Analysis
-
max time kernel
153s -
max time network
47s -
platform
windows7_x64 -
resource
win7-20220901-en -
resource tags
-
submitted
05-12-2022 18:40
General
-
Target
59c76d8c853b8f3c319b0c31bbe8d432dc6a1a56c317acfa328774f133c26fbd.exe
-
Size
19KB
-
MD5
0722fedbe04ab3eb54a2852a696d4e80
-
SHA1
609389df66fbd95fe8f7fcca3e68bdb00e61b414
-
SHA256
59c76d8c853b8f3c319b0c31bbe8d432dc6a1a56c317acfa328774f133c26fbd
-
SHA512
5aca56c2abf2094b63c54d06bcc90479b4f00684c2911ab72123e78c0501d2e73a26170f47fa58efd2530a8695a3b01163a2087e2862d0d92894428cc5d803d8
-
SSDEEP
384:4HKZfuH87GowDqGoMwevqxP6k6zIDwPVBSP+oV/5K7R:lZfuHUvwDKP6kMpi+e/+
Malware Config
Signatures
-
Detect XtremeRAT payload 17 IoCs
-
XtremeRAT
The XtremeRAT was developed by xtremecoder and has been available since at least 2010, and written in Delphi.
-
Executes dropped EXE 8 IoCs
-
Modifies Installed Components in the registry 2 TTPs 18 IoCs
-
UPX packed file 28 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Loads dropped DLL 2 IoCs
-
Adds Run key to start application 2 TTPs 36 IoCs
-
Drops file in Windows directory 2 IoCs
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\59c76d8c853b8f3c319b0c31bbe8d432dc6a1a56c317acfa328774f133c26fbd.exe"C:\Users\Admin\AppData\Local\Temp\59c76d8c853b8f3c319b0c31bbe8d432dc6a1a56c317acfa328774f133c26fbd.exe"1⤵
- Modifies Installed Components in the registry
- Loads dropped DLL
- Adds Run key to start application
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"2⤵
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"2⤵
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"2⤵
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"2⤵
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"2⤵
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"2⤵
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"2⤵
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"2⤵
-
-
C:\Windows\InstallDir\Server.exe"C:\Windows\InstallDir\Server.exe"2⤵
- Executes dropped EXE
- Modifies Installed Components in the registry
- Adds Run key to start application
- Suspicious use of WriteProcessMemory
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"3⤵
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"3⤵
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"3⤵
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"3⤵
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"3⤵
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"3⤵
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"3⤵
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"3⤵
-
-
C:\Windows\InstallDir\Server.exe"C:\Windows\InstallDir\Server.exe"3⤵
- Executes dropped EXE
- Modifies Installed Components in the registry
- Adds Run key to start application
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"4⤵
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"4⤵
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"4⤵
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"4⤵
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"4⤵
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"4⤵
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"4⤵
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"4⤵
-
-
C:\Windows\InstallDir\Server.exe"C:\Windows\InstallDir\Server.exe"4⤵
- Executes dropped EXE
- Modifies Installed Components in the registry
- Adds Run key to start application
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"5⤵
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"5⤵
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"5⤵
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"5⤵
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"5⤵
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"5⤵
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"5⤵
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"5⤵
-
-
C:\Windows\InstallDir\Server.exe"C:\Windows\InstallDir\Server.exe"5⤵
- Executes dropped EXE
- Modifies Installed Components in the registry
- Adds Run key to start application
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"6⤵
