Overview

overview

10

Static

static

272e421523...25.exe

windows7-x64

10

272e421523...25.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    151s
  • max time network
    89s
  • platform
    windows7_x64
  • resource
    win7-20221111-en
  • resource tags

    arch:x64arch:x86image:win7-20221111-enlocale:en-usos:windows7-x64system
  • submitted
    24/11/2022, 00:08

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    272e4215237515acfeb3d6a818660b97e46b85a90fbb8f0404dc4d44e6cda925.exe

  • Size

    224KB

  • MD5

    276ea683aea51e676f728ab681972cfe

  • SHA1

    3482a245e220bf80453897ffb9ce36eb77df9272

  • SHA256

    272e4215237515acfeb3d6a818660b97e46b85a90fbb8f0404dc4d44e6cda925

  • SHA512

    aa318d01d800f77893471365cb9a9d5f5998dde91583a0b4d9c5fb0b586756170a6167cc5e6db8eca4a5534b20a96943d296378af67fd7e46c8f5948afb984f9

  • SSDEEP

    1536:z7r/YQsVV5awoIZsh0CF+sKE0C1rZL4H0c2BHtg1/J+iZAb+g9WCyiHC/XRG1iFg:jAQa5MOFCsv/CL0jJMNWCyiHC31psL

Score
10/10
evasionpersistence

Malware Config

Signatures

  • Modifies visiblity of hidden/system files in Explorer 2 TTPs 2 IoCs
    evasion
  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 2 IoCs
  • Adds Run key to start application 2 TTPs 29 IoCs
    persistence
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of SetWindowsHookEx 4 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\272e4215237515acfeb3d6a818660b97e46b85a90fbb8f0404dc4d44e6cda925.exe
    "C:\Users\Admin\AppData\Local\Temp\272e4215237515acfeb3d6a818660b97e46b85a90fbb8f0404dc4d44e6cda925.exe"
    1⤵
    • Modifies visiblity of hidden/system files in Explorer
    • Loads dropped DLL
    • Adds Run key to start application
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:1716
    • C:\Users\Admin\kdxaoc.exe
      "C:\Users\Admin\kdxaoc.exe"
      2⤵
      • Modifies visiblity of hidden/system files in Explorer
      • Executes dropped EXE
      • Adds Run key to start application
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of SetWindowsHookEx
      PID:560

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\kdxaoc.exe
    Filesize

    224KB

    MD5

    73bb0398c20e9338f17a2e873d9684c4

    SHA1

    4a88d59c2a45f88e205b4133e0c0c4ea753ce784

    SHA256

    b89045da9a57cae650bd02f7e9ea98ceb25c6dec855a66051cc6f82b2c4e1c94

    SHA512

    1e266381d2030c11ef9d920b1db8a8b861aaf4dd5db61c4989a9db818bf5e1806a408614a253566f075c96e78119f8fbe9b68050f509be9cab9df4aa2fe15314

    Download Submit

  • C:\Users\Admin\kdxaoc.exe
    Filesize

    224KB

    MD5

    73bb0398c20e9338f17a2e873d9684c4

    SHA1

    4a88d59c2a45f88e205b4133e0c0c4ea753ce784

    SHA256

    b89045da9a57cae650bd02f7e9ea98ceb25c6dec855a66051cc6f82b2c4e1c94

    SHA512

    1e266381d2030c11ef9d920b1db8a8b861aaf4dd5db61c4989a9db818bf5e1806a408614a253566f075c96e78119f8fbe9b68050f509be9cab9df4aa2fe15314

    Download Submit

  • \Users\Admin\kdxaoc.exe
    Filesize

    224KB

    MD5

    73bb0398c20e9338f17a2e873d9684c4

    SHA1

    4a88d59c2a45f88e205b4133e0c0c4ea753ce784

    SHA256

    b89045da9a57cae650bd02f7e9ea98ceb25c6dec855a66051cc6f82b2c4e1c94

    SHA512

    1e266381d2030c11ef9d920b1db8a8b861aaf4dd5db61c4989a9db818bf5e1806a408614a253566f075c96e78119f8fbe9b68050f509be9cab9df4aa2fe15314

    Download Submit

  • \Users\Admin\kdxaoc.exe
    Filesize

    224KB

    MD5

    73bb0398c20e9338f17a2e873d9684c4

    SHA1

    4a88d59c2a45f88e205b4133e0c0c4ea753ce784

    SHA256

    b89045da9a57cae650bd02f7e9ea98ceb25c6dec855a66051cc6f82b2c4e1c94

    SHA512

    1e266381d2030c11ef9d920b1db8a8b861aaf4dd5db61c4989a9db818bf5e1806a408614a253566f075c96e78119f8fbe9b68050f509be9cab9df4aa2fe15314

    Download Submit

  • memory/1716-56-0x00000000760C1000-0x00000000760C3000-memory.dmp

    Filesize

    8KB

    Download