d418ca84ca4bb7db72d2b00f8d6225a57909e02f712c7b0e2d9cefb2e18d0737

Submit
Reports

Overview

overview

Static

static

020db58e3c...4c.exe

windows7-x64

06cbef0e90...f8.exe

windows7-x64

083c5b43df...fb.exe

windows7-x64

15cb04fa5c...4f.exe

windows7-x64

22a1f50db9...85.exe

windows7-x64

24cb5e44b6...8d.exe

windows7-x64

27c9f44e0c...d6.exe

windows7-x64

2c2aa8458f...3d.exe

windows7-x64

2e9e18954a...d1.exe

windows7-x64

2ebb2a34dd...c6.exe

windows7-x64

2fff52aa0c...21.exe

windows7-x64

37ca1cfa1f...60.exe

windows7-x64

38cd67a044...4c.exe

windows7-x64

3d4f84e20d...96.exe

windows7-x64

49cff73125...4b.exe

windows7-x64

4c0153b979...a5.exe

windows7-x64

4ded976d2e...5a.exe

windows7-x64

4ee95ee627...68.exe

windows7-x64

5b439daac4...d7.exe

windows7-x64

67df6d4554...78.exe

windows7-x64

6b3bf710cf...2e.exe

windows7-x64

6df64a0a92...fe.exe

windows7-x64

75b45fea60...34.exe

windows7-x64

82e6b71b99...5a.exe

windows7-x64

8a6aa9e5d5...47.exe

windows7-x64

8bcfb60733...fd.exe

windows7-x64

8bf1319fd0...6c.exe

windows7-x64

8d76a9a577...20.exe

windows7-x64

8dd283ca01...4c.exe

windows7-x64

8edaee2550...e7.exe

windows7-x64

9bff71afad...75.exe

windows7-x64

9d7fb7050c...20.exe

windows7-x64

Resubmissions

13-07-2024 09:54

240713-lxbx6swdmm 10

13-07-2024 09:50

240713-lvbvdsyapd 10

13-07-2024 09:46

240713-lr1dksyajd 10

Analysis

max time kernel
839s
max time network
840s
platform
windows7_x64
resource
win7-20240705-en
resource tags

arch:x64arch:x86image:win7-20240705-enlocale:en-usos:windows7-x64system
submitted
13-07-2024 09:50

