Overview

overview

10

Static

static

c70c997a51...d2.exe

windows7-x64

10

c70c997a51...d2.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    150s
  • max time network
    52s
  • platform
    windows7_x64
  • resource
    win7-20220901-en
  • resource tags

    arch:x64arch:x86image:win7-20220901-enlocale:en-usos:windows7-x64system
  • submitted
    01-12-2022 22:41

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    c70c997a513d3393121e973bac16ae66b2cc8c717024a2d31f35045e7de8d3d2.exe

  • Size

    420KB

  • MD5

    4235166ef6d9d8a7da75fa1e10b9dd18

  • SHA1

    9a6509dba19b62428e5d6778359ad49c4983d7b5

  • SHA256

    c70c997a513d3393121e973bac16ae66b2cc8c717024a2d31f35045e7de8d3d2

  • SHA512

    ed293b2976ba8d222a0f1b801047629938ba1aba9065d05b8ec6663698b121860e00b93b7fd0f006329765b4ece2fb5b344721901ff796cb9e5a980fa4e01b83

  • SSDEEP

    6144:2wWIjqFk7qFoQudlhiP5+6yCtfGiIAZFG:2fX2QudeYr0F

Score
10/10
evasionpersistence

Malware Config

Signatures

  • Modifies visiblity of hidden/system files in Explorer 2 TTPs 2 IoCs
    evasion
  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 2 IoCs
  • Adds Run key to start application 2 TTPs 29 IoCs
    persistence
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of SetWindowsHookEx 2 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\c70c997a513d3393121e973bac16ae66b2cc8c717024a2d31f35045e7de8d3d2.exe
    "C:\Users\Admin\AppData\Local\Temp\c70c997a513d3393121e973bac16ae66b2cc8c717024a2d31f35045e7de8d3d2.exe"
    1⤵
    • Modifies visiblity of hidden/system files in Explorer
    • Loads dropped DLL
    • Adds Run key to start application
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:1204
    • C:\Users\Admin\boigee.exe
      "C:\Users\Admin\boigee.exe"
      2⤵
      • Modifies visiblity of hidden/system files in Explorer
      • Executes dropped EXE
      • Adds Run key to start application
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of SetWindowsHookEx
      PID:1036

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\boigee.exe
    Filesize

    420KB

    MD5

    f8362fcb2518d363c40954c9e712dec1

    SHA1

    7a150699341e81affdf25e0c0a89ef4fdf451c16

    SHA256

    c93c2909cf15101e87ec913d42c0121c650031f5467c0c4d769ff9b21e764b63

    SHA512

    2a2c29b6ec9a622da187a8564a0ccd4d530c1bfa0174e2e578a7043c92576f6a25ab799074e54f185dc7057f68daa07e666b639af2206a8c8ff7b76b2df558b4

    Download Submit

  • C:\Users\Admin\boigee.exe
    Filesize

    420KB

    MD5

    f8362fcb2518d363c40954c9e712dec1

    SHA1

    7a150699341e81affdf25e0c0a89ef4fdf451c16

    SHA256

    c93c2909cf15101e87ec913d42c0121c650031f5467c0c4d769ff9b21e764b63

    SHA512

    2a2c29b6ec9a622da187a8564a0ccd4d530c1bfa0174e2e578a7043c92576f6a25ab799074e54f185dc7057f68daa07e666b639af2206a8c8ff7b76b2df558b4

    Download Submit

  • \Users\Admin\boigee.exe
    Filesize

    420KB

    MD5

    f8362fcb2518d363c40954c9e712dec1

    SHA1

    7a150699341e81affdf25e0c0a89ef4fdf451c16

    SHA256

    c93c2909cf15101e87ec913d42c0121c650031f5467c0c4d769ff9b21e764b63

    SHA512

    2a2c29b6ec9a622da187a8564a0ccd4d530c1bfa0174e2e578a7043c92576f6a25ab799074e54f185dc7057f68daa07e666b639af2206a8c8ff7b76b2df558b4

    Download Submit

  • \Users\Admin\boigee.exe
    Filesize

    420KB

    MD5

    f8362fcb2518d363c40954c9e712dec1

    SHA1

    7a150699341e81affdf25e0c0a89ef4fdf451c16

    SHA256

    c93c2909cf15101e87ec913d42c0121c650031f5467c0c4d769ff9b21e764b63

    SHA512

    2a2c29b6ec9a622da187a8564a0ccd4d530c1bfa0174e2e578a7043c92576f6a25ab799074e54f185dc7057f68daa07e666b639af2206a8c8ff7b76b2df558b4

    Download Submit

  • memory/1036-59-0x0000000000000000-mapping.dmp

    Download

  • memory/1204-56-0x0000000074DE1000-0x0000000074DE3000-memory.dmp

    Filesize

    8KB

    Download