Overview

overview

8

Static

static

27aabfd6b6...26.exe

windows7-x64

8

27aabfd6b6...26.exe

windows10-2004-x64

8

Analysis

  • max time kernel
    122s
  • max time network
    166s
  • platform
    windows7_x64
  • resource
    win7-20221111-en
  • resource tags

    arch:x64arch:x86image:win7-20221111-enlocale:en-usos:windows7-x64system
  • submitted
    01/12/2022, 13:44

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    27aabfd6b68743a01518e2d78beb9da06db7b75400187034e81410d76ea39526.exe

  • Size

    924KB

  • MD5

    2bfa6c0ac592ccddc97347e4a5b2ea99

  • SHA1

    c89e17ecf36e10c6f3fc24bc843a6e28fe8e3406

  • SHA256

    27aabfd6b68743a01518e2d78beb9da06db7b75400187034e81410d76ea39526

  • SHA512

    9ef583f69e526d7a11e31b61272e0450eaf9097a8ba23c6e49b092a6179329543829d02d587013840828b42ab9eaaee2838865ba2e5d1191ef5cc9ba994d2f38

  • SSDEEP

    24576:hjUdH6v+k1rdFev2EswT+j7EUl72yDGn:BwH5k15FDjRj9PG

Score
8/10
discoverypersistence

Malware Config

Signatures

  • Executes dropped EXE 2 IoCs
  • Loads dropped DLL 11 IoCs
  • Adds Run key to start application 2 TTPs 2 IoCs
    persistence
  • Checks installed software on the system 1 TTPs

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  • Drops file in System32 directory 3 IoCs
  • Drops file in Program Files directory 5 IoCs
  • Drops file in Windows directory 1 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

  • Modifies Internet Explorer settings 1 TTPs 1 IoCs
    adwarespyware
  • Modifies registry class 64 IoCs
  • Suspicious use of SetWindowsHookEx 4 IoCs
  • Suspicious use of WriteProcessMemory 11 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\27aabfd6b68743a01518e2d78beb9da06db7b75400187034e81410d76ea39526.exe
    "C:\Users\Admin\AppData\Local\Temp\27aabfd6b68743a01518e2d78beb9da06db7b75400187034e81410d76ea39526.exe"
    1⤵
    • Drops file in Windows directory
    • Suspicious use of WriteProcessMemory
    PID:1228
    • C:\Windows\utiloceansetup.exe
      C:\Windows\utiloceansetup.exe
      2⤵
      • Executes dropped EXE
      • Loads dropped DLL
      • Adds Run key to start application
      • Drops file in System32 directory
      • Drops file in Program Files directory
      • Suspicious use of WriteProcessMemory
      PID:1096
      • C:\Program Files (x86)\Utilocean\utiloceandn.exe
        "C:\Program Files (x86)\Utilocean\utiloceandn.exe"
        3⤵
        • Executes dropped EXE
        • Loads dropped DLL
        • Modifies Internet Explorer settings
        • Modifies registry class
        • Suspicious use of SetWindowsHookEx
        PID:1988

Network

        MITRE ATT&CK Enterprise v6

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Program Files (x86)\Utilocean\COMDLG32.OCX
          Filesize

          149KB

          MD5

          ab412429f1e5fb9708a8cdea07479099

          SHA1

          eb49323be4384a0e7e36053f186b305636e82887

          SHA256

          e32d8bbe8e6985726742b496520fa47827f3b428648fa1bc34ecffdd9bdac240

          SHA512

          f3348dbc3b05d14482250d7c399c00533598973f8e9168b4082ee5cbb81089dfaefcfda5a6a3c9f05b4445d655051b7a5170c57ee32d7a783dc35a75fee41aa9

          Download Submit

        • C:\Program Files (x86)\Utilocean\utiloceandn.exe
          Filesize

          131KB

          MD5

          6fb84f31b3bf01e9182fa5a5633e73b6

          SHA1

          5076fd3d3a9e0df8f4f4f377715ed4d8059b05a1

          SHA256

          535c6b688efa67527673961c305a28b203c38e141aa53b34545899104845762d

          SHA512

          01f7d0e05b957196973026d5007743b498b46e6dad90226ff1ccf9133f3f180f3a53769035aaffa98436a90f5e89fe9c1948f8407fcb6dcfac77b8a9555f9d8e

          Download Submit

        • C:\Program Files (x86)\Utilocean\utiloceandn.exe
          Filesize

          131KB

          MD5

          6fb84f31b3bf01e9182fa5a5633e73b6

          SHA1

          5076fd3d3a9e0df8f4f4f377715ed4d8059b05a1

          SHA256

          535c6b688efa67527673961c305a28b203c38e141aa53b34545899104845762d

          SHA512

          01f7d0e05b957196973026d5007743b498b46e6dad90226ff1ccf9133f3f180f3a53769035aaffa98436a90f5e89fe9c1948f8407fcb6dcfac77b8a9555f9d8e

