Overview

overview

6

Static

static

3

Encryptor.exe

windows7-x64

6

Encryptor.exe

windows10-2004-x64

1

Analysis

  • max time kernel
    122s
  • max time network
    124s
  • platform
    windows7_x64
  • resource
    win7-20240705-en
  • resource tags

    arch:x64arch:x86image:win7-20240705-enlocale:en-usos:windows7-x64system
  • submitted
    15-07-2024 15:16

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    Encryptor.exe

  • Size

    267KB

  • MD5

    7abc2532ee2751efa2268f4a4bc1f32e

  • SHA1

    3fb50565ec0d25deee228bba748e02f4a2ebf761

  • SHA256

    06474a9913f9de2666487ef06708349dd1a4f615911baeb8bc1d1fcd85e21574

  • SHA512

    46f3c478b8a01514a14ea77dd5c49bce6031d0e3b360be79107677313ccef0a31414fffa872870df821e3065197ea244ecf5d0de37747d36925f535f104580f2

  • SSDEEP

    6144:8jaLgaDsShEzNee1LoLgaDsShEzNdePV:82LrsShEzN9poLrsShEzNUN

Score
6/10

Malware Config

Signatures

  • Drops desktop.ini file(s) 1 IoCs
  • Drops file in Windows directory 2 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Modifies registry class 64 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 2 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 5 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\Encryptor.exe
    "C:\Users\Admin\AppData\Local\Temp\Encryptor.exe"
    1⤵
    • Drops desktop.ini file(s)
    • Drops file in Windows directory
    • Modifies registry class
    • Suspicious behavior: GetForegroundWindowSpam
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    PID:1952
  • C:\Windows\system32\rundll32.exe
    "C:\Windows\system32\rundll32.exe" C:\Windows\system32\shell32.dll,OpenAs_RunDLL C:\Users\Admin\Desktop\ConvertFromRepair.vbe.!LOCKED
    1⤵
    • Modifies registry class
    • Suspicious behavior: GetForegroundWindowSpam
    • Suspicious use of WriteProcessMemory
    PID:2528
    • C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe
      "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe" "C:\Users\Admin\Desktop\ConvertFromRepair.vbe.!LOCKED"
      2⤵
      • Suspicious use of SetWindowsHookEx
      PID:1328

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\Desktop\ConvertFromRepair.vbe.!LOCKED
    Filesize

    403KB

    MD5

    85c5727126319391736c4327cae09d61

    SHA1

    8af0c8889b817c1a11b841e76c8894086a9f36ec

    SHA256

    7084e26ff5d9e81a6298c3bfcbf8cd44abad251a77f1aaad20fdaa6c1200a1e1

    SHA512

    77694961bafde41e8c43189484737b6001535f83de136b69f3efeaef293c39b6b12953a1f66950a37ea1c1e5c85f0d43a8f45ba8bab25845bf9829828f2f1f7b

    Download Submit

  • memory/1952-0-0x000007FEF55E3000-0x000007FEF55E4000-memory.dmp

    Filesize

    4KB

    Download

  • memory/1952-1-0x00000000000D0000-0x0000000000118000-memory.dmp

    Filesize

    288KB

    Download

  • memory/1952-2-0x000007FEF55E0000-0x000007FEF5FCC000-memory.dmp

    Filesize

    9.9MB

    Download

  • memory/1952-3-0x000007FEF55E0000-0x000007FEF5FCC000-memory.dmp

    Filesize

    9.9MB

    Download

  • memory/1952-4-0x000000001E600000-0x000000001E610000-memory.dmp

    Filesize

    64KB

    Download

  • memory/1952-5-0x000007FEF55E0000-0x000007FEF5FCC000-memory.dmp

    Filesize

    9.9MB

    Download

  • memory/1952-6-0x000007FEF55E0000-0x000007FEF5FCC000-memory.dmp

    Filesize

    9.9MB

    Download

  • memory/1952-37-0x000007FEF55E0000-0x000007FEF5FCC000-memory.dmp

    Filesize

    9.9MB

    Download