Analysis
-
max time kernel
114s -
max time network
192s -
platform
windows7_x64 -
resource
win7-20221111-en -
resource tags
-
submitted
27-11-2022 15:53
General
-
Target
68bfc82cf7cc58f72851fa02872e55d860ba867a6b57e66d1df56ded04bce1b7.exe
-
Size
1.5MB
-
MD5
706b469baa166256569c23e90bf65c5e
-
SHA1
d971fef90fe31ece0ac7458c6837013ba43601e6
-
SHA256
68bfc82cf7cc58f72851fa02872e55d860ba867a6b57e66d1df56ded04bce1b7
-
SHA512
06944ecccbf540113bc5ae7ad4e970e83c3d68392b06f21aadb79b2daa86d8958983866f62985aa1fe000d05b1dba7b722e4b5675fdbba01bf483e9700f97170
-
SSDEEP
24576:qHx7qhZjeDAIE61ag+uqGDkbfaUf3Sst3E+kf8FWmdcvPOCsknaEzVZxdw3Vx+49:qRg2h5vUXqst3E7POUaEzHE+nU
Malware Config
Signatures
-
UPX packed file 3 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Checks BIOS information in registry 2 TTPs 2 IoCs
BIOS information is often read in order to detect sandboxing environments.
-
Adds Run key to start application 2 TTPs 1 IoCs
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.
-
Checks processor information in registry 2 TTPs 8 IoCs
Processor information is often read in order to detect sandboxing environments.
-
Enumerates system info in registry 2 TTPs 1 IoCs
-
Modifies Internet Explorer settings 1 TTPs 36 IoCs
-
Suspicious behavior: EnumeratesProcesses 4 IoCs
-
Suspicious use of FindShellTrayWindow 1 IoCs
-
Suspicious use of SetWindowsHookEx 6 IoCs
-
Suspicious use of WriteProcessMemory 8 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\68bfc82cf7cc58f72851fa02872e55d860ba867a6b57e66d1df56ded04bce1b7.exe"C:\Users\Admin\AppData\Local\Temp\68bfc82cf7cc58f72851fa02872e55d860ba867a6b57e66d1df56ded04bce1b7.exe"1⤵
- Checks BIOS information in registry
- Adds Run key to start application
- Checks processor information in registry
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe" http://whatsappnovidades.com/cont/cadastro.php2⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1304 CREDAT:275457 /prefetch:23⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
-
-
Network
MITRE ATT&CK Enterprise v6
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
608B
MD5de52b278bba77d91ce520f9532214317
SHA1afcd1600fe93f5d39e242abb2ff3a8fd2d8e2c86
SHA2564826ed52bfb677cf503f56aa753f82802492a5338ca51f68665b7c37b70b3cd5
SHA5125c7fe3841880229280b58e2bdd8dc227779f97d701fb88e9810ff57ccb5f9361059ae70f9509995d3bbb0fe20c34339a0414a0f2811e01b68e4bdcda8d46c15b
-
Filesize
8KB
-
Filesize
224KB
-
Filesize
2.7MB
-
Filesize
224KB
-
Filesize
2.7MB
-
Filesize
2.7MB
-
Filesize
224KB