          Download Submit

        • C:\Windows\SysWOW64\MSINET.OCX
          Filesize

          113KB

          MD5

          40d81470a19269d88bf44e766be7f84a

          SHA1

          4030e8e94297bc0aa5139fe241e8cf8f8142d8d4

          SHA256

          dd1215f01b484e7842763302d42749d516963d9ac74e2fe8825a5eaba34f6229

          SHA512

          e4a39613cc32885b67f6219281fbf99f50018b5fd2886b5389cfa04dc9dc4ebfc46fca2b9e89586116094fa3a7600c20b2ca0fa3535dd2615739621856506864

          Download Submit

        • C:\Windows\SysWOW64\vb6ko.dll
          Filesize

          99KB

          MD5

          84742b5754690ed667372be561cf518d

          SHA1

          ef97aa43f804f447498568fc33704800b91a7381

          SHA256

          52b64e2bfc9ee0b807f2095726ace9e911bcd907054ac15686a4e7d2fd4dc751

          SHA512

          72ac19a3665a01519dac2ad43eb6178a66ad7f4e167f2a882cbca242978f8debe3e15d0e210c3b0391590699999f33a1fd5de4ca6559ff894b4e6cb4ac1415a0

          Download Submit

        • C:\Windows\utiloceansetup.exe
          Filesize

          894KB

          MD5

          3a401daf1ddfd26a74cd05fec91805f9

          SHA1

          0e976edaa99eb5b015d1358943a0b4d6a3466dc3

          SHA256

          a213784210bdcaf695086963f235b2b655481629b56ee9dc00f5195da9655cbf

          SHA512

          105c0dd686d6ccd5a51722c0483391e0bb3388d9beb0cfea4c92cf9abfe328c80fcb8cc2a87019931da1f297860c27aa88fca282aa29aee9d7eda8da13d12f5f

          Download Submit

        • C:\Windows\utiloceansetup.exe
          Filesize

          894KB

          MD5

          3a401daf1ddfd26a74cd05fec91805f9

          SHA1

          0e976edaa99eb5b015d1358943a0b4d6a3466dc3

          SHA256

          a213784210bdcaf695086963f235b2b655481629b56ee9dc00f5195da9655cbf

          SHA512

          105c0dd686d6ccd5a51722c0483391e0bb3388d9beb0cfea4c92cf9abfe328c80fcb8cc2a87019931da1f297860c27aa88fca282aa29aee9d7eda8da13d12f5f

          Download Submit

        • \Program Files (x86)\Utilocean\COMDLG32.OCX
          Filesize

          149KB

          MD5

          ab412429f1e5fb9708a8cdea07479099

          SHA1

          eb49323be4384a0e7e36053f186b305636e82887

          SHA256

          e32d8bbe8e6985726742b496520fa47827f3b428648fa1bc34ecffdd9bdac240

          SHA512

          f3348dbc3b05d14482250d7c399c00533598973f8e9168b4082ee5cbb81089dfaefcfda5a6a3c9f05b4445d655051b7a5170c57ee32d7a783dc35a75fee41aa9

          Download Submit

        • \Program Files (x86)\Utilocean\COMDLG32.OCX
          Filesize

          149KB

          MD5

          ab412429f1e5fb9708a8cdea07479099

          SHA1

          eb49323be4384a0e7e36053f186b305636e82887

          SHA256

          e32d8bbe8e6985726742b496520fa47827f3b428648fa1bc34ecffdd9bdac240

          SHA512

          f3348dbc3b05d14482250d7c399c00533598973f8e9168b4082ee5cbb81089dfaefcfda5a6a3c9f05b4445d655051b7a5170c57ee32d7a783dc35a75fee41aa9

          Download Submit

        • \Program Files (x86)\Utilocean\COMDLG32.OCX
          Filesize

          149KB

          MD5

          ab412429f1e5fb9708a8cdea07479099

          SHA1

          eb49323be4384a0e7e36053f186b305636e82887

          SHA256

          e32d8bbe8e6985726742b496520fa47827f3b428648fa1bc34ecffdd9bdac240

          SHA512

          f3348dbc3b05d14482250d7c399c00533598973f8e9168b4082ee5cbb81089dfaefcfda5a6a3c9f05b4445d655051b7a5170c57ee32d7a783dc35a75fee41aa9

