Overview

overview

10

Static

static

b37550c48c...e4.exe

windows7-x64

10

b37550c48c...e4.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    150s
  • max time network
    52s
  • platform
    windows7_x64
  • resource
    win7-20220901-en
  • resource tags

    arch:x64arch:x86image:win7-20220901-enlocale:en-usos:windows7-x64system
  • submitted
    29-11-2022 03:18

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    b37550c48c6ecdc00d4961383fe3a5bdf154372f4aa7f1197f5ef4f413cce6e4.exe

  • Size

    172KB

  • MD5

    b701923a0ba7c320677d156ab8ae5997

  • SHA1

    d632752a435d204415bf3bded8da30ae874d9474

  • SHA256

    b37550c48c6ecdc00d4961383fe3a5bdf154372f4aa7f1197f5ef4f413cce6e4

  • SHA512

    ff09e3695e78f47a5a3f73a2f33682967f71aec71dc9b93655f13bfd381ff95370b1187f2cdefadc51b6071c837523a2c41abf20ab45dc1c98735f2d5a4ea577

  • SSDEEP

    1536:ydSNkv6uTeKHCa0SfHB2QmB8itdmcZYfO+1UOWlNLeYZrLf+1u3df/jT6pxZJWtr:OLv6KHJdkvY2+ydeYMvnWtmpzaVmS1/

Score
10/10
evasionpersistence

Malware Config

Signatures

  • Modifies visiblity of hidden/system files in Explorer 2 TTPs 2 IoCs
    evasion
  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 2 IoCs
  • Adds Run key to start application 2 TTPs 29 IoCs
    persistence
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of SetWindowsHookEx 2 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\b37550c48c6ecdc00d4961383fe3a5bdf154372f4aa7f1197f5ef4f413cce6e4.exe
    "C:\Users\Admin\AppData\Local\Temp\b37550c48c6ecdc00d4961383fe3a5bdf154372f4aa7f1197f5ef4f413cce6e4.exe"
    1⤵
    • Modifies visiblity of hidden/system files in Explorer
    • Loads dropped DLL
    • Adds Run key to start application
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:1724
    • C:\Users\Admin\naiora.exe
      "C:\Users\Admin\naiora.exe"
      2⤵
      • Modifies visiblity of hidden/system files in Explorer
      • Executes dropped EXE
      • Adds Run key to start application
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of SetWindowsHookEx
      PID:1292

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\naiora.exe
    Filesize

    172KB

    MD5

    bb8cc26c0844c94a691e322d18547c78

    SHA1

    c4f22be1356cb1440f30e1a3a88aa6893f78316a

    SHA256

    b3574747f13b956eca1f9e474ef017320dcef4fe43f7df50b2d5215f13dbd87b

    SHA512

    417b25abe9651b9da35cb270d3c22aa9f603252ea6fe85ee822b26561d66d587bb92888ffdf232ba8c69b21541c3dda2a6f98b118267d856ee5fa8f0c3019c1b

    Download Submit

  • C:\Users\Admin\naiora.exe
    Filesize

    172KB

    MD5

    bb8cc26c0844c94a691e322d18547c78

    SHA1

    c4f22be1356cb1440f30e1a3a88aa6893f78316a

    SHA256

    b3574747f13b956eca1f9e474ef017320dcef4fe43f7df50b2d5215f13dbd87b

    SHA512

    417b25abe9651b9da35cb270d3c22aa9f603252ea6fe85ee822b26561d66d587bb92888ffdf232ba8c69b21541c3dda2a6f98b118267d856ee5fa8f0c3019c1b

    Download Submit

  • \Users\Admin\naiora.exe
    Filesize

    172KB

    MD5

    bb8cc26c0844c94a691e322d18547c78

    SHA1

    c4f22be1356cb1440f30e1a3a88aa6893f78316a

    SHA256

    b3574747f13b956eca1f9e474ef017320dcef4fe43f7df50b2d5215f13dbd87b

    SHA512

    417b25abe9651b9da35cb270d3c22aa9f603252ea6fe85ee822b26561d66d587bb92888ffdf232ba8c69b21541c3dda2a6f98b118267d856ee5fa8f0c3019c1b

    Download Submit

  • \Users\Admin\naiora.exe
    Filesize

    172KB

    MD5

    bb8cc26c0844c94a691e322d18547c78

    SHA1

    c4f22be1356cb1440f30e1a3a88aa6893f78316a

    SHA256

    b3574747f13b956eca1f9e474ef017320dcef4fe43f7df50b2d5215f13dbd87b

    SHA512

    417b25abe9651b9da35cb270d3c22aa9f603252ea6fe85ee822b26561d66d587bb92888ffdf232ba8c69b21541c3dda2a6f98b118267d856ee5fa8f0c3019c1b

    Download Submit

  • memory/1292-59-0x0000000000000000-mapping.dmp

    Download

  • memory/1724-56-0x0000000074DC1000-0x0000000074DC3000-memory.dmp

    Filesize

    8KB

    Download