Sharing

Copy URL

Twitter E-mail

Static task

static1

16 signatures

Behavioral task

behavioral1

Sample

020db58e3c552ead23b18bb04bb75781e51347dab4868d1fc55e2854a6647d4c.exe

Resource

win7-20240704-en

defense_evasion evasion execution impact ransomware trojan

windows7-x64

13 signatures

1200 seconds

Behavioral task

behavioral2

Sample

06cbef0e9051e2f54cf17e0d191f890d82cfec91bbc3e5bc429a2f364fd925f8.exe

Resource

win7-20240705-en

defense_evasion execution impact persistence ransomware

windows7-x64

11 signatures

1200 seconds

Behavioral task

behavioral3

Sample

083c5b43df8bee2a6235c3f5038cc9860b4a4bfd1675d367a67fcfff93ccfcfb.exe

Resource

win7-20240705-en

defense_evasion evasion execution impact persistence ransomware trojan

windows7-x64

20 signatures

1200 seconds

Behavioral task

behavioral4

Sample

15cb04fa5c58299e320c833b62a6e44ec67423aed9fcc969d5b90f4380ccf24f.exe

Resource

win7-20240704-en

defense_evasion execution impact persistence ransomware

windows7-x64

13 signatures

1200 seconds

Behavioral task

behavioral5

Sample

22a1f50db97e2f91417a668d7c31379012b9f756d37a6697220b10aaf1f8b585.exe

Resource

win7-20240704-en

persistence ransomware

windows7-x64

10 signatures

1200 seconds

Behavioral task

behavioral6

Sample

24cb5e44b68c9dd2a115de3415ee96e78d2180dfd287133c54dfa29c90c1088d.exe

Resource

win7-20240708-en

chaos defense_evasion evasion execution impact ransomware spyware stealer

windows7-x64

19 signatures

1200 seconds

Behavioral task

behavioral7

Sample

27c9f44e0c5de68792b684355a68ad83eba89cbe46cc9cf3a6efeb448c9f39d6.exe

Resource

win7-20240704-en

chaos defense_evasion evasion execution impact ransomware spyware stealer

windows7-x64

19 signatures

1200 seconds

Behavioral task

behavioral8

Sample

2c2aa8458f3d138a2cfaa38b2da75b541ccdad655b5db374733e4cecfb24833d.exe

Resource

win7-20240705-en

windows7-x64

7 signatures

1200 seconds

Behavioral task

behavioral9

Sample

2e9e18954a73762ae06eaa6fa85c4dbdabf607fee4ec2ed016a689c7173dbfd1.exe

Resource

win7-20240704-en

chaos persistence ransomware spyware stealer

windows7-x64

14 signatures

1200 seconds

Behavioral task

behavioral10

Sample

2ebb2a34dd6633e785f67d118a8c778969e4e34d667cf554268997e13920a1c6.exe

Resource

win7-20240708-en

chaos defense_evasion evasion execution impact ransomware spyware stealer

windows7-x64

18 signatures

1200 seconds

Behavioral task

behavioral11

Sample

2fff52aa0c2fac4e53008cdf0bbea4ade2243bf42418330a03d5ce6f0d598421.exe

Resource

win7-20240705-en

persistence ransomware

windows7-x64

10 signatures

1200 seconds

Behavioral task

behavioral12

Sample

37ca1cfa1f30b57408d3e855f98f9e5fd6900b23643bbc0c6163a875edf00b60.exe

Resource

win7-20240705-en

chaos ransomware spyware stealer

windows7-x64

12 signatures

1200 seconds

Behavioral task

behavioral13

Sample

38cd67a044a7da3eea806129a3ae9616cfbe1f49a68997ac932e5214b1719f4c.exe

Resource

win7-20240705-en

discovery exploit persistence ransomware spyware stealer

windows7-x64

17 signatures

1200 seconds

Behavioral task

behavioral14

Sample

3d4f84e20d5cf317edcefcc98bdd7e126078b25cdc56b816edbec532a8763096.exe

Resource

win7-20240704-en

windows7-x64

0 signatures

1200 seconds

Behavioral task

behavioral15

Sample

49cff73125bdbed98cdda85572228372cecaedc8fa98fd48706fd23e6ad1ad4b.exe

Resource

win7-20240704-en

chaos neshta defense_evasion evasion execution impact persistence ransomware spyware stealer

windows7-x64

24 signatures

1200 seconds

Behavioral task

behavioral16

Sample

4c0153b979e65346c1d6f863086082ec5ef103cbf6b0f5e8652d61da678a8ca5.exe

Resource

win7-20240708-en

mimikatz bootkit persistence spyware stealer

windows7-x64

12 signatures

1200 seconds

Behavioral task

behavioral17

Sample

4ded976d2e5474b5ce1562ceb032981e23f170e7d6ec07fadd131aea82715a5a.exe

Resource

win7-20240705-en

windows7-x64

2 signatures

1200 seconds

Behavioral task

behavioral18

Sample

4ee95ee6271482c7939ce3b9db210ffb7a73ceebb6500b978fa3e6fe1d6ea168.exe

Resource

win7-20240704-en

chaos neshta defense_evasion evasion execution impact persistence ransomware spyware stealer

windows7-x64

24 signatures

1200 seconds

Behavioral task

behavioral19

Sample

5b439daac4faa9078a6973301eaeed339f77bbbbcdaa46f3452c1fc90499a4d7.exe

Resource

win7-20240708-en

chaos ransomware spyware stealer

windows7-x64

12 signatures

1200 seconds

Behavioral task

behavioral20

Sample

67df6d4554cb4c82c8f41d8257174c8c39059cd386744fc0f36ef84faede1478.exe

Resource

win7-20240705-en

windows7-x64

2 signatures

1200 seconds

Behavioral task

behavioral21

Sample

6b3bf710cf4a0806b2c5eaa26d2d91ca57575248ff0298f6dee7180456f37d2e.exe

Resource

win7-20240708-en

persistence ransomware

windows7-x64

9 signatures

1200 seconds

Behavioral task

behavioral22

Sample

6df64a0a921bd65006968d7eb146f7ceb60ffc1345575d39edec0eded41eb4fe.exe

Resource

win7-20240705-en

gandcrab backdoor persistence ransomware

windows7-x64

8 signatures

1200 seconds

Behavioral task

behavioral23

Sample

75b45fea6000b6cb5e88b786e164c777c410e11fdcf1ff99b66b43096223d734.exe

Resource

win7-20240704-en

chaos defense_evasion evasion execution impact persistence ransomware spyware stealer

windows7-x64

20 signatures

1200 seconds

Behavioral task

behavioral24

Sample

82e6b71b99a6ec602cfbdc00e0bbaf34c719d7b6879b6e384004886d491ad45a.exe

Resource

win7-20240708-en

chaos defense_evasion evasion execution impact persistence ransomware spyware stealer

