Overview

overview

10

Static

static

3

70f267b878...68.exe

windows7-x64

10

70f267b878...68.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    146s
  • max time network
    122s
  • platform
    windows7_x64
  • resource
    win7-20231215-en
  • resource tags

    arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
  • submitted
    24-01-2024 00:22

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    70f267b878de849155db26eb85026868.exe

  • Size

    1.2MB

  • MD5

    70f267b878de849155db26eb85026868

  • SHA1

    598e26d064075b4a471a85fbcca269f19a2ae394

  • SHA256

    ca3c9fb0766ab97ddc2209189ca76335bc977c7e65bb8cecebbed94288017e80

  • SHA512

    3173819bbc1693cc0627122a08ac288070ac6f2ed7648a2bbd4c89d6b21dedfabd2ee5952658f7a058aa9f6670c0e97da7cc6cea89812d64d2138f68793886c3

  • SSDEEP

    12288:gp4pNfz3ymJnJ8QCFkxCaQTOl2GVq5w+kCbBmBCHm:aEtl9mRda1VI5wRCHm

Score
10/10
persistenceransomware

Malware Config

Signatures

  • Modifies WinLogon for persistence 2 TTPs 2 IoCs
    persistence
  • Renames multiple (91) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

    ransomware
  • Drops startup file 3 IoCs
  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 2 IoCs
  • Enumerates connected drives 3 TTPs 46 IoCs

    Attempts to read the root path of hard drives other than the default C: drive.

  • Drops autorun.inf file 1 TTPs 3 IoCs

    Malware can abuse Windows Autorun to spread further via attached volumes.

  • Drops file in System32 directory 2 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\70f267b878de849155db26eb85026868.exe
    "C:\Users\Admin\AppData\Local\Temp\70f267b878de849155db26eb85026868.exe"
    1⤵
    • Modifies WinLogon for persistence
    • Drops startup file
    • Loads dropped DLL
    • Enumerates connected drives
    • Drops autorun.inf file
    • Drops file in System32 directory
    • Suspicious use of WriteProcessMemory
    PID:2856
    • C:\Windows\SysWOW64\HelpMe.exe
      C:\Windows\system32\HelpMe.exe
      2⤵
      • Modifies WinLogon for persistence
      • Drops startup file
      • Executes dropped EXE
      • Enumerates connected drives
      • Drops autorun.inf file
      • Drops file in System32 directory
      PID:2312

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\$Recycle.Bin\S-1-5-21-3427588347-1492276948-3422228430-1000\desktop.ini.exe
    Filesize

    1.2MB

    MD5

    4c3d15a8be9c98e103ada261c6d5b058

    SHA1

    790819b22e74e72766e287ba0431be5d601d4484

    SHA256

    3cbeed397684524e8a49bd4780b00a0dea3cac6895898cd413bd2f8b509feae2

    SHA512

    c57ec41e1f58f9db7c513b66b7bfed6facede705b7f958cb8a4d827413a069a9529a963e5f6fa77560340d8c9f8fa885db4dc36af878b59e87409574d9ef6296

    Download Submit

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk
    Filesize

    954B

    MD5

    0bf6b9529bb34ee71782923e06579d4b

    SHA1

    f68b27f6f3bc618cacfbb97ac574717c55f49c67

    SHA256

    e22ff4e015b8ed46bed78cc106625b4299a1b27b7179d3a15f96ed28686f2cd3

    SHA512

    d0645fd213ae0af970738cde07160629ff654a750921630b4dbd2f4fdccf95a97b4213a7e0c2da92cd3694170cb3a1662bdf3aa57f38d899ecfb86f89484d435

    Download Submit

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Soft.lnk
    Filesize

    1KB

    MD5

    85d7c2b1627d3d9ee6a34d10edd4d0ce

    SHA1

    389913dd2bec45d7abc3bf0d2a0417678430fd48

    SHA256

    cd0a3b0d4c14cdef1c89a667067cad12b0ff16e0d93361158c70904ac3b42677

    SHA512

    370494acf1be2bac51435c3c669040e2a10211dfb8a7a67114f63ad4f978e0329802d653fbcf7d8a799796f5c9343a9e3b934a4d748d395df80ba3ded76b96a3

    Download Submit

  • F:\AUTORUN.INF
    Filesize

    145B

    MD5

    ca13857b2fd3895a39f09d9dde3cca97

    SHA1

    8b78c5b2ec97c372ebdcef92d14b0998f8dd6dd0

    SHA256

    cfe448b4506a95b33b529efa88f1ac704d8bdf98a941c065650ead27609318ae

    SHA512

    55e5b5325968d1e5314527fb2d26012f5aae4a1c38e305417be273400cb1c6d0c22b85bddb501d7a5720a3f53bb5caf6ada8a7894232344c4f6c6ef85d226b47

    Download Submit

  • F:\AutoRun.exe
    Filesize

    1.2MB

    MD5

    70f267b878de849155db26eb85026868

    SHA1

    598e26d064075b4a471a85fbcca269f19a2ae394

    SHA256

    ca3c9fb0766ab97ddc2209189ca76335bc977c7e65bb8cecebbed94288017e80

    SHA512

    3173819bbc1693cc0627122a08ac288070ac6f2ed7648a2bbd4c89d6b21dedfabd2ee5952658f7a058aa9f6670c0e97da7cc6cea89812d64d2138f68793886c3

    Download Submit

  • \Windows\SysWOW64\HelpMe.exe
    Filesize

    689KB

    MD5

    56db2894bda06b10c8a37eb67b96d222

    SHA1

    c076db71cc785b86d413dab6e9b44d47ecf9fcdd

    SHA256

    a7017ef1d735225e816719af9d4f1bb425cba6d69d844c57c1661acbc5825a48

    SHA512

    531fe39f7d2576bb56384f3b1f2fc9dfc8b30e05bddab406f3b3106049752e6bcf273cf15eb77b29ecf9f3856749297177e0aaf5685aee855846682bd46fd6a0

    Download Submit

  • memory/2312-238-0x0000000000400000-0x000000000047894E-memory.dmp

    Filesize

    482KB

    Download

  • memory/2312-14-0x0000000000220000-0x0000000000221000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2312-13-0x0000000000400000-0x000000000047894E-memory.dmp

    Filesize

    482KB

    Download

  • memory/2856-4-0x0000000001DC0000-0x0000000001E39000-memory.dmp

    Filesize

    484KB

    Download

  • memory/2856-0-0x0000000000400000-0x000000000047894E-memory.dmp

    Filesize

    482KB

    Download

  • memory/2856-96-0x0000000000400000-0x000000000047894E-memory.dmp

    Filesize

    482KB

    Download

  • memory/2856-231-0x0000000000220000-0x0000000000221000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2856-10-0x0000000001DC0000-0x0000000001E39000-memory.dmp

    Filesize

    484KB

    Download

  • memory/2856-1-0x0000000000220000-0x0000000000221000-memory.dmp

    Filesize

    4KB

    Download