Overview

overview

8

Static

static

6c6edbecd6...61.exe

windows7-x64

8

6c6edbecd6...61.exe

windows10-2004-x64

8

Analysis

  • max time kernel
    140s
  • max time network
    178s
  • platform
    windows7_x64
  • resource
    win7-20221111-en
  • resource tags

    arch:x64arch:x86image:win7-20221111-enlocale:en-usos:windows7-x64system
  • submitted
    23-11-2022 20:44

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    6c6edbecd66e9fe3ba8424b375ef42151b84404c14407942f1d4f7bae3905e61.exe

  • Size

    706KB

  • MD5

    5c5d223575eda7878bf3953a308833a8

  • SHA1

    445748e04b431022241a90acfbe2346fdafca0ba

  • SHA256

    6c6edbecd66e9fe3ba8424b375ef42151b84404c14407942f1d4f7bae3905e61

  • SHA512

    08f0e0c57359774a11632d1ed660fc50a85176cf5a46465020426a9b9319eb1a6be93ed1dc0aeb62b64ca7ef5e27a4dfffe0e070d8468b5f9552dac4f1a96b6d

  • SSDEEP

    12288:gp/iN/mlVdtvrYeyZJf7kPK+iqBZn+D73iKHeGspglZVQnqw56f0xnjwQa:gpQ/6trYlvYPK+lqD73TeGspoVQCsjA

Score
8/10

Malware Config

Signatures

  • Executes dropped EXE 2 IoCs
  • Drops file in Windows directory 6 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

  • Modifies Control Panel 2 IoCs
    evasion
  • Modifies Internet Explorer settings 1 TTPs 3 IoCs
    adwarespyware
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\6c6edbecd66e9fe3ba8424b375ef42151b84404c14407942f1d4f7bae3905e61.exe
    "C:\Users\Admin\AppData\Local\Temp\6c6edbecd66e9fe3ba8424b375ef42151b84404c14407942f1d4f7bae3905e61.exe"
    1⤵
    • Drops file in Windows directory
    • Modifies Control Panel
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:1764
    • C:\Windows\ScrBlaze.scr
      "C:\Windows\ScrBlaze.scr" /S
      2⤵
      • Executes dropped EXE
      • Drops file in Windows directory
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      PID:1772
  • C:\Windows\ScrBlaze.scr
    C:\Windows\ScrBlaze.scr /s
    1⤵
    • Executes dropped EXE
    • Drops file in Windows directory
    • Suspicious use of SetWindowsHookEx
    PID:1256

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\6NCF2Z1V.txt
    Filesize

    74B

    MD5

    756feb4fc7384d15f56d060db701a0a8

    SHA1

    e0fae3f5c33de41c4ef873ee7ea8af83f81fe712

    SHA256

    9db54be311834736315927c956edefe18871f041ab3c863a2f474d714ef152b4

    SHA512

    46e3ddd3293eef08ca90b081e04814bb016f386b7672aa3b620dc3bce34ec227b0333761aba883046b52fa5a9610949ec9d83fa74f4d21c72b64a4fdf7eb1b78

    Download Submit

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\IQ1WXMDM.txt
    Filesize

    74B

    MD5

    20ab64b7c46f31c966ab00acf322bfa9

    SHA1

    5f1bc12bb64aa18b53289ff72297a90ba1ca52a5

    SHA256

    af69a7d50429b697c115920ab0fa2fc0a830a70ce43349d320566de6c739f264

    SHA512

    f6d6adc9f09f17ceab9a357a7abcb8b5efdc396edb8ff93e6867e2c82f1fa0fb665f0ec1d23bf80a22fb159d15ed169bee6e0aca0b00308a715f55f6b91c4022

    Download Submit

  • C:\Windows\ScrBlaze.scr
    Filesize

    706KB

    MD5

    5c5d223575eda7878bf3953a308833a8

    SHA1

    445748e04b431022241a90acfbe2346fdafca0ba

    SHA256

    6c6edbecd66e9fe3ba8424b375ef42151b84404c14407942f1d4f7bae3905e61

    SHA512

    08f0e0c57359774a11632d1ed660fc50a85176cf5a46465020426a9b9319eb1a6be93ed1dc0aeb62b64ca7ef5e27a4dfffe0e070d8468b5f9552dac4f1a96b6d

    Download Submit

  • C:\Windows\ScrBlaze.scr
    Filesize

    706KB

    MD5

    5c5d223575eda7878bf3953a308833a8

    SHA1

    445748e04b431022241a90acfbe2346fdafca0ba

    SHA256

    6c6edbecd66e9fe3ba8424b375ef42151b84404c14407942f1d4f7bae3905e61

    SHA512

    08f0e0c57359774a11632d1ed660fc50a85176cf5a46465020426a9b9319eb1a6be93ed1dc0aeb62b64ca7ef5e27a4dfffe0e070d8468b5f9552dac4f1a96b6d

    Download Submit

  • C:\Windows\ScrBlaze.scr
    Filesize

    706KB

    MD5

    5c5d223575eda7878bf3953a308833a8

    SHA1

    445748e04b431022241a90acfbe2346fdafca0ba

    SHA256

    6c6edbecd66e9fe3ba8424b375ef42151b84404c14407942f1d4f7bae3905e61

    SHA512

    08f0e0c57359774a11632d1ed660fc50a85176cf5a46465020426a9b9319eb1a6be93ed1dc0aeb62b64ca7ef5e27a4dfffe0e070d8468b5f9552dac4f1a96b6d

    Download Submit

  • C:\Windows\s18273659
    Filesize

    869B

    MD5

    f5059a65cea02cbc7c5234a00d64f781

    SHA1

    97938f8a2220ed8368f0afd0e65c887f1ee7937a

    SHA256

    c9afd0f6f8936b0f1c5cd97b64fdd9372b8f43678b60f61fa11ea88f67f58c6c

    SHA512

    cadca7c28e288758fbad8e9bd9ae9d91979a7d7c7c770335c565bb5f10afe600aad9e527aced8a5138e2ade0d12fe25aca0fbb6fc0b588549efccbb20e4fcfee

    Download Submit

  • C:\Windows\s18273659
    Filesize

    952B

    MD5

    8806df0f6f3abe6b40fe1305c6303899

    SHA1

    35def6622c689d8e61eae824f9eaf7a99fd78e2b

    SHA256

    f037106ccdd0ecb7e3447d18e8839fd482e1939e07ef9a9516d1e018d5c7375b

    SHA512

    472fb533358b506b473e84b6361640552bb2eda324934a54f3ee0135a5c164a8e4266cab7f2a5ac5ba26ef1b13e134855bb2d1b5529a86eccf665e0f582e254b

    Download Submit

  • memory/1764-54-0x0000000075891000-0x0000000075893000-memory.dmp

    Filesize

    8KB

    Download

  • memory/1772-55-0x0000000000000000-mapping.dmp

    Download