Overview

overview

10

Static

static

33720b7fc9...2e.exe

windows7-x64

10

33720b7fc9...2e.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    188s
  • max time network
    68s
  • platform
    windows7_x64
  • resource
    win7-20220812-en
  • resource tags

    arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
  • submitted
    05/12/2022, 10:14

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    33720b7fc90e38510feec2b17820994f0daeffa9427c787f68ff438314c0f72e.exe

  • Size

    268KB

  • MD5

    57a5355c87c188fbe9fa3ee40ed7fd88

  • SHA1

    5923031f16c2f618584d3471acc7a316e03d77be

  • SHA256

    33720b7fc90e38510feec2b17820994f0daeffa9427c787f68ff438314c0f72e

  • SHA512

    17f8b7ff4536497c764fad9c6a78471091f76a2f3c06646aa07d2486f2a6ed70ea7d750e50bd94484ad5c402bfe9f75f0e4d862eb00e9aa8c44e4799d3b3b6c5

  • SSDEEP

    3072:tE4rqlnywAdasPUTVY7fhINP7JbfLBsyVEJ8Ixjtmkp44upWuTNgX8Tjee/L1p3h:KMftsgfuNPp5VEVtmk4DAuTxeO3h

Score
10/10
evasionpersistence

Malware Config

Signatures

  • Modifies visiblity of hidden/system files in Explorer 2 TTPs 2 IoCs
    evasion
  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 2 IoCs
  • Adds Run key to start application 2 TTPs 29 IoCs
    persistence
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of SetWindowsHookEx 2 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\33720b7fc90e38510feec2b17820994f0daeffa9427c787f68ff438314c0f72e.exe
    "C:\Users\Admin\AppData\Local\Temp\33720b7fc90e38510feec2b17820994f0daeffa9427c787f68ff438314c0f72e.exe"
    1⤵
    • Modifies visiblity of hidden/system files in Explorer
    • Loads dropped DLL
    • Adds Run key to start application
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:884
    • C:\Users\Admin\seasea.exe
      "C:\Users\Admin\seasea.exe"
      2⤵
      • Modifies visiblity of hidden/system files in Explorer
      • Executes dropped EXE
      • Adds Run key to start application
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of SetWindowsHookEx
      PID:1592

Network

        MITRE ATT&CK Enterprise v6

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Users\Admin\seasea.exe
          Filesize

          268KB

          MD5

          278fd103a33ce48f5d3a3132f9db77a0

          SHA1

          85bb35aec6dfe8db0964ed0a98d1c97f4f08f242

          SHA256

          ad5ba7b724476a75f5cb8131b19aa48b96f5d319cf3cba2a433296aa9f6fe46c

          SHA512

          a21cb8a8db1299c9d8b20d3b92038cc205c7dc0f15915b1277b49c4ae963a3ecf6650355e8f0c1a1d463c35885ae0c569b2208c8bd9555142d2ecd2d25e8554c

          Download Submit

        • C:\Users\Admin\seasea.exe
          Filesize

          268KB

          MD5

          278fd103a33ce48f5d3a3132f9db77a0

          SHA1

          85bb35aec6dfe8db0964ed0a98d1c97f4f08f242

          SHA256

          ad5ba7b724476a75f5cb8131b19aa48b96f5d319cf3cba2a433296aa9f6fe46c

          SHA512

          a21cb8a8db1299c9d8b20d3b92038cc205c7dc0f15915b1277b49c4ae963a3ecf6650355e8f0c1a1d463c35885ae0c569b2208c8bd9555142d2ecd2d25e8554c

          Download Submit

        • \Users\Admin\seasea.exe
          Filesize

          268KB

          MD5

          278fd103a33ce48f5d3a3132f9db77a0

          SHA1

          85bb35aec6dfe8db0964ed0a98d1c97f4f08f242

          SHA256

          ad5ba7b724476a75f5cb8131b19aa48b96f5d319cf3cba2a433296aa9f6fe46c

          SHA512

          a21cb8a8db1299c9d8b20d3b92038cc205c7dc0f15915b1277b49c4ae963a3ecf6650355e8f0c1a1d463c35885ae0c569b2208c8bd9555142d2ecd2d25e8554c

          Download Submit

        • \Users\Admin\seasea.exe
          Filesize

          268KB

          MD5

          278fd103a33ce48f5d3a3132f9db77a0

          SHA1

          85bb35aec6dfe8db0964ed0a98d1c97f4f08f242

          SHA256

          ad5ba7b724476a75f5cb8131b19aa48b96f5d319cf3cba2a433296aa9f6fe46c

          SHA512

          a21cb8a8db1299c9d8b20d3b92038cc205c7dc0f15915b1277b49c4ae963a3ecf6650355e8f0c1a1d463c35885ae0c569b2208c8bd9555142d2ecd2d25e8554c

          Download Submit

        • memory/884-56-0x0000000075521000-0x0000000075523000-memory.dmp

          Filesize

          8KB

          Download