Overview

overview

9

Static

static

aeb153c09e...24.exe

windows7-x64

9

aeb153c09e...24.exe

windows10-2004-x64

9

Analysis

  • max time kernel
    168s
  • max time network
    189s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20220812-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
  • submitted
    01/12/2022, 13:52

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    aeb153c09ed6ec7795df80aef5b29f423fe90abaf8f7fc28cb32c09bd67be224.exe

  • Size

    175KB

  • MD5

    5b5c584130d66c5b832af9e227f93dd6

  • SHA1

    6ad9d202343418b64a9eb69a13c9cd82fbce22a5

  • SHA256

    aeb153c09ed6ec7795df80aef5b29f423fe90abaf8f7fc28cb32c09bd67be224

  • SHA512

    a49fcdbe47e3fda9458a469b70da8a266879563170fb1156f54786d43410f8c0c13dbfcdaaaaaf44d678a0e20f1fd935f7f53f29a11fc8b0fab7cf0aaecb1b1f

  • SSDEEP

    3072:XSB1Ed0h4MEHZB5TiVhf/rw978lBBZty+a2kb7GQx/OfxurGX:XSB1Ed0h/CB5OVhc9wlXZty+Ob6IrrO

Score
9/10
upx

Malware Config

Signatures

  • ACProtect 1.3x - 1.4x DLL software 2 IoCs

    Detects file using ACProtect software.

  • Blocklisted process makes network request 1 IoCs
  • UPX packed file 4 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Checks computer location settings 2 TTPs 1 IoCs

    Looks up country code configured in the registry, likely geofence.

  • Loads dropped DLL 1 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

  • Program crash 1 IoCs
  • Modifies registry class 1 IoCs
  • Suspicious use of WriteProcessMemory 6 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\aeb153c09ed6ec7795df80aef5b29f423fe90abaf8f7fc28cb32c09bd67be224.exe
    "C:\Users\Admin\AppData\Local\Temp\aeb153c09ed6ec7795df80aef5b29f423fe90abaf8f7fc28cb32c09bd67be224.exe"
    1⤵
    • Checks computer location settings
    • Modifies registry class
    • Suspicious use of WriteProcessMemory
    PID:4384
    • C:\Windows\SysWOW64\control.exe
      "C:\Windows\System32\control.exe" "C:\Users\Admin\AppData\Local\Temp\VideosFotinhas.cpl",
      2⤵
      • Suspicious use of WriteProcessMemory
      PID:1900
      • C:\Windows\SysWOW64\rundll32.exe
        "C:\Windows\system32\rundll32.exe" Shell32.dll,Control_RunDLL "C:\Users\Admin\AppData\Local\Temp\VideosFotinhas.cpl",
        3⤵
        • Blocklisted process makes network request
        • Loads dropped DLL
        PID:4332
        • C:\Windows\SysWOW64\WerFault.exe
          C:\Windows\SysWOW64\WerFault.exe -u -p 4332 -s 1408
          4⤵
          • Program crash
          PID:2688
  • C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 4332 -ip 4332
    1⤵
      PID:4496

    Network

    MITRE ATT&CK Enterprise v6

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\Local\Temp\VideosFotinhas.cpl
      Filesize

      79KB

      MD5

      e72e024adc6d5f786ae959a33253801b

      SHA1

      dceababcb4370cb2b1ec686897b0b23fc60746a8

      SHA256

      7047b22e1c04def87d215147bbb510123386b74ce3a67bd46275a46b0763fee6

      SHA512

      cc461938f412be6ac011c6c83e50ed32d8896e7c2126aa25bdfd0215b1848931cf0ea7032a7efa6dd5e87694d27272457fdb98683b9d2934f4b6f6dca68cb257

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\VideosFotinhas.cpl
      Filesize

      79KB

      MD5

      e72e024adc6d5f786ae959a33253801b

      SHA1

      dceababcb4370cb2b1ec686897b0b23fc60746a8

      SHA256

      7047b22e1c04def87d215147bbb510123386b74ce3a67bd46275a46b0763fee6

      SHA512

      cc461938f412be6ac011c6c83e50ed32d8896e7c2126aa25bdfd0215b1848931cf0ea7032a7efa6dd5e87694d27272457fdb98683b9d2934f4b6f6dca68cb257

      Download Submit

    • memory/4332-136-0x0000000000400000-0x000000000043B000-memory.dmp

      Filesize

      236KB

      Download

    • memory/4332-137-0x0000000000400000-0x000000000043B000-memory.dmp

      Filesize

      236KB

      Download