Overview

overview

10

Static

static

cce9373099...9d.exe

windows7-x64

10

cce9373099...9d.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    151s
  • max time network
    94s
  • platform
    windows7_x64
  • resource
    win7-20221111-en
  • resource tags

    arch:x64arch:x86image:win7-20221111-enlocale:en-usos:windows7-x64system
  • submitted
    24-11-2022 00:22

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    cce937309949956f29cbee382d0507998fdd5cbb5520a8aaf10ab3d366fd699d.exe

  • Size

    240KB

  • MD5

    36feb9dd363c26cd0933826389f7acb0

  • SHA1

    7308ff674ed3d0112dd22bebcd953ea3889c5326

  • SHA256

    cce937309949956f29cbee382d0507998fdd5cbb5520a8aaf10ab3d366fd699d

  • SHA512

    75605489ac4681545fcb4688c82219af4d46fa7c0832cb0e3e25f100f8592921e39f6fc386e0474417d1307b231f1405301005420ea9a14515fbd77252a8949f

  • SSDEEP

    3072:vkBGJlT8j6VlpvBd90i/SmWKLi7CjFSivnfu3fbMdozt5czHaL:vx50UGKGkFRKfeoztOO

Score
10/10
evasionpersistence

Malware Config

Signatures

  • Modifies visiblity of hidden/system files in Explorer 2 TTPs 2 IoCs
    evasion
  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 2 IoCs
  • Adds Run key to start application 2 TTPs 28 IoCs
    persistence
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of SetWindowsHookEx 2 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\cce937309949956f29cbee382d0507998fdd5cbb5520a8aaf10ab3d366fd699d.exe
    "C:\Users\Admin\AppData\Local\Temp\cce937309949956f29cbee382d0507998fdd5cbb5520a8aaf10ab3d366fd699d.exe"
    1⤵
    • Modifies visiblity of hidden/system files in Explorer
    • Loads dropped DLL
    • Adds Run key to start application
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:2036
    • C:\Users\Admin\beupiuz.exe
      "C:\Users\Admin\beupiuz.exe"
      2⤵
      • Modifies visiblity of hidden/system files in Explorer
      • Executes dropped EXE
      • Adds Run key to start application
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of SetWindowsHookEx
      PID:776

Network

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Hidden Files and Directories

1
T1158

Registry Run Keys / Startup Folder

1
T1060

Privilege Escalation

Defense Evasion

Hidden Files and Directories

1
T1158

Modify Registry

2
T1112

Credential Access

Discovery

System Information Discovery

1
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\beupiuz.exe
    Filesize

    240KB

    MD5

    eb3bec37dcadb0558bdfab6455b4eab3

    SHA1

    ba09513874254d8331544c3ca49d86ac10eb739d

    SHA256

    d31fb17981c23ed0fdd81c26aae1ff1fb6fe48550eecdbabd2deced2a3d0a1ba

    SHA512

    2779830c5639d27c78c715cb5f270231eb4fb55e3184d3217aa6f521982d196f1d3d04c95ce878d93ac5c2bc2cb37494af4f3db6540c9d85932e6c322cfc11d5

    Download Submit
  • C:\Users\Admin\beupiuz.exe
    Filesize

    240KB

    MD5

    eb3bec37dcadb0558bdfab6455b4eab3

    SHA1

    ba09513874254d8331544c3ca49d86ac10eb739d

    SHA256

    d31fb17981c23ed0fdd81c26aae1ff1fb6fe48550eecdbabd2deced2a3d0a1ba

    SHA512

    2779830c5639d27c78c715cb5f270231eb4fb55e3184d3217aa6f521982d196f1d3d04c95ce878d93ac5c2bc2cb37494af4f3db6540c9d85932e6c322cfc11d5

    Download Submit
  • \Users\Admin\beupiuz.exe
    Filesize

    240KB

    MD5

    eb3bec37dcadb0558bdfab6455b4eab3

    SHA1

    ba09513874254d8331544c3ca49d86ac10eb739d

    SHA256

    d31fb17981c23ed0fdd81c26aae1ff1fb6fe48550eecdbabd2deced2a3d0a1ba

    SHA512

    2779830c5639d27c78c715cb5f270231eb4fb55e3184d3217aa6f521982d196f1d3d04c95ce878d93ac5c2bc2cb37494af4f3db6540c9d85932e6c322cfc11d5

    Download Submit
  • \Users\Admin\beupiuz.exe
    Filesize

    240KB

    MD5

    eb3bec37dcadb0558bdfab6455b4eab3

    SHA1

    ba09513874254d8331544c3ca49d86ac10eb739d

    SHA256

    d31fb17981c23ed0fdd81c26aae1ff1fb6fe48550eecdbabd2deced2a3d0a1ba

    SHA512

    2779830c5639d27c78c715cb5f270231eb4fb55e3184d3217aa6f521982d196f1d3d04c95ce878d93ac5c2bc2cb37494af4f3db6540c9d85932e6c322cfc11d5

    Download Submit
  • memory/776-59-0x0000000000000000-mapping.dmp
    Download
  • memory/2036-56-0x0000000076381000-0x0000000076383000-memory.dmp
    Filesize

    8KB

    Download