Overview

overview

10

Static

static

10

020db58e3c...4c.exe

windows7-x64

10

06cbef0e90...f8.exe

windows7-x64

9

083c5b43df...fb.exe

windows7-x64

10

15cb04fa5c...4f.exe

windows7-x64

9

22a1f50db9...85.exe

windows7-x64

9

24cb5e44b6...8d.exe

windows7-x64

10

27c9f44e0c...d6.exe

windows7-x64

10

2c2aa8458f...3d.exe

windows7-x64

7

2e9e18954a...d1.exe

windows7-x64

10

2ebb2a34dd...c6.exe

windows7-x64

10

2fff52aa0c...21.exe

windows7-x64

10

37ca1cfa1f...60.exe

windows7-x64

10

38cd67a044...4c.exe

windows7-x64

9

3d4f84e20d...96.exe

windows7-x64

49cff73125...4b.exe

windows7-x64

10

4c0153b979...a5.exe

windows7-x64

10

4ded976d2e...5a.exe

windows7-x64

3

4ee95ee627...68.exe

windows7-x64

10

5b439daac4...d7.exe

windows7-x64

10

67df6d4554...78.exe

windows7-x64

3

6b3bf710cf...2e.exe

windows7-x64

6

6df64a0a92...fe.exe

windows7-x64

10

75b45fea60...34.exe

windows7-x64

10

82e6b71b99...5a.exe

windows7-x64

10

8a6aa9e5d5...47.exe

windows7-x64

10

8bcfb60733...fd.exe

windows7-x64

10

8bf1319fd0...6c.exe

windows7-x64

10

8d76a9a577...20.exe

windows7-x64

10

8dd283ca01...4c.exe

windows7-x64

10

8edaee2550...e7.exe

windows7-x64

10

9bff71afad...75.exe

windows7-x64

10

9d7fb7050c...20.exe

windows7-x64

10

Resubmissions

13/07/2024, 09:54 UTC

240713-lxbx6swdmm 10

13/07/2024, 09:50 UTC

240713-lvbvdsyapd 10

13/07/2024, 09:46 UTC

240713-lr1dksyajd 10

Analysis

  • max time kernel
    835s
  • max time network
    842s
  • platform
    windows7_x64
  • resource
    win7-20240704-en
  • resource tags

    arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
  • submitted
    13/07/2024, 09:50 UTC

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    22a1f50db97e2f91417a668d7c31379012b9f756d37a6697220b10aaf1f8b585.exe

  • Size

    240KB

  • MD5

    598b2a2bdfb474047a6d5b5f0469c27a

  • SHA1

    a2d42ceb046e3bfcab1bb3dc9ef9e89f12e2bd66

  • SHA256

    22a1f50db97e2f91417a668d7c31379012b9f756d37a6697220b10aaf1f8b585

  • SHA512

    ff6930e0dd15d7fc23f3cd62b5213863ec0c59b8ada189960e52be1832c8a1b928ddb3debf9eca65bbd5203e7b191e55d79dd2c7592bed3e197bdfb5b200ddbf

  • SSDEEP

    3072:PC4zn72NrvV9YhZv0FKbgx2HMdYlTYpu/EVarwBwCc45TEywugt45ZoIWpEzGVz1:Pn72NrvV9OCTE45Z1WpEKvmSx7ri

Score
9/10
persistenceransomware

Malware Config

Signatures

  • Renames multiple (145) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

    ransomware
  • Adds Run key to start application 2 TTPs 1 IoCs
    persistence
  • Drops desktop.ini file(s) 6 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • NTFS ADS 1 IoCs
  • Opens file in notepad (likely ransom note) 1 IoCs
    ransomware
  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SendNotifyMessage 1 IoCs
  • Suspicious use of WriteProcessMemory 8 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\22a1f50db97e2f91417a668d7c31379012b9f756d37a6697220b10aaf1f8b585.exe
    "C:\Users\Admin\AppData\Local\Temp\22a1f50db97e2f91417a668d7c31379012b9f756d37a6697220b10aaf1f8b585.exe"
    1⤵
    • Adds Run key to start application
    • Drops desktop.ini file(s)
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    • Suspicious use of WriteProcessMemory
    PID:2252
    • C:\Windows\SysWOW64\NOTEPAD.EXE
      "C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\AppData\Roaming\README.txt
      2⤵
      • Opens file in notepad (likely ransom note)
      PID:2240
    • C:\Windows\SysWOW64\cmd.exe
      cmd /c ""C:\Users\Admin\AppData\Roaming\usb_maker.bat" "
      2⤵
      • NTFS ADS
      PID:1512

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Roaming\usb_maker.bat
    Filesize

    3KB

    MD5

    8b926e674282e555448c3d236419cc02

    SHA1

    4a4e549641f3e780a6b1f1d02963919bd80919c3

    SHA256

    a942687463c636d9ae805ed322285cb4454312924f9d6cdd8dfa28e5a9a4a925

    SHA512

    5fa18988494427d99c2025d887484a8450042ccf52fd1883490f24dcbd5c61bf8a120a5b9edb15172957513f12db126e68677a5759349976af71cd0cdef0d162

    Download Submit

  • C:\Users\Admin\Music\README.txt
    Filesize

    55B

    MD5

    b93eb695a60a289d6ec60bf91ade3f47

    SHA1

    162bbce41920668be61dd0c6cbf2686b3df721f0

    SHA256

    65c12214995d2dca08255cbcce236746950a6a064b511fa9e98f7ce4d00ca3a1

    SHA512

    b8aa02d79be5bee12a783c09dbad88774c07b1381760f4f4d8381a487911ee1403923bd75f1e4d27007ec1981be667fa9313fc635153c24ff6efddd202a58c15

    Download Submit

  • memory/2252-0-0x00000000749EE000-0x00000000749EF000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2252-1-0x0000000000B80000-0x0000000000BC2000-memory.dmp

    Filesize

    264KB

    Download

  • memory/2252-2-0x00000000749E0000-0x00000000750CE000-memory.dmp

    Filesize

    6.9MB

    Download

  • memory/2252-320-0x00000000749E0000-0x00000000750CE000-memory.dmp

    Filesize

    6.9MB

    Download

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.