Overview

overview

8

Static

static

67a4340f5f...ca.exe

windows7-x64

8

67a4340f5f...ca.exe

windows10-2004-x64

8

Analysis

  • max time kernel
    217s
  • max time network
    256s
  • platform
    windows7_x64
  • resource
    win7-20221111-en
  • resource tags

    arch:x64arch:x86image:win7-20221111-enlocale:en-usos:windows7-x64system
  • submitted
    27/11/2022, 17:01

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    67a4340f5fba6ba61e546b8616f51dbbb9191381338f718250290a441ad31eca.exe

  • Size

    270KB

  • MD5

    0111a3fd57e598b4ebd70cc880a1ec0d

  • SHA1

    f00c1358d5e4cde4f4cabb115f0616ee4f90cfd1

  • SHA256

    67a4340f5fba6ba61e546b8616f51dbbb9191381338f718250290a441ad31eca

  • SHA512

    4b4f8ad8a8fc0c4d7646794dfcaf4ddc22ef8fd773eb40de22483ca87e358e4b41f82ae8651db4b3ccd1c312a6c5fb17f4101aecb9e73a25e5aeae668731616b

  • SSDEEP

    6144:YBYOwhNRKosFBqNdzYerZW7m3qAdOdOXRoolVRK4+shxgNCop:YBYTNITKdYEZW7m3q2r6oBhCCop

Score
8/10
persistence

Malware Config

Signatures

  • Executes dropped EXE 2 IoCs
  • Loads dropped DLL 12 IoCs
  • Adds Run key to start application 2 TTPs 5 IoCs
    persistence
  • Suspicious use of SetThreadContext 1 IoCs
  • Drops file in Program Files directory 6 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

  • Suspicious use of FindShellTrayWindow 8 IoCs
  • Suspicious use of SetWindowsHookEx 2 IoCs
  • Suspicious use of WriteProcessMemory 30 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\67a4340f5fba6ba61e546b8616f51dbbb9191381338f718250290a441ad31eca.exe
    "C:\Users\Admin\AppData\Local\Temp\67a4340f5fba6ba61e546b8616f51dbbb9191381338f718250290a441ad31eca.exe"
    1⤵
    • Loads dropped DLL
    • Drops file in Program Files directory
    • Suspicious use of WriteProcessMemory
    PID:1068
    • C:\Program Files (x86)\sedhrgc\212.exe
      "C:\Program Files (x86)\sedhrgc\212.exe"
      2⤵
      • Executes dropped EXE
      • Adds Run key to start application
      • Suspicious use of WriteProcessMemory
      PID:468
      • C:\Windows\SysWOW64\rundll32.exe
        rundll32.exe C:\YUXSBf\1cp0b0yZ.dll,Linsibao
        3⤵
        • Loads dropped DLL
        • Suspicious use of SetThreadContext
        • Suspicious use of FindShellTrayWindow
        • Suspicious use of WriteProcessMemory
        PID:1420
        • C:\Windows\SysWOW64\svchost.exe
          C:\Windows\System32\svchost.exe
          4⤵
          • Adds Run key to start application
          PID:1668
      • C:\Windows\SysWOW64\cmd.exe
        cmd /c del "C:\Program Files (x86)\sedhrgc\212.exe"
        3⤵
          PID:1392
      • C:\Program Files (x86)\sedhrgc\213.exe
        "C:\Program Files (x86)\sedhrgc\213.exe"
        2⤵
        • Executes dropped EXE
        • Adds Run key to start application
        • Suspicious use of SetWindowsHookEx
        PID:1808

    Network

    MITRE ATT&CK Enterprise v6

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Program Files (x86)\sedhrgc\212.exe
      Filesize

