Overview

overview

10

Static

static

3408117bdc...04.exe

windows7-x64

10

3408117bdc...04.exe

windows10-2004-x64

8

Analysis

  • max time kernel
    169s
  • max time network
    169s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20221111-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20221111-enlocale:en-usos:windows10-2004-x64system
  • submitted
    07-12-2022 02:29

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    3408117bdc4227a3d38df3037154b721520f896bf3705482b0c5c3bfa86ad604.exe

  • Size

    500KB

  • MD5

    55a6f3e924a18d368756c29d582a3e67

  • SHA1

    4e19a9ee30d00f829ca884b0ab9b43e3d6b3f778

  • SHA256

    3408117bdc4227a3d38df3037154b721520f896bf3705482b0c5c3bfa86ad604

  • SHA512

    380c1cd13ce5ceab2db30d2d4a71d4a5315a8b8321dc8928cb33d34ea6aabbaccb9dffa5f783d1fb5ad1aed92701acb5601c1c7e1a419014b394e0cfe44ffa8c

  • SSDEEP

    12288:ozE679I8/ZdkB7qeGvRHHVlXqgGzP+4WvX5nxzpsBc8gdlLGc8:ozD7i8ANGZH6RT+L9xaBc8gac8

Score
8/10

Malware Config

Signatures

  • Executes dropped EXE 2 IoCs
  • Checks computer location settings 2 TTPs 2 IoCs

    Looks up country code configured in the registry, likely geofence.

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

  • Program crash 1 IoCs
  • Gathers network information 2 TTPs 1 IoCs

    Uses commandline utility to view network configuration.

  • Suspicious use of SetWindowsHookEx 1 IoCs
  • Suspicious use of WriteProcessMemory 9 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\3408117bdc4227a3d38df3037154b721520f896bf3705482b0c5c3bfa86ad604.exe
    "C:\Users\Admin\AppData\Local\Temp\3408117bdc4227a3d38df3037154b721520f896bf3705482b0c5c3bfa86ad604.exe"
    1⤵
    • Checks computer location settings
    • Suspicious use of WriteProcessMemory
    PID:2708
    • C:\Users\Admin\AppData\Local\Temp\keygen.exe
      "C:\Users\Admin\AppData\Local\Temp\keygen.exe"
      2⤵
      • Executes dropped EXE
      PID:3984
    • C:\Users\Admin\AppData\Local\Temp\sof.exe
      "C:\Users\Admin\AppData\Local\Temp\sof.exe"
      2⤵
      • Executes dropped EXE
      • Checks computer location settings
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:2508
      • C:\Windows\SysWOW64\ipconfig.exe
        "C:\Windows\System32\ipconfig.exe" /release
        3⤵
        • Gathers network information
        PID:4520
      • C:\Windows\SysWOW64\WerFault.exe
        C:\Windows\SysWOW64\WerFault.exe -u -p 2508 -s 908
        3⤵
        • Program crash
        PID:2304
  • C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -pss -s 424 -p 2508 -ip 2508
    1⤵
      PID:4364

    Network

    MITRE ATT&CK Enterprise v6

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\Local\Temp\keygen.exe
      Filesize

      50KB

      MD5

      1079fb1e72cf72361eedf520c641f013

      SHA1

      92a0d5d28083408678fdbc0a0a8dadb6ccc49848

      SHA256

      8e5f48a134ee5fc931ec15b8dc7b368a33422ffb7db25962d5a3553ae1cfae57

      SHA512

      c9dd688dff95c34540374be41dafaba2a6cc7e91c30d2d9f89499ffe39e02e58c15fdb0435ca216bcb51be3875b7c6fcc10a2b76a1ffb6b971980ff4792c7afa

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\keygen.exe
      Filesize

      50KB

      MD5

      1079fb1e72cf72361eedf520c641f013

      SHA1

      92a0d5d28083408678fdbc0a0a8dadb6ccc49848

      SHA256

      8e5f48a134ee5fc931ec15b8dc7b368a33422ffb7db25962d5a3553ae1cfae57

      SHA512

      c9dd688dff95c34540374be41dafaba2a6cc7e91c30d2d9f89499ffe39e02e58c15fdb0435ca216bcb51be3875b7c6fcc10a2b76a1ffb6b971980ff4792c7afa

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\sof.exe
      Filesize

      512KB

      MD5

      323bf98564cf2c451da969c3112b08d7

      SHA1

      6009b0820241cd0443569447138d3337dd921628

      SHA256

      17849a3ccfab5fe04b16c21bc366e8a1e677e3d7fa7385846da514314cdef667

      SHA512

      7ec4131978b901b8fd94a29e2491edca820f0754669d11398070dcc03855c4aea6ec8c1c98846c303ebb44a6ab52fc55bb8fefe53ffa35c25757b91a6ec5a4a4

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\sof.exe
      Filesize

      512KB

      MD5

      323bf98564cf2c451da969c3112b08d7

      SHA1

      6009b0820241cd0443569447138d3337dd921628

      SHA256

      17849a3ccfab5fe04b16c21bc366e8a1e677e3d7fa7385846da514314cdef667

      SHA512

      7ec4131978b901b8fd94a29e2491edca820f0754669d11398070dcc03855c4aea6ec8c1c98846c303ebb44a6ab52fc55bb8fefe53ffa35c25757b91a6ec5a4a4

      Download Submit