Analysis

  • max time kernel
    232s
  • max time network
    265s
  • platform
    windows7_x64
  • resource
    win7-20221111-en
  • resource tags

    arch:x64arch:x86image:win7-20221111-enlocale:en-usos:windows7-x64system
  • submitted
    29/11/2022, 03:16

General

  • Target

    75fc524129c3025014c06b1f3475d2e6d9ea9cd326f653760f75f0ad71d84f1e.exe

  • Size

    264KB

  • MD5

    94341251c899fcbebb190ba272eafd9c

  • SHA1

    d9f9efcb62aa7a663569ccef3043cc9e1c4535dc

  • SHA256

    75fc524129c3025014c06b1f3475d2e6d9ea9cd326f653760f75f0ad71d84f1e

  • SHA512

    7d3fd8ec580132ec4afe50d2858227eca18fbc773c9fefbe10afe441feee1718f57750d48eb3d08cf7c9f95bc022ae83d930dc861243246d5962559a46c07bc1

  • SSDEEP

    3072:HwwQcqsOeDf2IDyG2pfr4GNLzECcKIvMBSYWunCvPQiwhjXH1WkaBx5/lvnjLYar:QwQ3sOeb9Ic6OLynWunzXH1W9r

Score
10/10

Malware Config

Signatures

  • Modifies visiblity of hidden/system files in Explorer 2 TTPs 2 IoCs
  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 2 IoCs
  • Adds Run key to start application 2 TTPs 47 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of SetWindowsHookEx 2 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\75fc524129c3025014c06b1f3475d2e6d9ea9cd326f653760f75f0ad71d84f1e.exe
    "C:\Users\Admin\AppData\Local\Temp\75fc524129c3025014c06b1f3475d2e6d9ea9cd326f653760f75f0ad71d84f1e.exe"
    1⤵
    • Modifies visiblity of hidden/system files in Explorer
    • Loads dropped DLL
    • Adds Run key to start application
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:560
    • C:\Users\Admin\joaje.exe
      "C:\Users\Admin\joaje.exe"
      2⤵
      • Modifies visiblity of hidden/system files in Explorer
      • Executes dropped EXE
      • Adds Run key to start application
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of SetWindowsHookEx
      PID:1696

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\joaje.exe

    Filesize

    264KB

    MD5

    4ea863c988e3ce4d9fd3aa4503854cd3

    SHA1

    efa8aa37981e12bf31d2ff959a0da19c084ff107

    SHA256

    80fe430720d27019d40d5e0c827890cb94e196dd49bb138928683f6f0622c7ec

    SHA512

    cfdc46ca807521ef0561044fec05c5860152554e7914f9c633dfd5eea947962da18f7ebe795c05405b7502ea4de6a91673c8781bab8f2dea8eed9c1342b16bf0

  • C:\Users\Admin\joaje.exe

    Filesize

    264KB

    MD5

    4ea863c988e3ce4d9fd3aa4503854cd3

    SHA1

    efa8aa37981e12bf31d2ff959a0da19c084ff107

    SHA256

    80fe430720d27019d40d5e0c827890cb94e196dd49bb138928683f6f0622c7ec

    SHA512

    cfdc46ca807521ef0561044fec05c5860152554e7914f9c633dfd5eea947962da18f7ebe795c05405b7502ea4de6a91673c8781bab8f2dea8eed9c1342b16bf0

  • \Users\Admin\joaje.exe

    Filesize

    264KB

    MD5

    4ea863c988e3ce4d9fd3aa4503854cd3

    SHA1

    efa8aa37981e12bf31d2ff959a0da19c084ff107

    SHA256

    80fe430720d27019d40d5e0c827890cb94e196dd49bb138928683f6f0622c7ec

    SHA512

    cfdc46ca807521ef0561044fec05c5860152554e7914f9c633dfd5eea947962da18f7ebe795c05405b7502ea4de6a91673c8781bab8f2dea8eed9c1342b16bf0

  • \Users\Admin\joaje.exe

    Filesize

    264KB

    MD5

    4ea863c988e3ce4d9fd3aa4503854cd3

    SHA1

    efa8aa37981e12bf31d2ff959a0da19c084ff107

    SHA256

    80fe430720d27019d40d5e0c827890cb94e196dd49bb138928683f6f0622c7ec

    SHA512

    cfdc46ca807521ef0561044fec05c5860152554e7914f9c633dfd5eea947962da18f7ebe795c05405b7502ea4de6a91673c8781bab8f2dea8eed9c1342b16bf0

  • memory/560-56-0x00000000757E1000-0x00000000757E3000-memory.dmp

    Filesize

    8KB