Overview

overview

8

Static

static

b7490b2858...b6.exe

windows7-x64

8

b7490b2858...b6.exe

windows10-2004-x64

8

Analysis

  • max time kernel
    187s
  • max time network
    240s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20221111-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20221111-enlocale:en-usos:windows10-2004-x64system
  • submitted
    06-12-2022 22:50

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    b7490b28587e081a83f52e2b172e2ba04d780dbe36a0dd7626b5d61e882beab6.exe

  • Size

    595KB

  • MD5

    3e021ff26063ac5f6de4971dbddec210

  • SHA1

    e63068bcc6c34e84aa221eff23c98f0db68a4e59

  • SHA256

    b7490b28587e081a83f52e2b172e2ba04d780dbe36a0dd7626b5d61e882beab6

  • SHA512

    a0f04930108e055f97a7e171a7f7f5fbeef257f8a8713d9921c3b1e07a2d2f45eff85509ce7d8f69c5ebab641827ad91c4ab0f56a92446d5f2ae1f3b80286f50

  • SSDEEP

    12288:7Cgvf6HX8XE3KnCgjUNbkYDLCgvf6HX8X45jgRdJ83:Nf6HX8XE3uUNbkYD9f6HX8X45jOdJs

Score
8/10
persistence

Malware Config

Signatures

  • Executes dropped EXE 3 IoCs
  • Checks computer location settings 2 TTPs 2 IoCs

    Looks up country code configured in the registry, likely geofence.

  • Loads dropped DLL 2 IoCs
  • Adds Run key to start application 2 TTPs 1 IoCs
    persistence
  • Drops file in Windows directory 9 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

  • Modifies registry class 64 IoCs
  • Suspicious use of SetWindowsHookEx 4 IoCs
  • Suspicious use of WriteProcessMemory 9 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\b7490b28587e081a83f52e2b172e2ba04d780dbe36a0dd7626b5d61e882beab6.exe
    "C:\Users\Admin\AppData\Local\Temp\b7490b28587e081a83f52e2b172e2ba04d780dbe36a0dd7626b5d61e882beab6.exe"
    1⤵
    • Checks computer location settings
    • Drops file in Windows directory
    • Suspicious use of WriteProcessMemory
    PID:208
    • C:\Windows\abc.exe
      "C:\Windows\abc.exe"
      2⤵
      • Executes dropped EXE
      • Checks computer location settings
      • Drops file in Windows directory
      • Suspicious use of WriteProcessMemory
      PID:668
      • C:\Windows\Uane's Keylogger.exe
        "C:\Windows\Uane's Keylogger.exe"
        3⤵
        • Executes dropped EXE
        • Loads dropped DLL
        • Modifies registry class
        • Suspicious use of SetWindowsHookEx
        PID:4244
    • C:\Windows\svchost.exe
      "C:\Windows\svchost.exe"
      2⤵
      • Executes dropped EXE
      • Adds Run key to start application
      • Drops file in Windows directory
      • Suspicious use of SetWindowsHookEx
      PID:4604

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Windows\COMDLG32.OCX
    Filesize

    137KB

    MD5

    d76f0eab36f83a31d411aeaf70da7396

    SHA1

    9bc145b54500fb6fbea9be61fbdd90f65fd1bc14

    SHA256

    46f4fdb12c30742ff4607876d2f36cf432cdc7ec3d2c99097011448fc57e997c

    SHA512

    9c22bc6b2e7dbcd344809085894b768cfa76e8512062c5bbf3caeaa2771c6b7ce128bd5a0b6e385a5da777d0d822a5b2191773cc0ddb05abe1fa935fa853d79d

    Download Submit

  • C:\Windows\COMDLG32.OCX
    Filesize

    137KB

    MD5

    d76f0eab36f83a31d411aeaf70da7396

    SHA1

    9bc145b54500fb6fbea9be61fbdd90f65fd1bc14

    SHA256

    46f4fdb12c30742ff4607876d2f36cf432cdc7ec3d2c99097011448fc57e997c

    SHA512

    9c22bc6b2e7dbcd344809085894b768cfa76e8512062c5bbf3caeaa2771c6b7ce128bd5a0b6e385a5da777d0d822a5b2191773cc0ddb05abe1fa935fa853d79d