      107KB

      MD5

      28583e5b3f304e7484c379a2f8d416e0

      SHA1

      3396a4a656efe5db551657927adccba638244919

      SHA256

      ae060066c48a9004109c53d3ff931e51628eac77c32a51402ece054c1f7878d4

      SHA512

      8a8c4eb5392726e9bf438e99cab30c82f798e829b7407bec4632b5036bdb963392906d488d8ae0801222e2ac8d3b89d3f7e55f5b85db6e1767ff8d99af0e3391

      Download Submit

    • C:\Program Files (x86)\sedhrgc\212.exe
      Filesize

      107KB

      MD5

      28583e5b3f304e7484c379a2f8d416e0

      SHA1

      3396a4a656efe5db551657927adccba638244919

      SHA256

      ae060066c48a9004109c53d3ff931e51628eac77c32a51402ece054c1f7878d4

      SHA512

      8a8c4eb5392726e9bf438e99cab30c82f798e829b7407bec4632b5036bdb963392906d488d8ae0801222e2ac8d3b89d3f7e55f5b85db6e1767ff8d99af0e3391

      Download Submit

    • C:\Program Files (x86)\sedhrgc\213.exe
      Filesize

      94KB

      MD5

      c01db170d9f75beaa3a41c906ef6985b

      SHA1

      3e339d7509f080e18a771f2e93854fc6504ba601

      SHA256

      125edb1c8528fa76142250b66c43905002236209e303d99e23f1d1de43c9b2ca

      SHA512

      0101b85a8adafa263ae251dee08daca4ec264f2dc49d2df9bfd3f33190c53a2beb46f8e53d6b98c503eb97c4bfc50a2eab768c87406aa59c6efbc191ae1eb199

      Download Submit

    • C:\YUXSBf\1cp0b0yZ.dll
      Filesize

      84KB

      MD5

      93859e111c427972c02913b57e82d977

      SHA1

      f9ed1d9c6d773c02c5852fdedd16e5acfd1a4c6b

      SHA256

      fb3f23523f9008f2f7aed46b3ecbee9b40dbd8e253377c907c3bdd1b8b417b6e

      SHA512

      24d7bdf49c18d150beba3e6ee81968d8ad9d4941a2d49f8dd53ff0e31e84320fe2055227237d2d180a1ae3b8728281cc96cd32394aac199e27d0874459fc49cb

      Download Submit

    • \Program Files (x86)\sedhrgc\212.exe
      Filesize

      107KB

      MD5

      28583e5b3f304e7484c379a2f8d416e0

      SHA1

      3396a4a656efe5db551657927adccba638244919

      SHA256

      ae060066c48a9004109c53d3ff931e51628eac77c32a51402ece054c1f7878d4

      SHA512

      8a8c4eb5392726e9bf438e99cab30c82f798e829b7407bec4632b5036bdb963392906d488d8ae0801222e2ac8d3b89d3f7e55f5b85db6e1767ff8d99af0e3391

      Download Submit

    • \Program Files (x86)\sedhrgc\212.exe
      Filesize

      107KB

      MD5

      28583e5b3f304e7484c379a2f8d416e0

      SHA1

      3396a4a656efe5db551657927adccba638244919

      SHA256

      ae060066c48a9004109c53d3ff931e51628eac77c32a51402ece054c1f7878d4

      SHA512

      8a8c4eb5392726e9bf438e99cab30c82f798e829b7407bec4632b5036bdb963392906d488d8ae0801222e2ac8d3b89d3f7e55f5b85db6e1767ff8d99af0e3391

      Download Submit

    • \Program Files (x86)\sedhrgc\212.exe
      Filesize

      107KB

      MD5

      28583e5b3f304e7484c379a2f8d416e0

      SHA1

      3396a4a656efe5db551657927adccba638244919

      SHA256

      ae060066c48a9004109c53d3ff931e51628eac77c32a51402ece054c1f7878d4

      SHA512

      8a8c4eb5392726e9bf438e99cab30c82f798e829b7407bec4632b5036bdb963392906d488d8ae0801222e2ac8d3b89d3f7e55f5b85db6e1767ff8d99af0e3391

