Overview

overview

7

Static

static

3

22cf9fe9c4...39.exe

windows7-x64

7

22cf9fe9c4...39.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    139s
  • max time network
    146s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20230703-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20230703-enlocale:en-usos:windows10-2004-x64system
  • submitted
    29-08-2023 18:47

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    22cf9fe9c4014a495789d9895ac7a3436166e4377dcc52cbbe1523a30137d739.exe

  • Size

    8.0MB

  • MD5

    18620785ff64219f20bf5f1f6e797342

  • SHA1

    afb51d0b92677de87042da47c6505f0a9f78af75

  • SHA256

    22cf9fe9c4014a495789d9895ac7a3436166e4377dcc52cbbe1523a30137d739

  • SHA512

    399988e34ba2e8bc5503fc97b92457f9354ecff2a52d783b0273e3daf6b6b5ed19d10bb518c6f8abf1d05e87e534daaf74842d5f28c4f2b003d59b69008a4902

  • SSDEEP

    196608:5EtZkQkQsSkrQzw6Dqs/y+cNBKbQ4hrivFQhZI26G/Udrqn2:itGQkLNz69a+c684BAFQvF6S3n2

Score
7/10

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Enumerates connected drives 3 TTPs 24 IoCs

    Attempts to read the root path of hard drives other than the default C: drive.

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Program crash 1 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of SetWindowsHookEx 10 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\22cf9fe9c4014a495789d9895ac7a3436166e4377dcc52cbbe1523a30137d739.exe
    "C:\Users\Admin\AppData\Local\Temp\22cf9fe9c4014a495789d9895ac7a3436166e4377dcc52cbbe1523a30137d739.exe"
    1⤵
    • Enumerates connected drives
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:2792
    • F:\·çÔÆ´«Ææ\22cf9fe9c4014a495789d9895ac7a3436166e4377dcc52cbbe1523a30137d739.exe
      F:\·çÔÆ´«Ææ\22cf9fe9c4014a495789d9895ac7a3436166e4377dcc52cbbe1523a30137d739.exe
      2⤵
      • Executes dropped EXE
      • Enumerates connected drives
      • Suspicious behavior: GetForegroundWindowSpam
      • Suspicious use of SetWindowsHookEx
      PID:460
      • C:\Windows\SysWOW64\WerFault.exe
        C:\Windows\SysWOW64\WerFault.exe -u -p 460 -s 2188
        3⤵
        • Program crash
        PID:2912
  • C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -pss -s 416 -p 460 -ip 460
    1⤵
      PID:4680

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\Local\Temp\45f2dc0fed18a8ff84aafe498b741f33.ini
      Filesize

      2KB

      MD5

      49322de86c414042b7a13f8282e55141

      SHA1

      1ca2e6be4a8fc1c6ea62464727044cf8f3cb8aed

      SHA256

      643b5eb3767355428866a8f243dc129f12e805ccba5e8a649ff1e5ecd1f31a29

      SHA512

      b275bfba91cfc05635eec21d02ee2e29a92a757d18b6db02ee85cd858fa082759d947df1a3d57b37042a3f86381f6846024a65ce58f517aa5a5baa637775d174

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\45f2dc0fed18a8ff84aafe498b741f33.ini
      Filesize

      5KB

      MD5

      56adfd0c123e2b4ffb67a1f29833f4db

      SHA1

      12c9aaf42ff420d8f7f6bf2da5897914cfcfca73

      SHA256

      c2809df6b5f01443b434cb25ef8116f0f8c9630b060c608b89d7db05a4009184

      SHA512

      c087c200d796afc7112284f151882178918109aee0e41eb8190ff018ef9e7a9b1098b68faf79d95626fc7af2d7e80a95f874437bdd95672bfd8ad85b5f6448a4

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\501a60192a4cd471f4fc6eea94f44bdb.tmp
      Filesize

      11B

      MD5

      85b881741eebab117431cb90c6b38c6e

      SHA1

      931cffba14890eec48938d4498ccbbf52a2d0b18

      SHA256

      c5b7b86b29ae7d471a44b5697f67d546689b0e8f0e81107072e30d30a46c238f

      SHA512

      a463df49c69fd1d1f61a7450510d90dd08f7a522581512fa9914026ca4e2e95d50c0363f867bd515a53e2ebbafdead8d85c18a4bfbc159d6638b273423664f6e

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\del.tmp
      Filesize

      102B

      MD5

      297c92bec11aba48c29df617048da371

      SHA1

      7358a4c412f6c2c0dcbafba3df691b5a691d7eaf

      SHA256

      2d7d5d0c19bfa1aa9e1fb97d41ef68c566f55aac61e514735304f9053c026396

      SHA512

      c22d7e0fcb112c0c30482f21f546007e9a20308f879dab240367b67c862204cf0cda6f53f3aed0f56078891bca7a54ae70b4d7bfb8a0eb23a15c1bc56ec79d59

