Analysis
-
max time kernel
1800s -
max time network
1566s -
platform
windows7_x64 -
resource
win7-20240704-en -
resource tags
-
submitted
20-07-2024 14:23
General
-
Target
cocksucker ransomware [COOL].exe
-
Size
378KB
-
MD5
232fa9e369270ad2400f147358106f84
-
SHA1
652c7b72f2de9ac2b6a38f61bbab56c31cd4f56b
-
SHA256
eb08cd98561489036e4f156b1cf30312358a455a076396a1244a940cf91172ca
-
SHA512
088f6945749499224678e34624e8d91a8853bf574d3bfeb4b745b62a4c0198457272458491ff28b33dfa2bf88e0981db3314633d0dac1a242add86137b82b334
-
SSDEEP
6144:Dp7/yjcX8JtYa0exxWT+9g7jyOhM+9bHUm4pZdjBto+VXaWLtBLNKdeoS:djlX5asT6g7fhMjm43dzo+QOB1oS
Malware Config
Signatures
-
Deletes itself 1 IoCs
-
Executes dropped EXE 1 IoCs
-
Loads dropped DLL 1 IoCs
-
UPX packed file 17 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Adds Run key to start application 2 TTPs 1 IoCs
-
Suspicious behavior: EnumeratesProcesses 64 IoCs
-
Suspicious use of AdjustPrivilegeToken 2 IoCs
-
Suspicious use of FindShellTrayWindow 8 IoCs
-
Suspicious use of SendNotifyMessage 7 IoCs
-
Suspicious use of SetWindowsHookEx 2 IoCs
-
Suspicious use of WriteProcessMemory 4 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\cocksucker ransomware [COOL].exe"C:\Users\Admin\AppData\Local\Temp\cocksucker ransomware [COOL].exe"1⤵
- Loads dropped DLL
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\ProgramData\dD28275IiBcA28275\dD28275IiBcA28275.exe"C:\ProgramData\dD28275IiBcA28275\dD28275IiBcA28275.exe" "C:\Users\Admin\AppData\Local\Temp\cocksucker ransomware [COOL].exe"2⤵
- Deletes itself
- Executes dropped EXE
- Adds Run key to start application
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of SetWindowsHookEx
Network
MITRE ATT&CK Matrix ATT&CK v13
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\ProgramData\dD28275IiBcA28275\dD28275IiBcA28275Filesize
192B
MD5f27921957d93a4a0baa5b86a0d0b832f
SHA1fc6bfb0485319084954412b35f02c5d2f8494660
SHA256f9ead79f4d07bad48410f26128fb4618ba3118765a8d63f4892d74dc76b3c957
SHA51279d27353fa7165d0fdef25471f985fd4488686ae3173337fbbd8f4a1634e1a3176eeb8411bdf7d579f640b1e03e17ac3b1a4305dc8334d43ade4aac571d23f13
-
\ProgramData\dD28275IiBcA28275\dD28275IiBcA28275.exeFilesize
378KB
MD5efc456061ce7573f647d3e221145b920
SHA195abe225a31375b2b1a89cf47d4fb895c31ff9ac
SHA256f720d594d41405adcbeb5c66130b2f049c628165b0262f60aed9251ae7c151d3
SHA5127d632d76979d0c2a567aee6b71edb2469f787cf8805ca3f138b8df1ff3608295f42139ab2f36f664d5f1366275f7f8f7a69507f53be357f899d46e73c39e3575
-
memory/1696-0-0x0000000000400000-0x00000000004CD000-memory.dmpFilesize
820KB
-
memory/1696-2-0x00000000002A0000-0x00000000002F3000-memory.dmpFilesize
332KB
-
memory/1696-1-0x0000000002620000-0x00000000026C5000-memory.dmpFilesize
660KB
-
memory/1696-5-0x0000000000400000-0x00000000004BF000-memory.dmpFilesize
764KB
-
memory/1696-16-0x0000000002B10000-0x0000000002BDD000-memory.dmpFilesize
820KB
-
memory/1696-19-0x0000000000400000-0x00000000004CD000-memory.dmpFilesize
820KB
-
memory/1696-20-0x0000000000400000-0x00000000004BF000-memory.dmpFilesize
764KB
-
memory/2624-28-0x0000000000400000-0x00000000004CD000-memory.dmpFilesize
820KB
-
memory/2624-22-0x0000000000400000-0x00000000004CD000-memory.dmpFilesize
820KB
-
memory/2624-17-0x0000000000400000-0x00000000004CD000-memory.dmpFilesize
820KB
-
memory/2624-21-0x0000000000400000-0x00000000004CD000-memory.dmpFilesize
820KB
-
memory/2624-32-0x0000000000400000-0x00000000004CD000-memory.dmpFilesize
820KB
-
memory/2624-41-0x0000000000400000-0x00000000004CD000-memory.dmpFilesize
820KB
-
memory/2624-71-0x0000000000400000-0x00000000004CD000-memory.dmpFilesize
820KB
-
memory/2624-77-0x0000000000400000-0x00000000004CD000-memory.dmpFilesize
820KB
-
memory/2624-83-0x0000000000400000-0x00000000004CD000-memory.dmpFilesize
820KB
-
memory/2624-90-0x0000000000400000-0x00000000004CD000-memory.dmpFilesize
820KB
-
memory/2624-97-0x0000000000400000-0x00000000004CD000-memory.dmpFilesize
820KB