eeab78891d38f49365eb4faf8bf603b04f7c612fa5eaf17780a2cc918fe9b22f

Analysis

max time kernel
142s
max time network
146s
platform
windows10-2004_x64
resource
win10v2004-20220812-en
resource tags

arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
submitted
03/12/2022, 18:08

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

eeab78891d38f49365eb4faf8bf603b04f7c612fa5eaf17780a2cc918fe9b22f.exe
Size

206KB
MD5

f388d946b26aa250b96f8db548321cf4
SHA1

02686aa744f61919ae852bcc705fdc822dbca232
SHA256

eeab78891d38f49365eb4faf8bf603b04f7c612fa5eaf17780a2cc918fe9b22f
SHA512

1289f6186793708c0532c4f02b140bcaed5d5318d710fbe76f19a4fcdc893e956f4185192a4199266c2cdfe47af2fb02b8062cce8865adc772b7a7c7facc8084
SSDEEP

3072:7qfmz6VelfiaDyGz6n9SIT+NFK5k78HSqWB21OC5tUA:7Dz6ifiaDyGz6nd+NFK5k4Sq31z1

Score

5^/10

Malware Config

Signatures

Drops file in System32 directory 1 IoCs

description	ioc	Process
File opened for modification	\??\c:\windows\SysWOW64\explorer.exe	eeab78891d38f49365eb4faf8bf603b04f7c612fa5eaf17780a2cc918fe9b22f.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

System Information Discovery
T1082

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-2891029575-1462575-1165213807-1000_Classes\Local Settings	explorer.exe

