Resubmissions
21-01-2024 14:52
240121-r8syqaeac7 1021-01-2024 14:51
240121-r8k8waeac5 1001-01-2024 13:55
240101-q776kscacp 10Analysis
-
max time kernel
150s -
max time network
123s -
platform
windows7_x64 -
resource
win7-20231215-en -
resource tags
-
submitted
21-01-2024 14:51
General
-
Target
5474e75872eeb1e34cbe407c73409d4c65da7bd6aa9378b356bb3c12f316c506.exe
-
Size
263KB
-
MD5
111e7dd338f7a7db306c95e05797747f
-
SHA1
aff72034cbbc21693425306ad42b1bb182582743
-
SHA256
5474e75872eeb1e34cbe407c73409d4c65da7bd6aa9378b356bb3c12f316c506
-
SHA512
215ee93c5faf2af3a55cceed281b56aecb5990baf4ae508f02eb481c7c22081f05b73a2657279205ff5d4edfc63722ea1405a9e8cdf65939021c9f052ffb6fec
-
SSDEEP
6144:jeHgRe/IfHES0cVZrDjuNywKGOCWVoYkNMbU:jeHgM4HxZG1KGjWVoVO
Malware Config
Extracted
C:\Users\Admin\Favorites\Links\How To Recover Encrypted Files.hta
class="mark">[email protected]</span>
Signatures
-
Deletes itself 1 IoCs
-
Executes dropped EXE 1 IoCs
-
Loads dropped DLL 5 IoCs
-
UPX packed file 8 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Adds Run key to start application 2 TTPs 1 IoCs
-
Drops desktop.ini file(s) 26 IoCs
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Program crash 1 IoCs
-
Modifies Internet Explorer settings 1 TTPs 2 IoCs
-
Suspicious use of WriteProcessMemory 16 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\5474e75872eeb1e34cbe407c73409d4c65da7bd6aa9378b356bb3c12f316c506.exe"C:\Users\Admin\AppData\Local\Temp\5474e75872eeb1e34cbe407c73409d4c65da7bd6aa9378b356bb3c12f316c506.exe"1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Roaming\svchost.exe"C:\Users\Admin\AppData\Roaming\svchost.exe"2⤵
- Executes dropped EXE
- Drops desktop.ini file(s)
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\mshta.exemshta.exe "javascript:o=new ActiveXObject('WScript.Shell');setInterval(function(){try{o.RegWrite('HKCU\\Software\\Microsoft\\Windows\\CurrentVersion\\RunOnce\\Scanner','C:\\Users\\Admin\\AppData\\Roaming\\svchost.exe');}catch(e){}},10);"3⤵
- Adds Run key to start application
- Modifies Internet Explorer settings
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2800 -s 4163⤵
- Loads dropped DLL
- Program crash
-
-
-
C:\Windows\SysWOW64\mshta.exemshta.exe "javascript:o=new ActiveXObject('Scripting.FileSystemObject');setInterval(function(){try{o.DeleteFile('C:\\Users\\Admin\\AppData\\Local\\Temp\\5474E7~1.EXE');close()}catch(e){}},10);"2⤵
- Deletes itself
- Modifies Internet Explorer settings
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
53KB
MD5848436a9149650e5915e4a86f35bdef8
SHA145a11caea143479d9dee45360be4c443e186d174
SHA256854a39d3e940cab4bcc691e423a92ba6543ee77d1a01842d5672bd8d761b9088
SHA51249eaa983776fb821d0b95977403c21b98cc8accc71651b97b7d0697c044dfaefaec113aa2d8cb9921bb657562498a5e11d281bec600a54891cdc4cf92cabf97f
-
Filesize
186KB
MD50f9dede48acd7fa7d3c12c32b4560d76
SHA12fb882f2b91fa92249aae0f372ab9398ad5d90dd
SHA256077abffd71c030a4ba37dddeeea232fe94bf2c311ed304c947eae9d1b8d7452d
SHA51246e5abc40f08ae6a7cb26070b55670df6b05b43e6fcf7acf1e2be28e9b230f13f1c3fcc8ef310c7cb96a3761c0217e3d60952a1d4d6c5c15ecbd0dbe10dc40a0
-
Filesize
5KB
MD5eecf5a7cff2b2c242ecdf96a0a70e173
SHA13bfde52545f1e7355ff505d806b0068b5b03417e
SHA2567b4188784b0c103fcf18483ab8dbb5b7b1e40e814694d5dfa50a8428233bb6b9
SHA51211c808b4005179856df8dc4a8575978e956efdb668fe91755fc9e27de6215fa7c8505620d469d1784fb0f64f3d02dff3754a90671aa5a076bf0ab78260f6cf96
-
Filesize
5KB
MD57c1dbb2ef68dd2acd18531d12b4c0157
SHA12a3b9309ba73b17e7cdabcdea0f020fce14edda4
SHA256b5993b1d56deedf4db2cab2fe97a1fb44da81a3065429c5c842bf45fb7d0b6b0
SHA51263d291225225fcb9e2684697465200dae88c374c13611f9fe03ee04edc293e46b2c58817e96e3cc14033c7fa5664d03dc562e2900aeb9e88ebdb25e6a330fa24
-
Filesize
263KB
MD5111e7dd338f7a7db306c95e05797747f
SHA1aff72034cbbc21693425306ad42b1bb182582743
SHA2565474e75872eeb1e34cbe407c73409d4c65da7bd6aa9378b356bb3c12f316c506
SHA512215ee93c5faf2af3a55cceed281b56aecb5990baf4ae508f02eb481c7c22081f05b73a2657279205ff5d4edfc63722ea1405a9e8cdf65939021c9f052ffb6fec
-
Filesize
230KB
MD5410a766740392b9a38154d70d800102b
SHA14bc4ca04ee19abd5db15b349fa5f76d5151ec630
SHA2567dbbef50639ed424cc2cf9cbf7250082acf9ac1bc96cfbe054ea1c4a0cab9f95
SHA5129e49dc50ef22df52f7cc36bf8a1d6b8b723c09b705b15eef558ebe9fcc23ba5d5552584ffb2c8bca31c4b22b65b09b89df06f0e3f684aca4d583f7a52ea76cdc
-
Filesize
480KB
-
Filesize
480KB
-
Filesize
480KB
-
Filesize
480KB
-
Filesize
480KB