Analysis
-
max time kernel
146s -
max time network
151s -
platform
windows7_x64 -
resource
win7-20221111-en -
resource tags
-
submitted
14/01/2023, 15:37
General
-
Target
tmp.exe
-
Size
29.4MB
-
MD5
8ef684ee2f0d30041d4a089f92f4ab06
-
SHA1
573aaabccc069703bdf9fab9fd31168303495225
-
SHA256
1620726a24a49b48d5cc9aa9a26ff4bbe849a4a583031fb8155ec216ddd591a5
-
SHA512
7a429a21b11f4e9d77e22ed9ae25a7b2f09621edc74b19a6e06849df44e5458477d7510e4ef438e2f674bace8d334777dde4823b8006e09f6849944a768e280d
-
SSDEEP
786432:zlB8NEuBnbj8cJRPVCZGc7Iv5aMMu8lM9mLAsJpUIL7Rl:JBMkTwc7yaMRR9mnJdL7n
Malware Config
Signatures
-
Executes dropped EXE 1 IoCs
-
VMProtect packed file 9 IoCs
Detects executables packed with VMProtect commercial packer.
-
Deletes itself 1 IoCs
-
Loads dropped DLL 1 IoCs
-
Enumerates connected drives 3 TTPs 24 IoCs
Attempts to read the root path of hard drives other than the default C: drive.
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.
-
Modifies Internet Explorer settings 1 TTPs 1 IoCs
-
Suspicious behavior: EnumeratesProcesses 2 IoCs
-
Suspicious use of SetWindowsHookEx 10 IoCs
-
Suspicious use of WriteProcessMemory 4 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\tmp.exe"C:\Users\Admin\AppData\Local\Temp\tmp.exe"1⤵
- Loads dropped DLL
- Enumerates connected drives
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\»ðÁú´«Ëµ\tmp.exeC:\»ðÁú´«Ëµ\tmp.exe2⤵
- Executes dropped EXE
- Deletes itself
- Modifies Internet Explorer settings
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
-
Network
MITRE ATT&CK Enterprise v6
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
41B
MD5fa4a6393f371a289f6b187ba6aaada19
SHA184f4f1eedd713c86f97605f7e8a23a1f2d2678a3
SHA25653ea98bb79bd329140803195f5c46b117986bdeba86f301f9613de657f38b528
SHA5122c6d8429aa7bfb9b2357c3ef710a5d98cd1cb62f29ba36091ddf4a05fe28cc7b35a4609aa7cd1e1f59350c004e2ab9f1c18cc2506bde92f64d6fa3413e0a0519
-
Filesize
12B
MD531faed83df2eca847735542ee9b1b7e5
SHA1979d00621b850712b39786ee3ab7e15cadf6bcb0
SHA2568fad92805acff624ee904cad8e79d6ba3df21a053f6092d7d6851f7ffcee67a9
SHA512c3ec17ec5fb051058b23b16ac95a118cd86940135ba65097ef88a9d2089e2cbfe611cd3c7587ed538e8df4d6425f71cd78eda7040b70beabe0fabb9e6729874a
-
Filesize
29.4MB
MD58ef684ee2f0d30041d4a089f92f4ab06
SHA1573aaabccc069703bdf9fab9fd31168303495225
SHA2561620726a24a49b48d5cc9aa9a26ff4bbe849a4a583031fb8155ec216ddd591a5
SHA5127a429a21b11f4e9d77e22ed9ae25a7b2f09621edc74b19a6e06849df44e5458477d7510e4ef438e2f674bace8d334777dde4823b8006e09f6849944a768e280d
-
Filesize
29.4MB
MD58ef684ee2f0d30041d4a089f92f4ab06
SHA1573aaabccc069703bdf9fab9fd31168303495225
SHA2561620726a24a49b48d5cc9aa9a26ff4bbe849a4a583031fb8155ec216ddd591a5
SHA5127a429a21b11f4e9d77e22ed9ae25a7b2f09621edc74b19a6e06849df44e5458477d7510e4ef438e2f674bace8d334777dde4823b8006e09f6849944a768e280d
-
Filesize
29.4MB
MD58ef684ee2f0d30041d4a089f92f4ab06
SHA1573aaabccc069703bdf9fab9fd31168303495225
SHA2561620726a24a49b48d5cc9aa9a26ff4bbe849a4a583031fb8155ec216ddd591a5
SHA5127a429a21b11f4e9d77e22ed9ae25a7b2f09621edc74b19a6e06849df44e5458477d7510e4ef438e2f674bace8d334777dde4823b8006e09f6849944a768e280d
-
Filesize
15.9MB
-
Filesize
15.9MB
-
Filesize
524KB
-
Filesize
15.9MB
-
Filesize
8KB
-
Filesize
15.9MB
-
Filesize
15.9MB
-
Filesize
524KB
-
Filesize
15.9MB
-
Filesize
15.9MB