Overview

overview

8

Static

static

d2e524aa3e...d0.exe

windows7-x64

8

d2e524aa3e...d0.exe

windows10-2004-x64

8

Analysis

  • max time kernel
    94s
  • max time network
    158s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20220812-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
  • submitted
    01/12/2022, 16:29

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    d2e524aa3e1b7ae86602ad014847f84fe95158bcc74f29f9504da65eca0950d0.exe

  • Size

    165KB

  • MD5

    f833b057c168e43f5f35b72c90960172

  • SHA1

    92c84e57ccd4344be58e5137938349a0985d1d05

  • SHA256

    d2e524aa3e1b7ae86602ad014847f84fe95158bcc74f29f9504da65eca0950d0

  • SHA512

    7713c3bc185739c12084fc310cc1f5d1c8f1ffb46104605aacf2be7cfe1ac0310d2611c98050f4a1aa817e8bc0753c50683d888fde887fa70f88b784a38135ef

  • SSDEEP

    3072:3T+BWolh/kJcU4MHY3gAx6e1gJRmxEErrLbIVsT/w90mWp:3aX2IF6eCcfLbe0mq

Score
8/10
persistence

Malware Config

Signatures

  • Executes dropped EXE 5 IoCs
  • Sets file execution options in registry 2 TTPs 8 IoCs
    persistence
  • Loads dropped DLL 2 IoCs
  • Drops file in System32 directory 5 IoCs
  • Drops file in Windows directory 9 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

  • Suspicious behavior: EnumeratesProcesses 16 IoCs
  • Suspicious use of AdjustPrivilegeToken 4 IoCs
  • Suspicious use of SetWindowsHookEx 2 IoCs
  • Suspicious use of WriteProcessMemory 12 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\d2e524aa3e1b7ae86602ad014847f84fe95158bcc74f29f9504da65eca0950d0.exe
    "C:\Users\Admin\AppData\Local\Temp\d2e524aa3e1b7ae86602ad014847f84fe95158bcc74f29f9504da65eca0950d0.exe"
    1⤵
    • Drops file in System32 directory
    • Suspicious use of WriteProcessMemory
    PID:4364
    • C:\Windows\SysWOW64\inf\d03.exe
      d03.exe
      2⤵
      • Executes dropped EXE
      • Drops file in System32 directory
      • Drops file in Windows directory
      PID:5044
    • C:\Windows\SysWOW64\inf\MsnSvc64.exe
      MsnSvc64.exe /install u08
      2⤵
      • Executes dropped EXE
      • Sets file execution options in registry
      • Drops file in Windows directory
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of WriteProcessMemory
      PID:4960
      • C:\Windows\inf\MsnSvc64.exe
        C:\Windows\inf\MsnSvc64.exe /install u08
        3⤵
        • Executes dropped EXE
        • Sets file execution options in registry
        • Drops file in Windows directory
        • Suspicious use of AdjustPrivilegeToken
        • Suspicious use of WriteProcessMemory
        PID:5020
        • C:\Windows\inf\MsnSvc64.exe
          C:\Windows\inf\MsnSvc64.exe
          4⤵
          • Executes dropped EXE
          • Sets file execution options in registry
          • Loads dropped DLL
          • Drops file in Windows directory
          • Suspicious behavior: EnumeratesProcesses
          • Suspicious use of AdjustPrivilegeToken
          • Suspicious use of SetWindowsHookEx
          PID:1584
  • C:\Windows\inf\MsnSvc64.exe
    C:\Windows\inf\MsnSvc64.exe
    1⤵
    • Executes dropped EXE
    • Sets file execution options in registry
    • Loads dropped DLL
    • Drops file in Windows directory
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of SetWindowsHookEx
    PID:1016

Network

        MITRE ATT&CK Enterprise v6

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Windows\INF\MsnSvc64.exe
          Filesize

          127KB

          MD5

          2986659ba4fadc88602fb519234625c0

          SHA1

          a74ba720213e67196c541b6dd800cbe0f8efbbf0

          SHA256

          99724256cd5130b656ac230e8d18b5535cee2f8903b8f17df359c06855019f2d

          SHA512

          c1d02c4c93e2aaef8bfe5207900e2ffc856364fc20a9696bbc40c0e40169584db05b5896e49cc86d1b38a5e8033f1a1fa9157058b5da653e2ef9e1994aa37879

          Download Submit

        • C:\Windows\INF\MsnSvc64.exe
          Filesize

          127KB

          MD5

          2986659ba4fadc88602fb519234625c0

          SHA1

          a74ba720213e67196c541b6dd800cbe0f8efbbf0

          SHA256

          99724256cd5130b656ac230e8d18b5535cee2f8903b8f17df359c06855019f2d

          SHA512

          c1d02c4c93e2aaef8bfe5207900e2ffc856364fc20a9696bbc40c0e40169584db05b5896e49cc86d1b38a5e8033f1a1fa9157058b5da653e2ef9e1994aa37879

          Download Submit

        • C:\Windows\INF\MsnSvc64.exe
          Filesize

          127KB

          MD5

          2986659ba4fadc88602fb519234625c0

          SHA1

          a74ba720213e67196c541b6dd800cbe0f8efbbf0

          SHA256

          99724256cd5130b656ac230e8d18b5535cee2f8903b8f17df359c06855019f2d

          SHA512

          c1d02c4c93e2aaef8bfe5207900e2ffc856364fc20a9696bbc40c0e40169584db05b5896e49cc86d1b38a5e8033f1a1fa9157058b5da653e2ef9e1994aa37879

