Overview

overview

8

Static

static

853827520a...5c.exe

windows7-x64

8

853827520a...5c.exe

windows10-2004-x64

8

Analysis

  • max time kernel
    147s
  • max time network
    156s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20220812-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
  • submitted
    02-12-2022 23:04

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    853827520a9f90eb050e0dcb2f2a0f2c8ddc61508c4a7adc6316ef6a9ff3515c.exe

  • Size

    706KB

  • MD5

    6dbf22845f9b2867c61cef220aa209a6

  • SHA1

    fe52da591ed84ec0bb57319c80326c11a6cd4173

  • SHA256

    853827520a9f90eb050e0dcb2f2a0f2c8ddc61508c4a7adc6316ef6a9ff3515c

  • SHA512

    f2a336dc377ce91e354712e9fd7534c1f4dfea0d9fdfa127d0d5704e79bf6557f996cf5a9e5644020e13c01459a3ac7dde210aa6f9a3cf3f75e46b2e4ff58b4f

  • SSDEEP

    12288:gp/iN/mlVdtvrYeyZJf7kPK+iqBZn+D73iKHeGspmWKDXJtYsTi17a:gpQ/6trYlvYPK+lqD73TeGspmptNTik

Score
8/10

Malware Config

Signatures

  • Executes dropped EXE 2 IoCs
  • Checks computer location settings 2 TTPs 1 IoCs

    Looks up country code configured in the registry, likely geofence.

  • Drops file in Windows directory 5 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

  • Modifies Control Panel 2 IoCs
    evasion
  • Modifies Internet Explorer settings 1 TTPs 4 IoCs
    adwarespyware
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\853827520a9f90eb050e0dcb2f2a0f2c8ddc61508c4a7adc6316ef6a9ff3515c.exe
    "C:\Users\Admin\AppData\Local\Temp\853827520a9f90eb050e0dcb2f2a0f2c8ddc61508c4a7adc6316ef6a9ff3515c.exe"
    1⤵
    • Checks computer location settings
    • Drops file in Windows directory
    • Modifies Control Panel
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:4816
    • C:\Windows\ScrBlaze.scr
      "C:\Windows\ScrBlaze.scr" /S
      2⤵
      • Executes dropped EXE
      • Drops file in Windows directory
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      PID:4036
  • C:\Windows\ScrBlaze.scr
    C:\Windows\ScrBlaze.scr /s
    1⤵
    • Executes dropped EXE
    • Drops file in Windows directory
    • Suspicious use of SetWindowsHookEx
    PID:2732

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\DUHIRKGY\17NKjm[1].htm
    Filesize

    125B

    MD5

    1cd6fcc634a5715f528fa28fd1a87c54

    SHA1

    6a6d7dac28bb8a89e87ed677966f95df583ee210

    SHA256

    d233c49335982d56db02bebfdb395b50c19fc0bf8fcb61409afe0777c08a501d

    SHA512

    1ff16b809e07511efcadb7fa1af2b26ad092c42a65aa1ff3e4ee8e07bbdee836eab660b9ae3ed3ce1016dd08699826064759a3077696eb604d42b64d1b320c32

    Download Submit

  • C:\Windows\ScrBlaze.scr
    Filesize

    706KB

    MD5

    6dbf22845f9b2867c61cef220aa209a6

    SHA1

    fe52da591ed84ec0bb57319c80326c11a6cd4173

    SHA256

    853827520a9f90eb050e0dcb2f2a0f2c8ddc61508c4a7adc6316ef6a9ff3515c

    SHA512

    f2a336dc377ce91e354712e9fd7534c1f4dfea0d9fdfa127d0d5704e79bf6557f996cf5a9e5644020e13c01459a3ac7dde210aa6f9a3cf3f75e46b2e4ff58b4f

    Download Submit

  • C:\Windows\ScrBlaze.scr
    Filesize

    706KB

    MD5

    6dbf22845f9b2867c61cef220aa209a6

    SHA1

    fe52da591ed84ec0bb57319c80326c11a6cd4173

    SHA256

    853827520a9f90eb050e0dcb2f2a0f2c8ddc61508c4a7adc6316ef6a9ff3515c

    SHA512

    f2a336dc377ce91e354712e9fd7534c1f4dfea0d9fdfa127d0d5704e79bf6557f996cf5a9e5644020e13c01459a3ac7dde210aa6f9a3cf3f75e46b2e4ff58b4f

    Download Submit

  • C:\Windows\ScrBlaze.scr
    Filesize

    706KB

    MD5

    6dbf22845f9b2867c61cef220aa209a6

    SHA1

    fe52da591ed84ec0bb57319c80326c11a6cd4173

    SHA256

    853827520a9f90eb050e0dcb2f2a0f2c8ddc61508c4a7adc6316ef6a9ff3515c

    SHA512

    f2a336dc377ce91e354712e9fd7534c1f4dfea0d9fdfa127d0d5704e79bf6557f996cf5a9e5644020e13c01459a3ac7dde210aa6f9a3cf3f75e46b2e4ff58b4f

    Download Submit

  • C:\Windows\s18273659
    Filesize

    929B

    MD5

    60e296730176b571dc1af683b198995b

    SHA1

    005e6fe53f00d6bc61daf2c0b8bc317fe53a8d06

    SHA256

    d68876501b855bffb494ba57cd3b6dbc45bd1ca060fa12a2cdfae6654caf19e7

    SHA512

    936a61df00f8d50db01b6b3e90ee12bd2b8a6a70a5d8a2ca5b3db333ec9db99d766f4a5289e8965d5b82991dd70114ba50c3fb615b1f51343970f6f6f41cc55e

    Download Submit

  • C:\Windows\s18273659
    Filesize

    929B

    MD5

    60e296730176b571dc1af683b198995b

    SHA1

    005e6fe53f00d6bc61daf2c0b8bc317fe53a8d06

    SHA256

    d68876501b855bffb494ba57cd3b6dbc45bd1ca060fa12a2cdfae6654caf19e7

    SHA512

    936a61df00f8d50db01b6b3e90ee12bd2b8a6a70a5d8a2ca5b3db333ec9db99d766f4a5289e8965d5b82991dd70114ba50c3fb615b1f51343970f6f6f41cc55e

    Download Submit