Overview
overview
10Static
static
3.exe
windows7-x64
13.exe
windows10-2004-x64
1Autazo Anonimous.exe
windows7-x64
1Autazo Anonimous.exe
windows10-2004-x64
1AutoClick ....0.exe
windows7-x64
1AutoClick ....0.exe
windows10-2004-x64
1Autoclick ...z!.exe
windows7-x64
1Autoclick ...z!.exe
windows10-2004-x64
1Autoclick ...ll.exe
windows7-x64
1Autoclick ...ll.exe
windows10-2004-x64
1Autoclick ...no.exe
windows7-x64
1Autoclick ...no.exe
windows10-2004-x64
1Autoclick Upper-Z.exe
windows7-x64
1Autoclick Upper-Z.exe
windows10-2004-x64
Autoclick VIP.exe
windows7-x64
1Autoclick VIP.exe
windows10-2004-x64
Autoclick ...us.exe
windows7-x64
1Autoclick ...us.exe
windows10-2004-x64
1Autoclick ...os.exe
windows7-x64
1Autoclick ...os.exe
windows10-2004-x64
1Autoclick ...-!.exe
windows7-x64
1Autoclick ...-!.exe
windows10-2004-x64
1autoclick ...ro.exe
windows7-x64
1autoclick ...ro.exe
windows10-2004-x64
1trz6571.exe
windows7-x64
8trz6571.exe
windows10-2004-x64
8trz8522.exe
windows7-x64
10trz8522.exe
windows10-2004-x64
8Analysis
-
max time kernel
112s -
max time network
35s -
platform
windows7_x64 -
resource
win7-20221111-en -
resource tags
arch:x64arch:x86image:win7-20221111-enlocale:en-usos:windows7-x64system -
submitted
23-11-2022 17:45
Static task
static1
Behavioral task
behavioral1
Sample
3.exe
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
3.exe
Resource
win10v2004-20220812-en
Behavioral task
behavioral3
Sample
Autazo Anonimous.exe
Resource
win7-20220812-en
Behavioral task
behavioral4
Sample
Autazo Anonimous.exe
Resource
win10v2004-20220812-en
Behavioral task
behavioral5
Sample
AutoClick Shot-Sule-XD 2.0.exe
Resource
win7-20220812-en
Behavioral task
behavioral6
Sample
AutoClick Shot-Sule-XD 2.0.exe
Resource
win10v2004-20220812-en
Behavioral task
behavioral7
Sample
Autoclick CarlosHdz!.exe
Resource
win7-20220812-en
Behavioral task
behavioral8
Sample
Autoclick CarlosHdz!.exe
Resource
win10v2004-20220812-en
Behavioral task
behavioral9
Sample
Autoclick GreenSkull.exe
Resource
win7-20220812-en
Behavioral task
behavioral10
Sample
Autoclick GreenSkull.exe
Resource
win10v2004-20221111-en
Behavioral task
behavioral11
Sample
Autoclick Petuliano.exe
Resource
win7-20221111-en
Behavioral task
behavioral12
Sample
Autoclick Petuliano.exe
Resource
win10v2004-20221111-en
Behavioral task
behavioral13
Sample
Autoclick Upper-Z.exe
Resource
win7-20221111-en
Behavioral task
behavioral14
Sample
Autoclick Upper-Z.exe
Resource
win10v2004-20221111-en
Behavioral task
behavioral15
Sample
Autoclick VIP.exe
Resource
win7-20220812-en
Behavioral task
behavioral16
Sample
Autoclick VIP.exe
Resource
win10v2004-20221111-en
Behavioral task
behavioral17
Sample
Autoclick anonimous.exe
Resource
win7-20221111-en
Behavioral task
behavioral18
Sample
Autoclick anonimous.exe
Resource
win10v2004-20220812-en
Behavioral task
behavioral19
Sample
Autoclick elhuesos.exe
Resource
win7-20221111-en
Behavioral task
behavioral20
Sample
Autoclick elhuesos.exe
Resource
win10v2004-20220901-en
Behavioral task
behavioral21
Sample
Autoclick lefofo By !---Dani---!.exe
Resource
win7-20220812-en
Behavioral task
behavioral22
Sample
Autoclick lefofo By !---Dani---!.exe
Resource
win10v2004-20220812-en
Behavioral task
behavioral23
Sample
autoclick andrusero.exe
Resource
win7-20220812-en
Behavioral task
behavioral24
Sample
autoclick andrusero.exe
Resource
win10v2004-20220812-en
Behavioral task
behavioral25
Sample
trz6571.exe
Resource
win7-20221111-en
Behavioral task
behavioral26
Sample
trz6571.exe
Resource
win10v2004-20221111-en
Behavioral task
behavioral27
Sample
trz8522.exe
Resource
win7-20220812-en
Behavioral task
behavioral28
Sample
trz8522.exe
Resource
win10v2004-20220812-en
General
-
Target
trz6571.exe
-
Size
389KB
-
MD5
382d88e30ece53cce0046f1c26d6e4a5
-
SHA1
b583bafc20bc432ec0967e66ec496277ad75fd5d
-
SHA256
c9eccba716546375051f9c0e919b55875f158303baa508bf641690346a1af515
-
SHA512
483dd8c8cdb12096a65d9ee3c27ac97037d3e864b03082b4c18f5c6cefe5d2811adfba2a7643d9c3128093f22790823f3bc82d4b3f41b6f8e1683585976bd90f
-
SSDEEP
6144:b1dlZro5ycxfqg81E2nfzwG6D6cMYv+Izu50obEhajheQ6+sbG8ZxA01nAj5M:b1dlZo5yLRfV6lMW3zu50gEi41m01n3
Malware Config
Signatures
-
Executes dropped EXE 1 IoCs
Processes:
Autoclick trackbar.exepid process 1576 Autoclick trackbar.exe -
Loads dropped DLL 2 IoCs
Processes:
trz6571.exepid process 1716 trz6571.exe 1716 trz6571.exe -
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.
