Overview

overview

8

Static

static

ab8879c610...65.exe

windows7-x64

8

ab8879c610...65.exe

windows10-2004-x64

8

Analysis

  • max time kernel
    151s
  • max time network
    156s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20220812-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
  • submitted
    28-11-2022 14:36

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    ab8879c6109d1991f8dceb39deb7de9ab8fbc2cedf92f2744be98f7940d6d865.exe

  • Size

    540KB

  • MD5

    0d151fe49db74b0cf55cb5314025805d

  • SHA1

    d6d3b4a52703d44d1518a7bdfdc0f4588a85f6b1

  • SHA256

    ab8879c6109d1991f8dceb39deb7de9ab8fbc2cedf92f2744be98f7940d6d865

  • SHA512

    b2a8a67bd9dbba7da630f115964327ef20c138f0126ec092d956c4de384d1aa2e9fdcc9e9b6f17f6c1aacc3d6a3e4db701702838ee0d37d694ca7959242c2cb7

  • SSDEEP

    12288:1Cnu13N3WTYPa2m/rWTozHFKnoDI5iKpQi:0nu1oTYa2cWKH8oDI5s

Score
8/10
persistence

Malware Config

Signatures

  • Executes dropped EXE 2 IoCs
  • Checks computer location settings 2 TTPs 1 IoCs

    Looks up country code configured in the registry, likely geofence.

  • Adds Run key to start application 2 TTPs 1 IoCs
    persistence
  • Suspicious use of SetThreadContext 1 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

  • Suspicious use of SetWindowsHookEx 2 IoCs
  • Suspicious use of WriteProcessMemory 17 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\ab8879c6109d1991f8dceb39deb7de9ab8fbc2cedf92f2744be98f7940d6d865.exe
    "C:\Users\Admin\AppData\Local\Temp\ab8879c6109d1991f8dceb39deb7de9ab8fbc2cedf92f2744be98f7940d6d865.exe"
    1⤵
    • Checks computer location settings
    • Adds Run key to start application
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:4832
    • C:\Users\Admin\AppData\Roaming\subfolder\filename.exe
      "C:\Users\Admin\AppData\Roaming\subfolder\filename.exe"
      2⤵
      • Executes dropped EXE
      • Suspicious use of SetThreadContext
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:5080
      • C:\Users\Admin\AppData\Roaming\subfolder\filename.exe
        "C:\Users\Admin\AppData\Roaming\subfolder\filename.exe"
        3⤵
        • Executes dropped EXE
        PID:1080

Network

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

1
T1060

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

Query Registry

1
T1012

System Information Discovery

2
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Roaming\subfolder\filename.exe
    Filesize

    540KB

    MD5

    caea7f941039722438c67c24f7496088

    SHA1

    f95a59d7670c72054a6126d52c42062a956b5c50

    SHA256

    98dba5520b641ba0d550b2ca5f7099683ed26d52c3b92d33f5d5a95f405fe0d3

    SHA512

    36394e20221742b5caef28e73ea4740df245d7d22fadcd45c3a111e48e2f2c850c11a0e6d91bbbf12fab316c4522cb20653fd700008eb71a069291ea8ec86b5d

    Download Submit
  • C:\Users\Admin\AppData\Roaming\subfolder\filename.exe
    Filesize

    540KB

    MD5

    caea7f941039722438c67c24f7496088

    SHA1

    f95a59d7670c72054a6126d52c42062a956b5c50

    SHA256

    98dba5520b641ba0d550b2ca5f7099683ed26d52c3b92d33f5d5a95f405fe0d3

    SHA512

    36394e20221742b5caef28e73ea4740df245d7d22fadcd45c3a111e48e2f2c850c11a0e6d91bbbf12fab316c4522cb20653fd700008eb71a069291ea8ec86b5d

    Download Submit
  • C:\Users\Admin\AppData\Roaming\subfolder\filename.exe
    Filesize

    540KB

    MD5

    caea7f941039722438c67c24f7496088

    SHA1

    f95a59d7670c72054a6126d52c42062a956b5c50

    SHA256

    98dba5520b641ba0d550b2ca5f7099683ed26d52c3b92d33f5d5a95f405fe0d3

    SHA512

    36394e20221742b5caef28e73ea4740df245d7d22fadcd45c3a111e48e2f2c850c11a0e6d91bbbf12fab316c4522cb20653fd700008eb71a069291ea8ec86b5d

    Download Submit
  • memory/1080-163-0x0000000000400000-0x0000000000466000-memory.dmp
    Filesize

    408KB

    Download
  • memory/1080-180-0x0000000000400000-0x0000000000466000-memory.dmp
    Filesize

    408KB

    Download
  • memory/1080-141-0x0000000000400000-0x0000000000466000-memory.dmp
    Filesize

    408KB

    Download
  • memory/1080-165-0x0000000000400000-0x0000000000466000-memory.dmp
    Filesize