      Download Submit

    • F:\·çÔÆ´«Ææ\22cf9fe9c4014a495789d9895ac7a3436166e4377dcc52cbbe1523a30137d739.exe
      Filesize

      8.0MB

      MD5

      18620785ff64219f20bf5f1f6e797342

      SHA1

      afb51d0b92677de87042da47c6505f0a9f78af75

      SHA256

      22cf9fe9c4014a495789d9895ac7a3436166e4377dcc52cbbe1523a30137d739

      SHA512

      399988e34ba2e8bc5503fc97b92457f9354ecff2a52d783b0273e3daf6b6b5ed19d10bb518c6f8abf1d05e87e534daaf74842d5f28c4f2b003d59b69008a4902

      Download Submit

    • F:\·çÔÆ´«Ææ\22cf9fe9c4014a495789d9895ac7a3436166e4377dcc52cbbe1523a30137d739.exe
      Filesize

      8.0MB

      MD5

      18620785ff64219f20bf5f1f6e797342

      SHA1

      afb51d0b92677de87042da47c6505f0a9f78af75

      SHA256

      22cf9fe9c4014a495789d9895ac7a3436166e4377dcc52cbbe1523a30137d739

      SHA512

      399988e34ba2e8bc5503fc97b92457f9354ecff2a52d783b0273e3daf6b6b5ed19d10bb518c6f8abf1d05e87e534daaf74842d5f28c4f2b003d59b69008a4902

      Download Submit

    • memory/460-141-0x0000000000CC0000-0x0000000000CC3000-memory.dmp

      Filesize

      12KB

      Download

    • memory/460-150-0x0000000000400000-0x0000000000B9B000-memory.dmp

      Filesize

      7.6MB

      Download

    • memory/460-197-0x0000000000400000-0x0000000000B9B000-memory.dmp

      Filesize

      7.6MB

      Download

    • memory/460-195-0x0000000000400000-0x0000000000B9B000-memory.dmp

      Filesize

      7.6MB

      Download

    • memory/460-10-0x0000000000400000-0x0000000000B9B000-memory.dmp

      Filesize

      7.6MB

      Download

    • memory/460-16-0x0000000000400000-0x0000000000B9B000-memory.dmp

      Filesize

      7.6MB

      Download

    • memory/460-152-0x0000000000400000-0x0000000000B9B000-memory.dmp

      Filesize

      7.6MB

      Download

    • memory/460-140-0x0000000000400000-0x0000000000B9B000-memory.dmp

      Filesize

      7.6MB

      Download

    • memory/460-151-0x0000000000400000-0x0000000000B9B000-memory.dmp

      Filesize

      7.6MB

      Download

    • memory/460-142-0x0000000000400000-0x0000000000B9B000-memory.dmp

      Filesize

      7.6MB

      Download

    • memory/460-143-0x0000000000400000-0x0000000000B9B000-memory.dmp

      Filesize

      7.6MB

      Download

    • memory/460-144-0x0000000000400000-0x0000000000B9B000-memory.dmp

      Filesize

      7.6MB

      Download

    • memory/460-145-0x0000000000400000-0x0000000000B9B000-memory.dmp

      Filesize

      7.6MB

      Download

    • memory/460-146-0x0000000000400000-0x0000000000B9B000-memory.dmp

      Filesize

      7.6MB

      Download

    • memory/460-148-0x0000000000400000-0x0000000000B9B000-memory.dmp

      Filesize

      7.6MB

      Download

    • memory/460-149-0x0000000000400000-0x0000000000B9B000-memory.dmp

      Filesize

      7.6MB

      Download

    • memory/460-11-0x0000000000CC0000-0x0000000000CC3000-memory.dmp

      Filesize

      12KB

      Download

    • memory/2792-0-0x0000000000400000-0x0000000000B9B000-memory.dmp

      Filesize

      7.6MB

      Download

    • memory/2792-3-0x0000000004680000-0x0000000004681000-memory.dmp

      Filesize

      4KB

      Download

    • memory/2792-2-0x0000000000400000-0x0000000000B9B000-memory.dmp

      Filesize

      7.6MB

      Download

    • memory/2792-1-0x0000000000C30000-0x0000000000C33000-memory.dmp

      Filesize

      12KB

      Download

    • memory/2792-13-0x0000000000C30000-0x0000000000C33000-memory.dmp

      Filesize

      12KB

      Download

    • memory/2792-12-0x0000000000400000-0x0000000000B9B000-memory.dmp

      Filesize

      7.6MB

      Download