-
Suspicious use of WriteProcessMemory 4 IoCs
Processes:
trz6571.exedescription pid process target process PID 1716 wrote to memory of 1576 1716 trz6571.exe Autoclick trackbar.exe PID 1716 wrote to memory of 1576 1716 trz6571.exe Autoclick trackbar.exe PID 1716 wrote to memory of 1576 1716 trz6571.exe Autoclick trackbar.exe PID 1716 wrote to memory of 1576 1716 trz6571.exe Autoclick trackbar.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\trz6571.exe"C:\Users\Admin\AppData\Local\Temp\trz6571.exe"1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\Autoclick trackbar.exe"C:\Users\Admin\AppData\Local\Temp\Autoclick trackbar.exe"2⤵
- Executes dropped EXE
Network
MITRE ATT&CK Matrix ATT&CK v6
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\AppData\Local\Temp\Autoclick trackbar.exeFilesize
22KB
MD5d9b6262c4c8e22ba78dbcd59e71eb6e9
SHA1131eb2eb99839e84de5afb81b9481e5f87364b46
SHA25633ab3bf5318f191d86c528e65956463811ede23c3743d28dce2b454049bca147
SHA512376b49624f28bea838ac0c670ef98b500cc11f61175149c8c7aaf166039fe6c9619f49a52f78808369854d4e21a40b5d8884144bd15c063aa08b2e9bb0b64a03
-
C:\Users\Admin\AppData\Local\Temp\Autoclick trackbar.exeFilesize
22KB
MD5d9b6262c4c8e22ba78dbcd59e71eb6e9
SHA1131eb2eb99839e84de5afb81b9481e5f87364b46
SHA25633ab3bf5318f191d86c528e65956463811ede23c3743d28dce2b454049bca147
SHA512376b49624f28bea838ac0c670ef98b500cc11f61175149c8c7aaf166039fe6c9619f49a52f78808369854d4e21a40b5d8884144bd15c063aa08b2e9bb0b64a03
-
\Users\Admin\AppData\Local\Temp\Autoclick trackbar.exeFilesize
22KB
MD5d9b6262c4c8e22ba78dbcd59e71eb6e9
SHA1131eb2eb99839e84de5afb81b9481e5f87364b46
SHA25633ab3bf5318f191d86c528e65956463811ede23c3743d28dce2b454049bca147
SHA512376b49624f28bea838ac0c670ef98b500cc11f61175149c8c7aaf166039fe6c9619f49a52f78808369854d4e21a40b5d8884144bd15c063aa08b2e9bb0b64a03
-
\Users\Admin\AppData\Local\Temp\Autoclick trackbar.exeFilesize
22KB
MD5d9b6262c4c8e22ba78dbcd59e71eb6e9
SHA1131eb2eb99839e84de5afb81b9481e5f87364b46
SHA25633ab3bf5318f191d86c528e65956463811ede23c3743d28dce2b454049bca147
SHA512376b49624f28bea838ac0c670ef98b500cc11f61175149c8c7aaf166039fe6c9619f49a52f78808369854d4e21a40b5d8884144bd15c063aa08b2e9bb0b64a03
-
memory/1576-57-0x0000000000000000-mapping.dmp
-
memory/1576-60-0x000007FEF3600000-0x000007FEF4023000-memory.dmpFilesize
10.1MB
-
memory/1576-61-0x000007FEF2560000-0x000007FEF35F6000-memory.dmpFilesize
16.6MB
-
memory/1576-62-0x0000000001FE6000-0x0000000002005000-memory.dmpFilesize
124KB
-
memory/1576-63-0x0000000001FE6000-0x0000000002005000-memory.dmpFilesize
124KB
-
memory/1716-54-0x00000000757E1000-0x00000000757E3000-memory.dmpFilesize
8KB