    408KB

    Download
  • memory/1080-145-0x0000000000400000-0x0000000000466000-memory.dmp
    Filesize

    408KB

    Download
  • memory/1080-147-0x000000000045C000-0x000000000045E000-memory.dmp
    Filesize

    8KB

    Download
  • memory/1080-149-0x000000000045C000-0x000000000045E000-memory.dmp
    Filesize

    8KB

    Download
  • memory/1080-150-0x0000000000400000-0x0000000000466000-memory.dmp
    Filesize

    408KB

    Download
  • memory/1080-152-0x0000000000400000-0x0000000000466000-memory.dmp
    Filesize

    408KB

    Download
  • memory/1080-153-0x0000000000400000-0x0000000000466000-memory.dmp
    Filesize

    408KB

    Download
  • memory/1080-154-0x0000000000400000-0x0000000000466000-memory.dmp
    Filesize

    408KB

    Download
  • memory/1080-155-0x0000000000400000-0x0000000000466000-memory.dmp
    Filesize

    408KB

    Download
  • memory/1080-156-0x0000000000400000-0x0000000000466000-memory.dmp
    Filesize

    408KB

    Download
  • memory/1080-157-0x0000000000400000-0x0000000000466000-memory.dmp
    Filesize

    408KB

    Download
  • memory/1080-158-0x0000000000400000-0x0000000000466000-memory.dmp
    Filesize

    408KB

    Download
  • memory/1080-166-0x0000000000400000-0x0000000000466000-memory.dmp
    Filesize

    408KB

    Download
  • memory/1080-159-0x0000000000400000-0x0000000000466000-memory.dmp
    Filesize

    408KB

    Download
  • memory/1080-161-0x0000000000400000-0x0000000000466000-memory.dmp
    Filesize

    408KB

    Download
  • memory/1080-162-0x0000000000400000-0x0000000000466000-memory.dmp
    Filesize

    408KB

    Download
  • memory/1080-203-0x0000000000400000-0x0000000000466000-memory.dmp
    Filesize

    408KB

    Download
  • memory/1080-202-0x0000000000400000-0x0000000000466000-memory.dmp
    Filesize

    408KB

    Download
  • memory/1080-164-0x0000000000400000-0x0000000000466000-memory.dmp
    Filesize

    408KB

    Download
  • memory/1080-160-0x0000000000400000-0x0000000000466000-memory.dmp
    Filesize

    408KB

    Download
  • memory/1080-167-0x0000000000400000-0x0000000000466000-memory.dmp
    Filesize

    408KB

    Download
  • memory/1080-168-0x0000000000400000-0x0000000000466000-memory.dmp
    Filesize

    408KB

    Download
  • memory/1080-169-0x0000000000400000-0x0000000000466000-memory.dmp
    Filesize

    408KB

    Download
  • memory/1080-170-0x0000000000400000-0x0000000000466000-memory.dmp
    Filesize

    408KB

    Download
  • memory/1080-171-0x0000000000400000-0x0000000000466000-memory.dmp
    Filesize

    408KB

    Download
  • memory/1080-174-0x0000000000400000-0x0000000000466000-memory.dmp
    Filesize

    408KB

    Download
  • memory/1080-177-0x0000000000400000-0x0000000000466000-memory.dmp
    Filesize

    408KB

    Download
  • memory/1080-179-0x0000000000400000-0x0000000000466000-memory.dmp
    Filesize

    408KB

    Download
  • memory/1080-140-0x0000000000000000-mapping.dmp
    Download
  • memory/1080-183-0x0000000000400000-0x0000000000466000-memory.dmp
    Filesize

    408KB

    Download
  • memory/1080-184-0x0000000000400000-0x0000000000466000-memory.dmp
    Filesize

    408KB

    Download
  • memory/1080-187-0x0000000000400000-0x0000000000466000-memory.dmp
    Filesize

    408KB

    Download
  • memory/1080-188-0x0000000000400000-0x0000000000466000-memory.dmp
    Filesize

    408KB

    Download
  • memory/1080-191-0x0000000000400000-0x0000000000466000-memory.dmp
    Filesize

    408KB

    Download
  • memory/1080-194-0x0000000000400000-0x0000000000466000-memory.dmp
    Filesize

    408KB

    Download
  • memory/1080-195-0x0000000000400000-0x0000000000466000-memory.dmp
    Filesize

    408KB

    Download
  • memory/1080-198-0x0000000000400000-0x0000000000466000-memory.dmp
    Filesize

    408KB

    Download
  • memory/1080-199-0x0000000000400000-0x0000000000466000-memory.dmp
    Filesize

    408KB

    Download
  • memory/4832-134-0x0000000002DF0000-0x0000000002DF6000-memory.dmp
    Filesize

    24KB

    Download
  • memory/5080-135-0x0000000000000000-mapping.dmp
    Download