Overview

overview

10

Static

static

75fc524129...1e.exe

windows7-x64

10

75fc524129...1e.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    343s
  • max time network
    356s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20221111-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20221111-enlocale:en-usos:windows10-2004-x64system
  • submitted
    29/11/2022, 03:16 UTC

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    75fc524129c3025014c06b1f3475d2e6d9ea9cd326f653760f75f0ad71d84f1e.exe

  • Size

    264KB

  • MD5

    94341251c899fcbebb190ba272eafd9c

  • SHA1

    d9f9efcb62aa7a663569ccef3043cc9e1c4535dc

  • SHA256

    75fc524129c3025014c06b1f3475d2e6d9ea9cd326f653760f75f0ad71d84f1e

  • SHA512

    7d3fd8ec580132ec4afe50d2858227eca18fbc773c9fefbe10afe441feee1718f57750d48eb3d08cf7c9f95bc022ae83d930dc861243246d5962559a46c07bc1

  • SSDEEP

    3072:HwwQcqsOeDf2IDyG2pfr4GNLzECcKIvMBSYWunCvPQiwhjXH1WkaBx5/lvnjLYar:QwQ3sOeb9Ic6OLynWunzXH1W9r

Score
10/10
evasionpersistence

Malware Config

Signatures

  • Modifies visiblity of hidden/system files in Explorer 2 TTPs 2 IoCs
    evasion
  • Executes dropped EXE 1 IoCs
  • Checks computer location settings 2 TTPs 1 IoCs

    Looks up country code configured in the registry, likely geofence.

  • Adds Run key to start application 2 TTPs 18 IoCs
    persistence
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

  • Suspicious behavior: EnumeratesProcesses 38 IoCs
  • Suspicious use of SetWindowsHookEx 2 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\75fc524129c3025014c06b1f3475d2e6d9ea9cd326f653760f75f0ad71d84f1e.exe
    "C:\Users\Admin\AppData\Local\Temp\75fc524129c3025014c06b1f3475d2e6d9ea9cd326f653760f75f0ad71d84f1e.exe"
    1⤵
    • Modifies visiblity of hidden/system files in Explorer
    • Checks computer location settings
    • Adds Run key to start application
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:1968
    • C:\Users\Admin\vnhooz.exe
      "C:\Users\Admin\vnhooz.exe"
      2⤵
      • Modifies visiblity of hidden/system files in Explorer
      • Executes dropped EXE
      • Adds Run key to start application
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of SetWindowsHookEx
      PID:1548

Network

  • flag-unknown
    DNS
    151.122.125.40.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    151.122.125.40.in-addr.arpa
    IN PTR
    Response
  • 20.82.209.183:443
    40 B
     1
  • 20.82.209.183:443
    40 B
     1
  • 13.69.239.74:443
    40 B
     1
  • 93.184.221.240:80
    322 B
     7
  • 93.184.221.240:80
    322 B
     7
  • 209.197.3.8:80
    322 B
     7
  • 209.197.3.8:80
    322 B
     7
  • 209.197.3.8:80
    322 B
     7
  • 20.82.209.183:443
    40 B
     1
  • 40.79.189.59:443
    322 B
     7
  • 104.80.225.205:443
    322 B
     7
  • 8.8.8.8:53
    151.122.125.40.in-addr.arpa
    dns
    73 B
     159 B
     1
    1

    DNS Request

    151.122.125.40.in-addr.arpa

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\vnhooz.exe
    Filesize

    264KB

    MD5

    37219b4f82c5abd098a8e9120028705f

    SHA1

    9d9b7aae59dfd018ed1ea4f72ccb5bea45284546

    SHA256

    61d172938702e969d429331bc02f06bd334347c0964a573887541c4d7d9fc2bf

    SHA512

    e95f153004d6dbcdbb21033f0c3307638491e0239591fbeb80ba28a31e1e78c3c84c83c5353a9a17f3f072ca1eff731be7801c124cf9dbee4172f42239e2a72c

    Download Submit

  • C:\Users\Admin\vnhooz.exe
    Filesize

    264KB

    MD5

    37219b4f82c5abd098a8e9120028705f

    SHA1

    9d9b7aae59dfd018ed1ea4f72ccb5bea45284546

    SHA256

    61d172938702e969d429331bc02f06bd334347c0964a573887541c4d7d9fc2bf

    SHA512

    e95f153004d6dbcdbb21033f0c3307638491e0239591fbeb80ba28a31e1e78c3c84c83c5353a9a17f3f072ca1eff731be7801c124cf9dbee4172f42239e2a72c

    Download Submit

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.