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"6⤵
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"6⤵
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"6⤵
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"6⤵
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"6⤵
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"6⤵
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"6⤵
-
-
C:\Windows\InstallDir\Server.exe"C:\Windows\InstallDir\Server.exe"6⤵
- Executes dropped EXE
- Modifies Installed Components in the registry
- Adds Run key to start application
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"7⤵
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"7⤵
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"7⤵
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"7⤵
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"7⤵
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"7⤵
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"7⤵
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"7⤵
-
-
C:\Windows\InstallDir\Server.exe"C:\Windows\InstallDir\Server.exe"7⤵
- Executes dropped EXE
- Modifies Installed Components in the registry
- Adds Run key to start application
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"8⤵
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"8⤵
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"8⤵
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"8⤵
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"8⤵
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"8⤵
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"8⤵
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"8⤵
-
-
C:\Windows\InstallDir\Server.exe"C:\Windows\InstallDir\Server.exe"8⤵
- Executes dropped EXE
- Modifies Installed Components in the registry
- Adds Run key to start application
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"9⤵
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"9⤵
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"9⤵
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"9⤵
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"9⤵
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"9⤵
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"9⤵
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"9⤵
-
-
C:\Windows\InstallDir\Server.exe"C:\Windows\InstallDir\Server.exe"9⤵
- Executes dropped EXE
- Modifies Installed Components in the registry
- Adds Run key to start application
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"10⤵
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"10⤵
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"10⤵
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"10⤵
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"10⤵
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"10⤵
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe"10⤵
-
-
-
-
-
-
-
-
-
Network
MITRE ATT&CK Enterprise v6
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
1KB
MD5ed4ba2f533365e75702788b3f4d84052
SHA1706905bdd44435d218b6a5f06f455382e0f55913
SHA256a200c1cf6beb87a64701eaa3c71aa3e99aea6e39f96ef51179d3ffe6ab88060a
SHA51233222560f58e279af00296f37d6e0daf47a7e38c82f7a756f2682c008f6cfdcc24c1aece0ee957ff88fc70edd0d8445c7c98e92243f1827036a498d3cfd52055
-
Filesize
1KB
MD5ed4ba2f533365e75702788b3f4d84052
SHA1706905bdd44435d218b6a5f06f455382e0f55913
SHA256a200c1cf6beb87a64701eaa3c71aa3e99aea6e39f96ef51179d3ffe6ab88060a
SHA51233222560f58e279af00296f37d6e0daf47a7e38c82f7a756f2682c008f6cfdcc24c1aece0ee957ff88fc70edd0d8445c7c98e92243f1827036a498d3cfd52055
-
Filesize
1KB
MD5ed4ba2f533365e75702788b3f4d84052
SHA1706905bdd44435d218b6a5f06f455382e0f55913
SHA256a200c1cf6beb87a64701eaa3c71aa3e99aea6e39f96ef51179d3ffe6ab88060a
SHA51233222560f58e279af00296f37d6e0daf47a7e38c82f7a756f2682c008f6cfdcc24c1aece0ee957ff88fc70edd0d8445c7c98e92243f1827036a498d3cfd52055
-
Filesize
1KB
MD5ed4ba2f533365e75702788b3f4d84052
SHA1706905bdd44435d218b6a5f06f455382e0f55913
SHA256a200c1cf6beb87a64701eaa3c71aa3e99aea6e39f96ef51179d3ffe6ab88060a
