Overview

overview

8

Static

static

c93944cc37...5a.exe

windows7-x64

8

c93944cc37...5a.exe

windows10-2004-x64

8

Analysis

  • max time kernel
    186s
  • max time network
    236s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20221111-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20221111-enlocale:en-usos:windows10-2004-x64system
  • submitted
    01-12-2022 14:40

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    c93944cc37ff769814a064e91147ad24bd937f7c282a70d5c9c2f458e0107e5a.exe

  • Size

    1.3MB

  • MD5

    b297dbde459e613a7ff0d7952f4c43bf

  • SHA1

    1d0dd64eab8a34965b7ee8f2c41d35cf338a7fd9

  • SHA256

    c93944cc37ff769814a064e91147ad24bd937f7c282a70d5c9c2f458e0107e5a

  • SHA512

    6c836939cda97183b8881aa4cb5c6c50d6ea2c6d6a694d639734ae9f7dca8485637efaffcfe6f4d84cd57e0084d95828bca2f411155660fc1fd4c0f37dd73fe8

  • SSDEEP

    24576:MIR2w1UPMY7o+MuddBxCAmCg1wTf7LxkKJDtJe+2sBjOMQFB8im:MIH1eFl2Z6C8tIPEg7m

Score
8/10

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Checks computer location settings 2 TTPs 1 IoCs

    Looks up country code configured in the registry, likely geofence.

  • Loads dropped DLL 5 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

  • Suspicious use of SetWindowsHookEx 27 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\c93944cc37ff769814a064e91147ad24bd937f7c282a70d5c9c2f458e0107e5a.exe
    "C:\Users\Admin\AppData\Local\Temp\c93944cc37ff769814a064e91147ad24bd937f7c282a70d5c9c2f458e0107e5a.exe"
    1⤵
    • Checks computer location settings
    • Suspicious use of WriteProcessMemory
    PID:1472
    • C:\Users\Admin\AppData\Local\Temp\RarSFX0\JQPlayer.exe
      "C:\Users\Admin\AppData\Local\Temp\RarSFX0\JQPlayer.exe"
      2⤵
      • Executes dropped EXE
      • Loads dropped DLL
      • Suspicious use of SetWindowsHookEx
      PID:4228

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\E_4\HtmlView.fne
    Filesize

    224KB

    MD5

    5119e853bf543fa2ef978d758cfb0819

    SHA1

    13541a62b63d019381a0e15b944c9843e88dc5cb

    SHA256

    8640b2a172680cd62a73baee98eed73de8059a21a5fc21e398bf81a8ab31eaaa

    SHA512

    ae8f9be5ae53af0594f48c119937ce8482bb3fdc4fb48a1fb6fcd9d8896acbc9a4eafe4ba0e02059953160665b8de767483b06e15703b97cf82fb52dbebc2799

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\E_4\HtmlView.fne
    Filesize

    224KB

    MD5

    5119e853bf543fa2ef978d758cfb0819

    SHA1

    13541a62b63d019381a0e15b944c9843e88dc5cb

    SHA256

    8640b2a172680cd62a73baee98eed73de8059a21a5fc21e398bf81a8ab31eaaa

    SHA512

    ae8f9be5ae53af0594f48c119937ce8482bb3fdc4fb48a1fb6fcd9d8896acbc9a4eafe4ba0e02059953160665b8de767483b06e15703b97cf82fb52dbebc2799

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\E_4\iext3.fne
    Filesize

    380KB

    MD5

    a77de702fa12491d2f758f5d10f41709

    SHA1

    129f83d3aea6d92c12da4b4efcda4ce86dba7ac9

    SHA256

    cd7185752661733ebd2938653f997d8c7232bcc257d5bc67d472454410b0f5ef

    SHA512

    0c16757fdcb482952c8af9e3e79d1723175354eab37910725f50b7168217040acd17c825f6d19c6c4e0413dee15b0386e11898bc5ab5f6884338ff26e43559cc

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\E_4\iext3.fne
    Filesize

    380KB

    MD5

    a77de702fa12491d2f758f5d10f41709

    SHA1

    129f83d3aea6d92c12da4b4efcda4ce86dba7ac9

    SHA256

    cd7185752661733ebd2938653f997d8c7232bcc257d5bc67d472454410b0f5ef

    SHA512

    0c16757fdcb482952c8af9e3e79d1723175354eab37910725f50b7168217040acd17c825f6d19c6c4e0413dee15b0386e11898bc5ab5f6884338ff26e43559cc

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\E_4\krnln.fnr
    Filesize

    1.1MB

    MD5

    97c8fe752e354b2945e4c593a87e4a8b

    SHA1

    03ab4c91535ecf14b13e0258f3a7be459a7957f9

    SHA256

    820d8dd49baed0da44d42555ad361d78e068115661dce72ae6578dcdab6baead

    SHA512

    af4492c08d6659d21ebfefe752b0d71210d2542c1788f1d2d9f86a85f01c3dd05eebf61c925e18b5e870aec7e9794e4a7050a04f4c58d90dca93324485690bcc

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\RarSFX0\JQPlayer.exe
    Filesize

    1.2MB

    MD5

    134fb246d6bc071f3fa06bd93d69eaf5

    SHA1

    09342583a2a0a5b7c02c4f2c0492a7a0ffb68083

    SHA256

    2eb89026e0fa350eb4559df87e840a4c5322e67dbbd385fbb178b67f682265f5

    SHA512

    97e0518aa108da4ec4d4fad5f8edac55e28052deba3441b7835dffbe0a107fe46c4a4e5b7f458c45b7291ba6d38903179c374351eff8b946f046b660212d6d1a

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\RarSFX0\JQPlayer.exe
    Filesize

    1.2MB

    MD5

    134fb246d6bc071f3fa06bd93d69eaf5

    SHA1

    09342583a2a0a5b7c02c4f2c0492a7a0ffb68083

    SHA256

    2eb89026e0fa350eb4559df87e840a4c5322e67dbbd385fbb178b67f682265f5

    SHA512

    97e0518aa108da4ec4d4fad5f8edac55e28052deba3441b7835dffbe0a107fe46c4a4e5b7f458c45b7291ba6d38903179c374351eff8b946f046b660212d6d1a

    Download Submit

  • memory/4228-135-0x0000000000400000-0x0000000000482000-memory.dmp

    Filesize

    520KB

    Download

  • memory/4228-140-0x0000000003860000-0x000000000389B000-memory.dmp

    Filesize

    236KB

    Download

  • memory/4228-142-0x00000000032B0000-0x00000000032B4000-memory.dmp

    Filesize

    16KB

    Download

  • memory/4228-145-0x0000000004940000-0x00000000049AF000-memory.dmp

    Filesize

    444KB

    Download

  • memory/4228-136-0x0000000001FB0000-0x0000000002004000-memory.dmp

    Filesize

    336KB

    Download

  • memory/4228-147-0x0000000001FB0000-0x0000000002004000-memory.dmp

    Filesize

    336KB

    Download

  • memory/4228-148-0x0000000000400000-0x0000000000482000-memory.dmp

    Filesize

    520KB

    Download