          Download Submit

        • \Program Files (x86)\Utilocean\COMDLG32.OCX
          Filesize

          149KB

          MD5

          ab412429f1e5fb9708a8cdea07479099

          SHA1

          eb49323be4384a0e7e36053f186b305636e82887

          SHA256

          e32d8bbe8e6985726742b496520fa47827f3b428648fa1bc34ecffdd9bdac240

          SHA512

          f3348dbc3b05d14482250d7c399c00533598973f8e9168b4082ee5cbb81089dfaefcfda5a6a3c9f05b4445d655051b7a5170c57ee32d7a783dc35a75fee41aa9

          Download Submit

        • \Program Files (x86)\Utilocean\utiloceandn.exe
          Filesize

          131KB

          MD5

          6fb84f31b3bf01e9182fa5a5633e73b6

          SHA1

          5076fd3d3a9e0df8f4f4f377715ed4d8059b05a1

          SHA256

          535c6b688efa67527673961c305a28b203c38e141aa53b34545899104845762d

          SHA512

          01f7d0e05b957196973026d5007743b498b46e6dad90226ff1ccf9133f3f180f3a53769035aaffa98436a90f5e89fe9c1948f8407fcb6dcfac77b8a9555f9d8e

          Download Submit

        • \Program Files (x86)\Utilocean\utiloceandn.exe
          Filesize

          131KB

          MD5

          6fb84f31b3bf01e9182fa5a5633e73b6

          SHA1

          5076fd3d3a9e0df8f4f4f377715ed4d8059b05a1

          SHA256

          535c6b688efa67527673961c305a28b203c38e141aa53b34545899104845762d

          SHA512

          01f7d0e05b957196973026d5007743b498b46e6dad90226ff1ccf9133f3f180f3a53769035aaffa98436a90f5e89fe9c1948f8407fcb6dcfac77b8a9555f9d8e

          Download Submit

        • \Windows\SysWOW64\MSINET.OCX
          Filesize

          113KB

          MD5

          40d81470a19269d88bf44e766be7f84a

          SHA1

          4030e8e94297bc0aa5139fe241e8cf8f8142d8d4

          SHA256

          dd1215f01b484e7842763302d42749d516963d9ac74e2fe8825a5eaba34f6229

          SHA512

          e4a39613cc32885b67f6219281fbf99f50018b5fd2886b5389cfa04dc9dc4ebfc46fca2b9e89586116094fa3a7600c20b2ca0fa3535dd2615739621856506864

          Download Submit

        • \Windows\SysWOW64\MSINET.OCX
          Filesize

          113KB

          MD5

          40d81470a19269d88bf44e766be7f84a

          SHA1

          4030e8e94297bc0aa5139fe241e8cf8f8142d8d4

          SHA256

          dd1215f01b484e7842763302d42749d516963d9ac74e2fe8825a5eaba34f6229

          SHA512

          e4a39613cc32885b67f6219281fbf99f50018b5fd2886b5389cfa04dc9dc4ebfc46fca2b9e89586116094fa3a7600c20b2ca0fa3535dd2615739621856506864

          Download Submit

        • \Windows\SysWOW64\MSINET.OCX
          Filesize

          113KB

          MD5

          40d81470a19269d88bf44e766be7f84a

          SHA1

          4030e8e94297bc0aa5139fe241e8cf8f8142d8d4

          SHA256

          dd1215f01b484e7842763302d42749d516963d9ac74e2fe8825a5eaba34f6229

          SHA512

          e4a39613cc32885b67f6219281fbf99f50018b5fd2886b5389cfa04dc9dc4ebfc46fca2b9e89586116094fa3a7600c20b2ca0fa3535dd2615739621856506864

          Download Submit

        • \Windows\SysWOW64\MSINET.OCX
          Filesize

          113KB

          MD5

          40d81470a19269d88bf44e766be7f84a

          SHA1

          4030e8e94297bc0aa5139fe241e8cf8f8142d8d4

          SHA256

          dd1215f01b484e7842763302d42749d516963d9ac74e2fe8825a5eaba34f6229

          SHA512

          e4a39613cc32885b67f6219281fbf99f50018b5fd2886b5389cfa04dc9dc4ebfc46fca2b9e89586116094fa3a7600c20b2ca0fa3535dd2615739621856506864

          Download Submit

        • \Windows\SysWOW64\VB6KO.DLL
          Filesize

          99KB

          MD5

          84742b5754690ed667372be561cf518d

          SHA1

          ef97aa43f804f447498568fc33704800b91a7381

          SHA256

          52b64e2bfc9ee0b807f2095726ace9e911bcd907054ac15686a4e7d2fd4dc751

          SHA512

          72ac19a3665a01519dac2ad43eb6178a66ad7f4e167f2a882cbca242978f8debe3e15d0e210c3b0391590699999f33a1fd5de4ca6559ff894b4e6cb4ac1415a0

          Download Submit

        • memory/1096-56-0x0000000075C41000-0x0000000075C43000-memory.dmp

          Filesize

          8KB

          Download