Analysis
-
max time kernel
149s -
max time network
33s -
platform
windows7_x64 -
resource
win7-20230220-en -
resource tags
-
submitted
23-03-2023 03:09
General
-
Target
e2fd0fe39769e6e4cacae7a8c3366e02fe3016cf8d156bda7db2affd8673d38d.exe
-
Size
20KB
-
MD5
9a2d73c4e432f7e5b79ca679dfaea411
-
SHA1
00531b635ccb5f450aa9e2abaae904094b2576e5
-
SHA256
e2fd0fe39769e6e4cacae7a8c3366e02fe3016cf8d156bda7db2affd8673d38d
-
SHA512
d02dc5bf1cc399a3f944cd5cbed47984effc696cf31cf67c5bcae58ff3c7b937e61218cd03727d800776c98509123fead7f875b842d3d8e67758eba682b6f89e
-
SSDEEP
384:6353Z9WzLE7FCFSHR2yU03QGHc4Je1dJqsNbeVvQkkrIaNJawcudoD7Ukalk:6phCSwmxc4Je1dT0IkQhnbcuyD7Ukal
Malware Config
Signatures
-
Downloads MZ/PE file
-
Executes dropped EXE 1 IoCs
-
Loads dropped DLL 1 IoCs
-
UPX packed file 2 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Drops file in System32 directory 3 IoCs
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.
-
Modifies Internet Explorer settings 1 TTPs 1 IoCs
-
Suspicious behavior: EnumeratesProcesses 64 IoCs
-
Suspicious behavior: GetForegroundWindowSpam 1 IoCs
-
Suspicious use of AdjustPrivilegeToken 4 IoCs
-
Suspicious use of SetWindowsHookEx 5 IoCs
-
Suspicious use of WriteProcessMemory 8 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\e2fd0fe39769e6e4cacae7a8c3366e02fe3016cf8d156bda7db2affd8673d38d.exe"C:\Users\Admin\AppData\Local\Temp\e2fd0fe39769e6e4cacae7a8c3366e02fe3016cf8d156bda7db2affd8673d38d.exe"1⤵
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\ProgramData\homo\test.exe"C:\ProgramData\homo\test.exe"2⤵
- Executes dropped EXE
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\cmd.execmd /c start C:\ProgramData\1145143⤵
-
C:\Windows\system32\mmc.exe"C:\Windows\system32\mmc.exe" "C:\Windows\System32\gpedit.msc"1⤵
- Drops file in System32 directory
- Modifies Internet Explorer settings
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SetWindowsHookEx
Network
MITRE ATT&CK Matrix ATT&CK v6
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\ProgramData\homo\test.exeFilesize
208KB
MD5918d059d9c6573de0fb710d7c62b39f8
SHA156d5754101a542d27bca93c1b008293ddb5b8048
SHA25673273191ff57825b6a32c776e2ac29800aec5febc70ea64c3d5128abcf7b49df
SHA5122b9436b060254485b71e7570705009269e03aa8e78b7cb6020986d781cf718fba89457944fce7d32a71df8b24a795e3bcfb4ed097078b732a5748c1f8238ba57
-
C:\ProgramData\homo\test.exeFilesize
208KB
MD5918d059d9c6573de0fb710d7c62b39f8
SHA156d5754101a542d27bca93c1b008293ddb5b8048
SHA25673273191ff57825b6a32c776e2ac29800aec5febc70ea64c3d5128abcf7b49df
SHA5122b9436b060254485b71e7570705009269e03aa8e78b7cb6020986d781cf718fba89457944fce7d32a71df8b24a795e3bcfb4ed097078b732a5748c1f8238ba57
-
\ProgramData\homo\test.exeFilesize
208KB
MD5918d059d9c6573de0fb710d7c62b39f8
SHA156d5754101a542d27bca93c1b008293ddb5b8048
SHA25673273191ff57825b6a32c776e2ac29800aec5febc70ea64c3d5128abcf7b49df
SHA5122b9436b060254485b71e7570705009269e03aa8e78b7cb6020986d781cf718fba89457944fce7d32a71df8b24a795e3bcfb4ed097078b732a5748c1f8238ba57
-
memory/1480-54-0x0000000000400000-0x0000000000415000-memory.dmpFilesize
84KB
-
memory/1480-64-0x0000000000400000-0x0000000000415000-memory.dmpFilesize
84KB
-
memory/1552-116-0x00000000024E0000-0x00000000024E1000-memory.dmpFilesize
4KB
-
memory/1552-121-0x00000000033D0000-0x0000000003450000-memory.dmpFilesize
512KB
-
memory/1552-136-0x00000000024E0000-0x00000000024E1000-memory.dmpFilesize
4KB
-
memory/1552-137-0x00000000033D0000-0x0000000003450000-memory.dmpFilesize
512KB