Overview

overview

8

Static

static

27aabfd6b6...26.exe

windows7-x64

8

27aabfd6b6...26.exe

windows10-2004-x64

8

Analysis

  • max time kernel
    153s
  • max time network
    180s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20221111-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20221111-enlocale:en-usos:windows10-2004-x64system
  • submitted
    01-12-2022 13:44

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    27aabfd6b68743a01518e2d78beb9da06db7b75400187034e81410d76ea39526.exe

  • Size

    924KB

  • MD5

    2bfa6c0ac592ccddc97347e4a5b2ea99

  • SHA1

    c89e17ecf36e10c6f3fc24bc843a6e28fe8e3406

  • SHA256

    27aabfd6b68743a01518e2d78beb9da06db7b75400187034e81410d76ea39526

  • SHA512

    9ef583f69e526d7a11e31b61272e0450eaf9097a8ba23c6e49b092a6179329543829d02d587013840828b42ab9eaaee2838865ba2e5d1191ef5cc9ba994d2f38

  • SSDEEP

    24576:hjUdH6v+k1rdFev2EswT+j7EUl72yDGn:BwH5k15FDjRj9PG

Score
8/10
discoverypersistence

Malware Config

Signatures

  • Executes dropped EXE 2 IoCs
  • Checks computer location settings 2 TTPs 1 IoCs

    Looks up country code configured in the registry, likely geofence.

  • Loads dropped DLL 5 IoCs
  • Adds Run key to start application 2 TTPs 2 IoCs
    persistence
  • Checks installed software on the system 1 TTPs

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  • Drops file in System32 directory 3 IoCs
  • Drops file in Program Files directory 5 IoCs
  • Drops file in Windows directory 1 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

  • Modifies registry class 64 IoCs
  • Suspicious use of SetWindowsHookEx 4 IoCs
  • Suspicious use of WriteProcessMemory 6 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\27aabfd6b68743a01518e2d78beb9da06db7b75400187034e81410d76ea39526.exe
    "C:\Users\Admin\AppData\Local\Temp\27aabfd6b68743a01518e2d78beb9da06db7b75400187034e81410d76ea39526.exe"
    1⤵
    • Drops file in Windows directory
    • Suspicious use of WriteProcessMemory
    PID:2084
    • C:\Windows\utiloceansetup.exe
      C:\Windows\utiloceansetup.exe
      2⤵
      • Executes dropped EXE
      • Checks computer location settings
      • Adds Run key to start application
      • Drops file in System32 directory
      • Drops file in Program Files directory
      • Suspicious use of WriteProcessMemory
      PID:4636
      • C:\Program Files (x86)\Utilocean\utiloceandn.exe
        "C:\Program Files (x86)\Utilocean\utiloceandn.exe"
        3⤵
        • Executes dropped EXE
        • Loads dropped DLL
        • Modifies registry class
        • Suspicious use of SetWindowsHookEx
        PID:3572

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Program Files (x86)\Utilocean\COMDLG32.OCX
    Filesize

    149KB

    MD5

    ab412429f1e5fb9708a8cdea07479099

    SHA1

    eb49323be4384a0e7e36053f186b305636e82887

    SHA256

    e32d8bbe8e6985726742b496520fa47827f3b428648fa1bc34ecffdd9bdac240

    SHA512

    f3348dbc3b05d14482250d7c399c00533598973f8e9168b4082ee5cbb81089dfaefcfda5a6a3c9f05b4445d655051b7a5170c57ee32d7a783dc35a75fee41aa9

    Download Submit

  • C:\Program Files (x86)\Utilocean\COMDLG32.OCX
    Filesize

    149KB

    MD5

    ab412429f1e5fb9708a8cdea07479099

    SHA1

    eb49323be4384a0e7e36053f186b305636e82887

    SHA256

    e32d8bbe8e6985726742b496520fa47827f3b428648fa1bc34ecffdd9bdac240

    SHA512

    f3348dbc3b05d14482250d7c399c00533598973f8e9168b4082ee5cbb81089dfaefcfda5a6a3c9f05b4445d655051b7a5170c57ee32d7a783dc35a75fee41aa9

    Download Submit

  • C:\Program Files (x86)\Utilocean\COMDLG32.OCX
    Filesize

    149KB

    MD5

    ab412429f1e5fb9708a8cdea07479099

    SHA1

    eb49323be4384a0e7e36053f186b305636e82887

    SHA256

    e32d8bbe8e6985726742b496520fa47827f3b428648fa1bc34ecffdd9bdac240

    SHA512

    f3348dbc3b05d14482250d7c399c00533598973f8e9168b4082ee5cbb81089dfaefcfda5a6a3c9f05b4445d655051b7a5170c57ee32d7a783dc35a75fee41aa9

    Download Submit

  • C:\Program Files (x86)\Utilocean\utiloceandn.exe
    Filesize

    131KB

    MD5

    6fb84f31b3bf01e9182fa5a5633e73b6

    SHA1

    5076fd3d3a9e0df8f4f4f377715ed4d8059b05a1

    SHA256

    535c6b688efa67527673961c305a28b203c38e141aa53b34545899104845762d

    SHA512

    01f7d0e05b957196973026d5007743b498b46e6dad90226ff1ccf9133f3f180f3a53769035aaffa98436a90f5e89fe9c1948f8407fcb6dcfac77b8a9555f9d8e

