Analysis
-
max time kernel
2s -
max time network
130s -
platform
windows7_x64 -
resource
win7-20220812-es -
resource tags
-
submitted
28-12-2022 21:04
General
-
Target
WhatsAppImage2012-02-21.exe
-
Size
710KB
-
MD5
8164f8d7e5ed7ca6457388ee60e1d2f7
-
SHA1
28cee1ce8b27865cd98274a177472b26f034ec4e
-
SHA256
11a2b60a677a0f234b9a3548b1920a426a734fdb2a932494715709d20e24e438
-
SHA512
bdca059472f2060b9d4c52d66e2efad5b14d7bbf1f83176b94e0fda4882acd186049a5b03ba9e40dd1081412d73ddb063366138a32c02253caa90b2c39608fc6
-
SSDEEP
12288:JRZ+IoG/n9IQxW3OBsFtPW72ia1Uqxay6WiPxXy1ccOoxoBo6tyOp1bbQQ/Au/2x:B2G/nvxW3WVaF1Uqx96WiNI7oBoUyOpY
Malware Config
Signatures
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.
-
Kills process with taskkill 1 IoCs
-
Modifies Internet Explorer settings 1 TTPs 13 IoCs
-
Suspicious use of AdjustPrivilegeToken 1 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\WhatsAppImage2012-02-21.exe"C:\Users\Admin\AppData\Local\Temp\WhatsAppImage2012-02-21.exe"1⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\cmd.execmd /c ""C:\Users\Admin\AppData\Local\Temp\RarSFX0\android.bat" "2⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\taskkill.exetaskkill /F /IM explorer.exe3⤵
- Kills process with taskkill
- Suspicious use of AdjustPrivilegeToken
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe" https://netlide.com/lol3⤵
- Modifies Internet Explorer settings
-
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:904 CREDAT:1651713 /prefetch:24⤵
-
-
-
C:\Windows\SysWOW64\calc.execalc3⤵
-
-
C:\Windows\SysWOW64\notepad.exenotepad3⤵
-
-
C:\Windows\SysWOW64\notepad.exenotepad3⤵
-
-
C:\Windows\SysWOW64\calc.execalc3⤵
-
-
C:\Windows\SysWOW64\notepad.exenotepad3⤵
-
-
C:\Windows\SysWOW64\calc.execalc3⤵
-
-
C:\Windows\SysWOW64\notepad.exenotepad3⤵
-
-
C:\Windows\SysWOW64\calc.execalc3⤵
-
-
C:\Windows\SysWOW64\notepad.exenotepad3⤵
-
-
C:\Windows\SysWOW64\calc.execalc3⤵
-
-
C:\Windows\SysWOW64\calc.execalc3⤵
-
-
C:\Windows\SysWOW64\notepad.exenotepad3⤵
-
-
C:\Windows\SysWOW64\calc.execalc3⤵
-
-
C:\Windows\SysWOW64\notepad.exenotepad3⤵
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe" https://www.youtube.com/watch?v=xbs7FT7dXYc3⤵
-
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1084 CREDAT:275457 /prefetch:24⤵
-
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe" https://www.youtube.com/watch?v=AHuzP7kambs3⤵
-
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1684 CREDAT:275457 /prefetch:24⤵
-
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe" https://www.youtube.com/watch?v=zHzUcE2mi9I3⤵
-
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1336 CREDAT:275457 /prefetch:24⤵
-
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe" https://www.youtube.com/watch?v=hY7m5jjJ9mM3⤵
-
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1928 CREDAT:275457 /prefetch:24⤵
-
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe" https://www.youtube.com/watch?v=F9d76h672HU3⤵
-
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1836 CREDAT:275457 /prefetch:24⤵
-
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe" https://www.youtube.com/watch?v=xbs7FT7dXYc3⤵
-
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1724 CREDAT:275457 /prefetch:24⤵
-
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe" https://www.youtube.com/watch?v=AHuzP7kambs3⤵
-
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1896 CREDAT:275457 /prefetch:24⤵
-
