Overview

overview

9

Static

static

3

85ec814a34...4e.exe

windows7-x64

9

85ec814a34...4e.exe

windows10-2004-x64

9

Analysis

  • max time kernel
    147s
  • max time network
    127s
  • platform
    windows7_x64
  • resource
    win7-20240221-en
  • resource tags

    arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
  • submitted
    28/03/2024, 22:47

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    85ec814a34c76a7f2ea917921dd45bbe1483b1a4185c4949fad389d640e9004e.exe

  • Size

    200KB

  • MD5

    36f75177303c607fd223bd33753ecf38

  • SHA1

    519fc959fa7c4dd4ae84e2862cd9168a9ea8490c

  • SHA256

    85ec814a34c76a7f2ea917921dd45bbe1483b1a4185c4949fad389d640e9004e

  • SHA512

    fe2c131adbc8c2b9daa11bfe13d51d8812e829c8124d7ff936b8d19772d990ce642d288616b35d61e40927ffef9b6b14c10ca634e9b17db6d9902223db7cae84

  • SSDEEP

    3072:6e7WpXYvnd0D98HpKI6GCLOwstyhZFChcssc56FUrgxvbSD4UQrO2Lxa:RqRSS9GpKbShcHUaM

Score
9/10
ransomware

Malware Config

Signatures

  • Renames multiple (519) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

    ransomware
  • Executes dropped EXE 2 IoCs
  • Loads dropped DLL 3 IoCs
  • Drops file in System32 directory 2 IoCs
  • Drops file in Program Files directory 64 IoCs
  • Suspicious use of WriteProcessMemory 8 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\85ec814a34c76a7f2ea917921dd45bbe1483b1a4185c4949fad389d640e9004e.exe
    "C:\Users\Admin\AppData\Local\Temp\85ec814a34c76a7f2ea917921dd45bbe1483b1a4185c4949fad389d640e9004e.exe"
    1⤵
    • Loads dropped DLL
    • Drops file in System32 directory
    • Suspicious use of WriteProcessMemory
    PID:2332
    • C:\Users\Admin\AppData\Local\Temp\_choco.exe
      "_choco.exe"
      2⤵
      • Executes dropped EXE
      PID:2980
    • C:\Windows\SysWOW64\Zombie.exe
      "C:\Windows\system32\Zombie.exe"
      2⤵
      • Executes dropped EXE
      • Drops file in Program Files directory
      PID:2844

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\$Recycle.Bin\S-1-5-21-778096762-2241304387-192235952-1000\desktop.ini.tmp
    Filesize

    58KB

    MD5

    13ee3aadb7d9463f4620dc0331d869a5

    SHA1

    b34497d21dd1fd903254e9783660a7ab774d5e7a

    SHA256

    4a5664bd6d6ab8c0e2cc6a056d226254594110ada1c21e9f971fcb0fb18af534

    SHA512

    c7a0e0c5aa22ac697b3a50c413028914dd8186ab92870198b8732fb1545dc3fa6ff2d55342403042d6b8d3a29635f9324b078c1970dc8e11cb938c98d2146101

    Download Submit

  • \Users\Admin\AppData\Local\Temp\_choco.exe
    Filesize

    142KB

    MD5

    81a7c181639679983efb07c2dea2ebd0

    SHA1

    93370e8e5cb0d89bf6786445f94dd02dbb84b574

    SHA256

    8320c7f90f65b48e4031b680506a9579751789ded4d90fa2fbfc2fb7db7e3ec8

    SHA512

    599cca13e527c92cdf88df06ed8a01eee1bc602c565ab69e251f7414e19833ce42f0453771bfdf27d16f9f70112835b599d26a6ed92901fdf86bbdf8adf4d2f7

    Download Submit

  • \Windows\SysWOW64\Zombie.exe
    Filesize

    57KB

    MD5

    e77447e219ffb7e6f66ef4c98c646906

    SHA1

    0c64a3da22aa1d05edd31f64017539b1aa6f4719

    SHA256

    b7b38dc2670ea1367a13854b3dc034e3aea28eec5f16b345a3c60607b96e2857

    SHA512

    2a23d59a133e16dc944f9aedb525dd307f0cc26efeb97d56ded7c34c5c4ff649741ad3427e090551044b07f0eb622de0d2f36280ce058f9a64d1b7daa76e675c

    Download Submit

  • memory/2980-19-0x0000000001160000-0x0000000001188000-memory.dmp

    Filesize

    160KB

    Download

  • memory/2980-24-0x000007FEF58D0000-0x000007FEF62BC000-memory.dmp

    Filesize

    9.9MB

    Download

  • memory/2980-97-0x000007FEF58D0000-0x000007FEF62BC000-memory.dmp

    Filesize

    9.9MB

    Download