    Download Submit

  • C:\Program Files (x86)\Utilocean\utiloceandn.exe
    Filesize

    131KB

    MD5

    6fb84f31b3bf01e9182fa5a5633e73b6

    SHA1

    5076fd3d3a9e0df8f4f4f377715ed4d8059b05a1

    SHA256

    535c6b688efa67527673961c305a28b203c38e141aa53b34545899104845762d

    SHA512

    01f7d0e05b957196973026d5007743b498b46e6dad90226ff1ccf9133f3f180f3a53769035aaffa98436a90f5e89fe9c1948f8407fcb6dcfac77b8a9555f9d8e

    Download Submit

  • C:\Windows\SysWOW64\MSINET.OCX
    Filesize

    113KB

    MD5

    40d81470a19269d88bf44e766be7f84a

    SHA1

    4030e8e94297bc0aa5139fe241e8cf8f8142d8d4

    SHA256

    dd1215f01b484e7842763302d42749d516963d9ac74e2fe8825a5eaba34f6229

    SHA512

    e4a39613cc32885b67f6219281fbf99f50018b5fd2886b5389cfa04dc9dc4ebfc46fca2b9e89586116094fa3a7600c20b2ca0fa3535dd2615739621856506864

    Download Submit

  • C:\Windows\SysWOW64\MSINET.OCX
    Filesize

    113KB

    MD5

    40d81470a19269d88bf44e766be7f84a

    SHA1

    4030e8e94297bc0aa5139fe241e8cf8f8142d8d4

    SHA256

    dd1215f01b484e7842763302d42749d516963d9ac74e2fe8825a5eaba34f6229

    SHA512

    e4a39613cc32885b67f6219281fbf99f50018b5fd2886b5389cfa04dc9dc4ebfc46fca2b9e89586116094fa3a7600c20b2ca0fa3535dd2615739621856506864

    Download Submit

  • C:\Windows\SysWOW64\MSINET.OCX
    Filesize

    113KB

    MD5

    40d81470a19269d88bf44e766be7f84a

    SHA1

    4030e8e94297bc0aa5139fe241e8cf8f8142d8d4

    SHA256

    dd1215f01b484e7842763302d42749d516963d9ac74e2fe8825a5eaba34f6229

    SHA512

    e4a39613cc32885b67f6219281fbf99f50018b5fd2886b5389cfa04dc9dc4ebfc46fca2b9e89586116094fa3a7600c20b2ca0fa3535dd2615739621856506864

    Download Submit

  • C:\Windows\SysWOW64\VB6KO.DLL
    Filesize

    99KB

    MD5

    84742b5754690ed667372be561cf518d

    SHA1

    ef97aa43f804f447498568fc33704800b91a7381

    SHA256

    52b64e2bfc9ee0b807f2095726ace9e911bcd907054ac15686a4e7d2fd4dc751

    SHA512

    72ac19a3665a01519dac2ad43eb6178a66ad7f4e167f2a882cbca242978f8debe3e15d0e210c3b0391590699999f33a1fd5de4ca6559ff894b4e6cb4ac1415a0

    Download Submit

  • C:\Windows\SysWOW64\vb6ko.dll
    Filesize

    99KB

    MD5

    84742b5754690ed667372be561cf518d

    SHA1

    ef97aa43f804f447498568fc33704800b91a7381

    SHA256

    52b64e2bfc9ee0b807f2095726ace9e911bcd907054ac15686a4e7d2fd4dc751

    SHA512

    72ac19a3665a01519dac2ad43eb6178a66ad7f4e167f2a882cbca242978f8debe3e15d0e210c3b0391590699999f33a1fd5de4ca6559ff894b4e6cb4ac1415a0

    Download Submit

  • C:\Windows\utiloceansetup.exe
    Filesize

    894KB

    MD5

    3a401daf1ddfd26a74cd05fec91805f9

    SHA1

    0e976edaa99eb5b015d1358943a0b4d6a3466dc3

    SHA256

    a213784210bdcaf695086963f235b2b655481629b56ee9dc00f5195da9655cbf

    SHA512

    105c0dd686d6ccd5a51722c0483391e0bb3388d9beb0cfea4c92cf9abfe328c80fcb8cc2a87019931da1f297860c27aa88fca282aa29aee9d7eda8da13d12f5f

    Download Submit

  • C:\Windows\utiloceansetup.exe
    Filesize

    894KB

    MD5

    3a401daf1ddfd26a74cd05fec91805f9

    SHA1

    0e976edaa99eb5b015d1358943a0b4d6a3466dc3

    SHA256

    a213784210bdcaf695086963f235b2b655481629b56ee9dc00f5195da9655cbf

    SHA512

    105c0dd686d6ccd5a51722c0483391e0bb3388d9beb0cfea4c92cf9abfe328c80fcb8cc2a87019931da1f297860c27aa88fca282aa29aee9d7eda8da13d12f5f

    Download Submit