Overview

overview

10

Static

static

8951bcdc72...63.exe

windows7-x64

10

8951bcdc72...63.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    153s
  • max time network
    175s
  • platform
    windows7_x64
  • resource
    win7-20221111-en
  • resource tags

    arch:x64arch:x86image:win7-20221111-enlocale:en-usos:windows7-x64system
  • submitted
    29-11-2022 17:31

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    8951bcdc72c54d1d49428487c2c2ad7a6c785c3772c83f096ef35696e8bc9363.exe

  • Size

    224KB

  • MD5

    d31c81db17f8fc1309c7528925ec93db

  • SHA1

    3a55ffcea1bd5a6f59e6c6f90a0f6c9a7d62a1a9

  • SHA256

    8951bcdc72c54d1d49428487c2c2ad7a6c785c3772c83f096ef35696e8bc9363

  • SHA512

    7d7980ce04f04c0db9aafd278a230a767292edeb211d74f4c22ab6af16b8147ea69366880d0a266df13b0e37cf9fb8f01bd25320f7d09b5f8d904b71e61d30c8

  • SSDEEP

    3072:q788E5EEqiJAKMN9DAXamLKAcfbKyZwP02bVq3NZMf:qW54KMN9DtAcfbK/qT

Score
10/10
evasionpersistence

Malware Config

Signatures

  • Modifies visiblity of hidden/system files in Explorer 2 TTPs 2 IoCs
    evasion
  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 2 IoCs
  • Adds Run key to start application 2 TTPs 58 IoCs
    persistence
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of SetWindowsHookEx 2 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\8951bcdc72c54d1d49428487c2c2ad7a6c785c3772c83f096ef35696e8bc9363.exe
    "C:\Users\Admin\AppData\Local\Temp\8951bcdc72c54d1d49428487c2c2ad7a6c785c3772c83f096ef35696e8bc9363.exe"
    1⤵
    • Modifies visiblity of hidden/system files in Explorer
    • Loads dropped DLL
    • Adds Run key to start application
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:1120
    • C:\Users\Admin\meauhe.exe
      "C:\Users\Admin\meauhe.exe"
      2⤵
      • Modifies visiblity of hidden/system files in Explorer
      • Executes dropped EXE
      • Adds Run key to start application
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of SetWindowsHookEx
      PID:1704

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\meauhe.exe
    Filesize

    224KB

    MD5

    9febf1e635ea972110decf5514be4aba

    SHA1

    c11f3629cd34ecd2547dd3ec7de23fb61a9248fb

    SHA256

    10ae91805150b27fef942a21885d9c1a755041c00d2fbd74975ccf9b2899de05

    SHA512

    8394686c74ef13c2d554a326b07c68438c0985d1a2c73701c668b2e47d8881fa732c5d0ec861837b912d0000add056be41087162c8977b87df575a9e3c0fce85

    Download Submit

  • C:\Users\Admin\meauhe.exe
    Filesize

    224KB

    MD5

    9febf1e635ea972110decf5514be4aba

    SHA1

    c11f3629cd34ecd2547dd3ec7de23fb61a9248fb

    SHA256

    10ae91805150b27fef942a21885d9c1a755041c00d2fbd74975ccf9b2899de05

    SHA512

    8394686c74ef13c2d554a326b07c68438c0985d1a2c73701c668b2e47d8881fa732c5d0ec861837b912d0000add056be41087162c8977b87df575a9e3c0fce85

    Download Submit

  • \Users\Admin\meauhe.exe
    Filesize

    224KB

    MD5

    9febf1e635ea972110decf5514be4aba

    SHA1

    c11f3629cd34ecd2547dd3ec7de23fb61a9248fb

    SHA256

    10ae91805150b27fef942a21885d9c1a755041c00d2fbd74975ccf9b2899de05

    SHA512

    8394686c74ef13c2d554a326b07c68438c0985d1a2c73701c668b2e47d8881fa732c5d0ec861837b912d0000add056be41087162c8977b87df575a9e3c0fce85

    Download Submit

  • \Users\Admin\meauhe.exe
    Filesize

    224KB

    MD5

    9febf1e635ea972110decf5514be4aba

    SHA1

    c11f3629cd34ecd2547dd3ec7de23fb61a9248fb

    SHA256

    10ae91805150b27fef942a21885d9c1a755041c00d2fbd74975ccf9b2899de05

    SHA512

    8394686c74ef13c2d554a326b07c68438c0985d1a2c73701c668b2e47d8881fa732c5d0ec861837b912d0000add056be41087162c8977b87df575a9e3c0fce85

    Download Submit

  • memory/1120-56-0x0000000075291000-0x0000000075293000-memory.dmp

    Filesize

    8KB

    Download