f855b0097e5bafddf7509035c9abd64a373d72ccafca0bf7e51aa97089a0484a

Analysis

max time kernel
101s
max time network
188s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
25/11/2022, 21:09

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

SERunner.exe
Size

475KB
MD5

91ceea673a6037e6cb0567d1d12d79c8
SHA1

0097db117324c541a9a1b7ffd351ba88c1b8f355
SHA256

8f84a94c16f7420ef8347b734614e0d8320f66551e3e9864aa5e56eaf870ac31
SHA512

543b820610882d2195c851bee2f75b6dac123a782b885284ddf171dcbaab6ff9f426079a1cfd2a3b53e7912a83815ed4d9f315af053d4e309dffb9b5df7eab29
SSDEEP

6144:/koRd4UG9sUrh8SyWeQxfgBRlfVDUAg8cXRsRJE15i6cgsXK7b016i8heZi7PI7:/kC4UG9s6CxMoBBPgLXCRJEbgandg7

Score

8^/10

upx

Malware Config

Signatures

UPX packed file 5 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral31/memory/1744-55-0x0000000000400000-0x000000000054B000-memory.dmp	upx
behavioral31/memory/1744-56-0x00000000003A0000-0x00000000003B9000-memory.dmp	upx
behavioral31/memory/1744-58-0x0000000000400000-0x000000000054B000-memory.dmp	upx
behavioral31/memory/1744-59-0x00000000003A0000-0x00000000003B9000-memory.dmp	upx
behavioral31/memory/1744-67-0x0000000000400000-0x000000000054B000-memory.dmp	upx

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

System Information Discovery
T1082

Modifies Internet Explorer settings 1 TTPs 3 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3845472200-3839195424-595303356-1000\Software\Microsoft\Internet Explorer\Main	SERunner.exe
Key created	\REGISTRY\USER\S-1-5-21-3845472200-3839195424-595303356-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	SERunner.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3845472200-3839195424-595303356-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	SERunner.exe

Suspicious behavior: LoadsDriver 1 IoCs

pid	Process
464	Process not Found

Suspicious use of SetWindowsHookEx 3 IoCs

pid	Process
1744	SERunner.exe
1744	SERunner.exe
1744	SERunner.exe

C:\Users\Admin\AppData\Local\Temp\SERunner.exe
"C:\Users\Admin\AppData\Local\Temp\SERunner.exe"
1⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:1744

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1744-54-0x0000000075A11000-0x0000000075A13000-memory.dmp

Filesize
8KB

Download
memory/1744-55-0x0000000000400000-0x000000000054B000-memory.dmp

Filesize
1.3MB

Download
memory/1744-56-0x00000000003A0000-0x00000000003B9000-memory.dmp

Filesize
100KB

Download
memory/1744-58-0x0000000000400000-0x000000000054B000-memory.dmp

Filesize
1.3MB

Download
memory/1744-59-0x00000000003A0000-0x00000000003B9000-memory.dmp

Filesize
100KB

Download
memory/1744-67-0x0000000000400000-0x000000000054B000-memory.dmp

Filesize
1.3MB

Download