Overview

overview

7

Static

static

1

3c9ba8a4f2...79.exe

windows7-x64

7

3c9ba8a4f2...79.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    96s
  • max time network
    31s
  • platform
    windows7_x64
  • resource
    win7-20230220-en
  • resource tags

    arch:x64arch:x86image:win7-20230220-enlocale:en-usos:windows7-x64system
  • submitted
    12/04/2023, 20:04

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    3c9ba8a4f29476e766d45d25841f51dbf1bd573be87c88f9195f31fab7cb9f79.exe

  • Size

    1.3MB

  • MD5

    7753720f85b60d613dc9c91424a9e09c

  • SHA1

    b08a8eae50eea024002a213b50fdc01dd296af12

  • SHA256

    3c9ba8a4f29476e766d45d25841f51dbf1bd573be87c88f9195f31fab7cb9f79

  • SHA512

    57ddcddd966f15902752089234b4d4a06a32bc96a0eebecccc52d870a9f796ee1fd4a17127401e6fa41de698317df3912a251840c0a6176dda74c9589d91af4f

  • SSDEEP

    24576:j56U+1cZ1pWlTjFZYJ3rpiPGa3H632QbdauEs4ao+Rc0LJt6Jzb8me36j9z:jF3WldZUOX3H632QbdrE3aoReP6VRZjV

Score
7/10

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 2 IoCs
  • Enumerates connected drives 3 TTPs 24 IoCs

    Attempts to read the root path of hard drives other than the default C: drive.

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SendNotifyMessage 1 IoCs
  • Suspicious use of SetWindowsHookEx 1 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\3c9ba8a4f29476e766d45d25841f51dbf1bd573be87c88f9195f31fab7cb9f79.exe
    "C:\Users\Admin\AppData\Local\Temp\3c9ba8a4f29476e766d45d25841f51dbf1bd573be87c88f9195f31fab7cb9f79.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious use of WriteProcessMemory
    PID:2004
    • C:\Users\Admin\AppData\Local\Temp\Everything\Everything.exe
      C:\Users\Admin\AppData\Local\Temp\Everything\Everything.exe
      2⤵
      • Executes dropped EXE
      • Enumerates connected drives
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SendNotifyMessage
      • Suspicious use of SetWindowsHookEx
      PID:468

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\Everything\Everything.exe
    Filesize

    1.7MB

    MD5

    376ef56c716c4f0aeb5240874e94f856

    SHA1

    04426d351fb06e987c94f6a042e8faf59709f1eb

    SHA256

    88d239df76c11566ae1348c6b7196588bcc36eb4ee0d005d267e11d4002bbf37

    SHA512

    9c825f2456951128e0d3f9b71a208649d3c6d49517929700ac5503b2593a01a7e1e1ce86abc0f7882e349d502f3ca231fc038331a87d7577e60441f4264ddc97

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Everything\Everything.ini
    Filesize

    20KB

    MD5

    ba2155685e37aeca0553f2820355c8d6

    SHA1

    cf37a73ab21a2cc23e643ee42b6ae0d7cfe4e036

    SHA256

    4915b5e57ffc5f14729ee961f4ee3fe6c99a918032b2a4efc132acf1372f53aa

    SHA512

    eceb177dabf00aa9903fe2e9fd3cbcf088a8332360612861e31b958a3fd2429c19a553e55478e0c3ec7ed290fa816853219274d533954924868f887d4c9a038c

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Everything\Everything.lng
    Filesize

    734KB

    MD5

    2f354c87e4295686dac71d939d34b127

    SHA1

    04be0ca0c3c4420ea4f5c7ab7b7112401c7bf626

    SHA256

    c86b34b7652b00a0caccd365e797c307d32f2681791056bea653cb66c947f40d

    SHA512

    9c166b03a3154d064ae9739243d5caa5a7a0f205746c450151551e729eef5b5c782186a3969776f815a95047df0a0dee7ed730a3bb0c6306cb57f571c6a9fbca

    Download Submit

  • \Users\Admin\AppData\Local\Temp\Everything\Everything.exe
    Filesize

    1.7MB

    MD5

    376ef56c716c4f0aeb5240874e94f856

    SHA1

    04426d351fb06e987c94f6a042e8faf59709f1eb

    SHA256

    88d239df76c11566ae1348c6b7196588bcc36eb4ee0d005d267e11d4002bbf37

    SHA512

    9c825f2456951128e0d3f9b71a208649d3c6d49517929700ac5503b2593a01a7e1e1ce86abc0f7882e349d502f3ca231fc038331a87d7577e60441f4264ddc97

    Download Submit

  • \Users\Admin\AppData\Local\Temp\nstFFB.tmp\System.dll
    Filesize

    11KB

    MD5

    00a0194c20ee912257df53bfe258ee4a

    SHA1

    d7b4e319bc5119024690dc8230b9cc919b1b86b2

    SHA256

    dc4da2ccadb11099076926b02764b2b44ad8f97cd32337421a4cc21a3f5448f3

    SHA512

    3b38a2c17996c3b77ebf7b858a6c37415615e756792132878d8eddbd13cb06710b7da0e8b58104768f8e475fc93e8b44b3b1ab6f70ddf52edee111aaf5ef5667

    Download Submit