Overview

overview

10

Static

static

3

240219-tf7...ed.zip

windows7-x64

7

240219-tf7...ed.zip

windows10-2004-x64

1

Ransomware...ry.zip

windows7-x64

1

Ransomware...ry.zip

windows10-2004-x64

1

ed01ebfbc9...aa.exe

windows7-x64

10

ed01ebfbc9...aa.exe

windows10-2004-x64

10

Resubmissions

26-02-2024 17:10

240226-vpvjzsbh8x 10

26-02-2024 17:07

240226-vm4pwabh5v 10

19-02-2024 16:49

240219-vbqnwage7y 10

Analysis

  • max time kernel
    148s
  • max time network
    128s
  • platform
    windows7_x64
  • resource
    win7-20240221-en
  • resource tags

    arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
  • submitted
    26-02-2024 17:07

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    240219-tf7brafh73_pw_infected.zip

  • Size

    3.3MB

  • MD5

    a48e102a737c9c3506a98d766e466195

  • SHA1

    13ce0d69d73a537e7745e47706aab5508f231dde

  • SHA256

    07277482c7598874910acd36595298a91c63ac15986d4caf3b10c85833101336

  • SHA512

    05e57c4d94f45c8c99910e5b802bb20758137bfb8a15b9b18a58f173847b90818b919c6c4c5a9ba7cd6a6991773cd2ce01ba454e56b09f19898ab64435bb6066

  • SSDEEP

    49152:i+c0LBMP9X1iWaaVKd0jbkQy1uycb+xyIN+2kH+IRHVoAicMRD9zJthV:nBMlg/kKuf4BcbwyMIR1oLhzfhV

Score
7/10

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 2 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Modifies registry class 1 IoCs
  • Suspicious behavior: AddClipboardFormatListener 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 2 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of FindShellTrayWindow 64 IoCs
  • Suspicious use of SendNotifyMessage 64 IoCs
  • Suspicious use of SetWindowsHookEx 1 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Windows\Explorer.exe
    C:\Windows\Explorer.exe /idlist,,C:\Users\Admin\AppData\Local\Temp\240219-tf7brafh73_pw_infected.zip
    1⤵
      PID:3040
    • C:\Windows\system32\taskmgr.exe
      "C:\Windows\system32\taskmgr.exe" /4
      1⤵
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious behavior: GetForegroundWindowSpam
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SendNotifyMessage
      PID:2968
    • C:\Windows\explorer.exe
      "C:\Windows\explorer.exe"
      1⤵
        PID:2644
      • C:\Windows\system32\rundll32.exe
        "C:\Windows\system32\rundll32.exe" C:\Windows\system32\shell32.dll,OpenAs_RunDLL C:\Users\Admin\Desktop\ExpandSend.dwg
        1⤵
        • Modifies registry class
        PID:704
      • C:\Program Files\VideoLAN\VLC\vlc.exe
        "C:\Program Files\VideoLAN\VLC\vlc.exe"
        1⤵
        • Suspicious behavior: AddClipboardFormatListener
        • Suspicious behavior: GetForegroundWindowSpam
        • Suspicious use of SetWindowsHookEx
        • Suspicious use of WriteProcessMemory
        PID:2748
        • C:\Users\Admin\AppData\Local\Temp\vlc-3.0.20-win64.exe
          "C:\Users\Admin\AppData\Local\Temp\vlc-3.0.20-win64.exe"
          2⤵
          • Executes dropped EXE
          • Loads dropped DLL
          PID:2288

      Network

      MITRE ATT&CK Enterprise v15

      Replay Monitor

      Loading Replay Monitor...

      Downloads

      • C:\Users\Admin\AppData\Local\Temp\vlc-3.0.20-win64.exe
        Filesize

        1.4MB

        MD5

        32c1c9ae03fc910a9a61273942d1036c

        SHA1

        bba7a1134140af918c35b35ca16dcb55b07747fa

        SHA256

        85cd01d2f8051a4277e660a7bfe48f7216f73502bdb9393dda977d3c1db16f8c

        SHA512

        4f38961fe7b15e59e0c833c98f3f445388dc6f3cf9bc9e024abfd4b9cbfbd665c4111809e61467a4ec470887c2510a8e6605596860e7cd220fd0496180665f43

