Overview
overview
10Static
static
10174ac08f7f...83.exe
windows7-x64
121697ff9c9...27.dll
windows7-x64
1299baa160c...88.exe
windows7-x64
10390f8ea304...a2.exe
windows7-x64
13d26ddb0a9...05.exe
windows7-x64
1051308678ff...54.exe
windows7-x64
10600db89be8...7f.exe
windows7-x64
16860173ca5...b1.dll
windows7-x64
16fd5bdcc62...34.exe
windows7-x64
1087cee50a81...c7.exe
windows7-x64
1093564e681c...ca.exe
windows7-x64
109c109b79da...97.exe
windows7-x64
109c8685a98f...7f.exe
windows7-x64
10CrypMod.exe
windows7-x64
10Fuck.exe
windows7-x64
10Generic_Ransom_1.exe
windows7-x64
8Genericcc.exe
windows7-x64
10Gneeirc2.exe
windows7-x64
10MyxaH.exe
windows7-x64
10a1e86fc6cf...c2.exe
windows7-x64
1add230a2e7...10.exe
windows7-x64
10ae3a9c9cf9...b7.exe
windows7-x64
10b878926219...be.exe
windows7-x64
7c28384feb8...1a.exe
windows7-x64
10cryptmod2.exe
windows7-x64
10d041a11a04...a7.exe
windows7-x64
10db3f0b9d66...0f.exe
windows7-x64
6dcb283e040...ea.exe
windows7-x64
7e54de5d857...f3.exe
windows7-x64
7f14fd49537...19.exe
windows7-x64
1f7ee55f157...ed.exe
windows7-x64
3genenenrnenr.exe
windows7-x64
5Analysis
-
max time kernel
1561s -
max time network
1562s -
platform
windows7_x64 -
resource
win7-20231129-en -
resource tags
arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system -
submitted
26-03-2024 13:44
Behavioral task
behavioral1
Sample
174ac08f7fd9c8486511122f2b8c730018c68d4492bf58840f7dbe5338072883.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
21697ff9c9b2ad4fb91d805cd139175a4ff8fbddf1fdff52c9dd8eee78612b27.dll
Resource
win7-20240221-en
Behavioral task
behavioral3
Sample
299baa160cc77a615a22266ea21c1eabc357ade95901e569d82731ba44309f88.exe
Resource
win7-20240221-en
Behavioral task
behavioral4
Sample
390f8ea3044007611ebadad5352708aa3d0df0872b4550100f439a0aad7213a2.exe
Resource
win7-20240221-en
Behavioral task
behavioral5
Sample
3d26ddb0a96c825ff98a6b6456bf52dab1a896da2a8690a041524a6c82213a05.exe
Resource
win7-20240221-en
Behavioral task
behavioral6
Sample
51308678ff4559482f32fc2138d4134b412ab75977c19003bd6a7209b3c1cb54.exe
Resource
win7-20240220-en
Behavioral task
behavioral7
Sample
600db89be8dbd50e60c620ea147688cea7d512b1dc545a6b95fe41f0dfeca57f.exe
Resource
win7-20240221-en
Behavioral task
behavioral8
Sample
6860173ca54b7e763cc667ac54435f1a18a821e09453b9e41556b6c2e9323eb1.dll
Resource
win7-20240215-en
Behavioral task
behavioral9
Sample
6fd5bdcc625d735f67f0ad4cacd06feb2ae20a2ec7626ff91fbd1848d1173d34.exe
Resource
win7-20240221-en
Behavioral task
behavioral10
Sample
87cee50a81408e14f015d7507a87950e678742ba78015fd65d24f9934d22c9c7.exe
Resource
win7-20240221-en
Behavioral task
behavioral11
Sample
93564e681c3b63f14bfb67df98f5461917c447f343770a3a944ab251c4dac5ca.exe
Resource
win7-20240319-en
Behavioral task
behavioral12
Sample
9c109b79dae8527b370cc0b91d5822f4a69b3acda284c361b310e18738ec5a97.exe
Resource
win7-20240221-en
Behavioral task
behavioral13
Sample
9c8685a98f9be3a699ea95314449fd90fbaeac3e587efdfcb0c495621e7b087f.exe
Resource
win7-20240221-en
Behavioral task
behavioral14
Sample
CrypMod.exe
Resource
win7-20240215-en
Behavioral task
behavioral15
Sample
Fuck.exe
Resource
win7-20231129-en
Behavioral task
behavioral16
Sample
Generic_Ransom_1.exe
Resource
win7-20240220-en
Behavioral task
behavioral17
Sample
Genericcc.exe
Resource
win7-20240221-en
Behavioral task
behavioral18
Sample
Gneeirc2.exe
Resource
win7-20240221-en
