Overview

overview

10

Static

static

42079fc4b6...02.exe

windows7-x64

10

42079fc4b6...02.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    161s
  • max time network
    79s
  • platform
    windows7_x64
  • resource
    win7-20221111-en
  • resource tags

    arch:x64arch:x86image:win7-20221111-enlocale:en-usos:windows7-x64system
  • submitted
    24-11-2022 00:21

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    42079fc4b659e7ed219cf000b2d3f63073c8eec577436c8437b246567eb96702.exe

  • Size

    136KB

  • MD5

    3430ff52775bed3ea223b54664f870a1

  • SHA1

    0f123f8438fe702576e07d2dbc7c0d4de571cc22

  • SHA256

    42079fc4b659e7ed219cf000b2d3f63073c8eec577436c8437b246567eb96702

  • SHA512

    aa750b3b6dc72ccb71fd14ceec0d5b2d52750abf694acb00dede925371b3b0000676cd23eafd65fed7cfed516b94e29f1fcc1fa0e86fc28c6713ff2be2444d71

  • SSDEEP

    3072:yqsMMtnsXGsLd0gePcPuiPfDZS+biFO8bkwLI0zKdmGa44nK:yjn8XuPcPnfEXkZ0zKd934n

Score
10/10
evasionpersistence

Malware Config

Signatures

  • Modifies visiblity of hidden/system files in Explorer 2 TTPs 2 IoCs
    evasion
  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 2 IoCs
  • Adds Run key to start application 2 TTPs 48 IoCs
    persistence
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of SetWindowsHookEx 2 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\42079fc4b659e7ed219cf000b2d3f63073c8eec577436c8437b246567eb96702.exe
    "C:\Users\Admin\AppData\Local\Temp\42079fc4b659e7ed219cf000b2d3f63073c8eec577436c8437b246567eb96702.exe"
    1⤵
    • Modifies visiblity of hidden/system files in Explorer
    • Loads dropped DLL
    • Adds Run key to start application
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:1736
    • C:\Users\Admin\hmyaac.exe
      "C:\Users\Admin\hmyaac.exe"
      2⤵
      • Modifies visiblity of hidden/system files in Explorer
      • Executes dropped EXE
      • Adds Run key to start application
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of SetWindowsHookEx
      PID:524

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\hmyaac.exe
    Filesize

    136KB

    MD5

    b494a911437c228f771e732ad20801e1

    SHA1

    9f687d88a6e93a834254edaca5df48f938494563

    SHA256

    5da8b383f7da133c5c08f1de81b126ab646151ef92d119a38c4ea2466b2f359f

    SHA512

    4a3cc4641054f75f5427bf4ea45239fe92c9473834d5f62083ab4427da4fe34e3cec6b5ecc364f9ea4f564954a2d83a16788761debe2f05ce7681b71629eda62

    Download Submit
  • C:\Users\Admin\hmyaac.exe
    Filesize

    136KB

    MD5

    b494a911437c228f771e732ad20801e1

    SHA1

    9f687d88a6e93a834254edaca5df48f938494563

    SHA256

    5da8b383f7da133c5c08f1de81b126ab646151ef92d119a38c4ea2466b2f359f

    SHA512

    4a3cc4641054f75f5427bf4ea45239fe92c9473834d5f62083ab4427da4fe34e3cec6b5ecc364f9ea4f564954a2d83a16788761debe2f05ce7681b71629eda62

    Download Submit
  • \Users\Admin\hmyaac.exe
    Filesize

    136KB

    MD5

    b494a911437c228f771e732ad20801e1

    SHA1

    9f687d88a6e93a834254edaca5df48f938494563

    SHA256

    5da8b383f7da133c5c08f1de81b126ab646151ef92d119a38c4ea2466b2f359f

    SHA512

    4a3cc4641054f75f5427bf4ea45239fe92c9473834d5f62083ab4427da4fe34e3cec6b5ecc364f9ea4f564954a2d83a16788761debe2f05ce7681b71629eda62

    Download Submit
  • \Users\Admin\hmyaac.exe
    Filesize

    136KB

    MD5

    b494a911437c228f771e732ad20801e1

    SHA1

    9f687d88a6e93a834254edaca5df48f938494563

    SHA256

    5da8b383f7da133c5c08f1de81b126ab646151ef92d119a38c4ea2466b2f359f

    SHA512

    4a3cc4641054f75f5427bf4ea45239fe92c9473834d5f62083ab4427da4fe34e3cec6b5ecc364f9ea4f564954a2d83a16788761debe2f05ce7681b71629eda62

    Download Submit
  • memory/524-60-0x0000000000000000-mapping.dmp
    Download
  • memory/524-66-0x0000000000400000-0x0000000000439000-memory.dmp
    Filesize

    228KB

    Download
  • memory/524-69-0x0000000000400000-0x0000000000439000-memory.dmp
    Filesize

    228KB

    Download
  • memory/1736-56-0x0000000000400000-0x0000000000439000-memory.dmp
    Filesize

    228KB

    Download
  • memory/1736-57-0x00000000759C1000-0x00000000759C3000-memory.dmp
    Filesize

    8KB

    Download
  • memory/1736-65-0x0000000002EE0000-0x0000000002F19000-memory.dmp
    Filesize

    228KB

    Download
  • memory/1736-68-0x0000000000400000-0x0000000000439000-memory.dmp
    Filesize

    228KB

    Download