Overview

overview

8

Static

static

0382072273...87.exe

windows7-x64

8

0382072273...87.exe

windows10-2004-x64

8

Analysis

  • max time kernel
    146s
  • max time network
    154s
  • platform
    windows7_x64
  • resource
    win7-20220901-en
  • resource tags

    arch:x64arch:x86image:win7-20220901-enlocale:en-usos:windows7-x64system
  • submitted
    26/11/2022, 21:44

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    03820722736bdbd88f7bccb04e644955e9bb723e783ff9fa66d3823fb2508987.exe

  • Size

    48KB

  • MD5

    d52a8103b4b14f808ab259a3086e638e

  • SHA1

    5fb489fdebd00f04749aff39701807830a434a53

  • SHA256

    03820722736bdbd88f7bccb04e644955e9bb723e783ff9fa66d3823fb2508987

  • SHA512

    a9ca665f49e58f642312c632142d9c6c6ad8511161f7f68dc854d80b33998f402072a841694c4ff77bf6238ca0d47be224bf15c60f4183ba29305136ca4e5f13

  • SSDEEP

    768:7TT8R3ev8GEe854yRVnQbhcdqDMhCgXyHRVZHOlwYd:7f8R8+54yRVnQdwXyHRjuL

Score
8/10

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 1 IoCs
  • Enumerates connected drives 3 TTPs 22 IoCs

    Attempts to read the root path of hard drives other than the default C: drive.

  • Drops file in System32 directory 3 IoCs
  • Drops file in Program Files directory 2 IoCs
  • Suspicious behavior: RenamesItself 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\03820722736bdbd88f7bccb04e644955e9bb723e783ff9fa66d3823fb2508987.exe
    "C:\Users\Admin\AppData\Local\Temp\03820722736bdbd88f7bccb04e644955e9bb723e783ff9fa66d3823fb2508987.exe"
    1⤵
    • Drops file in System32 directory
    • Suspicious behavior: RenamesItself
    PID:1696
  • C:\Windows\SysWOW64\ywkkso.exe
    C:\Windows\SysWOW64\ywkkso.exe
    1⤵
    • Executes dropped EXE
    • Loads dropped DLL
    • Enumerates connected drives
    • Drops file in System32 directory
    • Drops file in Program Files directory
    PID:944

Network

        MITRE ATT&CK Enterprise v6

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Windows\SysWOW64\ywkkso.exe
          Filesize

          48KB

          MD5

          d52a8103b4b14f808ab259a3086e638e

          SHA1

          5fb489fdebd00f04749aff39701807830a434a53

          SHA256

          03820722736bdbd88f7bccb04e644955e9bb723e783ff9fa66d3823fb2508987

          SHA512

          a9ca665f49e58f642312c632142d9c6c6ad8511161f7f68dc854d80b33998f402072a841694c4ff77bf6238ca0d47be224bf15c60f4183ba29305136ca4e5f13

          Download Submit

        • C:\Windows\SysWOW64\ywkkso.exe
          Filesize

          48KB

          MD5

          d52a8103b4b14f808ab259a3086e638e

          SHA1

          5fb489fdebd00f04749aff39701807830a434a53

          SHA256

          03820722736bdbd88f7bccb04e644955e9bb723e783ff9fa66d3823fb2508987

          SHA512

          a9ca665f49e58f642312c632142d9c6c6ad8511161f7f68dc854d80b33998f402072a841694c4ff77bf6238ca0d47be224bf15c60f4183ba29305136ca4e5f13

          Download Submit

        • \Windows\SysWOW64\gei33.dll
          Filesize

          58KB

          MD5

          caa437442a847db69f4360b166c36d04

          SHA1

          55b5001c0330adc5999f7523be7dcc78a44ab23f

          SHA256

          16fab994afe78b9c4d273a895149d54049b7b19591a9ec6bd02d35375f5fd5a9

          SHA512

          4e14b76feda93ef78c4f8c71b5673661eb6f50fe4c24ca17526bfb07f67e04d22723015e0ac45c2a2cb075a05987a9ec30eebd0413bc7053713b1262ab618c48

          Download Submit

        • memory/944-57-0x00000000766D1000-0x00000000766D3000-memory.dmp

          Filesize

          8KB

          Download