Analysis
-
max time kernel
150s -
max time network
49s -
platform
windows7_x64 -
resource
win7-20220901-en -
resource tags
-
submitted
26-11-2022 17:13
General
-
Target
e8653af8a8cfbec20e1084ffe1e7c363ca4a70a4924fd23b26100d599538e31a.exe
-
Size
68KB
-
MD5
a1c6a3c302db313c9abe5dcd7120d5cf
-
SHA1
0af5d8b039fd6eb1570eaa9c0c4f25e6ea08a89d
-
SHA256
e8653af8a8cfbec20e1084ffe1e7c363ca4a70a4924fd23b26100d599538e31a
-
SHA512
878f7df374d6701b044891c5f76f34a5253fff5d1d15c6a4a08f83bcc3176b150642a4fcc6146d1eed6445a3314802c171b19d2efffca257844c70265c38fd8b
-
SSDEEP
768:FcZliTduMAl+qOQSgFrhKo//WomvdfQXwYt1IEDIefZsK:iZIxfAcqOK3qowgnt1d
Malware Config
Signatures
-
Modifies visiblity of hidden/system files in Explorer 2 TTPs 2 IoCs
-
Executes dropped EXE 1 IoCs
-
Loads dropped DLL 2 IoCs
-
Adds Run key to start application 2 TTPs 4 IoCs
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.
-
Suspicious behavior: EnumeratesProcesses 64 IoCs
-
Suspicious use of SetWindowsHookEx 2 IoCs
-
Suspicious use of WriteProcessMemory 4 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\e8653af8a8cfbec20e1084ffe1e7c363ca4a70a4924fd23b26100d599538e31a.exe"C:\Users\Admin\AppData\Local\Temp\e8653af8a8cfbec20e1084ffe1e7c363ca4a70a4924fd23b26100d599538e31a.exe"1⤵
- Modifies visiblity of hidden/system files in Explorer
- Loads dropped DLL
- Adds Run key to start application
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\Admin.exe"C:\Users\Admin\Admin.exe"2⤵
- Modifies visiblity of hidden/system files in Explorer
- Executes dropped EXE
- Adds Run key to start application
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
-
Network
MITRE ATT&CK Enterprise v6
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
68KB
MD57850316238aad58402a412b56f652eea
SHA15c51c636de1850023e5a9188a51c53a8d25e4898
SHA256e2d3bb5dc37cf531b2b6e39c011c52efd3f84ed86db2c1ed325967b06fd1734e
SHA512462516e08a3d64b73452f9290edc83af8f2849b32a1be6189b710bd448db2841763da8911a252a131e0149f8858489e5c1d0fca1da95294942b4117dad5d4322
-
Filesize
68KB
MD57850316238aad58402a412b56f652eea
SHA15c51c636de1850023e5a9188a51c53a8d25e4898
SHA256e2d3bb5dc37cf531b2b6e39c011c52efd3f84ed86db2c1ed325967b06fd1734e
SHA512462516e08a3d64b73452f9290edc83af8f2849b32a1be6189b710bd448db2841763da8911a252a131e0149f8858489e5c1d0fca1da95294942b4117dad5d4322
-
Filesize
68KB
MD57850316238aad58402a412b56f652eea
SHA15c51c636de1850023e5a9188a51c53a8d25e4898
SHA256e2d3bb5dc37cf531b2b6e39c011c52efd3f84ed86db2c1ed325967b06fd1734e
SHA512462516e08a3d64b73452f9290edc83af8f2849b32a1be6189b710bd448db2841763da8911a252a131e0149f8858489e5c1d0fca1da95294942b4117dad5d4322
-
-
Filesize
84KB
-
Filesize
84KB
-
Filesize
8KB