Overview

overview

10

Static

static

10

TekDefense.exe

windows7-x64

7

TekDefense.exe

windows10-2004-x64

7

index 2.html

windows7-x64

1

index 2.html

windows10-2004-x64

1

index2 2.html

windows7-x64

1

index2 2.html

windows10-2004-x64

1

index3 2.html

windows7-x64

1

index3 2.html

windows10-2004-x64

1

ransomware.exe

windows7-x64

7

ransomware.exe

windows10-2004-x64

7

tekdefense.dll

windows7-x64

10

tekdefense.dll

windows10-2004-x64

5

Analysis

  • max time kernel
    150s
  • max time network
    147s
  • platform
    windows7_x64
  • resource
    win7-20230220-en
  • resource tags

    arch:x64arch:x86image:win7-20230220-enlocale:en-usos:windows7-x64system
  • submitted
    27-03-2023 09:37

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    ransomware.exe

  • Size

    434KB

  • MD5

    63bab74409c514ed8548b1f33d0acedc

  • SHA1

    abc6bb8dd01fa83d7fd92182601b868d2b6dd1ea

  • SHA256

    265041a4e943debd8b6b147085cb8549be110facde2288021e90ae65e87be235

  • SHA512

    27a28305e604b25fe7c71a8f7db4a453e6cca234c27f1c747cdaa98060c5a7f7788e983b5ec9d550ca62a0895b21b4c1403d3b3f595d7d7693e7f422855af4f1

  • SSDEEP

    12288:s6Wq4aaE6KwyF5L0Y2D1PqLVSV7uikFgd9OFNu:qthEVaPqLIlubgdYu

Score
7/10
persistenceupx

Malware Config

Signatures

  • UPX packed file 4 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Adds Run key to start application 2 TTPs 2 IoCs
    persistence
  • AutoIT Executable 4 IoCs

    AutoIT scripts compiled to PE executables.

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

  • Modifies Internet Explorer settings 1 TTPs 1 IoCs
    adwarespyware
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of SetWindowsHookEx 2 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\ransomware.exe
    "C:\Users\Admin\AppData\Local\Temp\ransomware.exe"
    1⤵
    • Adds Run key to start application
    • Modifies Internet Explorer settings
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious behavior: GetForegroundWindowSpam
    • Suspicious use of SetWindowsHookEx
    PID:1996

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\index.html
    Filesize

    536B

    MD5

    d8054b190eeae6c777bb693dc14ce497

    SHA1

    1b7aa7a0b6d0126ed4e2771a89ffbcb0f1e50205

    SHA256

    69392b73c989af987838d132fbe17bfe6b124917074200897197c21f6ff51716

    SHA512

    351ad20ece4d3155fb7045a3a20de33276d76f934c88d538f86aa5e7f419a2bd1253f870e5a9e07a46c4657149dade9b93fc94c3e0d04ca565082c2ad18ded39

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\index3.html
    Filesize

    1B

    MD5

    c4ca4238a0b923820dcc509a6f75849b

    SHA1

    356a192b7913b04c54574d18c28d46e6395428ab

    SHA256

    6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b

    SHA512

    4dff4ea340f0a823f15d3f4f01ab62eae0e5da579ccb851f8db9dfe84c58b2b37b89903a740e1ee172da793a6e79d560e5f7f9bd058a12a280433ed6fa46510a

    Download Submit

  • memory/1996-73-0x0000000000400000-0x00000000004EE000-memory.dmp

    Filesize

    952KB

    Download

  • memory/1996-92-0x0000000000400000-0x00000000004EE000-memory.dmp

    Filesize

    952KB

    Download

  • memory/1996-97-0x0000000000400000-0x00000000004EE000-memory.dmp

    Filesize

    952KB

    Download

  • memory/1996-98-0x0000000000400000-0x00000000004EE000-memory.dmp

    Filesize

    952KB

    Download