Overview
overview
10Static
static
7Windows/000.exe
windows7-x64
Windows/000.exe
windows10-2004-x64
Windows/BUG32.exe
windows7-x64
Windows/BUG32.exe
windows10-2004-x64
Windows/Bonzify.exe
windows7-x64
8Windows/Bonzify.exe
windows10-2004-x64
8Windows/Em...99.exe
windows7-x64
5Windows/Em...99.exe
windows10-2004-x64
5Windows/Em...tr.exe
windows7-x64
1Windows/Em...tr.exe
windows10-2004-x64
1Windows/Em...al.exe
windows7-x64
5Windows/Em...al.exe
windows10-2004-x64
5Windows/Em...en.exe
windows7-x64
1Windows/Em...en.exe
windows10-2004-x64
1Windows/Em...hu.exe
windows7-x64
5Windows/Em...hu.exe
windows10-2004-x64
1Windows/Fa...ye.exe
windows7-x64
6Windows/Fa...ye.exe
windows10-2004-x64
6Windows/PC...er.exe
windows7-x64
1Windows/PC...er.exe
windows10-2004-x64
7Windows/Ra...ac.exe
windows7-x64
10Windows/Ra...ac.exe
windows10-2004-x64
Windows/Ra...it.exe
windows7-x64
10Windows/Ra...it.exe
windows10-2004-x64
10Windows/Ra...or.exe
windows7-x64
Windows/Ra...or.exe
windows10-2004-x64
Windows/Ra...on.exe
windows7-x64
10Windows/Ra...on.exe
windows10-2004-x64
7Windows/Ra...ye.exe
windows7-x64
10Windows/Ra...ye.exe
windows10-2004-x64
10Windows/Ra...Eye.js
windows7-x64
10Windows/Ra...Eye.js
windows10-2004-x64
10Analysis
-
max time kernel
71s -
max time network
152s -
platform
windows10-2004_x64 -
resource
win10v2004-20240226-en -
resource tags
arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system -
submitted
10-03-2024 23:01
Behavioral task
behavioral1
Sample
Windows/000.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
Windows/000.exe
Resource
win10v2004-20240226-en
Behavioral task
behavioral3
Sample
Windows/BUG32.exe
Resource
win7-20240221-en
Behavioral task
behavioral4
Sample
Windows/BUG32.exe
Resource
win10v2004-20240226-en
Behavioral task
behavioral5
Sample
Windows/Bonzify.exe
Resource
win7-20240221-en
Behavioral task
behavioral6
Sample
Windows/Bonzify.exe
Resource
win10v2004-20240226-en
Behavioral task
behavioral7
Sample
Windows/Email-Worm/Email-Worm.Win32.Happy99/Happy99.exe
Resource
win7-20240221-en
Behavioral task
behavioral8
Sample
Windows/Email-Worm/Email-Worm.Win32.Happy99/Happy99.exe
Resource
win10v2004-20240226-en
Behavioral task
behavioral9
Sample
Windows/Email-Worm/Email-Worm.Win32.Magistr/Magistr.exe
Resource
win7-20240215-en
Behavioral task
behavioral10
Sample
Windows/Email-Worm/Email-Worm.Win32.Magistr/Magistr.exe
Resource
win10v2004-20231215-en
Behavioral task
behavioral11
Sample
Windows/Email-Worm/Email-Worm.Win32.Maldal/Maldal.exe
Resource
win7-20240221-en
Behavioral task
behavioral12
Sample
Windows/Email-Worm/Email-Worm.Win32.Maldal/Maldal.exe
Resource
win10v2004-20240226-en
Behavioral task
behavioral13
Sample
Windows/Email-Worm/Email-Worm.Win32.MeltingScreen/MeltingScreen.exe
Resource
win7-20240220-en
Behavioral task
