Overview

overview

10

Static

static

92ffc60288...3f.exe

windows7-x64

10

92ffc60288...3f.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    228s
  • max time network
    191s
  • platform
    windows7_x64
  • resource
    win7-20221111-en
  • resource tags

    arch:x64arch:x86image:win7-20221111-enlocale:en-usos:windows7-x64system
  • submitted
    05-12-2022 09:43

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    92ffc602883a88c9990ca947980f941987813412c0746050cf4c86c2872cbf3f.exe

  • Size

    276KB

  • MD5

    0af5789e9bdb2a01d155406cc7881ef0

  • SHA1

    d1a8a15913a6f1f4086501a4eccd11a061c92612

  • SHA256

    92ffc602883a88c9990ca947980f941987813412c0746050cf4c86c2872cbf3f

  • SHA512

    e11624190e095ebeef31026a2b813eb93d1d22e822fe93948917cb7422cdb5153de6d57b5135f7846898fdd984c8025589150c539ce673d5c2475cfb1f555c7e

  • SSDEEP

    6144:tUmkhRQaX/m7bfTWaxAQ9aLb+Kf6+2/MKsjh9Bqas5Ti3q/VlgAd:thkhRQaX/m7bfTWaVKf52/MKsjh90aQB

Score
10/10
evasionpersistence

Malware Config

Signatures

  • Modifies visiblity of hidden/system files in Explorer 2 TTPs 2 IoCs
    evasion
  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 2 IoCs
  • Adds Run key to start application 2 TTPs 42 IoCs
    persistence
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of SetWindowsHookEx 2 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\92ffc602883a88c9990ca947980f941987813412c0746050cf4c86c2872cbf3f.exe
    "C:\Users\Admin\AppData\Local\Temp\92ffc602883a88c9990ca947980f941987813412c0746050cf4c86c2872cbf3f.exe"
    1⤵
    • Modifies visiblity of hidden/system files in Explorer
    • Loads dropped DLL
    • Adds Run key to start application
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:856
    • C:\Users\Admin\suaokuk.exe
      "C:\Users\Admin\suaokuk.exe"
      2⤵
      • Modifies visiblity of hidden/system files in Explorer
      • Executes dropped EXE
      • Adds Run key to start application
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of SetWindowsHookEx
      PID:436

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\suaokuk.exe
    Filesize

    276KB

    MD5

    0b0c9efd3d1682930f924e13ffbf0a20

    SHA1

    e9802ec14dbc12f7e9b6b31bc962dc60171e806c

    SHA256

    3412d36d5d3997fd8280f4c0fe77aee7173211840259f333d8f507994dc93f5c

    SHA512

    0fffb21139229486f41f7958e1f61b30634fa202f4fc9aa8a07367b876f4b2a19da5bcb47f460bc4bea15773efcb1216b7f6cce99b2708a70c6ef9673ff6ff43

    Download Submit

  • C:\Users\Admin\suaokuk.exe
    Filesize

    276KB

    MD5

    0b0c9efd3d1682930f924e13ffbf0a20

    SHA1

    e9802ec14dbc12f7e9b6b31bc962dc60171e806c

    SHA256

    3412d36d5d3997fd8280f4c0fe77aee7173211840259f333d8f507994dc93f5c

    SHA512

    0fffb21139229486f41f7958e1f61b30634fa202f4fc9aa8a07367b876f4b2a19da5bcb47f460bc4bea15773efcb1216b7f6cce99b2708a70c6ef9673ff6ff43

    Download Submit

  • \Users\Admin\suaokuk.exe
    Filesize

    276KB

    MD5

    0b0c9efd3d1682930f924e13ffbf0a20

    SHA1

    e9802ec14dbc12f7e9b6b31bc962dc60171e806c

    SHA256

    3412d36d5d3997fd8280f4c0fe77aee7173211840259f333d8f507994dc93f5c

    SHA512

    0fffb21139229486f41f7958e1f61b30634fa202f4fc9aa8a07367b876f4b2a19da5bcb47f460bc4bea15773efcb1216b7f6cce99b2708a70c6ef9673ff6ff43

    Download Submit

  • \Users\Admin\suaokuk.exe
    Filesize

    276KB

    MD5

    0b0c9efd3d1682930f924e13ffbf0a20

    SHA1

    e9802ec14dbc12f7e9b6b31bc962dc60171e806c

    SHA256

    3412d36d5d3997fd8280f4c0fe77aee7173211840259f333d8f507994dc93f5c

    SHA512

    0fffb21139229486f41f7958e1f61b30634fa202f4fc9aa8a07367b876f4b2a19da5bcb47f460bc4bea15773efcb1216b7f6cce99b2708a70c6ef9673ff6ff43

    Download Submit

  • memory/436-59-0x0000000000000000-mapping.dmp

    Download

  • memory/856-56-0x0000000075831000-0x0000000075833000-memory.dmp

    Filesize

    8KB

    Download