Overview

overview

7

Static

static

c30dd78fd8...61.exe

windows7-x64

7

c30dd78fd8...61.exe

windows10-2004-x64

6

Analysis

  • max time kernel
    151s
  • max time network
    155s
  • platform
    windows7_x64
  • resource
    win7-20220901-en
  • resource tags

    arch:x64arch:x86image:win7-20220901-enlocale:en-usos:windows7-x64system
  • submitted
    27/11/2022, 11:20

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    c30dd78fd823ad6258b9df95f909ef368f67f0e3c9e34e9a09d25034d6d05d61.exe

  • Size

    7.1MB

  • MD5

    64475e899bb2e13cf5e5dc3682251f87

  • SHA1

    baaf73bcd9c57b3ff5697b6cf5dc674f6076b2df

  • SHA256

    c30dd78fd823ad6258b9df95f909ef368f67f0e3c9e34e9a09d25034d6d05d61

  • SHA512

    816f1da027ef5eab7bbefbcc2f8b059fa8752533bad4b3dcad86f74eb1f3a94dac41d867d8ae4cf44d2d7a316bcbef6a08df4bd12c287de5119a00a42fd51c36

  • SSDEEP

    196608:ZxJfix83B5XBZRv99jYimOBKPL2QWFpMie28xFmlWYE:7JfiazZ1RmDPL2TjdflWYE

Score
7/10
discovery

Malware Config

Signatures

  • Loads dropped DLL 4 IoCs
  • Checks installed software on the system 1 TTPs

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  • Drops file in Program Files directory 64 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

  • Suspicious behavior: EnumeratesProcesses 6 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\c30dd78fd823ad6258b9df95f909ef368f67f0e3c9e34e9a09d25034d6d05d61.exe
    "C:\Users\Admin\AppData\Local\Temp\c30dd78fd823ad6258b9df95f909ef368f67f0e3c9e34e9a09d25034d6d05d61.exe"
    1⤵
    • Loads dropped DLL
    • Drops file in Program Files directory
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    PID:1604

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • \Program Files (x86)\YouXunBox\Youxun.exe
    Filesize

    1.3MB

    MD5

    08d15bbcc711a2c9b4a49f7c022d3299

    SHA1

    f53bb62304d61796e65c1ce5e0e5d2c69a2bf79d

    SHA256

    8a033bde928a3c069f0c0360e3f45a2c41cdea9e6b55f3e54c973063069f71d8

    SHA512

    01d64eb02d3785f00ebe9316d834cffdeb70cfcf91c2c7b24dc52dbb288e866ae12942c855161b2974634691c0d078bfb512a7539c111e071fe52b24d42cdb6b

    Download Submit

  • \Program Files (x86)\YouXunBox\Youxun.exe
    Filesize

    1.3MB

    MD5

    08d15bbcc711a2c9b4a49f7c022d3299

    SHA1

    f53bb62304d61796e65c1ce5e0e5d2c69a2bf79d

    SHA256

    8a033bde928a3c069f0c0360e3f45a2c41cdea9e6b55f3e54c973063069f71d8

    SHA512

    01d64eb02d3785f00ebe9316d834cffdeb70cfcf91c2c7b24dc52dbb288e866ae12942c855161b2974634691c0d078bfb512a7539c111e071fe52b24d42cdb6b

    Download Submit

  • \Program Files (x86)\YouXunBox\Youxun.exe
    Filesize

    1.3MB

    MD5

    08d15bbcc711a2c9b4a49f7c022d3299

    SHA1

    f53bb62304d61796e65c1ce5e0e5d2c69a2bf79d

    SHA256

    8a033bde928a3c069f0c0360e3f45a2c41cdea9e6b55f3e54c973063069f71d8

    SHA512

    01d64eb02d3785f00ebe9316d834cffdeb70cfcf91c2c7b24dc52dbb288e866ae12942c855161b2974634691c0d078bfb512a7539c111e071fe52b24d42cdb6b

    Download Submit

  • \Program Files (x86)\YouXunBox\uninst.exe
    Filesize

    414KB

    MD5

    1f2c7f7e68b251c2c95c028117e46c76

    SHA1

    56fffda64ab8b3305566d011369590774d5f996e

    SHA256

    6cd5695877242bac7e7c1bcc98cdf109f2e7ca253411bbc1e53cf187479c188a

    SHA512

    a6d4fd5607b6ee7706fb845efcd12cc89a7691b3ee9a27b3166ec71c6072f31483f88b736f8d13b40fc6fce3ea5868d776748bcf76b8b94d3402f94196dff173

    Download Submit

  • memory/1604-54-0x0000000076461000-0x0000000076463000-memory.dmp

    Filesize

    8KB

    Download