    Download Submit

  • C:\Windows\Uane's Keylogger.exe
    Filesize

    172KB

    MD5

    1cbdcc28e2ce07272c9ebd6d03dc7273

    SHA1

    95abc1b738b153f8dcf7eeec9c5cdb8aa371a510

    SHA256

    844f60a98cf7f979a67d5c96105d65b1f023424bbeec338dc52074a657effd45

    SHA512

    19ea5547d7ac2e4e37b9737a38164efbf0ed8c03ca9b5fcf64461bc64781b1972fd5443290219ddbf07fea63d5e67cac30d84304cf812fc880094927ef802d40

    Download Submit

  • C:\Windows\Uane's Keylogger.exe
    Filesize

    172KB

    MD5

    1cbdcc28e2ce07272c9ebd6d03dc7273

    SHA1

    95abc1b738b153f8dcf7eeec9c5cdb8aa371a510

    SHA256

    844f60a98cf7f979a67d5c96105d65b1f023424bbeec338dc52074a657effd45

    SHA512

    19ea5547d7ac2e4e37b9737a38164efbf0ed8c03ca9b5fcf64461bc64781b1972fd5443290219ddbf07fea63d5e67cac30d84304cf812fc880094927ef802d40

    Download Submit

  • C:\Windows\abc.exe
    Filesize

    447KB

    MD5

    fb02f66f5e094e2a7cad024e0594d46d

    SHA1

    322148d694fc28b1d34c8c47705ac7e5395e5908

    SHA256

    e95989ab812f8361adef90d02c52358983d8d7183697ee1ee816c19a94520fc5

    SHA512

    03ad52baff1aea3d00dae75bf2d0ee643376c32423a0f73eb38543e098821d44073df971cf41e1fe458b69af4b0d6fb88a122c3cd28b350cb04a5754a124a98f

    Download Submit

  • C:\Windows\abc.exe
    Filesize

    447KB

    MD5

    fb02f66f5e094e2a7cad024e0594d46d

    SHA1

    322148d694fc28b1d34c8c47705ac7e5395e5908

    SHA256

    e95989ab812f8361adef90d02c52358983d8d7183697ee1ee816c19a94520fc5

    SHA512

    03ad52baff1aea3d00dae75bf2d0ee643376c32423a0f73eb38543e098821d44073df971cf41e1fe458b69af4b0d6fb88a122c3cd28b350cb04a5754a124a98f

    Download Submit

  • C:\Windows\comdlg32.ocx
    Filesize

    137KB

    MD5

    d76f0eab36f83a31d411aeaf70da7396

    SHA1

    9bc145b54500fb6fbea9be61fbdd90f65fd1bc14

    SHA256

    46f4fdb12c30742ff4607876d2f36cf432cdc7ec3d2c99097011448fc57e997c

    SHA512

    9c22bc6b2e7dbcd344809085894b768cfa76e8512062c5bbf3caeaa2771c6b7ce128bd5a0b6e385a5da777d0d822a5b2191773cc0ddb05abe1fa935fa853d79d

    Download Submit

  • C:\Windows\svchost.exe
    Filesize

    120KB

    MD5

    ff4a48562f770dadc1c430bd53b899c3

    SHA1

    15743f5142ed2a3440eb0693e1b8c91bfb9a6010

    SHA256

    7393d48a6793e9801d5d6471a68d8e91edbcb617a084ff13f6f39695abf57a02

    SHA512

    b5906f88cc2f6672d2bafeb403ceb9c2887e28c6dafe78a6bd6b6757e591afe2a9590b99ee55f481f99cb8ed4dbba938cd8e96e10b8f5a711b58b416df7ccb8f

    Download Submit

  • C:\Windows\svchost.exe
    Filesize

    120KB

    MD5

    ff4a48562f770dadc1c430bd53b899c3

    SHA1

    15743f5142ed2a3440eb0693e1b8c91bfb9a6010

    SHA256

    7393d48a6793e9801d5d6471a68d8e91edbcb617a084ff13f6f39695abf57a02

    SHA512

    b5906f88cc2f6672d2bafeb403ceb9c2887e28c6dafe78a6bd6b6757e591afe2a9590b99ee55f481f99cb8ed4dbba938cd8e96e10b8f5a711b58b416df7ccb8f

    Download Submit