Overview

overview

6

Static

static

3

36a27302a3...25.exe

windows7-x64

6

36a27302a3...25.exe

windows10-2004-x64

6

Analysis

  • max time kernel
    142s
  • max time network
    46s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231215-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
  • submitted
    30/12/2023, 18:55

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    36a27302a361c6269c365d593f5d1a25.exe

  • Size

    1.5MB

  • MD5

    36a27302a361c6269c365d593f5d1a25

  • SHA1

    e22c8ccc17d48620e8d3e3048b7f810cab52ff50

  • SHA256

    e35fb3520d41420f5a82d2929bc973b218bc4b9be041f43b502b950da718299e

  • SHA512

    98d704fce3259018b72597ffca331313f707d9765e534119c113c3306f40c58698965f163ff57f8a3f03231322eb02ef0f87d4fb1c26c2be4aef96869bc8bf22

  • SSDEEP

    6144:sFEqTQwNaSfBF58TQ8GYrmjyoAXjiU4bz:u0wNaSf6cXMoAX+U4

Score
6/10
ransomware

Malware Config

Signatures

  • Enumerates connected drives 3 TTPs 10 IoCs

    Attempts to read the root path of hard drives other than the default C: drive.

  • Sets desktop wallpaper using registry 2 TTPs 1 IoCs
    ransomware
  • Drops file in Program Files directory 21 IoCs
  • Drops file in Windows directory 2 IoCs
  • Program crash 1 IoCs
  • Modifies Internet Explorer settings 1 TTPs 2 IoCs
    adwarespyware

Processes

  • C:\Users\Admin\AppData\Local\Temp\36a27302a361c6269c365d593f5d1a25.exe
    "C:\Users\Admin\AppData\Local\Temp\36a27302a361c6269c365d593f5d1a25.exe"
    1⤵
    • Enumerates connected drives
    • Sets desktop wallpaper using registry
    • Drops file in Program Files directory
    • Drops file in Windows directory
    • Modifies Internet Explorer settings
    PID:3600
    • C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 3600 -s 720
      2⤵
      • Program crash
      PID:3092
  • C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 3600 -ip 3600
    1⤵
      PID:3352

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Program Files\7-Zip\7z.cab
      Filesize

      8KB

      MD5

      74bb04699fd1d18daf9b97d0fd3fde85

      SHA1

      9c2508c5247e07b88603b57358d04c4ce307f42b

      SHA256

      bd8408af23f1a462144b815fc31013ecc8aa5944ab1097133e09cffcc76cd918

      SHA512

      63fb2719866c38dc484dddc310d9646c122e38f97a4e1137f53e21e3b9fec6a3abae7086a6268a429804790020e82f85b451ce555f942a04ae95de67024e10c4

      Download Submit

    • C:\Program Files\7-Zip\7z.exe
      Filesize

      1KB

      MD5

      42930a51265d246444e00fd4ca67369f

      SHA1

      610ae7e8df411419734cc4d1ff9b83c877111376

      SHA256

      a0ebcd89cbdcdce9e19f52a3e84353094a87bf209ee0e0385c0c9718fadfa4d3

      SHA512

      911a8aca50c86679f5f114e8cf38ea31d9bd4334367854ccce2645bcd2e6a1a10c371ca14bbd96fdf5da4df1087255868bfa9c074131af2bfd4b0eb5f2aa24bf

      Download Submit

    • C:\Program Files\7-Zip\7zFM.cab
      Filesize

      20KB

      MD5

      cc525733abca9afa1340fee553fd9ac4

      SHA1

      71d038798a2c3c10d87d27d02e5c5d115df3c9e9

      SHA256

      7d852aab7f7b5e5f48c914b099b14af9d1f7bec233d26ec17b6b25e9b2db9b97

      SHA512

      a36d0045d7c719b23d1df7c96632c3a8671133720841c1eb922d328ea1f6df3071c9cdb2507754020ecff7c3fc71ebdedacfb117d86fb3eeeed6fc4bb1592977

      Download Submit

    • C:\Program Files\7-Zip\7zFM.exe
      Filesize

      5KB

      MD5

      b8697f804258c9f927cc368e20193d99

      SHA1

      392bc9fc769aa4c08c11c4f40f6c2c15ec6fd8f3

      SHA256

      4b2ff559c2f7f8d4972ff1f4db201518a5f766638255c1eebd78195deb5d5277

      SHA512

      8207d4310777e186c9e8964b4e56c1945ef778c823b11de65a89d57307c9ecaecc708895702e2cf73e84dd1ca167891df45b4a5b1829848d475a952427fa32bb

      Download Submit