Overview

overview

10

Static

static

7ea40903ec...9e.exe

windows7-x64

10

7ea40903ec...9e.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    150s
  • max time network
    45s
  • platform
    windows7_x64
  • resource
    win7-20220812-en
  • resource tags

    arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
  • submitted
    02/02/2023, 13:42

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    7ea40903ec4acebd6b579b0c6806c2cca0cade9e.exe

  • Size

    68KB

  • MD5

    e94793410bc8ca7c99469ae498daf083

  • SHA1

    7ea40903ec4acebd6b579b0c6806c2cca0cade9e

  • SHA256

    9f3c35a64fd86db9487b128848fbe4d0cf9bf32e19daa4f05ca84b8b536a7c6e

  • SHA512

    14f5c3a1ea78f7b551bf97e980079ae4138acedb5a75a25210c8f7c8ed92131f39ce59c99789689b7412c2101b7b7dfbad06ce49bf1df487895f9154dfb186e5

  • SSDEEP

    768:rcbliTdSaAl+qOQSgFrhKo//WomvdfQXwYt1IEDIefZsK:QbIxFAcqOK3qowgnt1d

Score
10/10
evasionpersistence

Malware Config

Signatures

  • Modifies visiblity of hidden/system files in Explorer 2 TTPs 2 IoCs
    evasion
  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 2 IoCs
  • Adds Run key to start application 2 TTPs 4 IoCs
    persistence
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of SetWindowsHookEx 2 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\7ea40903ec4acebd6b579b0c6806c2cca0cade9e.exe
    "C:\Users\Admin\AppData\Local\Temp\7ea40903ec4acebd6b579b0c6806c2cca0cade9e.exe"
    1⤵
    • Modifies visiblity of hidden/system files in Explorer
    • Loads dropped DLL
    • Adds Run key to start application
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:1400
    • C:\Users\Admin\Admin.exe
      "C:\Users\Admin\Admin.exe"
      2⤵
      • Modifies visiblity of hidden/system files in Explorer
      • Executes dropped EXE
      • Adds Run key to start application
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of SetWindowsHookEx
      PID:1684

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\Admin.exe
    Filesize

    68KB

    MD5

    5f55a426ceae9dd6046bda213aefd2b2

    SHA1

    c2bedf683fb8a1e66a3dc3780ec2dfae3755315b

    SHA256

    e94921c5c0146709170f9202ffdf030a861eb41a93e69ff37faafd9114d31645

    SHA512

    8b4085edb916a3e5234b12d3f6150d6f40065b9799837bfaa187c9b69f98c3d1f2bfe7fcc91cdd63a44daf4ab47ab8e9e59a975ddcfa217cdcfd5f626ab8c512

    Download Submit

  • \Users\Admin\Admin.exe
    Filesize

    68KB

    MD5

    5f55a426ceae9dd6046bda213aefd2b2

    SHA1

    c2bedf683fb8a1e66a3dc3780ec2dfae3755315b

    SHA256

    e94921c5c0146709170f9202ffdf030a861eb41a93e69ff37faafd9114d31645

    SHA512

    8b4085edb916a3e5234b12d3f6150d6f40065b9799837bfaa187c9b69f98c3d1f2bfe7fcc91cdd63a44daf4ab47ab8e9e59a975ddcfa217cdcfd5f626ab8c512

    Download Submit

  • \Users\Admin\Admin.exe
    Filesize

    68KB

    MD5

    5f55a426ceae9dd6046bda213aefd2b2

    SHA1

    c2bedf683fb8a1e66a3dc3780ec2dfae3755315b

    SHA256

    e94921c5c0146709170f9202ffdf030a861eb41a93e69ff37faafd9114d31645

    SHA512

    8b4085edb916a3e5234b12d3f6150d6f40065b9799837bfaa187c9b69f98c3d1f2bfe7fcc91cdd63a44daf4ab47ab8e9e59a975ddcfa217cdcfd5f626ab8c512

    Download Submit

  • memory/1400-54-0x0000000000400000-0x0000000000415000-memory.dmp

    Filesize

    84KB

    Download

  • memory/1400-57-0x0000000075571000-0x0000000075573000-memory.dmp

    Filesize

    8KB

    Download

  • memory/1684-62-0x0000000000400000-0x0000000000415000-memory.dmp

    Filesize

    84KB

    Download