Analysis
-
max time kernel
150s -
max time network
120s -
platform
windows7_x64 -
resource
win7-20240708-en -
resource tags
arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system -
submitted
08/08/2024, 18:19
Static task
static1
1 signatures
Behavioral task
behavioral1
Sample
ƧƧccsdäĐc♀♪↓$.exe
Resource
win7-20240708-en
windows7-x64
4 signatures
150 seconds
Behavioral task
behavioral2
Sample
ƧƧccsdäĐc♀♪↓$.exe
Resource
win10v2004-20240802-en
windows10-2004-x64
5 signatures
150 seconds
General
-
Target
ƧƧccsdäĐc♀♪↓$.exe
-
Size
1.2MB
-
MD5
6ecbfb642f9b3165ee12cd7ab2dc47da
-
SHA1
b4a5921da14c13108d889e7e9b9cafa3a144b55b
-
SHA256
5d1242df920213de88bec0ad89ca6827a4d9307b959b193bfe50a75f00af0464
-
SHA512
68bd5d178f7bc1bfb1912cca67cbdb9a9b34d44eeb81330cf53370fe7aa53beb111effa531bde9425feac45aa5248b3b2053287b7e208c980c4954407914d0a4
-
SSDEEP
12288:3vCRj8bcEQlbwdj91Qu+Ta2QadQnRouQjhMyLYxctiXh+nA6srVm8qZ6fLs/3:+8bcEQlbwdj91d+CgscDA6+
Score
3/10
Malware Config
Signatures
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Modifies registry key 1 TTPs 1 IoCs
pid Process 2784 reg.exe -
Suspicious behavior: EnumeratesProcesses 64 IoCs
pid Process 3052 ƧƧccsdäĐc♀♪↓$.exe 3052 ƧƧccsdäĐc♀♪↓$.exe 3052 ƧƧccsdäĐc♀♪↓$.exe 3052 ƧƧccsdäĐc♀♪↓$.exe 3052 ƧƧccsdäĐc♀♪↓$.exe 3052 ƧƧccsdäĐc♀♪↓$.exe 3052 ƧƧccsdäĐc♀♪↓$.exe 3052 ƧƧccsdäĐc♀♪↓$.exe 3052 ƧƧccsdäĐc♀♪↓$.exe 3052 ƧƧccsdäĐc♀♪↓$.exe 3052 ƧƧccsdäĐc♀♪↓$.exe 3052 ƧƧccsdäĐc♀♪↓$.exe 3052 ƧƧccsdäĐc♀♪↓$.exe 3052 ƧƧccsdäĐc♀♪↓$.exe 3052 ƧƧccsdäĐc♀♪↓$.exe 3052 ƧƧccsdäĐc♀♪↓$.exe 3052 ƧƧccsdäĐc♀♪↓$.exe 3052 ƧƧccsdäĐc♀♪↓$.exe 3052 ƧƧccsdäĐc♀♪↓$.exe 3052 ƧƧccsdäĐc♀♪↓$.exe 3052 ƧƧccsdäĐc♀♪↓$.exe 3052 ƧƧccsdäĐc♀♪↓$.exe 3052 ƧƧccsdäĐc♀♪↓$.exe 3052 ƧƧccsdäĐc♀♪↓$.exe 3052 ƧƧccsdäĐc♀♪↓$.exe 3052 ƧƧccsdäĐc♀♪↓$.exe 3052 ƧƧccsdäĐc♀♪↓$.exe 3052 ƧƧccsdäĐc♀♪↓$.exe 3052 ƧƧccsdäĐc♀♪↓$.exe 3052 ƧƧccsdäĐc♀♪↓$.exe 3052 ƧƧccsdäĐc♀♪↓$.exe 3052 ƧƧccsdäĐc♀♪↓$.exe 3052 ƧƧccsdäĐc♀♪↓$.exe 3052 ƧƧccsdäĐc♀♪↓$.exe 3052 ƧƧccsdäĐc♀♪↓$.exe 3052 ƧƧccsdäĐc♀♪↓$.exe 3052 ƧƧccsdäĐc♀♪↓$.exe 3052 ƧƧccsdäĐc♀♪↓$.exe 3052 ƧƧccsdäĐc♀♪↓$.exe 3052 ƧƧccsdäĐc♀♪↓$.exe 3052 ƧƧccsdäĐc♀♪↓$.exe 3052 ƧƧccsdäĐc♀♪↓$.exe 3052 ƧƧccsdäĐc♀♪↓$.exe 3052 ƧƧccsdäĐc♀♪↓$.exe 3052 ƧƧccsdäĐc♀♪↓$.exe 3052 ƧƧccsdäĐc♀♪↓$.exe 3052 ƧƧccsdäĐc♀♪↓$.exe 3052 ƧƧccsdäĐc♀♪↓$.exe 3052 ƧƧccsdäĐc♀♪↓$.exe 3052 ƧƧccsdäĐc♀♪↓$.exe 3052 ƧƧccsdäĐc♀♪↓$.exe 3052 ƧƧccsdäĐc♀♪↓$.exe 3052 ƧƧccsdäĐc♀♪↓$.exe 3052 ƧƧccsdäĐc♀♪↓$.exe 3052 ƧƧccsdäĐc♀♪↓$.exe 3052 ƧƧccsdäĐc♀♪↓$.exe 3052 ƧƧccsdäĐc♀♪↓$.exe 3052 ƧƧccsdäĐc♀♪↓$.exe 3052 ƧƧccsdäĐc♀♪↓$.exe 3052 ƧƧccsdäĐc♀♪↓$.exe 3052 ƧƧccsdäĐc♀♪↓$.exe 3052 ƧƧccsdäĐc♀♪↓$.exe 3052 ƧƧccsdäĐc♀♪↓$.exe 3052 ƧƧccsdäĐc♀♪↓$.exe -
Suspicious use of WriteProcessMemory 3 IoCs
description pid Process procid_target PID 3052 wrote to memory of 2784 3052 ƧƧccsdäĐc♀♪↓$.exe 31 PID 3052 wrote to memory of 2784 3052 ƧƧccsdäĐc♀♪↓$.exe 31 PID 3052 wrote to memory of 2784 3052 ƧƧccsdäĐc♀♪↓$.exe 31
Processes
-
C:\Users\Admin\AppData\Local\Temp\ƧƧccsdäĐc♀♪↓$.exe"C:\Users\Admin\AppData\Local\Temp\ƧƧccsdäĐc♀♪↓$.exe"1⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:3052 -
C:\Windows\System32\reg.exe"C:\Windows\System32\reg.exe" add HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer /v NoRun /t REG_DWORD /d 1 /f2⤵
- Modifies registry key
PID:2784
-