Overview

overview

7

Static

static

3

encrypt 1.0.1.exe

windows7-x64

encrypt 1.0.1.exe

windows10-2004-x64

Resubmissions

18/04/2024, 18:45

240418-xekcdabg43 7

Analysis

  • max time kernel
    61s
  • max time network
    68s
  • platform
    windows7_x64
  • resource
    win7-20240221-en
  • resource tags

    arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
  • submitted
    18/04/2024, 18:45

Sharing

Copy URL Twitter E-mail

Errors

Reason
Machine shutdown: "{\"level\":\"info\",\"time\":\"2024-04-18T18:47:27Z\",\"message\":\"Dirty snapshot: /var/lib/sandbox/hatchvm/win7-20240221-en/instance_7-dirty.qcow2\"}"
Report Analysis Logs

General

  • Target

    encrypt 1.0.1.exe

  • Size

    5.2MB

  • MD5

    2437f8fb399dc6b61a417a7fded575fc

  • SHA1

    e08930ecd6b37d619b30aaf05f17d4e273dcf8da

  • SHA256

    adb9115b0c3d71c2d3f2313e01a83ed7cc10878f79008791486c453806e19c15

  • SHA512

    147c0c4743946849c484ee6fdd6317d9e765a2c383004998083371827e80c6dd3920bea5b18c47d9723c310bc2508dace8de2d9f50163f7b8d875d1afd81a98a

  • SSDEEP

    98304:VsV8KwZhhSh2uW5MI06O7/Xuy/+7F+7cETUvx6kADkTs:VsVfwZhYEL2V6c/f/+ScEgJ6hDw

Score
7/10

Malware Config

Signatures

  • Loads dropped DLL 1 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\encrypt 1.0.1.exe
    "C:\Users\Admin\AppData\Local\Temp\encrypt 1.0.1.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:340
    • C:\Users\Admin\AppData\Local\Temp\encrypt 1.0.1.exe
      "C:\Users\Admin\AppData\Local\Temp\encrypt 1.0.1.exe"
      2⤵
      • Loads dropped DLL
      PID:3008
  • C:\Windows\system32\LogonUI.exe
    "LogonUI.exe" /flags:0x0
    1⤵
      PID:1980
    • C:\Windows\system32\LogonUI.exe
      "LogonUI.exe" /flags:0x1
      1⤵
        PID:1964

      Network

            MITRE ATT&CK Matrix

            Replay Monitor

            Loading Replay Monitor...

            Downloads

            • C:\Users\Admin\AppData\Local\Temp\_MEI3402\python310.dll
              Filesize

              4.3MB

              MD5

              c80b5cb43e5fe7948c3562c1fff1254e

              SHA1

              f73cb1fb9445c96ecd56b984a1822e502e71ab9d

              SHA256

              058925e4bbfcb460a3c00ec824b8390583baef0c780a7c7ff01d43d9eec45f20

              SHA512

              faa97a9d5d2a0bf78123f19f8657c24921b907268938c26f79e1df6d667f7bee564259a3a11022e8629996406cda9fa00434bb2b1de3e10b9bddc59708dbad81

              Download Submit

            • memory/1964-24-0x00000000026E0000-0x00000000026E1000-memory.dmp

              Filesize

              4KB

              Download

            • memory/1980-23-0x00000000029C0000-0x00000000029C1000-memory.dmp

              Filesize

              4KB

              Download