Behavioral task
behavioral19
Sample
MyxaH.exe
Resource
win7-20240221-en
Behavioral task
behavioral20
Sample
a1e86fc6cfb129a978b7de1f8b773f766640e50874d8989999be2c55c6d022c2.exe
Resource
win7-20240221-en
Behavioral task
behavioral21
Sample
add230a2e7aabf2ea909f641894d9febc6673cf23623a00ce3f47bc73ec9b310.exe
Resource
win7-20240221-en
Behavioral task
behavioral22
Sample
ae3a9c9cf994b6f1967aee6a31f13796e0f59d4c2bd22865e24f2babf2043bb7.exe
Resource
win7-20240221-en
Behavioral task
behavioral23
Sample
b878926219059096382653b807efb9476435cc6d3401667c502d2c7bb2f6d7be.exe
Resource
win7-20231129-en
Behavioral task
behavioral24
Sample
c28384feb8d622682c10e81da44448c226638a7fed9b531ab7a5f652c55b3e1a.exe
Resource
win7-20240220-en
Behavioral task
behavioral25
Sample
cryptmod2.exe
Resource
win7-20240221-en
Behavioral task
behavioral26
Sample
d041a11a04bba9142ee44712a53c8e94bccefeefe1d382ac35171518cd6b64a7.exe
Resource
win7-20240221-en
Behavioral task
behavioral27
Sample
db3f0b9d66482afc1f2328f7eee8a8cc57ce03e19a4325e50d239203a4d17e0f.exe
Resource
win7-20240221-en
Behavioral task
behavioral28
Sample
dcb283e040d84bf1a86b381bfb0ce6b8dc070b58ba5d3150eed9cb7becf769ea.exe
Resource
win7-20240221-en
Behavioral task
behavioral29
Sample
e54de5d857ff16efd72ff0223235826494147444538f725f6977ca892282e7f3.exe
Resource
win7-20240215-en
Behavioral task
behavioral30
Sample
f14fd49537695f6e33bd102633b0737a2713df3197e36b7cdb176bc8683f6919.exe
Resource
win7-20240221-en
Behavioral task
behavioral31
Sample
f7ee55f1571b1a082a8e61811811009b02e5b0d651bd7c3f8d29ca16ef1e14ed.exe
Resource
win7-20231129-en
Behavioral task
behavioral32
Sample
genenenrnenr.exe
Resource
win7-20240221-en
General
-
Target
f7ee55f1571b1a082a8e61811811009b02e5b0d651bd7c3f8d29ca16ef1e14ed.exe
-
Size
284KB
-
MD5
1bb03d2ed04d84232c79e2cb8bc9bb16
-
SHA1
0680e85a0edbf41816791ca8b0704cf74c362cde
-
SHA256
f7ee55f1571b1a082a8e61811811009b02e5b0d651bd7c3f8d29ca16ef1e14ed
-
SHA512
78aecaa2c5cf9c00ef15a6940908468f8318d0f5f7b38dc2c54a5d0d344a0196e3004ff7dc8ab3f19fb29508029a676944561202139efd0b0c1a22dbc0bbceea
-
SSDEEP
6144:SMXLW0lA/pXoXA9OZyRQAXFMdJ2d3ReNPMV3r5ZloYO9+i7UOuZYhYDlVoS:TiQA/pYgHHX3hxV3rtPJi6XoS
Malware Config
Signatures
-
Program crash 1 IoCs
Processes:
WerFault.exepid pid_target process target process 2232 2216 WerFault.exe f7ee55f1571b1a082a8e61811811009b02e5b0d651bd7c3f8d29ca16ef1e14ed.exe -
Suspicious use of WriteProcessMemory 4 IoCs
Processes:
f7ee55f1571b1a082a8e61811811009b02e5b0d651bd7c3f8d29ca16ef1e14ed.exedescription pid process target process PID 2216 wrote to memory of 2232 2216 f7ee55f1571b1a082a8e61811811009b02e5b0d651bd7c3f8d29ca16ef1e14ed.exe WerFault.exe PID 2216 wrote to memory of 2232 2216 f7ee55f1571b1a082a8e61811811009b02e5b0d651bd7c3f8d29ca16ef1e14ed.exe WerFault.exe PID 2216 wrote to memory of 2232 2216 f7ee55f1571b1a082a8e61811811009b02e5b0d651bd7c3f8d29ca16ef1e14ed.exe WerFault.exe PID 2216 wrote to memory of 2232 2216 f7ee55f1571b1a082a8e61811811009b02e5b0d651bd7c3f8d29ca16ef1e14ed.exe WerFault.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\f7ee55f1571b1a082a8e61811811009b02e5b0d651bd7c3f8d29ca16ef1e14ed.exe"C:\Users\Admin\AppData\Local\Temp\f7ee55f1571b1a082a8e61811811009b02e5b0d651bd7c3f8d29ca16ef1e14ed.exe"1⤵
- Suspicious use of WriteProcessMemory
PID:2216 -
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2216 -s 1882⤵
- Program crash
PID:2232
-