Analysis
-
max time kernel
189s -
max time network
65s -
platform
windows7_x64 -
resource
win7-20221111-en -
resource tags
-
submitted
23-11-2022 18:58
General
-
Target
78c32fc455ff47d15dbec31588a059e5abdf9969be1bac80930105ad3327f44e.exe
-
Size
246KB
-
MD5
45128efe493234906ecc0d34392b87fb
-
SHA1
614cd3f781aced63f9cbfb2d1134d193d5f917ee
-
SHA256
78c32fc455ff47d15dbec31588a059e5abdf9969be1bac80930105ad3327f44e
-
SHA512
5121c218c49fb4b862ce2a0baa85d392169fdb1d09f2a7473ff171c40610b279a2dd92a51674162b36e1583d0cfa68281c67e5728613fab1b6facd61b1239bc9
-
SSDEEP
3072:DxoVC/AFLxIu1v+Xq9EzmTpjeG/9Q04Smo5HaeD91knKkaY6l6l1GLcSf:DiQAFFJB+Xq9BTpag94SFt1Qj1Gx
Malware Config
Signatures
-
Executes dropped EXE 2 IoCs
-
Loads dropped DLL 2 IoCs
-
Adds Run key to start application 2 TTPs 4 IoCs
-
Suspicious use of SetThreadContext 2 IoCs
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.
-
Suspicious use of SetWindowsHookEx 4 IoCs
-
Suspicious use of WriteProcessMemory 24 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\78c32fc455ff47d15dbec31588a059e5abdf9969be1bac80930105ad3327f44e.exe"C:\Users\Admin\AppData\Local\Temp\78c32fc455ff47d15dbec31588a059e5abdf9969be1bac80930105ad3327f44e.exe"1⤵
- Suspicious use of SetThreadContext
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\78c32fc455ff47d15dbec31588a059e5abdf9969be1bac80930105ad3327f44e.exe2⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Roaming\svchosts.exe"C:\Users\Admin\AppData\Roaming\svchosts.exe"3⤵
- Executes dropped EXE
- Suspicious use of SetThreadContext
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Roaming\svchosts.exe4⤵
- Executes dropped EXE
- Adds Run key to start application
Network
MITRE ATT&CK Enterprise v6
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
246KB
MD545128efe493234906ecc0d34392b87fb
SHA1614cd3f781aced63f9cbfb2d1134d193d5f917ee
SHA25678c32fc455ff47d15dbec31588a059e5abdf9969be1bac80930105ad3327f44e
SHA5125121c218c49fb4b862ce2a0baa85d392169fdb1d09f2a7473ff171c40610b279a2dd92a51674162b36e1583d0cfa68281c67e5728613fab1b6facd61b1239bc9
-
Filesize
246KB
MD545128efe493234906ecc0d34392b87fb
SHA1614cd3f781aced63f9cbfb2d1134d193d5f917ee
SHA25678c32fc455ff47d15dbec31588a059e5abdf9969be1bac80930105ad3327f44e
SHA5125121c218c49fb4b862ce2a0baa85d392169fdb1d09f2a7473ff171c40610b279a2dd92a51674162b36e1583d0cfa68281c67e5728613fab1b6facd61b1239bc9
-
Filesize
246KB
MD545128efe493234906ecc0d34392b87fb
SHA1614cd3f781aced63f9cbfb2d1134d193d5f917ee
SHA25678c32fc455ff47d15dbec31588a059e5abdf9969be1bac80930105ad3327f44e
SHA5125121c218c49fb4b862ce2a0baa85d392169fdb1d09f2a7473ff171c40610b279a2dd92a51674162b36e1583d0cfa68281c67e5728613fab1b6facd61b1239bc9
-
Filesize
246KB
MD545128efe493234906ecc0d34392b87fb
SHA1614cd3f781aced63f9cbfb2d1134d193d5f917ee
SHA25678c32fc455ff47d15dbec31588a059e5abdf9969be1bac80930105ad3327f44e
SHA5125121c218c49fb4b862ce2a0baa85d392169fdb1d09f2a7473ff171c40610b279a2dd92a51674162b36e1583d0cfa68281c67e5728613fab1b6facd61b1239bc9
-
Filesize
246KB
MD545128efe493234906ecc0d34392b87fb
SHA1614cd3f781aced63f9cbfb2d1134d193d5f917ee
SHA25678c32fc455ff47d15dbec31588a059e5abdf9969be1bac80930105ad3327f44e
SHA5125121c218c49fb4b862ce2a0baa85d392169fdb1d09f2a7473ff171c40610b279a2dd92a51674162b36e1583d0cfa68281c67e5728613fab1b6facd61b1239bc9
-
Filesize
24KB
-
Filesize
24KB
-
Filesize
24KB
-
Filesize
24KB
-
-
Filesize
24KB
-
Filesize
24KB
-
Filesize
24KB
-
Filesize
24KB
-
Filesize
484KB
-
Filesize
8KB
-
-
-
Filesize
12KB
-
Filesize
484KB
-
Filesize
484KB