SHA51233222560f58e279af00296f37d6e0daf47a7e38c82f7a756f2682c008f6cfdcc24c1aece0ee957ff88fc70edd0d8445c7c98e92243f1827036a498d3cfd52055
-
Filesize
1KB
MD5ed4ba2f533365e75702788b3f4d84052
SHA1706905bdd44435d218b6a5f06f455382e0f55913
SHA256a200c1cf6beb87a64701eaa3c71aa3e99aea6e39f96ef51179d3ffe6ab88060a
SHA51233222560f58e279af00296f37d6e0daf47a7e38c82f7a756f2682c008f6cfdcc24c1aece0ee957ff88fc70edd0d8445c7c98e92243f1827036a498d3cfd52055
-
Filesize
19KB
MD50722fedbe04ab3eb54a2852a696d4e80
SHA1609389df66fbd95fe8f7fcca3e68bdb00e61b414
SHA25659c76d8c853b8f3c319b0c31bbe8d432dc6a1a56c317acfa328774f133c26fbd
SHA5125aca56c2abf2094b63c54d06bcc90479b4f00684c2911ab72123e78c0501d2e73a26170f47fa58efd2530a8695a3b01163a2087e2862d0d92894428cc5d803d8
-
Filesize
19KB
MD50722fedbe04ab3eb54a2852a696d4e80
SHA1609389df66fbd95fe8f7fcca3e68bdb00e61b414
SHA25659c76d8c853b8f3c319b0c31bbe8d432dc6a1a56c317acfa328774f133c26fbd
SHA5125aca56c2abf2094b63c54d06bcc90479b4f00684c2911ab72123e78c0501d2e73a26170f47fa58efd2530a8695a3b01163a2087e2862d0d92894428cc5d803d8
-
Filesize
19KB
MD50722fedbe04ab3eb54a2852a696d4e80
SHA1609389df66fbd95fe8f7fcca3e68bdb00e61b414
SHA25659c76d8c853b8f3c319b0c31bbe8d432dc6a1a56c317acfa328774f133c26fbd
SHA5125aca56c2abf2094b63c54d06bcc90479b4f00684c2911ab72123e78c0501d2e73a26170f47fa58efd2530a8695a3b01163a2087e2862d0d92894428cc5d803d8
-
Filesize
19KB
MD50722fedbe04ab3eb54a2852a696d4e80
SHA1609389df66fbd95fe8f7fcca3e68bdb00e61b414
SHA25659c76d8c853b8f3c319b0c31bbe8d432dc6a1a56c317acfa328774f133c26fbd
SHA5125aca56c2abf2094b63c54d06bcc90479b4f00684c2911ab72123e78c0501d2e73a26170f47fa58efd2530a8695a3b01163a2087e2862d0d92894428cc5d803d8
-
Filesize
19KB
MD50722fedbe04ab3eb54a2852a696d4e80
SHA1609389df66fbd95fe8f7fcca3e68bdb00e61b414
SHA25659c76d8c853b8f3c319b0c31bbe8d432dc6a1a56c317acfa328774f133c26fbd
SHA5125aca56c2abf2094b63c54d06bcc90479b4f00684c2911ab72123e78c0501d2e73a26170f47fa58efd2530a8695a3b01163a2087e2862d0d92894428cc5d803d8
-
Filesize
19KB
MD50722fedbe04ab3eb54a2852a696d4e80
SHA1609389df66fbd95fe8f7fcca3e68bdb00e61b414
SHA25659c76d8c853b8f3c319b0c31bbe8d432dc6a1a56c317acfa328774f133c26fbd
SHA5125aca56c2abf2094b63c54d06bcc90479b4f00684c2911ab72123e78c0501d2e73a26170f47fa58efd2530a8695a3b01163a2087e2862d0d92894428cc5d803d8
-
Filesize
19KB
MD50722fedbe04ab3eb54a2852a696d4e80
SHA1609389df66fbd95fe8f7fcca3e68bdb00e61b414
SHA25659c76d8c853b8f3c319b0c31bbe8d432dc6a1a56c317acfa328774f133c26fbd
SHA5125aca56c2abf2094b63c54d06bcc90479b4f00684c2911ab72123e78c0501d2e73a26170f47fa58efd2530a8695a3b01163a2087e2862d0d92894428cc5d803d8
-
Filesize
19KB
MD50722fedbe04ab3eb54a2852a696d4e80
SHA1609389df66fbd95fe8f7fcca3e68bdb00e61b414
SHA25659c76d8c853b8f3c319b0c31bbe8d432dc6a1a56c317acfa328774f133c26fbd
SHA5125aca56c2abf2094b63c54d06bcc90479b4f00684c2911ab72123e78c0501d2e73a26170f47fa58efd2530a8695a3b01163a2087e2862d0d92894428cc5d803d8
-
Filesize
19KB
MD50722fedbe04ab3eb54a2852a696d4e80
SHA1609389df66fbd95fe8f7fcca3e68bdb00e61b414
SHA25659c76d8c853b8f3c319b0c31bbe8d432dc6a1a56c317acfa328774f133c26fbd
SHA5125aca56c2abf2094b63c54d06bcc90479b4f00684c2911ab72123e78c0501d2e73a26170f47fa58efd2530a8695a3b01163a2087e2862d0d92894428cc5d803d8
-
Filesize
19KB
MD50722fedbe04ab3eb54a2852a696d4e80
SHA1609389df66fbd95fe8f7fcca3e68bdb00e61b414
SHA25659c76d8c853b8f3c319b0c31bbe8d432dc6a1a56c317acfa328774f133c26fbd
SHA5125aca56c2abf2094b63c54d06bcc90479b4f00684c2911ab72123e78c0501d2e73a26170f47fa58efd2530a8695a3b01163a2087e2862d0d92894428cc5d803d8
-
Filesize
19KB
MD50722fedbe04ab3eb54a2852a696d4e80
SHA1609389df66fbd95fe8f7fcca3e68bdb00e61b414
SHA25659c76d8c853b8f3c319b0c31bbe8d432dc6a1a56c317acfa328774f133c26fbd
SHA5125aca56c2abf2094b63c54d06bcc90479b4f00684c2911ab72123e78c0501d2e73a26170f47fa58efd2530a8695a3b01163a2087e2862d0d92894428cc5d803d8
-
-
Filesize
84KB
-
Filesize
84KB
-
Filesize
84KB
-
-
Filesize
84KB
-
-
Filesize
84KB
-
Filesize
84KB
-
Filesize
84KB
-
-
-
Filesize
84KB
-
Filesize
84KB
-
Filesize
84KB
-
Filesize
84KB
-
-
Filesize
84KB
-
Filesize
8KB
-
Filesize
84KB
-
Filesize
84KB
-
Filesize
84KB
-
-
Filesize
84KB
-
-
Filesize
84KB