544-119-0x0000000000445000-0x0000000000446000-memory.dmp

    Filesize

    4KB

    Download

  • memory/544-120-0x000000000041C000-0x000000000041D000-memory.dmp

    Filesize

    4KB

    Download

  • memory/544-121-0x000000000044E000-0x000000000044F000-memory.dmp

    Filesize

    4KB

    Download

  • memory/544-123-0x000000000044A000-0x000000000044B000-memory.dmp

    Filesize

    4KB

    Download

  • memory/544-124-0x0000000000406000-0x0000000000407000-memory.dmp

    Filesize

    4KB

    Download

  • memory/544-127-0x0000000000405000-0x0000000000406000-memory.dmp

    Filesize

    4KB

    Download

  • memory/544-126-0x000000000041F000-0x0000000000420000-memory.dmp

    Filesize

    4KB

    Download

  • memory/544-129-0x0000000000406000-0x0000000000407000-memory.dmp

    Filesize

    4KB

    Download

  • memory/544-116-0x0000000002240000-0x00000000023AE000-memory.dmp

    Filesize

    1.4MB

    Download

  • memory/544-133-0x0000000000404000-0x0000000000405000-memory.dmp

    Filesize

    4KB

    Download

  • memory/544-135-0x0000000000403000-0x0000000000404000-memory.dmp

    Filesize

    4KB

    Download

  • memory/544-137-0x0000000000403000-0x0000000000404000-memory.dmp

    Filesize

    4KB

    Download

  • memory/544-691-0x00000000020C0000-0x00000000020D0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/544-65-0x0000000000400000-0x00000000007B7000-memory.dmp

    Filesize

    3.7MB

    Download

  • memory/544-55-0x0000000000000000-mapping.dmp

    Download

  • memory/544-66-0x0000000002240000-0x00000000023AE000-memory.dmp

    Filesize

    1.4MB

    Download

  • memory/544-723-0x0000000004520000-0x00000000047D7000-memory.dmp

    Filesize

    2.7MB

    Download

  • memory/544-718-0x00000000020C0000-0x00000000020D0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/544-706-0x0000000004520000-0x00000000047D7000-memory.dmp

    Filesize

    2.7MB

    Download

  • memory/544-703-0x0000000004520000-0x00000000047D7000-memory.dmp

    Filesize

    2.7MB

    Download

  • memory/544-57-0x0000000002240000-0x00000000023AE000-memory.dmp

    Filesize

    1.4MB

    Download

  • memory/1780-708-0x0000000000400000-0x00000000006B7000-memory.dmp

    Filesize

    2.7MB

    Download

  • memory/1780-701-0x0000000000000000-mapping.dmp

    Download

  • memory/1780-1600-0x00000000020C0000-0x000000000222E000-memory.dmp

    Filesize

    1.4MB

    Download

  • memory/1780-1032-0x00000000020C0000-0x000000000222E000-memory.dmp

    Filesize

    1.4MB

    Download

  • memory/1780-1031-0x0000000000400000-0x00000000006B7000-memory.dmp

    Filesize

    2.7MB

    Download

  • memory/1796-1027-0x0000000000400000-0x00000000007B7000-memory.dmp

    Filesize

    3.7MB

    Download

  • memory/1796-115-0x0000000000400000-0x00000000007B7000-memory.dmp

    Filesize

    3.7MB

    Download

  • memory/1796-54-0x0000000076201000-0x0000000076203000-memory.dmp

    Filesize

    8KB

    Download

  • memory/1796-64-0x0000000002170000-0x0000000002527000-memory.dmp

    Filesize

    3.7MB

    Download

  • memory/1796-63-0x0000000000400000-0x00000000007B7000-memory.dmp

    Filesize

    3.7MB

    Download

  • memory/1800-694-0x0000000000000000-mapping.dmp

    Download

  • memory/1800-1523-0x0000000000400000-0x00000000006B7000-memory.dmp

    Filesize

    2.7MB

    Download

  • memory/1800-712-0x0000000000400000-0x00000000006B7000-memory.dmp

    Filesize

    2.7MB

    Download