Overview

overview

8

Static

static

1

3b2e708eaa...fe.exe

windows7-x64

8

3b2e708eaa...fe.exe

windows10-2004-x64

Resubmissions

14/02/2023, 18:42

230214-xccjrafd49 8

14/02/2023, 18:27

230214-w32e5aef61 8

Analysis

  • max time kernel
    107s
  • max time network
    33s
  • platform
    windows7_x64
  • resource
    win7-20221111-en
  • resource tags

    arch:x64arch:x86image:win7-20221111-enlocale:en-usos:windows7-x64system
  • submitted
    14/02/2023, 18:27

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    3b2e708eaa4744c76a633391cf2c983f4a098b46436525619e5ea44e105355fe.exe

  • Size

    419KB

  • MD5

    7d20fa01a703afa8907e50417d27b0a4

  • SHA1

    320116162d78afb8e00fd972591479a899d3dfee

  • SHA256

    3b2e708eaa4744c76a633391cf2c983f4a098b46436525619e5ea44e105355fe

  • SHA512

    0dcebe2598e6ccb51f0609831c93071421049eb924f83871e95c5a280af0d2e76630dfc47c5a2780eb18d55ee9690d6c83aabd8f1043cc2cdc21d9fe5425b892

  • SSDEEP

    3072:Ga1HoUY9aEnRUx4DZLQHkRduVhiHm5Pz6GaYtxcpKnyWOtq:GwYznRC4DpduVnxzsYtxWWOtq

Score
8/10
persistenceransomwarespywarestealer

Malware Config

Signatures

  • Drops file in Drivers directory 64 IoCs
  • Modifies Installed Components in the registry 2 TTPs 9 IoCs
    persistence
  • Modifies extensions of user files 1 IoCs

    Ransomware generally changes the extension on encrypted files.

    ransomware
  • Reads user/profile data of web browsers 2 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer
  • Drops desktop.ini file(s) 64 IoCs
  • Maps connected drives based on registry 3 TTPs 4 IoCs

    Disk information is often read in order to detect sandboxing environments.

  • Drops autorun.inf file 1 TTPs 1 IoCs

    Malware can abuse Windows Autorun to spread further via attached volumes.

  • Drops file in Windows directory 64 IoCs
  • Checks SCSI registry key(s) 3 TTPs 1 IoCs

    SCSI information is often read in order to detect sandboxing environments.

  • Modifies Control Panel 64 IoCs
    evasion
  • Modifies Internet Explorer settings 1 TTPs 64 IoCs
    adwarespyware
  • Modifies data under HKEY_USERS 64 IoCs
  • Modifies system certificate store 2 TTPs 1 IoCs
    evasionspywaretrojan
  • Suspicious behavior: EnumeratesProcesses 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 5 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\3b2e708eaa4744c76a633391cf2c983f4a098b46436525619e5ea44e105355fe.exe
    "C:\Users\Admin\AppData\Local\Temp\3b2e708eaa4744c76a633391cf2c983f4a098b46436525619e5ea44e105355fe.exe"
    1⤵
    • Drops file in Drivers directory
    • Modifies Installed Components in the registry
    • Modifies extensions of user files
    • Drops desktop.ini file(s)
    • Maps connected drives based on registry
    • Drops autorun.inf file
    • Drops file in Windows directory
    • Checks SCSI registry key(s)
    • Modifies Control Panel
    • Modifies Internet Explorer settings
    • Modifies data under HKEY_USERS
    • Modifies system certificate store
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    PID:888

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/888-54-0x0000000000990000-0x00000000009FE000-memory.dmp

    Filesize

    440KB

    Download