441116d55e97124a067207bf57483dd3462bccfb034e56c4152675b0dcb118e7

Submit
Reports

Overview

overview

Static

static

00FAEE82AB...AD.exe

windows7-x64

0B8E9BC319...20.exe

windows7-x64

0c9fa52ace...7a.exe

windows7-x64

15f7ea290d...8c.exe

windows7-x64

1DD70E8036...25.exe

windows7-x64

1E229029B2...DA.exe

windows7-x64

21977fc851...61.exe

windows7-x64

21e1bc4340...01.exe

windows7-x64

2272954a2c...5a.exe

windows7-x64

2C3542B5D9...85.exe

windows7-x64

3ac7f91e37...38.exe

windows7-x64

3c0fe521f6...16.exe

windows7-x64

41c53e90f0...4a.exe

windows7-x64

467c2b23b7...be.exe

windows7-x64

5b79b6a814...b0.exe

windows7-x64

712affaa8b...1).exe

windows7-x64

72716d15ea...21.exe

windows7-x64

8b04af13b7...21.exe

windows7-x64

Bit Paymer.exe

windows7-x64

KeepCalm.exe

windows7-x64

LockedIn.exe

windows7-x64

Purge.exe

windows7-x64

Scarab.exe

windows7-x64

a631ad1b1a...4b.exe

windows7-x64

a9053a3a52...bc.exe

windows7-x64

b764629e1f...1c.exe

windows7-x64

cf89f70633...5c.exe

windows7-x64

e951e82867...50.exe

windows7-x64

fa0c321e1a...d2.exe

windows7-x64

fc184274ad...27.exe

windows7-x64

Analysis

max time kernel
118s
max time network
123s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
16-03-2024 15:13

