Overview

overview

10

Static

static

da7329b521...0e.exe

windows7-x64

10

da7329b521...0e.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    151s
  • max time network
    46s
  • platform
    windows7_x64
  • resource
    win7-20220812-en
  • resource tags

    arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
  • submitted
    03/12/2022, 19:05

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    da7329b521e99d7e1c53740954594c419760dd7e25bc99e65a5d16ced484460e.exe

  • Size

    120KB

  • MD5

    86de12014cf0c889493a3de2a62bf9dd

  • SHA1

    4accdde3b9a6a7fc2eb9940cdd5f06269df292aa

  • SHA256

    da7329b521e99d7e1c53740954594c419760dd7e25bc99e65a5d16ced484460e

  • SHA512

    d490889013e124b0d4a995ec9e28bb708ecde861c6cde611d57704fb7c94a490ad41c8340707aca390220fa1d509a9e87bd4a0d2f72175e566576655204a8694

  • SSDEEP

    768:zrW96GT10cOXYXVLc+yiqZ1R6/pDaWGNMMMNMaF7//mkSKacEZxbjARZEJoZtX:nWZycwyNcbtZ107//mkOZxbURZEJor

Score
10/10
evasionpersistence

Malware Config

Signatures

  • Modifies visiblity of hidden/system files in Explorer 2 TTPs 1 IoCs
    evasion
  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 2 IoCs
  • Adds Run key to start application 2 TTPs 50 IoCs
    persistence
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of SetWindowsHookEx 2 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\da7329b521e99d7e1c53740954594c419760dd7e25bc99e65a5d16ced484460e.exe
    "C:\Users\Admin\AppData\Local\Temp\da7329b521e99d7e1c53740954594c419760dd7e25bc99e65a5d16ced484460e.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:896
    • C:\Users\Admin\zaoamod.exe
      "C:\Users\Admin\zaoamod.exe"
      2⤵
      • Modifies visiblity of hidden/system files in Explorer
      • Executes dropped EXE
      • Adds Run key to start application
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:916

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\zaoamod.exe
    Filesize

    120KB

    MD5

    da990334ecb6979769d0262f7fda1bb2

    SHA1

    8de273cb9beef0e3e5b805963a5ff5d767dc692a

    SHA256

    5d39e810e7a379aebc5a9f31d4806fcdcf1e7e44037e57d6e4d7f05f0bfa221c

    SHA512

    b84946c12afd9ab706e2ed82b1b0235d7671851c76bc4ca6fe0afaf896449cc4d34538b147023ba375d1e03a6b1901924172837ac1867274eb6bf9086b7daf9c

    Download Submit

  • C:\Users\Admin\zaoamod.exe
    Filesize

    120KB

    MD5

    da990334ecb6979769d0262f7fda1bb2

    SHA1

    8de273cb9beef0e3e5b805963a5ff5d767dc692a

    SHA256

    5d39e810e7a379aebc5a9f31d4806fcdcf1e7e44037e57d6e4d7f05f0bfa221c

    SHA512

    b84946c12afd9ab706e2ed82b1b0235d7671851c76bc4ca6fe0afaf896449cc4d34538b147023ba375d1e03a6b1901924172837ac1867274eb6bf9086b7daf9c

    Download Submit

  • \Users\Admin\zaoamod.exe
    Filesize

    120KB

    MD5

    da990334ecb6979769d0262f7fda1bb2

    SHA1

    8de273cb9beef0e3e5b805963a5ff5d767dc692a

    SHA256

    5d39e810e7a379aebc5a9f31d4806fcdcf1e7e44037e57d6e4d7f05f0bfa221c

    SHA512

    b84946c12afd9ab706e2ed82b1b0235d7671851c76bc4ca6fe0afaf896449cc4d34538b147023ba375d1e03a6b1901924172837ac1867274eb6bf9086b7daf9c

    Download Submit

  • \Users\Admin\zaoamod.exe
    Filesize

    120KB

    MD5

    da990334ecb6979769d0262f7fda1bb2

    SHA1

    8de273cb9beef0e3e5b805963a5ff5d767dc692a

    SHA256

    5d39e810e7a379aebc5a9f31d4806fcdcf1e7e44037e57d6e4d7f05f0bfa221c

    SHA512

    b84946c12afd9ab706e2ed82b1b0235d7671851c76bc4ca6fe0afaf896449cc4d34538b147023ba375d1e03a6b1901924172837ac1867274eb6bf9086b7daf9c

    Download Submit

  • memory/896-56-0x0000000075B41000-0x0000000075B43000-memory.dmp

    Filesize

    8KB

    Download