Overview

overview

9

Static

static

3

e016e262ee...03.exe

windows7-x64

9

e016e262ee...03.exe

windows10-2004-x64

9

Analysis

  • max time kernel
    150s
  • max time network
    149s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240508-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
  • submitted
    23-05-2024 03:58

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    e016e262ee57ec75ca27b7c274a22a3b9a788aef1f24ffd4123382d9211a0003.exe

  • Size

    226KB

  • MD5

    e0373cfcfa13504c6d1d6d7a981747e4

  • SHA1

    502c1314d59570fc57db132234e17235ebb5a146

  • SHA256

    e016e262ee57ec75ca27b7c274a22a3b9a788aef1f24ffd4123382d9211a0003

  • SHA512

    30602f591a1d5fbb0ad7ee947ac118244bd0c6440441ab985515dd089f976890cf7d38fca6d86baec38f5be75676beb12748a5df8bcc15a5609485edc5d6b025

  • SSDEEP

    3072:69WpQEJAzEWzVNOx0ypIzIu73mYdE9d3s9XL7EWzVNOx0ypIzIu73mYdE9d3s9Xo:nfAnCLGdE9XNgShcHUaO

Score
9/10
ransomware

Malware Config

Signatures

  • Renames multiple (5002) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

    ransomware
  • Executes dropped EXE 2 IoCs
  • Drops file in System32 directory 2 IoCs
  • Drops file in Program Files directory 64 IoCs
  • Suspicious use of WriteProcessMemory 5 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\e016e262ee57ec75ca27b7c274a22a3b9a788aef1f24ffd4123382d9211a0003.exe
    "C:\Users\Admin\AppData\Local\Temp\e016e262ee57ec75ca27b7c274a22a3b9a788aef1f24ffd4123382d9211a0003.exe"
    1⤵
    • Drops file in System32 directory
    • Suspicious use of WriteProcessMemory
    PID:1468
    • C:\Windows\SysWOW64\Zombie.exe
      "C:\Windows\system32\Zombie.exe"
      2⤵
      • Executes dropped EXE
      • Drops file in Program Files directory
      PID:4504
    • C:\Users\Admin\AppData\Local\Temp\_cuninst.exe
      "_cuninst.exe"
      2⤵
      • Executes dropped EXE
      PID:1684

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\$Recycle.Bin\S-1-5-21-1337824034-2731376981-3755436523-1000\desktop.ini.exe
    Filesize

    86KB

    MD5

    e111193cc2eaa44d502152a2afc86871

    SHA1

    6b04aeacf937c495a59fecabbfa305e6c9c02291

    SHA256

    242df3cee66e67c2a58165bb6e36ede930859d0792c6b15aa71ea5dc91c5a1b7

    SHA512

    8f62318586e5c34b6385dc2a5dc776d77f9e0b2a0f5eddf3403c7295d46fd56c4c0049778b9973787023d3063d8e031780b4625af79f14073238d8514d7fc88c

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\_cuninst.exe
    Filesize

    140KB

    MD5

    3bc2cb2446a5b8fffd7ab3a98b9f51f6

    SHA1

    4f898bd1af88359128837e58cfe2a52f192a5d1f

    SHA256

    2ae11cc8a144df879a7be3fb6b1ce2cdce6c720a3e8c73b3a33fe120133b51b8

    SHA512

    482f58d2f62b6ebfc5822b5afd63b64a1fc99dd32cafdbd67ac0b206f055b3ca9415905494c375c4d7c5f22e86b53fb8d7a8943504b157df21c5a5b52e9b632b

    Download Submit

  • C:\Windows\SysWOW64\Zombie.exe
    Filesize

    86KB

    MD5

    808ecdc5aadfcc69022400a6d9a556bf

    SHA1

    0711eee2ed4a082b5141fa274e87df70b44ca589

    SHA256

    24cfd9caf46a1c1224a940556419a7365558a631d11e0ae0c0567d08fa382d40

    SHA512

    15c083bb55c57646e0782d4ac9465c648e374a5deaa594dc343a3fe178e0b48789de43c4a6b48e10250a20e75baf3f57b674ae83a3e6d85350e2c6e25068e017

    Download Submit

  • memory/1684-20-0x00007FFC9B8F3000-0x00007FFC9B8F5000-memory.dmp

    Filesize

    8KB

    Download

  • memory/1684-19-0x0000000000320000-0x0000000000348000-memory.dmp

    Filesize

    160KB

    Download