Overview

overview

7

Static

static

cee9c8a4e0...e5.exe

windows7-x64

7

cee9c8a4e0...e5.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    190s
  • max time network
    214s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20221111-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20221111-enlocale:en-usos:windows10-2004-x64system
  • submitted
    05-12-2022 16:25

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    cee9c8a4e07d9fb8a1da22a174919c8ed81e860a83a0770d970d36888f9422e5.exe

  • Size

    6.4MB

  • MD5

    32addb5c1de3baea0e625813d88ae34d

  • SHA1

    caee3665e93b45375460e81d45aa903af820ee2c

  • SHA256

    cee9c8a4e07d9fb8a1da22a174919c8ed81e860a83a0770d970d36888f9422e5

  • SHA512

    72a0d1f7ba2d28629da8754939beff27d63979c7e989bfbf99793a82b307c54e77370c4d0698e62bf5aeaf3d242a94605760b7d28f6aa056c695089c3c843f6d

  • SSDEEP

    196608:B4HJryvp10aEvcRVcdaNaqH+ex+PdQ3iVci1zwXA3:BiNyb1fcsNaqN+PZfNww3

Score
7/10

Malware Config

Signatures

  • Loads dropped DLL 1 IoCs
  • Drops desktop.ini file(s) 2 IoCs
  • Drops file in Windows directory 3 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of SetWindowsHookEx 2 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\cee9c8a4e07d9fb8a1da22a174919c8ed81e860a83a0770d970d36888f9422e5.exe
    "C:\Users\Admin\AppData\Local\Temp\cee9c8a4e07d9fb8a1da22a174919c8ed81e860a83a0770d970d36888f9422e5.exe"
    1⤵
    • Loads dropped DLL
    • Drops desktop.ini file(s)
    • Drops file in Windows directory
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of SetWindowsHookEx
    PID:4272

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\hordwgaj.uye\7z.dll
    Filesize

    893KB

    MD5

    04ad4b80880b32c94be8d0886482c774

    SHA1

    344faf61c3eb76f4a2fb6452e83ed16c9cce73e0

    SHA256

    a1e1d1f0fff4fcccfbdfa313f3bdfea4d3dfe2c2d9174a615bbc39a0a6929338

    SHA512

    3e3aaf01b769471b18126e443a721c9e9a0269e9f5e48d0a10251bc1ee309855bd71ede266caa6828b007359b21ba562c2a5a3469078760f564fb7bd43acabfb

    Download Submit

  • memory/4272-132-0x0000000075230000-0x00000000757E1000-memory.dmp

    Filesize

    5.7MB

    Download

  • memory/4272-133-0x0000000075230000-0x00000000757E1000-memory.dmp

    Filesize

    5.7MB

    Download