Malware Analysis Report

2024-09-11 01:42

Sample ID 231213-rdpyksdgbl
Target 0ee3cfe5e7033830cff6bdaa03e13bdd02ffdabd3858e9b1bf8eb8cdd4b0fc35
SHA256 0ee3cfe5e7033830cff6bdaa03e13bdd02ffdabd3858e9b1bf8eb8cdd4b0fc35
Tags
yanluowang
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK Matrix

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

0ee3cfe5e7033830cff6bdaa03e13bdd02ffdabd3858e9b1bf8eb8cdd4b0fc35

Threat Level: Known bad

The file 0ee3cfe5e7033830cff6bdaa03e13bdd02ffdabd3858e9b1bf8eb8cdd4b0fc35 was found to be: Known bad.

Malicious Activity Summary

yanluowang

Detects Yanluowang ransomware

Yanluowang family

Unsigned PE

MITRE ATT&CK Matrix

N/A

Analysis: static1

Detonation Overview

Reported

2023-12-13 14:04

Signatures

Detects Yanluowang ransomware

Description Indicator Process Target
N/A N/A N/A N/A

Yanluowang family

yanluowang

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral2

Detonation Overview

Submitted

2023-12-13 14:04

Reported

2023-12-13 14:07

Platform

win10v2004-20231127-en

Max time kernel

141s

Max time network

152s

Command Line

"C:\Users\Admin\AppData\Local\Temp\0ee3cfe5e7033830cff6bdaa03e13bdd02ffdabd3858e9b1bf8eb8cdd4b0fc35.exe"

Signatures

N/A

Processes

C:\Users\Admin\AppData\Local\Temp\0ee3cfe5e7033830cff6bdaa03e13bdd02ffdabd3858e9b1bf8eb8cdd4b0fc35.exe

"C:\Users\Admin\AppData\Local\Temp\0ee3cfe5e7033830cff6bdaa03e13bdd02ffdabd3858e9b1bf8eb8cdd4b0fc35.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 18.53.126.40.in-addr.arpa udp
US 8.8.8.8:53 2.136.104.51.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 208.178.17.96.in-addr.arpa udp
US 8.8.8.8:53 241.154.82.20.in-addr.arpa udp
US 8.8.8.8:53 195.233.44.23.in-addr.arpa udp
US 8.8.8.8:53 tse1.mm.bing.net udp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 8.8.8.8:53 200.197.79.204.in-addr.arpa udp
US 8.8.8.8:53 26.165.165.52.in-addr.arpa udp
US 8.8.8.8:53 206.23.85.13.in-addr.arpa udp
US 8.8.8.8:53 18.134.221.88.in-addr.arpa udp
US 8.8.8.8:53 172.178.17.96.in-addr.arpa udp
US 8.8.8.8:53 43.229.111.52.in-addr.arpa udp
US 8.8.8.8:53 211.143.182.52.in-addr.arpa udp

Files

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2023-12-13 14:04

Reported

2023-12-13 14:07

Platform

win7-20231201-en

Max time kernel

122s

Max time network

122s

Command Line

"C:\Users\Admin\AppData\Local\Temp\0ee3cfe5e7033830cff6bdaa03e13bdd02ffdabd3858e9b1bf8eb8cdd4b0fc35.exe"

Signatures

N/A

Processes

C:\Users\Admin\AppData\Local\Temp\0ee3cfe5e7033830cff6bdaa03e13bdd02ffdabd3858e9b1bf8eb8cdd4b0fc35.exe

"C:\Users\Admin\AppData\Local\Temp\0ee3cfe5e7033830cff6bdaa03e13bdd02ffdabd3858e9b1bf8eb8cdd4b0fc35.exe"

Network

N/A

Files

N/A