7cc7a797de5f0a68281faafabcdc799c2f77695027faa1434a69426df3260549

Analysis

max time kernel
143s
max time network
155s
platform
windows10-2004_x64
resource
win10v2004-20220812-en
resource tags

arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
submitted
29-11-2022 09:24

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

7cc7a797de5f0a68281faafabcdc799c2f77695027faa1434a69426df3260549.exe
Size

549KB
MD5

032e5bfd980784d0e528d55f17199760
SHA1

4973df8d8c05f721fa59f1bbb177f75ecf957732
SHA256

7cc7a797de5f0a68281faafabcdc799c2f77695027faa1434a69426df3260549
SHA512

51f7a5cf8a1387402d85e187e69f0702a6941555123d70bfa0e74f617e41de376e3b2c7d3ee6c422e527172966f4fce0410e7b359c75fc343e24fce7f97b777e
SSDEEP

12288:WuodEMwG2ufXtFLZo3/Mhf0BH6wDaALdn9Ul:WjdEMl2u/tFLZo2fTwGE9u

Score

8^/10

Malware Config

Signatures

Executes dropped EXE 2 IoCs

pid	Process
5032	Launcher.exe
1928	7cc7a797de5f0a68281faafabcdc799c2f77695027faa1434a69426df3260549.exe

Loads dropped DLL 2 IoCs

pid	Process
704	7cc7a797de5f0a68281faafabcdc799c2f77695027faa1434a69426df3260549.exe
704	7cc7a797de5f0a68281faafabcdc799c2f77695027faa1434a69426df3260549.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

System Information Discovery
T1082

NSIS installer 2 IoCs

installer

resource	yara_rule
behavioral2/files/0x0006000000022f6e-147.dat	nsis_installer_1
behavioral2/files/0x0006000000022f6e-147.dat	nsis_installer_2

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
704	7cc7a797de5f0a68281faafabcdc799c2f77695027faa1434a69426df3260549.exe

Suspicious use of SetWindowsHookEx 2 IoCs

pid	Process
1928	7cc7a797de5f0a68281faafabcdc799c2f77695027faa1434a69426df3260549.exe
1928	7cc7a797de5f0a68281faafabcdc799c2f77695027faa1434a69426df3260549.exe

Suspicious use of WriteProcessMemory 5 IoCs

description	pid	Process	procid_target
PID 704 wrote to memory of 5032	704	7cc7a797de5f0a68281faafabcdc799c2f77695027faa1434a69426df3260549.exe	78
PID 704 wrote to memory of 5032	704	7cc7a797de5f0a68281faafabcdc799c2f77695027faa1434a69426df3260549.exe	78
PID 704 wrote to memory of 5032	704	7cc7a797de5f0a68281faafabcdc799c2f77695027faa1434a69426df3260549.exe	78
PID 704 wrote to memory of 1928	704	7cc7a797de5f0a68281faafabcdc799c2f77695027faa1434a69426df3260549.exe	83
PID 704 wrote to memory of 1928	704	7cc7a797de5f0a68281faafabcdc799c2f77695027faa1434a69426df3260549.exe	83

C:\Users\Admin\AppData\Local\Temp\7cc7a797de5f0a68281faafabcdc799c2f77695027faa1434a69426df3260549.exe
"C:\Users\Admin\AppData\Local\Temp\7cc7a797de5f0a68281faafabcdc799c2f77695027faa1434a69426df3260549.exe"
1⤵
- Loads dropped DLL
- Suspicious use of FindShellTrayWindow
- Suspicious use of WriteProcessMemory
PID:704
- C:\Users\Admin\AppData\Local\Temp\DM\7cc7a797de5f0a68281faafabcdc799c2f77695027faa1434a69426df3260549.exe\UZ4gfMuSD7w2eof\Launcher.exe
  C:\Users\Admin\AppData\Local\Temp\DM\7cc7a797de5f0a68281faafabcdc799c2f77695027faa1434a69426df3260549.exe\UZ4gfMuSD7w2eof\Launcher.exe /in="e7cc7a797de5f0a68281faafabcdc799c2f77695027faa1434a69426df3260549.exe" /out="7cc7a797de5f0a68281faafabcdc799c2f77695027faa1434a69426df3260549.exe" /psw="b34215f6c6c443d9a33d96a7990256e9" /typ=dec
  2⤵
  - Executes dropped EXE
  PID:5032
- C:\Users\Admin\AppData\Local\Temp\DM\7cc7a797de5f0a68281faafabcdc799c2f77695027faa1434a69426df3260549.exe\UZ4gfMuSD7w2eof\7cc7a797de5f0a68281faafabcdc799c2f77695027faa1434a69426df3260549.exe
  C:\Users\Admin\AppData\Local\Temp\DM\7cc7a797de5f0a68281faafabcdc799c2f77695027faa1434a69426df3260549.exe\UZ4gfMuSD7w2eof\7cc7a797de5f0a68281faafabcdc799c2f77695027faa1434a69426df3260549.exe /path="C:\Users\Admin\AppData\Local\Temp\7cc7a797de5f0a68281faafabcdc799c2f77695027faa1434a69426df3260549.exe"
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:1928

