Overview

overview

10

Static

static

7b3f06aa12...8d.exe

windows7-x64

10

7b3f06aa12...8d.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    151s
  • max time network
    79s
  • platform
    windows7_x64
  • resource
    win7-20220901-en
  • resource tags

    arch:x64arch:x86image:win7-20220901-enlocale:en-usos:windows7-x64system
  • submitted
    02/12/2022, 19:25

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    7b3f06aa120fcd168c8de9916f41f7f8835eeffcdf2d68ddad89902697109f8d.exe

  • Size

    100KB

  • MD5

    3f253e5b4a8b4d5e863ef31dfbac8331

  • SHA1

    59254099c6d213c539fbabb35c33a21cea913713

  • SHA256

    7b3f06aa120fcd168c8de9916f41f7f8835eeffcdf2d68ddad89902697109f8d

  • SHA512

    60ea0b2da816926a2a95ccaf4c55f507dcca92de80a196d50397a50f03ee37e244db2c776d805e7ce66b9bd760003d0ee3cdfa198a9d521b3798c4e8db7b282c

  • SSDEEP

    1536:IyW9cX220mQI5xJKIRGWcOUP7vXArnY1ZqAefzyesVNIj/:1hQdNAfzyeOC/

Score
10/10
evasionpersistence

Malware Config

Signatures

  • Modifies visiblity of hidden/system files in Explorer 2 TTPs 2 IoCs
    evasion
  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 2 IoCs
  • Adds Run key to start application 2 TTPs 54 IoCs
    persistence
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of SetWindowsHookEx 2 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\7b3f06aa120fcd168c8de9916f41f7f8835eeffcdf2d68ddad89902697109f8d.exe
    "C:\Users\Admin\AppData\Local\Temp\7b3f06aa120fcd168c8de9916f41f7f8835eeffcdf2d68ddad89902697109f8d.exe"
    1⤵
    • Modifies visiblity of hidden/system files in Explorer
    • Loads dropped DLL
    • Adds Run key to start application
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:1600
    • C:\Users\Admin\yauinu.exe
      "C:\Users\Admin\yauinu.exe"
      2⤵
      • Modifies visiblity of hidden/system files in Explorer
      • Executes dropped EXE
      • Adds Run key to start application
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of SetWindowsHookEx
      PID:872

Network

        MITRE ATT&CK Enterprise v6

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Users\Admin\yauinu.exe
          Filesize

          100KB

          MD5

          85f8c37d221641c6232219bef264fd6c

          SHA1

          ee617605ddaba1ac44a8bb2a7824bf0f37a312f4

          SHA256

          9c9b6d99ffcdec233a2d7db2ca5947065db1d8d292ff782b5e569d3e7ff81cdf

          SHA512

          064fbace208d96f4abcc7eebbcef45a07d9f9255c74b92fbc7623f97bb6c959da2c7ad0a93e07c11ecdeff115ff064e04247f4871314b4e8ec020ec27d80fc5f

          Download Submit

        • C:\Users\Admin\yauinu.exe
          Filesize

          100KB

          MD5

          85f8c37d221641c6232219bef264fd6c

          SHA1

          ee617605ddaba1ac44a8bb2a7824bf0f37a312f4

          SHA256

          9c9b6d99ffcdec233a2d7db2ca5947065db1d8d292ff782b5e569d3e7ff81cdf

          SHA512

          064fbace208d96f4abcc7eebbcef45a07d9f9255c74b92fbc7623f97bb6c959da2c7ad0a93e07c11ecdeff115ff064e04247f4871314b4e8ec020ec27d80fc5f

          Download Submit

        • \Users\Admin\yauinu.exe
          Filesize

          100KB

          MD5

          85f8c37d221641c6232219bef264fd6c

          SHA1

          ee617605ddaba1ac44a8bb2a7824bf0f37a312f4

          SHA256

          9c9b6d99ffcdec233a2d7db2ca5947065db1d8d292ff782b5e569d3e7ff81cdf

          SHA512

          064fbace208d96f4abcc7eebbcef45a07d9f9255c74b92fbc7623f97bb6c959da2c7ad0a93e07c11ecdeff115ff064e04247f4871314b4e8ec020ec27d80fc5f

          Download Submit

        • \Users\Admin\yauinu.exe
          Filesize

          100KB

          MD5

          85f8c37d221641c6232219bef264fd6c

          SHA1

          ee617605ddaba1ac44a8bb2a7824bf0f37a312f4

          SHA256

          9c9b6d99ffcdec233a2d7db2ca5947065db1d8d292ff782b5e569d3e7ff81cdf

          SHA512

          064fbace208d96f4abcc7eebbcef45a07d9f9255c74b92fbc7623f97bb6c959da2c7ad0a93e07c11ecdeff115ff064e04247f4871314b4e8ec020ec27d80fc5f

          Download Submit

        • memory/1600-56-0x00000000752B1000-0x00000000752B3000-memory.dmp

          Filesize

          8KB

          Download