Sharing

Copy URL

Twitter E-mail

Static task

static1

aspackv2

2 signatures

Behavioral task

behavioral1

Sample

00FAEE82AB5B800CF6DBE97AFD39790B856AD1EC25DC7ED8F798ACA702BEE7AD.exe

Resource

win7-20240221-en

evasion persistence ransomware spyware stealer trojan

windows7-x64

17 signatures

150 seconds

Behavioral task

behavioral2

Sample

0B8E9BC31964C9433BD5CC20E556CFD0590C3B17B0DB23CDC3AD0547683F3820.exe

Resource

win7-20240221-en

evasion persistence trojan

windows7-x64

13 signatures

150 seconds

Behavioral task

behavioral3

Sample

0c9fa52ace8019b43c91f4859ecddfde6705141b9283fef05c6c4c37a5c1777a.exe

Resource

win7-20240221-en

windows7-x64

3 signatures

150 seconds

Behavioral task

behavioral4

Sample

15f7ea290d832bc32ebf660690b42616264fc0be8969934c1f8d7e5a5d3cd18c.exe

Resource

win7-20240221-en

modiloader evasion persistence trojan

windows7-x64

20 signatures

150 seconds

Behavioral task

behavioral5

Sample

1DD70E803623D5311B71129976710B11A8942D206A5D8D86CDF8417255F15725.exe

Resource

win7-20240221-en

aspackv2 persistence ransomware

windows7-x64

10 signatures

150 seconds

Behavioral task

behavioral6

Sample

1E229029B2D3FF00EDDE061B1AAF470EE437FA8196D97FAD2C2C6C9EDE5B44DA.exe

Resource

win7-20240221-en

evasion persistence ransomware spyware stealer trojan

windows7-x64

18 signatures

150 seconds

Behavioral task

behavioral7

Sample

21977fc851dfbcd7c5edcc24ef56750065fcd01e5c9fa4f270424f186a83b061.exe

Resource

win7-20240215-en

persistence ransomware

windows7-x64

10 signatures

150 seconds

Behavioral task

behavioral8

Sample

21e1bc4340221fbccee28d59333c20b20755e34e2f3391b90837172bd07fbf01.exe

Resource

win7-20240221-en

windows7-x64

3 signatures

150 seconds

Behavioral task

behavioral9

Sample

2272954a2c9f631b4f9c5f6d230287b0989ab3b512bb5f4a282214eadf42085a.exe

Resource

win7-20231129-en

gozi banker isfb trojan

windows7-x64

1 signatures

150 seconds

Behavioral task

behavioral10

Sample

2C3542B5D9AB4EED2DD88CD74A02236A944AFD76E8717F65DCD544912229CA85.exe

Resource

win7-20240221-en

windows7-x64

4 signatures

150 seconds

Behavioral task

behavioral11

Sample

3ac7f91e37572c0d15de4de96ab4719531c30536409fda4acb3e0071ab726338.exe

Resource

win7-20240221-en

cerber discovery evasion ransomware

windows7-x64

18 signatures

150 seconds

Behavioral task

behavioral12

Sample

3c0fe521f6a9cfbfabc1f27a1a64dfc081a63aaaf2a6ce8cd831f6251ee85816.exe

Resource

win7-20240221-en

troldesh persistence ransomware trojan upx

windows7-x64

6 signatures

150 seconds

Behavioral task

behavioral13

Sample

41c53e90f0861b068eaa512edff28a586128f808b437122399347bcb3774914a.exe

Resource

win7-20240221-en

evasion persistence ransomware

windows7-x64

16 signatures

150 seconds

Behavioral task

behavioral14

Sample

467c2b23b785df7b45758143387e9cc5a588718ae0640b3f01b1c19679b011be.exe

Resource

win7-20240221-en

evasion ransomware upx

windows7-x64

20 signatures

150 seconds

Behavioral task

behavioral15

Sample

5b79b6a81407caf12cf1894346a15e40c4dc017a35105119db3b23c7bf91c7b0.exe

Resource

win7-20240220-en

persistence ransomware

windows7-x64

12 signatures

150 seconds

Behavioral task

behavioral16

Sample

712affaa8b84e8fb7d4e71feb6c1074185bc43b5a2f265fbfb248f7ed40a5489 (1).exe

Resource

win7-20240221-en

windows7-x64

2 signatures

150 seconds

Behavioral task

behavioral17

Sample

72716d15ea7d118b8c99dbcb15114188abe468718c876ac52b0779161ef7e821.exe

Resource

win7-20231129-en

windows7-x64

3 signatures

150 seconds

Behavioral task

behavioral18

Sample

8b04af13b729b0634b1a3c83e5758f25aecb708480bf2e3df524e889b305c621.exe

Resource

win7-20240221-en

troldesh persistence ransomware trojan upx

windows7-x64

9 signatures

150 seconds

Behavioral task

behavioral19

Sample

Bit Paymer.exe

Resource

win7-20240215-en

persistence ransomware spyware stealer

windows7-x64

11 signatures

150 seconds

Behavioral task

behavioral20

Sample

KeepCalm.exe

Resource

win7-20240221-en

windows7-x64

1 signatures

150 seconds

Behavioral task

behavioral21

Sample

LockedIn.exe

Resource

win7-20240221-en

windows7-x64

0 signatures

150 seconds

Behavioral task

behavioral22

Sample

Purge.exe

Resource

win7-20240221-en

windows7-x64

1 signatures

150 seconds

Behavioral task

behavioral23

Sample

Scarab.exe

Resource

win7-20240221-en

persistence ransomware

windows7-x64

16 signatures

150 seconds

Behavioral task

behavioral24

Sample

a631ad1b1a59001a5f594880c6ae3337bda98f8ce3bb46cd7a9de0b35cd2bc4b.exe

Resource

win7-20240221-en

windows7-x64

3 signatures

150 seconds

Behavioral task

behavioral25

Sample

a9053a3a52113698143a2b9801509c68d0d8b4b8208da453f0974547df0931bc.exe

Resource

win7-20240221-en

windows7-x64

3 signatures

150 seconds

Behavioral task

behavioral26

Sample

b764629e1f43851daf984c9372422b65ddceae28f83d6211873f4c8f8672c41c.exe

Resource

win7-20240220-en

wannacry discovery ransomware worm

windows7-x64

7 signatures

150 seconds

Behavioral task

behavioral27

Sample

cf89f70633865aa06123062a7dc51f8158905afb4b00f6f3597de3edfba97c5c.exe

Resource

win7-20240215-en

windows7-x64

0 signatures

150 seconds

Behavioral task

behavioral28

Sample

e951e82867a4f3af5a34b714571e9acf99cca794c4ed1895c9025a642d5d4350.exe

Resource

win7-20231129-en

windows7-x64

2 signatures

150 seconds

Behavioral task

behavioral29

Sample

fa0c321e1aad571daaa3bf642ced8ab10931a05957ce9f17da49317816ca50c7_WthaiV9ed2.exe

Resource

win7-20240221-en

evasion persistence ransomware

windows7-x64

17 signatures

150 seconds

Behavioral task

behavioral30

Sample

fc184274ad3908021e4c8ef28f35dc77447ed6457375d2a4e7b411955e042527.exe

Resource

win7-20240221-en

cerber discovery evasion ransomware

windows7-x64

18 signatures

150 seconds

Report Analysis Logs

General

Target

Purge.exe
Size

24KB
MD5

b02916e5c5215ef3ce25269c8d8afbe2
SHA1

7ea2e4eebea27ade84075a5bd47e048297377259
SHA256

b4e9d14e4ea8a1c459805ec46870f12a3e6ea3308864511a3d9c7af9fb841403
SHA512

c84cd98801dbc515f8e800c5fae57158d4167347c2267f1decbf37e98819b2bc1e9439eacec71eaad1c6ece62bf468b21db9cc53e6568cc73499595b1935296e
SSDEEP

384:lMX3iNFRHDy0nxaP/JqiKV+aQlSp591U7qO7o4FQcc4KVOJ5ogxlwAx9sLtsNtt7:qHitm/JqiO+aB5s7qOUvOJ5ogDrCO8tm

Score

1^/10

Malware Config

Signatures

Suspicious use of FindShellTrayWindow 1 IoCs

Processes:

Purge.exe

pid process

2304 Purge.exe

pid	process
2304	Purge.exe

Processes

C:\Users\Admin\AppData\Local\Temp\Purge.exe
"C:\Users\Admin\AppData\Local\Temp\Purge.exe"
1⤵
- Suspicious use of FindShellTrayWindow
PID:2304

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2304-0-0x00000000009E0000-0x00000000009EC000-memory.dmp

Filesize
48KB

Download
memory/2304-1-0x00000000740C0000-0x00000000747AE000-memory.dmp

Filesize
6.9MB

Download
memory/2304-2-0x0000000004EE0000-0x0000000004F20000-memory.dmp

Filesize
256KB

Download
memory/2304-3-0x0000000004EE0000-0x0000000004F20000-memory.dmp

Filesize
256KB

Download
memory/2304-4-0x0000000004EE0000-0x0000000004F20000-memory.dmp

Filesize
256KB

Download
memory/2304-5-0x00000000740C0000-0x00000000747AE000-memory.dmp

Filesize
6.9MB

Download
memory/2304-6-0x0000000004EE0000-0x0000000004F20000-memory.dmp

Filesize
256KB

Download