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\DM\7cc7a797de5f0a68281faafabcdc799c2f77695027faa1434a69426df3260549.exe\UZ4gfMuSD7w2eof\7cc7a797de5f0a68281faafabcdc799c2f77695027faa1434a69426df3260549.exe

Filesize
401KB

MD5
8ae4e82e5e815a27459bd7794382e70c

SHA1
76b97f5d8ce9897f9620ddcc66db425f175cad33

SHA256
780a3b5e1017a1b129baf0cc6e7e4fe40af0d512975a3109cabee0f257f99826

SHA512
bd80725444040bcf6b0b93bee596be93fd06324106bc09c29f07a3d8c23018aaca4e4cf8e9daa64d3d9c003109d457aa516e2cb913dfd8402e9d8ffa8c8f67cf

Download Submit
C:\Users\Admin\AppData\Local\Temp\DM\7cc7a797de5f0a68281faafabcdc799c2f77695027faa1434a69426df3260549.exe\UZ4gfMuSD7w2eof\7cc7a797de5f0a68281faafabcdc799c2f77695027faa1434a69426df3260549.exe

Filesize
401KB

MD5
8ae4e82e5e815a27459bd7794382e70c

SHA1
76b97f5d8ce9897f9620ddcc66db425f175cad33

SHA256
780a3b5e1017a1b129baf0cc6e7e4fe40af0d512975a3109cabee0f257f99826

SHA512
bd80725444040bcf6b0b93bee596be93fd06324106bc09c29f07a3d8c23018aaca4e4cf8e9daa64d3d9c003109d457aa516e2cb913dfd8402e9d8ffa8c8f67cf

Download Submit
C:\Users\Admin\AppData\Local\Temp\DM\7cc7a797de5f0a68281faafabcdc799c2f77695027faa1434a69426df3260549.exe\UZ4gfMuSD7w2eof\7cc7a797de5f0a68281faafabcdc799c2f77695027faa1434a69426df3260549.exe.config

Filesize
690B

MD5
bca0ea75b6940aa86960d7b9098a5998

SHA1
3d57f82158ac72c7eb2e72ba19a80485d8103130

SHA256
5a494295936d2170433864b449257bbac7b976413811a0b6339e37f83a891f8d

SHA512
260a05c509d874239a27798421ee75ac7e2bbc0d2a0485122740e8b8adcd8f43f98f7633cef278d9f7f4a132633b4b1cdf4b641e2233e891dce2d6eb6e75c3d3

Download Submit
C:\Users\Admin\AppData\Local\Temp\DM\7cc7a797de5f0a68281faafabcdc799c2f77695027faa1434a69426df3260549.exe\UZ4gfMuSD7w2eof\Launcher.exe

Filesize
104KB

MD5
d8403c9e47f917db06cf25f84baf0dc0

SHA1
c94ceca18b43f9e66e53c7e88a300981a09cf503

SHA256
914c5c2b67c400d78a1ce890f644b33d3c37e1ee131d9a7c1b2f557efdb46051

SHA512
f44d630155379d43a4f18ec8d5082a1887de6a3780c75d2a5ff2652eef3df642d7514e3c0548c268e568ffa784be69a965ce6217eababca7ebdb8bf9b2051e07

Download Submit
C:\Users\Admin\AppData\Local\Temp\DM\7cc7a797de5f0a68281faafabcdc799c2f77695027faa1434a69426df3260549.exe\UZ4gfMuSD7w2eof\Launcher.exe

Filesize
104KB

MD5
d8403c9e47f917db06cf25f84baf0dc0

SHA1
c94ceca18b43f9e66e53c7e88a300981a09cf503

SHA256
914c5c2b67c400d78a1ce890f644b33d3c37e1ee131d9a7c1b2f557efdb46051

SHA512
f44d630155379d43a4f18ec8d5082a1887de6a3780c75d2a5ff2652eef3df642d7514e3c0548c268e568ffa784be69a965ce6217eababca7ebdb8bf9b2051e07

Download Submit
C:\Users\Admin\AppData\Local\Temp\DM\7cc7a797de5f0a68281faafabcdc799c2f77695027faa1434a69426df3260549.exe\UZ4gfMuSD7w2eof\Launcher.exe.config

Filesize
340B

MD5
91629f6b28cbe2b52bb86cb5af3bdbca

SHA1
35fb57ac58c9eb0668f5832a588d9f81e040568b

SHA256
589c122996fadc118731c6f983c5d3b498c4b4b59700ea548f4cfb79e4eaaeeb

SHA512
f08382296696173784841a163c73c19e7bd674a08a053c0434d55696f45039721925e5d829e4bbbf71b07385d1b88c5ea241b8247eb0d81bf381205977bd14c5

Download Submit
C:\Users\Admin\AppData\Local\Temp\DM\7cc7a797de5f0a68281faafabcdc799c2f77695027faa1434a69426df3260549.exe\UZ4gfMuSD7w2eof\e7cc7a797de5f0a68281faafabcdc799c2f77695027faa1434a69426df3260549.exe

Filesize
401KB

MD5
80a2389a2a0d3b46d7258aa85f0b19e7

SHA1
1a45ea8d14442f72a5951f422ff5fb4a907ba9b1

SHA256
b80a40c8cc93f807c057c88c873031fb9c6f81e0465acbd912515f95ff77e957

SHA512
26d4c200ccfae59713d6299f0cc82cd326c1b87e7ca0ecca90256ed91f8e63362c06c434aaf10d8c427617e95fe6c25b9342f64d393f344e835360d113b205d5

Download Submit
C:\Users\Admin\AppData\Local\Temp\DM\7cc7a797de5f0a68281faafabcdc799c2f77695027faa1434a69426df3260549.exe\UZ4gfMuSD7w2eof\installer.exe

Filesize
549KB

MD5
032e5bfd980784d0e528d55f17199760

SHA1
4973df8d8c05f721fa59f1bbb177f75ecf957732

SHA256
7cc7a797de5f0a68281faafabcdc799c2f77695027faa1434a69426df3260549

SHA512
51f7a5cf8a1387402d85e187e69f0702a6941555123d70bfa0e74f617e41de376e3b2c7d3ee6c422e527172966f4fce0410e7b359c75fc343e24fce7f97b777e

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsx1C6.tmp\NSISdl.dll

Filesize
14KB

MD5
a5f8399a743ab7f9c88c645c35b1ebb5

SHA1
168f3c158913b0367bf79fa413357fbe97018191

SHA256
dacc88a12d3ba438fdae3535dc7a5a1d389bce13adc993706424874a782e51c9

SHA512
824e567f5211bf09c7912537c7836d761b0934207612808e9a191f980375c6a97383dbc6b4a7121c6b5f508cbfd7542a781d6b6b196ca24841f73892eec5e977

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsx1C6.tmp\pwgen.dll

Filesize
16KB

MD5
a555472395178ac8c733d90928e05017

SHA1
f44b192d66473f01a6540aaec4b6c9ac4c611d35

SHA256
82ae08fced4a1f9a7df123634da5f4cb12af4593a006bef421a54739a2cbd44e

SHA512
e6d87b030c45c655d93b2e76d7437ad900df5da2475dd2e6e28b6c872040491e80f540b00b6091d16bc8410bd58a1e82c62ee1b17193ef8500a153d4474bb80a

Download Submit
memory/1928-145-0x00007FF9F1B40000-0x00007FF9F2576000-memory.dmp

Filesize
10.2MB

Download
memory/1928-146-0x0000000000ABA000-0x0000000000ABF000-memory.dmp

Filesize
20KB

Download
memory/1928-148-0x0000000000ABA000-0x0000000000ABF000-memory.dmp

Filesize
20KB

Download
memory/5032-138-0x0000000072E30000-0x00000000733E1000-memory.dmp

Filesize
5.7MB

Download
memory/5032-140-0x0000000072E30000-0x00000000733E1000-memory.dmp

Filesize
5.7MB

Download