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe" https://www.youtube.com/watch?v=zHzUcE2mi9I3⤵
-
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1296 CREDAT:275457 /prefetch:24⤵
-
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe" https://www.youtube.com/watch?v=hY7m5jjJ9mM3⤵
-
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1796 CREDAT:275457 /prefetch:24⤵
-
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe" https://www.youtube.com/watch?v=F9d76h672HU3⤵
-
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1528 CREDAT:275457 /prefetch:24⤵
-
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe" https://www.youtube.com/watch?v=xbs7FT7dXYc3⤵
-
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1608 CREDAT:275457 /prefetch:24⤵
-
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe" https://www.youtube.com/watch?v=AHuzP7kambs3⤵
-
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1756 CREDAT:275457 /prefetch:24⤵
-
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe" https://www.youtube.com/watch?v=zHzUcE2mi9I3⤵
-
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1540 CREDAT:275457 /prefetch:24⤵
-
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe" https://www.youtube.com/watch?v=hY7m5jjJ9mM3⤵
-
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:864 CREDAT:275457 /prefetch:24⤵
-
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe" https://www.youtube.com/watch?v=F9d76h672HU3⤵
-
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1328 CREDAT:275457 /prefetch:24⤵
-
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe" https://www.youtube.com/watch?v=xbs7FT7dXYc3⤵
-
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1592 CREDAT:275457 /prefetch:24⤵
-
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe" https://www.youtube.com/watch?v=AHuzP7kambs3⤵
-
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1320 CREDAT:275457 /prefetch:24⤵
-
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe" https://www.youtube.com/watch?v=zHzUcE2mi9I3⤵
-
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1832 CREDAT:275457 /prefetch:24⤵
-
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe" https://www.youtube.com/watch?v=hY7m5jjJ9mM3⤵
-
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1552 CREDAT:275457 /prefetch:24⤵
-
-
-
C:\Windows\SysWOW64\calc.execalc3⤵
-
-
C:\Windows\SysWOW64\notepad.exenotepad3⤵
-
-
C:\Windows\SysWOW64\calc.execalc3⤵
-
-
C:\Windows\SysWOW64\notepad.exenotepad3⤵
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe" https://www.youtube.com/watch?v=F9d76h672HU3⤵
-
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:776 CREDAT:275457 /prefetch:24⤵
-
-
-
C:\Windows\SysWOW64\calc.execalc3⤵
-
-
C:\Windows\SysWOW64\calc.execalc3⤵
-
-
C:\Windows\SysWOW64\notepad.exenotepad3⤵
-
-
C:\Windows\SysWOW64\notepad.exenotepad3⤵
-
-
C:\Windows\SysWOW64\calc.execalc3⤵
-
-
C:\Windows\SysWOW64\notepad.exenotepad3⤵
-
-
C:\Windows\SysWOW64\calc.execalc3⤵
-
-
C:\Windows\SysWOW64\notepad.exenotepad3⤵
-
-
C:\Windows\SysWOW64\calc.execalc3⤵
-
-
C:\Windows\SysWOW64\notepad.exenotepad3⤵
-
-
C:\Windows\SysWOW64\notepad.exenotepad3⤵
-
-
C:\Windows\SysWOW64\notepad.exenotepad3⤵
-
-
C:\Windows\SysWOW64\notepad.exenotepad3⤵
-
-
C:\Windows\SysWOW64\notepad.exenotepad3⤵
-
-
C:\Windows\SysWOW64\notepad.exenotepad3⤵
-
-
C:\Windows\SysWOW64\notepad.exenotepad3⤵
-
-
C:\Windows\SysWOW64\notepad.exenotepad3⤵
-
-
C:\Windows\SysWOW64\calc.execalc3⤵
-
-
C:\Windows\SysWOW64\calc.execalc3⤵
-
-
C:\Windows\SysWOW64\calc.execalc3⤵
