Overview

overview

10

Static

static

3

cerber.exe

windows7-x64

10

cerber.exe

windows10-2004-x64

10

cryptowall.exe

windows7-x64

9

cryptowall.exe

windows10-2004-x64

3

jigsaw.exe

windows7-x64

10

jigsaw.exe

windows10-2004-x64

10

Locky.exe

windows7-x64

10

Locky.exe

windows10-2004-x64

10

131.exe

windows7-x64

1

131.exe

windows10-2004-x64

3

Matsnu-MBR...3 .exe

windows7-x64

7

Matsnu-MBR...3 .exe

windows10-2004-x64

3

027cc450ef...d9.dll

windows7-x64

10

027cc450ef...d9.dll

windows10-2004-x64

10

027cc450ef...ju.dll

windows7-x64

10

027cc450ef...ju.dll

windows10-2004-x64

10

myguy.hta

windows7-x64

10

myguy.hta

windows10-2004-x64

10

svchost.exe

windows7-x64

7

svchost.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    93s
  • max time network
    101s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240802-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
  • submitted
    15-09-2024 08:50

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    131.exe

  • Size

    2.3MB

  • MD5

    409d80bb94645fbc4a1fa61c07806883

  • SHA1

    4080bb3a28c2946fd9b72f6b51fe15de74cbb1e1

  • SHA256

    2ecc525177ed52c74ddaaacd47ad513450e85c01f2616bf179be5b576164bf63

  • SHA512

    a99a2f17d9fbb1da9fb993b976df63afa74317666eca46d1f04e7e6e24149547d1ac7210f673caeae9b23a900528ad6ad0a7b98780eff458d3d505029a06e9ba

  • SSDEEP

    49152:XM16E7qUoM5NWX7DP+1egOhcraQzK6j97V:c16/rM5oW1ZrRz

Score
3/10
discovery

Malware Config

Signatures

  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Checks processor information in registry 2 TTPs 3 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Enumerates system info in registry 2 TTPs 3 IoCs
  • Suspicious behavior: AddClipboardFormatListener 2 IoCs
  • Suspicious use of SetWindowsHookEx 7 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\131.exe
    "C:\Users\Admin\AppData\Local\Temp\131.exe"
    1⤵
    • System Location Discovery: System Language Discovery
    PID:1336
  • C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE
    "C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE" /n "C:\Users\Admin\Desktop\DenySend.docx" /o ""
    1⤵
    • Checks processor information in registry
    • Enumerates system info in registry
    • Suspicious behavior: AddClipboardFormatListener
    • Suspicious use of SetWindowsHookEx
    PID:2692

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Roaming\Microsoft\Office\Recent\index.dat
    Filesize

    359B

    MD5

    f08eecd022091110592842422805dddd

    SHA1

    483a8ee3b334c36874e8806f15f91b52e0093acc

    SHA256

    2a54437b6b2289f21b1ec61fca35ec79a7cc7ad468a4a78127a066e3bc8f4e78

    SHA512

    a39ab2c0e5f0112fff98c20790bbe8863c040b2eacf5eeea74acbbbc5f8e4a2f59a6363c9c9598c60e4ee07e117c1047c2a3ad391c85136018fa962a45f28e34

    Download Submit

  • memory/2692-11-0x00007FFDD53F0000-0x00007FFDD55E5000-memory.dmp

    Filesize

    2.0MB

    Download

  • memory/2692-64-0x00007FFDD53F0000-0x00007FFDD55E5000-memory.dmp

    Filesize

    2.0MB

    Download

  • memory/2692-17-0x00007FFD92F00000-0x00007FFD92F10000-memory.dmp

    Filesize

    64KB

    Download

  • memory/2692-1-0x00007FFDD548D000-0x00007FFDD548E000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2692-10-0x00007FFDD53F0000-0x00007FFDD55E5000-memory.dmp

    Filesize

    2.0MB

    Download

  • memory/2692-0-0x00007FFD95470000-0x00007FFD95480000-memory.dmp

    Filesize

    64KB

    Download

  • memory/2692-13-0x00007FFDD53F0000-0x00007FFDD55E5000-memory.dmp

    Filesize

    2.0MB

    Download

  • memory/2692-12-0x00007FFDD53F0000-0x00007FFDD55E5000-memory.dmp

    Filesize

    2.0MB

    Download

  • memory/2692-9-0x00007FFDD53F0000-0x00007FFDD55E5000-memory.dmp

    Filesize

    2.0MB

    Download

  • memory/2692-15-0x00007FFDD53F0000-0x00007FFDD55E5000-memory.dmp

    Filesize

    2.0MB

    Download

  • memory/2692-2-0x00007FFD95470000-0x00007FFD95480000-memory.dmp

    Filesize

    64KB

    Download

  • memory/2692-4-0x00007FFD95470000-0x00007FFD95480000-memory.dmp

    Filesize

    64KB

    Download

  • memory/2692-14-0x00007FFD92F00000-0x00007FFD92F10000-memory.dmp

    Filesize

    64KB

    Download

  • memory/2692-8-0x00007FFDD53F0000-0x00007FFDD55E5000-memory.dmp

    Filesize

    2.0MB

    Download

  • memory/2692-7-0x00007FFDD53F0000-0x00007FFDD55E5000-memory.dmp

    Filesize

    2.0MB

    Download

  • memory/2692-6-0x00007FFDD53F0000-0x00007FFDD55E5000-memory.dmp

    Filesize

    2.0MB

    Download

  • memory/2692-5-0x00007FFD95470000-0x00007FFD95480000-memory.dmp

    Filesize

    64KB

    Download

  • memory/2692-3-0x00007FFD95470000-0x00007FFD95480000-memory.dmp

    Filesize

    64KB

    Download

  • memory/2692-60-0x00007FFD95470000-0x00007FFD95480000-memory.dmp

    Filesize

    64KB

    Download

  • memory/2692-63-0x00007FFD95470000-0x00007FFD95480000-memory.dmp

    Filesize

    64KB

    Download

  • memory/2692-62-0x00007FFD95470000-0x00007FFD95480000-memory.dmp

    Filesize

    64KB

    Download

  • memory/2692-61-0x00007FFD95470000-0x00007FFD95480000-memory.dmp

    Filesize

    64KB

    Download

  • memory/2692-16-0x00007FFDD53F0000-0x00007FFDD55E5000-memory.dmp

    Filesize

    2.0MB

    Download