        Download Submit

      • C:\Users\Admin\AppData\Local\Temp\vlc-3.0.20-win64.exe
        Filesize

        1.5MB

        MD5

        2788e85300d503d0bb10d858047fff49

        SHA1

        131c989cf1a5238a22c3adc81f7cee7960a51094

        SHA256

        fae6af28b15950b78e503c319ec41dc3b0c153d41a034944a78a180765ac3b9a

        SHA512

        8b0680cd8bf6f03e6b96935fa2556ee38616f6bbba3e7d6810b1b1fbd173c84e1be9c1292548db3f43f005bc5db910950edd4352e84bbae3a15c0b92209f734f

        Download Submit

      • C:\Users\Admin\AppData\Local\Temp\vlc-3.0.20-win64.exe
        Filesize

        2.7MB

        MD5

        54a49fdad4fb2db10399629a98b7c6b2

        SHA1

        7ad0f9ccf10b6893aae77454cfaf1c6feaeb7911

        SHA256

        686af675a534681d26ebbddbdd9b095db107ef63c1e30d724c8b0cc68ce2bcfa

        SHA512

        502873c1d11439281999fff0890ce784b785ae9ce0a99ade55462bd97aa20832483e17392710ce72c4551839dafe2c323b9419297891f781cb43195b4f2a7c6a

        Download Submit

      • \Users\Admin\AppData\Local\Temp\nse1B40.tmp\LangDLL.dll
        Filesize

        7KB

        MD5

        20850d4d5416fbfd6a02e8a120f360fc

        SHA1

        ac34f3a34aaa4a21efd6a32bc93102639170e219

        SHA256

        860b409b065b747aab2a9937f02d08b6fd7309993b50d8e4b53983c8c2b56b61

        SHA512

        c8048b9ae0ced72a384c5ab781083a76b96ae08d5c8a5c7797f75a7e54e9cd9192349f185ee88c9cf0514fc8d59e37e01d88b9c8106321c0581659ebe1d1c276

        Download Submit

      • \Users\Admin\AppData\Local\Temp\nse1B40.tmp\System.dll
        Filesize

        26KB

        MD5

        4f25d99bf1375fe5e61b037b2616695d

        SHA1

        958fad0e54df0736ddab28ff6cb93e6ed580c862

        SHA256

        803931797d95777248dee4f2a563aed51fe931d2dd28faec507c69ed0f26f647

        SHA512

        96a8446f322cd62377a93d2088c0ce06087da27ef95a391e02c505fb4eb1d00419143d67d89494c2ef6f57ae2fd7f049c86e00858d1b193ec6dde4d0fe0e3130