Suspicious behavior: EnumeratesProcesses 64 IoCs

pid	Process
2224	eeab78891d38f49365eb4faf8bf603b04f7c612fa5eaf17780a2cc918fe9b22f.exe
2224	eeab78891d38f49365eb4faf8bf603b04f7c612fa5eaf17780a2cc918fe9b22f.exe
2224	eeab78891d38f49365eb4faf8bf603b04f7c612fa5eaf17780a2cc918fe9b22f.exe
2224	eeab78891d38f49365eb4faf8bf603b04f7c612fa5eaf17780a2cc918fe9b22f.exe
2224	eeab78891d38f49365eb4faf8bf603b04f7c612fa5eaf17780a2cc918fe9b22f.exe
2224	eeab78891d38f49365eb4faf8bf603b04f7c612fa5eaf17780a2cc918fe9b22f.exe
2224	eeab78891d38f49365eb4faf8bf603b04f7c612fa5eaf17780a2cc918fe9b22f.exe
2224	eeab78891d38f49365eb4faf8bf603b04f7c612fa5eaf17780a2cc918fe9b22f.exe
2224	eeab78891d38f49365eb4faf8bf603b04f7c612fa5eaf17780a2cc918fe9b22f.exe
2224	eeab78891d38f49365eb4faf8bf603b04f7c612fa5eaf17780a2cc918fe9b22f.exe
2224	eeab78891d38f49365eb4faf8bf603b04f7c612fa5eaf17780a2cc918fe9b22f.exe
2224	eeab78891d38f49365eb4faf8bf603b04f7c612fa5eaf17780a2cc918fe9b22f.exe
2224	eeab78891d38f49365eb4faf8bf603b04f7c612fa5eaf17780a2cc918fe9b22f.exe
2224	eeab78891d38f49365eb4faf8bf603b04f7c612fa5eaf17780a2cc918fe9b22f.exe
2224	eeab78891d38f49365eb4faf8bf603b04f7c612fa5eaf17780a2cc918fe9b22f.exe
2224	eeab78891d38f49365eb4faf8bf603b04f7c612fa5eaf17780a2cc918fe9b22f.exe
2224	eeab78891d38f49365eb4faf8bf603b04f7c612fa5eaf17780a2cc918fe9b22f.exe
2224	eeab78891d38f49365eb4faf8bf603b04f7c612fa5eaf17780a2cc918fe9b22f.exe
2224	eeab78891d38f49365eb4faf8bf603b04f7c612fa5eaf17780a2cc918fe9b22f.exe
2224	eeab78891d38f49365eb4faf8bf603b04f7c612fa5eaf17780a2cc918fe9b22f.exe
2224	eeab78891d38f49365eb4faf8bf603b04f7c612fa5eaf17780a2cc918fe9b22f.exe
2224	eeab78891d38f49365eb4faf8bf603b04f7c612fa5eaf17780a2cc918fe9b22f.exe
2224	eeab78891d38f49365eb4faf8bf603b04f7c612fa5eaf17780a2cc918fe9b22f.exe
2224	eeab78891d38f49365eb4faf8bf603b04f7c612fa5eaf17780a2cc918fe9b22f.exe
2224	eeab78891d38f49365eb4faf8bf603b04f7c612fa5eaf17780a2cc918fe9b22f.exe
2224	eeab78891d38f49365eb4faf8bf603b04f7c612fa5eaf17780a2cc918fe9b22f.exe
2224	eeab78891d38f49365eb4faf8bf603b04f7c612fa5eaf17780a2cc918fe9b22f.exe
2224	eeab78891d38f49365eb4faf8bf603b04f7c612fa5eaf17780a2cc918fe9b22f.exe
2224	eeab78891d38f49365eb4faf8bf603b04f7c612fa5eaf17780a2cc918fe9b22f.exe
2224	eeab78891d38f49365eb4faf8bf603b04f7c612fa5eaf17780a2cc918fe9b22f.exe
2224	eeab78891d38f49365eb4faf8bf603b04f7c612fa5eaf17780a2cc918fe9b22f.exe
2224	eeab78891d38f49365eb4faf8bf603b04f7c612fa5eaf17780a2cc918fe9b22f.exe
2224	eeab78891d38f49365eb4faf8bf603b04f7c612fa5eaf17780a2cc918fe9b22f.exe
2224	eeab78891d38f49365eb4faf8bf603b04f7c612fa5eaf17780a2cc918fe9b22f.exe
2224	eeab78891d38f49365eb4faf8bf603b04f7c612fa5eaf17780a2cc918fe9b22f.exe
2224	eeab78891d38f49365eb4faf8bf603b04f7c612fa5eaf17780a2cc918fe9b22f.exe
2224	eeab78891d38f49365eb4faf8bf603b04f7c612fa5eaf17780a2cc918fe9b22f.exe
2224	eeab78891d38f49365eb4faf8bf603b04f7c612fa5eaf17780a2cc918fe9b22f.exe
2224	eeab78891d38f49365eb4faf8bf603b04f7c612fa5eaf17780a2cc918fe9b22f.exe
2224	eeab78891d38f49365eb4faf8bf603b04f7c612fa5eaf17780a2cc918fe9b22f.exe
2224	eeab78891d38f49365eb4faf8bf603b04f7c612fa5eaf17780a2cc918fe9b22f.exe
2224	eeab78891d38f49365eb4faf8bf603b04f7c612fa5eaf17780a2cc918fe9b22f.exe
2224	eeab78891d38f49365eb4faf8bf603b04f7c612fa5eaf17780a2cc918fe9b22f.exe
2224	eeab78891d38f49365eb4faf8bf603b04f7c612fa5eaf17780a2cc918fe9b22f.exe
2224	eeab78891d38f49365eb4faf8bf603b04f7c612fa5eaf17780a2cc918fe9b22f.exe
2224	eeab78891d38f49365eb4faf8bf603b04f7c612fa5eaf17780a2cc918fe9b22f.exe
2224	eeab78891d38f49365eb4faf8bf603b04f7c612fa5eaf17780a2cc918fe9b22f.exe
2224	eeab78891d38f49365eb4faf8bf603b04f7c612fa5eaf17780a2cc918fe9b22f.exe
2224	eeab78891d38f49365eb4faf8bf603b04f7c612fa5eaf17780a2cc918fe9b22f.exe
2224	eeab78891d38f49365eb4faf8bf603b04f7c612fa5eaf17780a2cc918fe9b22f.exe
2224	eeab78891d38f49365eb4faf8bf603b04f7c612fa5eaf17780a2cc918fe9b22f.exe
2224	eeab78891d38f49365eb4faf8bf603b04f7c612fa5eaf17780a2cc918fe9b22f.exe
2224	eeab78891d38f49365eb4faf8bf603b04f7c612fa5eaf17780a2cc918fe9b22f.exe
2224	eeab78891d38f49365eb4faf8bf603b04f7c612fa5eaf17780a2cc918fe9b22f.exe
2224	eeab78891d38f49365eb4faf8bf603b04f7c612fa5eaf17780a2cc918fe9b22f.exe
2224	eeab78891d38f49365eb4faf8bf603b04f7c612fa5eaf17780a2cc918fe9b22f.exe
2224	eeab78891d38f49365eb4faf8bf603b04f7c612fa5eaf17780a2cc918fe9b22f.exe
2224	eeab78891d38f49365eb4faf8bf603b04f7c612fa5eaf17780a2cc918fe9b22f.exe
2224	eeab78891d38f49365eb4faf8bf603b04f7c612fa5eaf17780a2cc918fe9b22f.exe
2224	eeab78891d38f49365eb4faf8bf603b04f7c612fa5eaf17780a2cc918fe9b22f.exe
2224	eeab78891d38f49365eb4faf8bf603b04f7c612fa5eaf17780a2cc918fe9b22f.exe
2224	eeab78891d38f49365eb4faf8bf603b04f7c612fa5eaf17780a2cc918fe9b22f.exe
2224	eeab78891d38f49365eb4faf8bf603b04f7c612fa5eaf17780a2cc918fe9b22f.exe
2224	eeab78891d38f49365eb4faf8bf603b04f7c612fa5eaf17780a2cc918fe9b22f.exe

Suspicious use of SetWindowsHookEx 2 IoCs

pid	Process
2224	eeab78891d38f49365eb4faf8bf603b04f7c612fa5eaf17780a2cc918fe9b22f.exe
2224	eeab78891d38f49365eb4faf8bf603b04f7c612fa5eaf17780a2cc918fe9b22f.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2224 wrote to memory of 4968	2224	eeab78891d38f49365eb4faf8bf603b04f7c612fa5eaf17780a2cc918fe9b22f.exe	80
PID 2224 wrote to memory of 4968	2224	eeab78891d38f49365eb4faf8bf603b04f7c612fa5eaf17780a2cc918fe9b22f.exe	80
PID 2224 wrote to memory of 4968	2224	eeab78891d38f49365eb4faf8bf603b04f7c612fa5eaf17780a2cc918fe9b22f.exe	80

C:\Users\Admin\AppData\Local\Temp\eeab78891d38f49365eb4faf8bf603b04f7c612fa5eaf17780a2cc918fe9b22f.exe
"C:\Users\Admin\AppData\Local\Temp\eeab78891d38f49365eb4faf8bf603b04f7c612fa5eaf17780a2cc918fe9b22f.exe"
1⤵
- Drops file in System32 directory
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2224
- \??\c:\windows\SysWOW64\explorer.exe
  c:\windows\system32\explorer.exe
  2⤵
  - Modifies registry class
  PID:4968

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Windows 7 deprecation

Loading Replay Monitor...