-
-
C:\Windows\SysWOW64\calc.execalc3⤵
-
-
C:\Windows\SysWOW64\calc.execalc3⤵
-
-
C:\Windows\SysWOW64\calc.execalc3⤵
-
-
C:\Windows\SysWOW64\calc.execalc3⤵
-
-
C:\Windows\SysWOW64\notepad.exenotepad3⤵
-
-
C:\Windows\SysWOW64\notepad.exenotepad3⤵
-
-
C:\Windows\SysWOW64\notepad.exenotepad3⤵
-
-
C:\Windows\SysWOW64\notepad.exenotepad3⤵
-
-
C:\Windows\SysWOW64\notepad.exenotepad3⤵
-
-
C:\Windows\SysWOW64\notepad.exenotepad3⤵
-
-
C:\Windows\SysWOW64\notepad.exenotepad3⤵
-
-
C:\Windows\SysWOW64\calc.execalc3⤵
-
-
C:\Windows\SysWOW64\calc.execalc3⤵
-
-
C:\Windows\SysWOW64\calc.execalc3⤵
-
-
C:\Windows\SysWOW64\calc.execalc3⤵
-
-
C:\Windows\SysWOW64\calc.execalc3⤵
-
-
C:\Windows\SysWOW64\calc.execalc3⤵
-
-
C:\Windows\SysWOW64\calc.execalc3⤵
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe" https://www.youtube.com/watch?v=AHuzP7kambs3⤵
-
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:3208 CREDAT:275457 /prefetch:24⤵
-
-
-
Network
MITRE ATT&CK Enterprise v6
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
61KB
MD5fc4666cbca561e864e7fdf883a9e6661
SHA12f8d6094c7a34bf12ea0bbf0d51ee9c5bb7939a5
SHA25610f3deb6c452d749a7451b5d065f4c0449737e5ee8a44f4d15844b503141e65b
SHA512c71f54b571e01f247f072be4bbebdf5d8410b67eb79a61e7e0d9853fe857ab9bd12f53e6af3394b935560178107291fc4be351b27deb388eba90ba949633d57d
-
Filesize
342B
MD5f9822fda30e0d3237752e47f5935e798
SHA19a68f0e747dc071b17e6f8d183b3a2c807dc1fdb
SHA256a274b19efc32c3193fc2156e6215009d8555d12cd45b8509f5998ccf8b8a44a4
SHA5129a1351f78565911376a5a98c00f10eec774d4b6f2f680b4eef2a1016b2c10212c6d0bf46c3a3859fbf5db662e30b3128c3466888cd6b3e4d0192147f2453e42c
-
Filesize
5KB
MD518631f82731fd5a11c8058fffa89a8cd
SHA19f5ba916da64d5ee015b8d160ab6f32871859025
SHA2567f946c7f736b4d1164e8c018bae30f78146fd576c3aa6a7570a194cebd4dce2b
SHA5122559bcbac432b3b0a64bfc482e6dde35545142d9c906427ad0e01bdbc7ef30f6c0bf5aa841a5b082aa368ebce4b2ad81852e2226018c813c72368a494cf5638a
-
Filesize
5KB
MD50a940601fdb151be43451fc6298e6cc8
SHA1f615eab62ae7f4cd5ebd35459153ea591f5b9da8
SHA256a9a165d16c33ad5141740c3d428f18ca3112b84a985502bf010719acaeb61d1c
SHA51236a5b3340fb2c29ee0589349f5cb0d0c0ede0e4de05e169b51e875e8a24d44ddf1911cbe4c2e88f39734492816ecc59b3b93928fd766072ea48309708886771e
-
Filesize
4KB
MD5b3171c68e69cbf5b0cd665e4a4641105
SHA1a8d19e5da285b372cde699c4e57182094d0818f0
SHA256cf70dea2a392a5d28621ac212aa2ffa0847b80a4ff387113007d6147dbd5b240
SHA512bc3932fb402f83b11d18d05005d12ba3489b5dae3fdd37be0ce1469374493b20cb56fd511a04ddcecefc0e35c9456ce9e2620fa7a8d1d3812d2e14dcdc804573
-
Filesize
3KB
MD5e266a4c481647242660614bc4fc23f51
SHA17e0fa18408d0cde3beb0ace368a3f4afc1a4ab8c
SHA256b5dae136cff9d3df57c6a865676146f31cf1687843bd5950376ed567d580a48c
SHA512450f41d0364a19000b53e2b73e50d26b6a3aa2d05b22f4c2ec18a66cda858230b1872733bf2d58b05f9ea84e49386c666ea8f47eded051e322a1281ace467621
-
Filesize
2KB
MD54cc4a826562c75f785924e8489167f5b
SHA1a1c08aa5b27700b0e079fac424318e4fa0022cc7
SHA2566a504abe4cb517883d37a9dc868133dadae35895a4e0a52bf86dfcbc0c97014a
SHA5120947accb86a9ccb7e2d693d840d33ad7cb6ab6bde5ade7f3577e7ed2e7954dd50d1097b483c92fb14d0dd9437ae1bbac72b2a3a45e47724c8f9d1d6008278ec0
-
Filesize
608B
MD5304b244ae8b594b28ac6ac734bab5b25
SHA1028dbec037768c73df16c8b711d74a25abeaf767
SHA256ad1ae0ab5656b771cf7ce8c1078f0fd5db64a132956ebfeaf6ac4cd7d9cee0c8
SHA512f906dd7cc3bccdc36771cf1b9e10e8d0f2ef5a5e8713cecb858e995c6b33fe9184f72a324363a40e372a524ca753411ab969df37c3f80a9a1cef598c90ec6158
-
Filesize
8KB