Overview

overview

10

Static

static

ccca7a2743...9e.exe

windows7-x64

10

ccca7a2743...9e.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    152s
  • max time network
    46s
  • platform
    windows7_x64
  • resource
    win7-20220812-en
  • resource tags

    arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
  • submitted
    01/12/2022, 22:38

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    ccca7a2743b20b038b8f8c96e45b0414840e50debf56b7f9a302df2258d67a9e.exe

  • Size

    240KB

  • MD5

    8c51f3801012066aea0839c4293b4915

  • SHA1

    c29f6b0fcb58e5a894606f4a903bb61ef7107a6b

  • SHA256

    ccca7a2743b20b038b8f8c96e45b0414840e50debf56b7f9a302df2258d67a9e

  • SHA512

    b82d2e80934b746fbcee8f854c14fcbdba0de3e436ea6a78a16302d033279d8c9fee9cb3c7478d8bd342f65235b94c108048cf861ff15b42beb4039cf5b2db0d

  • SSDEEP

    6144:NH3dwqsNTNEXGlQR58EqxF6snji81RUinKq3aEESliD0z:NXdQKjeaEEpE

Score
10/10
evasionpersistence

Malware Config

Signatures

  • Modifies visiblity of hidden/system files in Explorer 2 TTPs 2 IoCs
    evasion
  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 2 IoCs
  • Adds Run key to start application 2 TTPs 29 IoCs
    persistence
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of SetWindowsHookEx 2 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\ccca7a2743b20b038b8f8c96e45b0414840e50debf56b7f9a302df2258d67a9e.exe
    "C:\Users\Admin\AppData\Local\Temp\ccca7a2743b20b038b8f8c96e45b0414840e50debf56b7f9a302df2258d67a9e.exe"
    1⤵
    • Modifies visiblity of hidden/system files in Explorer
    • Loads dropped DLL
    • Adds Run key to start application
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:1032
    • C:\Users\Admin\yxrus.exe
      "C:\Users\Admin\yxrus.exe"
      2⤵
      • Modifies visiblity of hidden/system files in Explorer
      • Executes dropped EXE
      • Adds Run key to start application
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of SetWindowsHookEx
      PID:916

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\yxrus.exe
    Filesize

    240KB

    MD5

    f42108247f6616fe356168fe3b0106f5

    SHA1

    9a5dae756254bd341d28ea7d28e546f3fcd9bf4f

    SHA256

    c10c8f57e929189ec27e123a5bb1fdf4dac540885378abfa8d34e8515451e6cd

    SHA512

    0ee0cab68474c73a62b1aa9280507c0e9a092fed6e1d8661733e6b4f834de6d8a0c3fb05c97c127e0222744f21707eb9c1823a3a8d6ae577b02620a5feff55a4

    Download Submit

  • C:\Users\Admin\yxrus.exe
    Filesize

    240KB

    MD5

    f42108247f6616fe356168fe3b0106f5

    SHA1

    9a5dae756254bd341d28ea7d28e546f3fcd9bf4f

    SHA256

    c10c8f57e929189ec27e123a5bb1fdf4dac540885378abfa8d34e8515451e6cd

    SHA512

    0ee0cab68474c73a62b1aa9280507c0e9a092fed6e1d8661733e6b4f834de6d8a0c3fb05c97c127e0222744f21707eb9c1823a3a8d6ae577b02620a5feff55a4

    Download Submit

  • \Users\Admin\yxrus.exe
    Filesize

    240KB

    MD5

    f42108247f6616fe356168fe3b0106f5

    SHA1

    9a5dae756254bd341d28ea7d28e546f3fcd9bf4f

    SHA256

    c10c8f57e929189ec27e123a5bb1fdf4dac540885378abfa8d34e8515451e6cd

    SHA512

    0ee0cab68474c73a62b1aa9280507c0e9a092fed6e1d8661733e6b4f834de6d8a0c3fb05c97c127e0222744f21707eb9c1823a3a8d6ae577b02620a5feff55a4

    Download Submit

  • \Users\Admin\yxrus.exe
    Filesize

    240KB

    MD5

    f42108247f6616fe356168fe3b0106f5

    SHA1

    9a5dae756254bd341d28ea7d28e546f3fcd9bf4f

    SHA256

    c10c8f57e929189ec27e123a5bb1fdf4dac540885378abfa8d34e8515451e6cd

    SHA512

    0ee0cab68474c73a62b1aa9280507c0e9a092fed6e1d8661733e6b4f834de6d8a0c3fb05c97c127e0222744f21707eb9c1823a3a8d6ae577b02620a5feff55a4

    Download Submit

  • memory/1032-56-0x0000000076711000-0x0000000076713000-memory.dmp

    Filesize

    8KB

    Download