      Download Submit

    • \Program Files (x86)\sedhrgc\212.exe
      Filesize

      107KB

      MD5

      28583e5b3f304e7484c379a2f8d416e0

      SHA1

      3396a4a656efe5db551657927adccba638244919

      SHA256

      ae060066c48a9004109c53d3ff931e51628eac77c32a51402ece054c1f7878d4

      SHA512

      8a8c4eb5392726e9bf438e99cab30c82f798e829b7407bec4632b5036bdb963392906d488d8ae0801222e2ac8d3b89d3f7e55f5b85db6e1767ff8d99af0e3391

      Download Submit

    • \Program Files (x86)\sedhrgc\213.exe
      Filesize

      94KB

      MD5

      c01db170d9f75beaa3a41c906ef6985b

      SHA1

      3e339d7509f080e18a771f2e93854fc6504ba601

      SHA256

      125edb1c8528fa76142250b66c43905002236209e303d99e23f1d1de43c9b2ca

      SHA512

      0101b85a8adafa263ae251dee08daca4ec264f2dc49d2df9bfd3f33190c53a2beb46f8e53d6b98c503eb97c4bfc50a2eab768c87406aa59c6efbc191ae1eb199

      Download Submit

    • \Program Files (x86)\sedhrgc\213.exe
      Filesize

      94KB

      MD5

      c01db170d9f75beaa3a41c906ef6985b

      SHA1

      3e339d7509f080e18a771f2e93854fc6504ba601

      SHA256

      125edb1c8528fa76142250b66c43905002236209e303d99e23f1d1de43c9b2ca

      SHA512

      0101b85a8adafa263ae251dee08daca4ec264f2dc49d2df9bfd3f33190c53a2beb46f8e53d6b98c503eb97c4bfc50a2eab768c87406aa59c6efbc191ae1eb199

      Download Submit

    • \Program Files (x86)\sedhrgc\213.exe
      Filesize

      94KB

      MD5

      c01db170d9f75beaa3a41c906ef6985b

      SHA1

      3e339d7509f080e18a771f2e93854fc6504ba601

      SHA256

      125edb1c8528fa76142250b66c43905002236209e303d99e23f1d1de43c9b2ca

      SHA512

      0101b85a8adafa263ae251dee08daca4ec264f2dc49d2df9bfd3f33190c53a2beb46f8e53d6b98c503eb97c4bfc50a2eab768c87406aa59c6efbc191ae1eb199

      Download Submit

    • \Program Files (x86)\sedhrgc\213.exe
      Filesize

      94KB

      MD5

      c01db170d9f75beaa3a41c906ef6985b

      SHA1

      3e339d7509f080e18a771f2e93854fc6504ba601

      SHA256

      125edb1c8528fa76142250b66c43905002236209e303d99e23f1d1de43c9b2ca

      SHA512

      0101b85a8adafa263ae251dee08daca4ec264f2dc49d2df9bfd3f33190c53a2beb46f8e53d6b98c503eb97c4bfc50a2eab768c87406aa59c6efbc191ae1eb199

      Download Submit

    • \YUXSBf\1cp0b0yZ.dll
      Filesize

      84KB

      MD5

      93859e111c427972c02913b57e82d977

      SHA1

      f9ed1d9c6d773c02c5852fdedd16e5acfd1a4c6b

      SHA256

      fb3f23523f9008f2f7aed46b3ecbee9b40dbd8e253377c907c3bdd1b8b417b6e

      SHA512

      24d7bdf49c18d150beba3e6ee81968d8ad9d4941a2d49f8dd53ff0e31e84320fe2055227237d2d180a1ae3b8728281cc96cd32394aac199e27d0874459fc49cb

