Overview

overview

6

Static

static

3

36a27302a3...25.exe

windows7-x64

6

36a27302a3...25.exe

windows10-2004-x64

6

Analysis

  • max time kernel
    118s
  • max time network
    120s
  • platform
    windows7_x64
  • resource
    win7-20231129-en
  • resource tags

    arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
  • submitted
    30/12/2023, 18:55

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    36a27302a361c6269c365d593f5d1a25.exe

  • Size

    1.5MB

  • MD5

    36a27302a361c6269c365d593f5d1a25

  • SHA1

    e22c8ccc17d48620e8d3e3048b7f810cab52ff50

  • SHA256

    e35fb3520d41420f5a82d2929bc973b218bc4b9be041f43b502b950da718299e

  • SHA512

    98d704fce3259018b72597ffca331313f707d9765e534119c113c3306f40c58698965f163ff57f8a3f03231322eb02ef0f87d4fb1c26c2be4aef96869bc8bf22

  • SSDEEP

    6144:sFEqTQwNaSfBF58TQ8GYrmjyoAXjiU4bz:u0wNaSf6cXMoAX+U4

Score
6/10
ransomware

Malware Config

Signatures

  • Enumerates connected drives 3 TTPs 10 IoCs

    Attempts to read the root path of hard drives other than the default C: drive.

  • Sets desktop wallpaper using registry 2 TTPs 1 IoCs
    ransomware
  • Drops file in Program Files directory 64 IoCs
  • Drops file in Windows directory 2 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Program crash 1 IoCs
  • Modifies Internet Explorer settings 1 TTPs 2 IoCs
    adwarespyware
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\36a27302a361c6269c365d593f5d1a25.exe
    "C:\Users\Admin\AppData\Local\Temp\36a27302a361c6269c365d593f5d1a25.exe"
    1⤵
    • Enumerates connected drives
    • Sets desktop wallpaper using registry
    • Drops file in Program Files directory
    • Drops file in Windows directory
    • Modifies Internet Explorer settings
    • Suspicious use of WriteProcessMemory
    PID:2372
    • C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 2372 -s 1052
      2⤵
      • Program crash
      PID:816

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Program Files\7-Zip\7z.cab
    Filesize

    1KB

    MD5

    004a039b62a7fd07d73ff3c5ae702811

    SHA1

    9dae66e7e0a283a9cd6eec5a6fa4d1abf4b1edbf

    SHA256

    b6d296aafe29dfc4d2f1557e6b60b043ba6b086283609c0d51babd320ae30b02

    SHA512

    5f25665ccafa15028dd45dcee5eca3ad1110faa02807a4817b856e6ffdf502394102c18a78cfe8c977b7d2ddfcd8adb853276bdac3ea818cfc18eb10066b322f

    Download Submit

  • C:\Program Files\7-Zip\7z.exe
    Filesize

    1KB

    MD5

    33041a376532de90cdd4ea6a7553502d

    SHA1

    e22e01876aface34276cb8dcebc5a774d0f4178a

    SHA256

    088b3b76ef8fd93007b924cfaa04a15429bccad949cd9e8b2b22826418a500db

    SHA512

    8772506c40583446539a757c30a0cfaf1bab43ccaa31377f1a534cd53eec007cb21d233da36f7d8111d23eff9c413aa13e469ae82879bb40b84e18f896c60362

    Download Submit

  • C:\Program Files\7-Zip\7zFM.cab
    Filesize

    5KB

    MD5

    3e52ff599097fd39da1036911336ac60

    SHA1

    0df2d661eb55a6cce18cbb877b031ff06e2dc562

    SHA256

    e1147146ffa9f2064bb796196d68a141e086a22f11b2144902fa900da708f1e5

    SHA512

    d6971cdcc3bd94321308fd53416798b93eb22e631f143f3feef0f73017790fac12a3c42f55b6384335ea12be2570400ec688cc1968652ae78548c85e7ed6b0ab

    Download Submit

  • C:\Program Files\7-Zip\7zFM.exe
    Filesize

    41KB

    MD5

    c00ec288a66f8c3deca319d6a160dddf

    SHA1

    254a24adf0c1556041efaeab87b3d909921cf494

    SHA256

    ac0f9c51a776f68530a7734cf4b9358033fa1277fce0ec1290ab7bb2d6342512

    SHA512

    c6aa217c45df0ba9be25c47095b7802baeb4608a3425e5c6d8a1546369e3c397d11e89095150c71e6131e88a06d422f0982327e7bfb422cad8ce7e226d87e039

    Download Submit

  • C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLED.cab
    Filesize

    1KB

    MD5

    695b6889fb43626648986703543e608c

    SHA1

    c5296358dfac63bbf0072b37407f7af703612b6f

    SHA256

    01c9fff20d315dcb00d7c43c04292f3b0aec39d3dbd0506eed2a1d96140528e9

    SHA512

    682926d9653de4eb452180889bd9805d471e94d48c712ac7a79b910fd637d94462484ef766893afd6a94f6cd6294dde1afbd667b8ed62fdfec8718cffdecfffa

    Download Submit

  • C:\Program Files\Google\Chrome\Application\RCXF59.tmp
    Filesize

    37KB

    MD5

    10bb46b373bc7ce70b105861cb9dc1a4

    SHA1

    608415cfcbc66d7b97f9564535991f27ade4a62d

    SHA256

    1b6e2ddf46119910a6af04c8258016b4b22a0d552f2bd437277eb7dacf4aa0db

    SHA512

    41cbbf5404e9a92675987418e80d4f02c150c23f6f0ce4ad2f1f2b0b5dea596a0a45359a8e4c341311940d795361c7c3b3be9bceba502e32a0607e5ace879258

    Download Submit

  • C:\Program Files\Google\Chrome\Application\chrome.cab
    Filesize

    5KB

    MD5

    8e1398d936193c759f539b0f2a3485c9

    SHA1

    fe260caab2885f63206d603d92dac7812a8bd190

    SHA256

    39e5619e6c41eed61a8f6296742964f52a4577acfc3a9d3be37d229fc004e32c

    SHA512

    abd0760103a16d5ec54dd4fd8f586fedb484bb43c045d0b2220b70b540569aa5d7cc48c41bb1ce6e4be0fbb5e2fb6f828e25331900916a9e22d980756d827b43

    Download Submit

  • C:\Program Files\Google\Chrome\Application\chrome_proxy.cab
    Filesize

    17KB

    MD5

    46a62f3c8264ce09f8405f0d3700b445

    SHA1

    ed3b38269b41f00dc0c9447115a7395f64e0108b

    SHA256

    c90e8e7bddc4cb943e46ebfd562aa5681ab759040edee0490c80a8871a985404

    SHA512

    21368c098f495617986c7698fada985cbe1010b0b95df422026963f19d88b5831563984a26b3b1b49df8f37a1198182120743b819f995846ed5d94906e94b811

    Download Submit