behavioral14
Sample
Windows/Email-Worm/Email-Worm.Win32.MeltingScreen/MeltingScreen.exe
Resource
win10v2004-20240226-en
Behavioral task
behavioral15
Sample
Windows/Email-Worm/Email-Worm.Win32.Pikachu/Pikachu.exe
Resource
win7-20240221-en
Behavioral task
behavioral16
Sample
Windows/Email-Worm/Email-Worm.Win32.Pikachu/Pikachu.exe
Resource
win10v2004-20240226-en
Behavioral task
behavioral17
Sample
Windows/Fake GoldenEye/FakeGoldenEye.exe
Resource
win7-20240221-en
Behavioral task
behavioral18
Sample
Windows/Fake GoldenEye/FakeGoldenEye.exe
Resource
win10v2004-20240226-en
Behavioral task
behavioral19
Sample
Windows/PCToaster/PCToaster.exe
Resource
win7-20240215-en
Behavioral task
behavioral20
Sample
Windows/PCToaster/PCToaster.exe
Resource
win10v2004-20240226-en
Behavioral task
behavioral21
Sample
Windows/Ransomware/Annabelle Ransomware/716335ba5cd1e7186c40295b199190e2b6655e48f1c1cbe12139ba67faa5e1ac.exe
Resource
win7-20240221-en
Behavioral task
behavioral22
Sample
Windows/Ransomware/Annabelle Ransomware/716335ba5cd1e7186c40295b199190e2b6655e48f1c1cbe12139ba67faa5e1ac.exe
Resource
win10v2004-20240226-en
Behavioral task
behavioral23
Sample
Windows/Ransomware/BadRabbit Ransomware/BadRabbit.exe
Resource
win7-20231129-en
Behavioral task
behavioral24
Sample
Windows/Ransomware/BadRabbit Ransomware/BadRabbit.exe
Resource
win10v2004-20240226-en
Behavioral task
behavioral25
Sample
Windows/Ransomware/Monster Ransomware (second new version)/tunamor.exe
Resource
win7-20240221-en
Behavioral task
behavioral26
Sample
Windows/Ransomware/Monster Ransomware (second new version)/tunamor.exe
Resource
win10v2004-20240226-en
Behavioral task
behavioral27
Sample
Windows/Ransomware/Monster Ransomware/XMoon.exe
Resource
win7-20240221-en
Behavioral task
behavioral28
Sample
Windows/Ransomware/Monster Ransomware/XMoon.exe
Resource
win10v2004-20231215-en
Behavioral task
behavioral29
Sample
Windows/Ransomware/Trojan.Ransom.GoldenEye/GoldenEye.exe
Resource
win7-20240221-en
Behavioral task
behavioral30
Sample
Windows/Ransomware/Trojan.Ransom.GoldenEye/GoldenEye.exe
Resource
win10v2004-20240226-en
Behavioral task
behavioral31
Sample
Windows/Ransomware/Trojan.Ransom.GoldenEye/GoldenEye.js
Resource
win7-20240221-en
Behavioral task
behavioral32
Sample
Windows/Ransomware/Trojan.Ransom.GoldenEye/GoldenEye.js
Resource
win10v2004-20240226-en
General
-
Target
Windows/Email-Worm/Email-Worm.Win32.Maldal/Maldal.exe
-
Size
80KB
-
MD5
cbcd34a252a7cf61250b0f7f1cba3382
-
SHA1
152f224d66555dd49711754bf4e29a17f4706332
-
SHA256
abac285f290f0cfcd308071c9dfa9b7b4b48d10b4a3b4d75048804e59a447787
-
SHA512
09fdcb04707a3314e584f81db5210b2390f4c3f5efa173539f9d248db48ae26b3a8b240cf254561b0ecb764f6b04bb4c129832c6502d952d1960e443371ce2a9
-
SSDEEP
1536:wh6S2wzALFx8hkMsiUmxi6QPitAKQjY8c4B5h:dS212xlQvKCYx4B
