Overview

overview

10

Static

static

ed3dfa9f24...73.exe

windows7-x64

10

ed3dfa9f24...73.exe

windows10-2004-x64

10

Resubmissions

29-03-2023 14:31

230329-rv3k1aac7s 10

29-01-2023 19:51

230129-yktnnsbd87 10

Analysis

  • max time kernel
    24s
  • max time network
    34s
  • platform
    windows7_x64
  • resource
    win7-20221111-en
  • resource tags

    arch:x64arch:x86image:win7-20221111-enlocale:en-usos:windows7-x64system
  • submitted
    29-01-2023 19:51

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    ed3dfa9f2452537d378ead320e1506d392d3f91557d8c52714dfd6024176cf73.exe

  • Size

    683KB

  • MD5

    77f23ed6c9c83823eb56ba579b4183d4

  • SHA1

    74969b74766e2ee491f4f5ddd9f78b740e2107c9

  • SHA256

    ed3dfa9f2452537d378ead320e1506d392d3f91557d8c52714dfd6024176cf73

  • SHA512

    56155c2312703f782037216317e9ba9f4025aded12da6c6b71974cce7b5f0c1c49b53e365875da8259b93fc9db8dcf5b7a73ed5ab10e52503cabdbc7bf6f39d9

  • SSDEEP

    12288:BPwbp5ov5nx7RzvouK2xQKOZhxAJ9nFObvAoj3fGp4Tnv0oDNqsJSqG7U:md5+5x7RzfbyA7FObvAoj3fGp4Tnvrq1

Score
10/10
clopransomware

Malware Config

Signatures

  • Clop

    Ransomware discovered in early 2019 which has been actively developed since release.

    ransomwareclop
  • Detects Clop payload 2 IoCs
  • Suspicious use of SetWindowsHookEx 2 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\ed3dfa9f2452537d378ead320e1506d392d3f91557d8c52714dfd6024176cf73.exe
    "C:\Users\Admin\AppData\Local\Temp\ed3dfa9f2452537d378ead320e1506d392d3f91557d8c52714dfd6024176cf73.exe"
    1⤵
    • Suspicious use of SetWindowsHookEx
    PID:1348

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/1348-54-0x00000000759F1000-0x00000000759F3000-memory.dmp

    Filesize

    8KB

    Download

  • memory/1348-55-0x0000000000340000-0x000000000035B000-memory.dmp

    Filesize

    108KB

    Download

  • memory/1348-56-0x0000000000400000-0x00000000004B0000-memory.dmp

    Filesize

    704KB

    Download