          Download Submit

        • C:\Windows\INF\usbctrl02.inf
          Filesize

          73KB

          MD5

          b87333e7241664db85c04974cffcbebd

          SHA1

          745fd885913e9d404048de6994e2ac9a35c3c17b

          SHA256

          3db50392544df038d655912c30e07350d601ebd8d6761b8c0ac7a5ecc2969e20

          SHA512

          fcd3b1c65431fb3d14181433345ad8d8043aaf51bec79afeca19b536a8d9b047e7e70b1ae2751c65a7abb6b58eecf7e87b3ca6172340065c0092ee8c78113cb8

          Download Submit

        • C:\Windows\INF\usbctrl02.inf
          Filesize

          73KB

          MD5

          b87333e7241664db85c04974cffcbebd

          SHA1

          745fd885913e9d404048de6994e2ac9a35c3c17b

          SHA256

          3db50392544df038d655912c30e07350d601ebd8d6761b8c0ac7a5ecc2969e20

          SHA512

          fcd3b1c65431fb3d14181433345ad8d8043aaf51bec79afeca19b536a8d9b047e7e70b1ae2751c65a7abb6b58eecf7e87b3ca6172340065c0092ee8c78113cb8

          Download Submit

        • C:\Windows\SysWOW64\inf\MsnSvc64.exe
          Filesize

          127KB

          MD5

          2986659ba4fadc88602fb519234625c0

          SHA1

          a74ba720213e67196c541b6dd800cbe0f8efbbf0

          SHA256

          99724256cd5130b656ac230e8d18b5535cee2f8903b8f17df359c06855019f2d

          SHA512

          c1d02c4c93e2aaef8bfe5207900e2ffc856364fc20a9696bbc40c0e40169584db05b5896e49cc86d1b38a5e8033f1a1fa9157058b5da653e2ef9e1994aa37879

          Download Submit

        • C:\Windows\SysWOW64\inf\MsnSvc64.exe
          Filesize

          127KB

          MD5

          2986659ba4fadc88602fb519234625c0

          SHA1

          a74ba720213e67196c541b6dd800cbe0f8efbbf0

          SHA256

          99724256cd5130b656ac230e8d18b5535cee2f8903b8f17df359c06855019f2d

          SHA512

          c1d02c4c93e2aaef8bfe5207900e2ffc856364fc20a9696bbc40c0e40169584db05b5896e49cc86d1b38a5e8033f1a1fa9157058b5da653e2ef9e1994aa37879

          Download Submit

        • C:\Windows\SysWOW64\inf\d03.exe
          Filesize

          72KB

          MD5

          e25488a5a5db22e7811a2c36a279c369

          SHA1

          1a67057013effb7af71860c1b2a6f069b825312b

          SHA256

          89ae301e1f6da89ac4d2925aacd5eb2167592923cecbc01c3619d41b40e6c067

          SHA512

          0603b7823aa2e9f14361df4b48afe56726580deb75575c49a73c1fe103bb48ee7b6b1d48b4f5ffb14649e2788aa1792b6972f5d989d23d5e23e2ab62bf21643a

          Download Submit

        • C:\Windows\SysWOW64\inf\d03.exe
          Filesize

          72KB

          MD5

          e25488a5a5db22e7811a2c36a279c369

          SHA1

          1a67057013effb7af71860c1b2a6f069b825312b

          SHA256

          89ae301e1f6da89ac4d2925aacd5eb2167592923cecbc01c3619d41b40e6c067

          SHA512

          0603b7823aa2e9f14361df4b48afe56726580deb75575c49a73c1fe103bb48ee7b6b1d48b4f5ffb14649e2788aa1792b6972f5d989d23d5e23e2ab62bf21643a

          Download Submit

        • C:\Windows\inf\MsnSvc64.exe
          Filesize

          127KB

          MD5

          2986659ba4fadc88602fb519234625c0

          SHA1

          a74ba720213e67196c541b6dd800cbe0f8efbbf0

          SHA256

          99724256cd5130b656ac230e8d18b5535cee2f8903b8f17df359c06855019f2d

          SHA512

          c1d02c4c93e2aaef8bfe5207900e2ffc856364fc20a9696bbc40c0e40169584db05b5896e49cc86d1b38a5e8033f1a1fa9157058b5da653e2ef9e1994aa37879

          Download Submit

        • C:\Windows\inf\usbctrl02.inf
          Filesize

          73KB

          MD5

          b87333e7241664db85c04974cffcbebd

          SHA1

          745fd885913e9d404048de6994e2ac9a35c3c17b

          SHA256

          3db50392544df038d655912c30e07350d601ebd8d6761b8c0ac7a5ecc2969e20

          SHA512

          fcd3b1c65431fb3d14181433345ad8d8043aaf51bec79afeca19b536a8d9b047e7e70b1ae2751c65a7abb6b58eecf7e87b3ca6172340065c0092ee8c78113cb8

          Download Submit

        • C:\Windows\inf\usbctrl02.inf
          Filesize

          73KB

          MD5

          b87333e7241664db85c04974cffcbebd

          SHA1

          745fd885913e9d404048de6994e2ac9a35c3c17b

          SHA256

          3db50392544df038d655912c30e07350d601ebd8d6761b8c0ac7a5ecc2969e20

          SHA512

          fcd3b1c65431fb3d14181433345ad8d8043aaf51bec79afeca19b536a8d9b047e7e70b1ae2751c65a7abb6b58eecf7e87b3ca6172340065c0092ee8c78113cb8

          Download Submit