Malware Config
Signatures
-
Drops file in System32 directory 2 IoCs
description ioc Process File created C:\Windows\SysWOW64\DALLAH.exe Maldal.exe File opened for modification C:\Windows\SysWOW64\DALLAH.exe Maldal.exe -
Drops file in Windows directory 2 IoCs
description ioc Process File created C:\Windows\LucKey.exe Maldal.exe File opened for modification C:\Windows\LucKey.exe Maldal.exe -
Suspicious use of SetWindowsHookEx 1 IoCs
pid Process 1252 Maldal.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\Windows\Email-Worm\Email-Worm.Win32.Maldal\Maldal.exe"C:\Users\Admin\AppData\Local\Temp\Windows\Email-Worm\Email-Worm.Win32.Maldal\Maldal.exe"1⤵
- Drops file in System32 directory
- Drops file in Windows directory
- Suspicious use of SetWindowsHookEx
PID:1252 -
C:\Windows\SysWOW64\WScript.exe"C:\Windows\System32\WScript.exe" "C:\Windows\Flopy.vbs"2⤵PID:4312
-
-
C:\Program Files (x86)\Internet Explorer\ielowutil.exe"C:\Program Files (x86)\Internet Explorer\ielowutil.exe" -CLSID:{0002DF01-0000-0000-C000-000000000046} -Embedding1⤵PID:5164
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe" -Embedding1⤵PID:6136
-
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:6136 CREDAT:17410 /prefetch:22⤵PID:3332
-
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
15KB
MD51a545d0052b581fbb2ab4c52133846bc
SHA162f3266a9b9925cd6d98658b92adec673cbe3dd3
SHA256557472aeaebf4c1c800b9df14c190f66d62cbabb011300dbedde2dcddd27a6c1
SHA512bd326d111589d87cd6d019378ec725ac9ac7ad4c36f22453941f7d52f90b747ede4783a83dfff6cae1b3bb46690ad49cffa77f2afda019b22863ac485b406e8d
-
Filesize
15KB
MD54c3a370e60d67c0c011cb89edf286af3
SHA1de7a70d5ebb55770478a8306ba1a1e874b4465d9
SHA2563a37894a23b09c2a9a696cdc96bd4ba21fe014f6418fffd5d9b779a8cbee2279
SHA5122b0a0dbe889c6c715e10cfc7ad45158a261623719172d9884cb40152c5f8c0f67f664d43ad060ab841cdce344e7c220f1c43b4d812b6a4107513d83c52064b1a
-
Filesize
14KB
MD552b5b6f3431acc1a4091ec4c29c897c3
SHA1dd9dc4a35100ad781041df71e1fb9a3415d5fd97
SHA256cee18f4a85d51c368fc920e7274c02a138e61eaabbcd8c91e73be29ff9931a93
SHA512961fa8f765b8e7d6aba5f215f24baf8ebf2c5359373ac8ca508558c69a89547f3e29232a666d377ad6cbd5f3ae3675d7d85937f043113ab5099bab8e46bf36ed
-
Filesize
80KB
MD5cbcd34a252a7cf61250b0f7f1cba3382
SHA1152f224d66555dd49711754bf4e29a17f4706332
SHA256abac285f290f0cfcd308071c9dfa9b7b4b48d10b4a3b4d75048804e59a447787
SHA51209fdcb04707a3314e584f81db5210b2390f4c3f5efa173539f9d248db48ae26b3a8b240cf254561b0ecb764f6b04bb4c129832c6502d952d1960e443371ce2a9
-
Filesize
560B
MD524b79b368001cbe34074a2a5e67a2e06
SHA1867a0ee94b5b2c8f54068e72de73eb819e3fa298
SHA25619f27ae792655c4af7610272b5a05667d2d81e05a4d346abd5c35715d29e9900
SHA5128debb8148a432cd4c906e42f5535513bd7828eb8461b0e54b7602e38c041a0421bd11c619ca7d9af8e1905cde3af27f11ba7ca220ef3b567caf48b62ebcbde3c