windows7-x64

19 signatures

1200 seconds

Behavioral task

behavioral25

Sample

8a6aa9e5d58784428d0b1641e99f024438b20747993039e16b8d262f3f5fd347.exe

Resource

win7-20240705-en

ransomware

windows7-x64

10 signatures

1200 seconds

Behavioral task

behavioral26

Sample

8bcfb607330063b60948c0520fe2ccbce3562a9cc43a55ea45f16878fc6a9bfd.exe

Resource

win7-20240704-en

chaos neshta defense_evasion evasion execution impact persistence ransomware spyware stealer

windows7-x64

24 signatures

1200 seconds

Behavioral task

behavioral27

Sample

8bf1319fd0f77cd38f85d436e044f2d9e93e3f33844f20737117230b73b60f6c.exe

Resource

win7-20240708-en

mafiaware666 ransomware

windows7-x64

5 signatures

1200 seconds

Behavioral task

behavioral28

Sample

8d76a9a577ea5ad52555a2824db6f5872548fe4bcc47d476cae57603386c4720.exe

Resource

win7-20240705-en

chaos defense_evasion evasion execution impact ransomware spyware stealer

windows7-x64

19 signatures

1200 seconds

Behavioral task

behavioral29

Sample

8dd283ca012e7a70a2673d2cc211c6a616ff23bc5bd3599a1da077ba946a044c.exe

Resource

win7-20240708-en

evasion execution persistence ransomware

windows7-x64

16 signatures

1200 seconds

Behavioral task

behavioral30

Sample

8edaee2550dde9df1fe2e8c26965be3817f0d66ba13510ac281bfdc8dde1dde7.exe

Resource

win7-20240704-en

defense_evasion evasion execution impact persistence ransomware trojan

windows7-x64

20 signatures

1200 seconds

Behavioral task

behavioral31

Sample

9bff71afadddb02956bd74c517b4de581885b0d6ff007796d00d3c2190c30275.exe

Resource

win7-20240704-en

chaos ransomware spyware stealer

windows7-x64

13 signatures

1200 seconds

Behavioral task

behavioral32

Sample

9d7fb7050cf315639502f812d25d49c19b14c93948827484c2514bbc87261920.exe

Resource

win7-20240704-en

chaos defense_evasion evasion execution impact ransomware spyware stealer

windows7-x64

19 signatures

1200 seconds

Report Analysis Logs

General

Target

4ded976d2e5474b5ce1562ceb032981e23f170e7d6ec07fadd131aea82715a5a.exe
Size

2.6MB
MD5

ca1e56a26f9b7b8e18a5f627bd946d53
SHA1

80f9a9afa9a115acabd32ddbd0339a17d261e90c
SHA256

4ded976d2e5474b5ce1562ceb032981e23f170e7d6ec07fadd131aea82715a5a
SHA512

d48549c184754f7d7e3c5b35c14aab50766aaa00eb8ce62d326a44ce9ccfc0b40bc94e33fa00c8b7594dfc0585f0c6530597d1222d8cb03edcb701de203af679
SSDEEP

12288:jOU/d7WQvyPWa4DQFu/U3buRKlemZ9DnGAevjdMOU/d7WQvyPWa4DQFu/U3buRKO:7/JRyuN5e/JRyuN

Score

3^/10

Malware Config

Signatures

Program crash 1 IoCs

pid	pid_target	Process	procid_target
2308	592	WerFault.exe	28

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 592 wrote to memory of 2308	592	4ded976d2e5474b5ce1562ceb032981e23f170e7d6ec07fadd131aea82715a5a.exe	29
PID 592 wrote to memory of 2308	592	4ded976d2e5474b5ce1562ceb032981e23f170e7d6ec07fadd131aea82715a5a.exe	29
PID 592 wrote to memory of 2308	592	4ded976d2e5474b5ce1562ceb032981e23f170e7d6ec07fadd131aea82715a5a.exe	29
PID 592 wrote to memory of 2308	592	4ded976d2e5474b5ce1562ceb032981e23f170e7d6ec07fadd131aea82715a5a.exe	29

Processes

C:\Users\Admin\AppData\Local\Temp\4ded976d2e5474b5ce1562ceb032981e23f170e7d6ec07fadd131aea82715a5a.exe
"C:\Users\Admin\AppData\Local\Temp\4ded976d2e5474b5ce1562ceb032981e23f170e7d6ec07fadd131aea82715a5a.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:592
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 592 -s 36
  2⤵
  - Program crash
  PID:2308

Resubmissions

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads