Overview

overview

10

Static

static

7e7cd311f6...40.exe

windows7-x64

10

7e7cd311f6...40.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    153s
  • max time network
    158s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20220901-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20220901-enlocale:en-usos:windows10-2004-x64system
  • submitted
    29/11/2022, 13:26

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    7e7cd311f6f5cf4528c9b0856a010f5b0d0606d65e0000fe61ddf681af95f040.exe

  • Size

    212KB

  • MD5

    5cd215f6e307bfb3b0fff1c4be3ff450

  • SHA1

    f06f323e574395380231a10a8d5768f33a3f10e3

  • SHA256

    7e7cd311f6f5cf4528c9b0856a010f5b0d0606d65e0000fe61ddf681af95f040

  • SHA512

    481e8663a792edc524922e5794fec03136be218549e15ba0671dd5660b901dd59ca60a971cccbe52566f0e9cb04dd1df67013fc54a6b4a37840b83c21e7a4c93

  • SSDEEP

    6144:+hFFwlPelKiAzY09umHh7K5cUXEBwrYVHhAgz65c2:GFaxelKhY09umH45cUXEBwUVHhAgz65p

Score
10/10
evasionpersistence

Malware Config

Signatures

  • Modifies visiblity of hidden/system files in Explorer 2 TTPs 2 IoCs
    evasion
  • Executes dropped EXE 1 IoCs
  • Checks computer location settings 2 TTPs 1 IoCs

    Looks up country code configured in the registry, likely geofence.

  • Adds Run key to start application 2 TTPs 58 IoCs
    persistence
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of SetWindowsHookEx 2 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\7e7cd311f6f5cf4528c9b0856a010f5b0d0606d65e0000fe61ddf681af95f040.exe
    "C:\Users\Admin\AppData\Local\Temp\7e7cd311f6f5cf4528c9b0856a010f5b0d0606d65e0000fe61ddf681af95f040.exe"
    1⤵
    • Modifies visiblity of hidden/system files in Explorer
    • Checks computer location settings
    • Adds Run key to start application
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:2552
    • C:\Users\Admin\seimem.exe
      "C:\Users\Admin\seimem.exe"
      2⤵
      • Modifies visiblity of hidden/system files in Explorer
      • Executes dropped EXE
      • Adds Run key to start application
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious behavior: GetForegroundWindowSpam
      • Suspicious use of SetWindowsHookEx
      PID:4812

Network

        MITRE ATT&CK Enterprise v6

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Users\Admin\seimem.exe
          Filesize

          212KB

          MD5

          34d9fab32da5bcb626fad03d49c76d48

          SHA1

          2a73a3d6ed7d1625c24babf7e9c2fb0c887320f1

          SHA256

          01aa36f1ecf629337266bb525fbc473c8a0a134227c3677747f86554867b2a6f

          SHA512

          51c390713343ccf738b278a66f558b13184d46f1219f314e410ee4bff5f1c9f0fe9c42ea41879a0c3af9f8ac9783bdee817437eabc108c62b5a688626d1bee4b

          Download Submit

        • C:\Users\Admin\seimem.exe
          Filesize

          212KB

          MD5

          34d9fab32da5bcb626fad03d49c76d48

          SHA1

          2a73a3d6ed7d1625c24babf7e9c2fb0c887320f1

          SHA256

          01aa36f1ecf629337266bb525fbc473c8a0a134227c3677747f86554867b2a6f

          SHA512

          51c390713343ccf738b278a66f558b13184d46f1219f314e410ee4bff5f1c9f0fe9c42ea41879a0c3af9f8ac9783bdee817437eabc108c62b5a688626d1bee4b

          Download Submit