        Download Submit

      • memory/2288-99-0x0000000074370000-0x0000000074379000-memory.dmp

        Filesize

        36KB

        Download

      • memory/2288-98-0x0000000074380000-0x000000007438E000-memory.dmp

        Filesize

        56KB

        Download

      • memory/2288-97-0x0000000000400000-0x0000000000481000-memory.dmp

        Filesize

        516KB

        Download

      • memory/2748-12-0x000007FEF3B00000-0x000007FEF3B67000-memory.dmp

        Filesize

        412KB

        Download

      • memory/2748-6-0x000007FEF6270000-0x000007FEF6287000-memory.dmp

        Filesize

        92KB

        Download

      • memory/2748-10-0x000007FEF5110000-0x000007FEF5121000-memory.dmp

        Filesize

        68KB

        Download

      • memory/2748-11-0x000007FEF3B70000-0x000007FEF4C1B000-memory.dmp

        Filesize

        16.7MB

        Download

      • memory/2748-2-0x000000013F240000-0x000000013F338000-memory.dmp

        Filesize

        992KB

        Download

      • memory/2748-14-0x000007FEF3AB0000-0x000007FEF3AC1000-memory.dmp

        Filesize

        68KB

        Download

      • memory/2748-15-0x000007FEF3A90000-0x000007FEF3AA1000-memory.dmp

        Filesize

        68KB

        Download

      • memory/2748-16-0x000007FEF3A70000-0x000007FEF3A8B000-memory.dmp

        Filesize

        108KB

        Download

      • memory/2748-13-0x000007FEF3AD0000-0x000007FEF3AFD000-memory.dmp

        Filesize

        180KB

        Download

      • memory/2748-17-0x000007FEF3A50000-0x000007FEF3A61000-memory.dmp

        Filesize

        68KB

        Download

      • memory/2748-18-0x000007FEF3A30000-0x000007FEF3A48000-memory.dmp

        Filesize

        96KB

        Download

      • memory/2748-19-0x000007FEF3A00000-0x000007FEF3A30000-memory.dmp

        Filesize

        192KB

        Download

      • memory/2748-20-0x000007FEF3840000-0x000007FEF39F3000-memory.dmp

        Filesize

        1.7MB

        Download

      • memory/2748-3-0x000007FEF5170000-0x000007FEF51A4000-memory.dmp

        Filesize

        208KB

        Download

      • memory/2748-4-0x000007FEF4D50000-0x000007FEF5004000-memory.dmp

        Filesize

        2.7MB

        Download

      • memory/2748-5-0x000007FEF62D0000-0x000007FEF62E8000-memory.dmp

        Filesize

        96KB

        Download

      • memory/2748-26-0x000007FEF4D50000-0x000007FEF5004000-memory.dmp

        Filesize

        2.7MB

        Download

      • memory/2748-33-0x000007FEF3B70000-0x000007FEF4C1B000-memory.dmp

        Filesize

        16.7MB

        Download

      • memory/2748-85-0x000007FEF3B70000-0x000007FEF4C1B000-memory.dmp

        Filesize

        16.7MB

        Download

      • memory/2748-84-0x000007FEF4D50000-0x000007FEF5004000-memory.dmp

        Filesize

        2.7MB

        Download

      • memory/2748-83-0x000007FEF5170000-0x000007FEF51A4000-memory.dmp

        Filesize

        208KB

        Download

      • memory/2748-48-0x000007FEF4D50000-0x000007FEF5004000-memory.dmp

        Filesize

        2.7MB

        Download

      • memory/2748-55-0x000007FEF3B70000-0x000007FEF4C1B000-memory.dmp

        Filesize

        16.7MB

        Download

      • memory/2748-82-0x000000013F240000-0x000000013F338000-memory.dmp

        Filesize

        992KB

        Download

      • memory/2748-9-0x000007FEF5130000-0x000007FEF514D000-memory.dmp

        Filesize

        116KB

        Download

      • memory/2748-7-0x000007FEF5200000-0x000007FEF5211000-memory.dmp

        Filesize

        68KB

        Download

      • memory/2748-8-0x000007FEF5150000-0x000007FEF5167000-memory.dmp

        Filesize

        92KB

        Download

      • memory/2968-23-0x0000000140000000-0x00000001405E8000-memory.dmp

        Filesize

        5.9MB

        Download

      • memory/2968-68-0x0000000140000000-0x00000001405E8000-memory.dmp

        Filesize

        5.9MB

        Download

      • memory/2968-65-0x0000000140000000-0x00000001405E8000-memory.dmp

        Filesize

        5.9MB

        Download

      • memory/2968-45-0x0000000140000000-0x00000001405E8000-memory.dmp

        Filesize

        5.9MB

        Download

      • memory/2968-44-0x0000000140000000-0x00000001405E8000-memory.dmp

        Filesize

        5.9MB

        Download

      • memory/2968-43-0x0000000140000000-0x00000001405E8000-memory.dmp

        Filesize

        5.9MB

        Download

      • memory/2968-69-0x0000000140000000-0x00000001405E8000-memory.dmp

        Filesize

        5.9MB

        Download

      • memory/2968-22-0x0000000140000000-0x00000001405E8000-memory.dmp

        Filesize

        5.9MB

        Download

      • memory/2968-96-0x0000000140000000-0x00000001405E8000-memory.dmp

        Filesize

        5.9MB

        Download

      • memory/2968-21-0x0000000140000000-0x00000001405E8000-memory.dmp

        Filesize

        5.9MB

        Download

      • memory/2968-0-0x0000000140000000-0x00000001405E8000-memory.dmp

        Filesize

        5.9MB

        Download

      • memory/2968-1-0x0000000140000000-0x00000001405E8000-memory.dmp

        Filesize

        5.9MB

        Download

      • memory/2968-103-0x0000000140000000-0x00000001405E8000-memory.dmp

        Filesize

        5.9MB

        Download