      Download Submit

    • \YUXSBf\1cp0b0yZ.dll
      Filesize

      84KB

      MD5

      93859e111c427972c02913b57e82d977

      SHA1

      f9ed1d9c6d773c02c5852fdedd16e5acfd1a4c6b

      SHA256

      fb3f23523f9008f2f7aed46b3ecbee9b40dbd8e253377c907c3bdd1b8b417b6e

      SHA512

      24d7bdf49c18d150beba3e6ee81968d8ad9d4941a2d49f8dd53ff0e31e84320fe2055227237d2d180a1ae3b8728281cc96cd32394aac199e27d0874459fc49cb

      Download Submit

    • \YUXSBf\1cp0b0yZ.dll
      Filesize

      84KB

      MD5

      93859e111c427972c02913b57e82d977

      SHA1

      f9ed1d9c6d773c02c5852fdedd16e5acfd1a4c6b

      SHA256

      fb3f23523f9008f2f7aed46b3ecbee9b40dbd8e253377c907c3bdd1b8b417b6e

      SHA512

      24d7bdf49c18d150beba3e6ee81968d8ad9d4941a2d49f8dd53ff0e31e84320fe2055227237d2d180a1ae3b8728281cc96cd32394aac199e27d0874459fc49cb

      Download Submit

    • \YUXSBf\1cp0b0yZ.dll
      Filesize

      84KB

      MD5

      93859e111c427972c02913b57e82d977

      SHA1

      f9ed1d9c6d773c02c5852fdedd16e5acfd1a4c6b

      SHA256

      fb3f23523f9008f2f7aed46b3ecbee9b40dbd8e253377c907c3bdd1b8b417b6e

      SHA512

      24d7bdf49c18d150beba3e6ee81968d8ad9d4941a2d49f8dd53ff0e31e84320fe2055227237d2d180a1ae3b8728281cc96cd32394aac199e27d0874459fc49cb

      Download Submit

    • memory/468-74-0x0000000000400000-0x0000000000434000-memory.dmp

      Filesize

      208KB

      Download

    • memory/1068-73-0x0000000000400000-0x0000000000459000-memory.dmp

      Filesize

      356KB

      Download

    • memory/1068-54-0x0000000075491000-0x0000000075493000-memory.dmp

      Filesize

      8KB

      Download

    • memory/1068-55-0x0000000000400000-0x0000000000459000-memory.dmp

      Filesize

      356KB

      Download

    • memory/1068-60-0x00000000030F0000-0x0000000003124000-memory.dmp

      Filesize

      208KB

      Download

    • memory/1068-59-0x00000000030F0000-0x0000000003124000-memory.dmp

      Filesize

      208KB

      Download

    • memory/1068-56-0x0000000000230000-0x0000000000233000-memory.dmp

      Filesize

      12KB

      Download

    • memory/1420-103-0x0000000010000000-0x0000000010043000-memory.dmp

      Filesize

      268KB

      Download

    • memory/1668-87-0x0000000000400000-0x000000000042E000-memory.dmp

      Filesize

      184KB

      Download

    • memory/1668-91-0x0000000000400000-0x000000000042E000-memory.dmp

      Filesize

      184KB

      Download

    • memory/1668-98-0x0000000000400000-0x000000000042E000-memory.dmp

      Filesize

      184KB

      Download

    • memory/1668-96-0x0000000000400000-0x000000000042E000-memory.dmp

      Filesize

      184KB

      Download

    • memory/1668-94-0x0000000000400000-0x000000000042E000-memory.dmp

      Filesize

      184KB

      Download

    • memory/1668-85-0x0000000000400000-0x000000000042E000-memory.dmp

      Filesize

      184KB

      Download

    • memory/1668-84-0x0000000000400000-0x000000000042E000-memory.dmp

      Filesize

      184KB

      Download

    • memory/1668-102-0x0000000000400000-0x000000000042E000-memory.dmp

      Filesize

      184KB

      Download

    • memory/1808-75-0x0000000000400000-0x0000000000460000-memory.dmp

      Filesize

      384KB

      Download

    • memory/1808-104-0x0000000000400000-0x0000000000460000-memory.dmp

      Filesize

      384KB

      Download