Overview

overview

10

Static

static

10

757e3242f6...b4.exe

windows7-x64

9

76fe72e0ec...ss.exe

windows7-x64

7

78d4cf8df6...B3.exe

windows7-x64

7

78d4cf8df6...59.exe

windows7-x64

7

78db508226...69.exe

windows7-x64

9

7965f6adf3...ss.exe

windows7-x64

7

7B75B33BCF...B5.exe

windows7-x64

1

7E3903944E...72.exe

windows7-x64

7

7dd9312307...ca.dll

windows7-x64

3

7e4c9a7e39...1f.exe

windows7-x64

9

80eb72d781...B3.exe

windows7-x64

7

80eb72d781...9A.exe

windows7-x64

7

845263c869...c8.exe

windows7-x64

9

8524224187...8f.exe

windows7-x64

6

86be3831f5...39.exe

windows7-x64

6

8791931bac...DA.exe

windows7-x64

7

8791931bac...69.exe

windows7-x64

7

87a4f3f9f6...88.exe

windows7-x64

7

89fb6d7ff2...f6.exe

windows7-x64

9

8c59148535...21.exe

windows7-x64

9

8d372fcf8a...e0.exe

windows7-x64

7

900.exe

windows7-x64

9

911d5905cb...b9.exe

windows7-x64

7

91d24e0657...eb.zip

windows7-x64

1

92ac6be4d9...5b.exe

windows7-x64

97512f4617...7c.exe

windows7-x64

10

98aadc95c5...e7.exe

windows7-x64

10

9943256.exe

windows7-x64

10

9B9517FA15...DF.exe

windows7-x64

7

9b7eaffe4d...c8.exe

windows7-x64

10

a322da0be4...44.exe

windows7-x64

10

a42252e674...34.exe

windows7-x64

9

Analysis

  • max time kernel
    840s
  • max time network
    841s
  • platform
    windows7_x64
  • resource
    win7-20240903-en
  • resource tags

    arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
  • submitted
    22-11-2024 02:43

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    87a4f3f9f6dc263378f2f01db5f2c988.exe

  • Size

    630KB

  • MD5

    87a4f3f9f6dc263378f2f01db5f2c988

  • SHA1

    dab86879e6e423582fedab0cc00c95882d3c3417

  • SHA256

    5d196e6481f38fa6657d74288fc51b91e273b62ec00100737d0d0cc8f1e8379b

  • SHA512

    b2d98312e827c14702befe05c4262718a2e321a7200f1c08ddaa2517157b4fef960ba9508cec43654c77bec060c998d71f7be8e0b84633531e1cb5cd10b903e6

  • SSDEEP

    12288:AzBsMGrB6kzTKOeW9dY82G+JTlJR8E4TeOb57BIAwP/wyBmrdTOVf8I6jTBwF2dO:ifGIkzGOeW9dYG0pFf0wP/wyBmrdTOVN

Score
7/10
discoveryransomwarespywarestealer

Malware Config

Signatures

  • Deletes itself 1 IoCs
  • Drops startup file 3 IoCs
  • Reads user/profile data of web browsers 3 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer
  • Drops file in System32 directory 64 IoCs
  • Sets desktop wallpaper using registry 2 TTPs 1 IoCs
    ransomware
  • Drops file in Program Files directory 64 IoCs
  • Drops file in Windows directory 64 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Modifies Control Panel 3 IoCs
    evasion
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\87a4f3f9f6dc263378f2f01db5f2c988.exe
    "C:\Users\Admin\AppData\Local\Temp\87a4f3f9f6dc263378f2f01db5f2c988.exe"
    1⤵
    • Drops startup file
    • Drops file in System32 directory
    • Sets desktop wallpaper using registry
    • Drops file in Program Files directory
    • Drops file in Windows directory
    • System Location Discovery: System Language Discovery
    • Modifies Control Panel
    • Suspicious use of WriteProcessMemory
    PID:2420
    • C:\Windows\SysWOW64\cmd.exe
      cmd /c ""C:\Users\Admin\AppData\Local\Temp\cleen.bat" "
      2⤵
      • Deletes itself
      • System Location Discovery: System Language Discovery
      PID:1512

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\[email protected]
    Filesize

    3KB

    MD5

    8f340d61075544f961ba2a39a4a61e0f

    SHA1

    8ffa69c03333000e2e80c2aa903ad9a865929ba4

    SHA256

    85f711aef5260da894d03cc76914cad6655b89763d6dbaa35bdb5643dda9f641

    SHA512

    3abc799892bd829c66b816e7461282685b2c76f3f6b3acedae21b44338380f0fca4fd8bc1ac063c4943b425666522b3096fe6f3b5b1d05be968640b145fd601c

    Download Submit

  • C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormToolImages.jpg
    Filesize

    8KB

    MD5

    6e714f5424cfa25d30d2212d517fd138

    SHA1

    a7903bb651f6a349186f2671d9f70b028e3642a8

    SHA256

    4c1bb60246faa30b06cd7da031518457c5585eb67ad92666511cda25da1fe5ec

    SHA512

    d48019b33f319cee62777c979545cd6c53d5a1dac8324caee1cbe31504c0a445acb8b52592716997c1fd6a4e2723537babb26c63bc1090a9974d11c2902e7e11

    Download Submit

  • C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\ViewHeaderPreview.jpg
    Filesize

    3KB

    MD5

    e2dd35042f59b1c4ac9d59e821e4f79a

    SHA1

    f2069f97c9187eadbec1bbc4a44828f0e0882735

    SHA256

    beffce82c52915df246c5f81931363ac8451198aa799377465efa54122a29b49

    SHA512

    727b2586118cc76deb894c6198fccda2b5b55af114ad68dce145a330421bc48f744e65d2f8b5c9a1ba6524cf5d8f2e54037486724257b10e85dc421c81eaf628

    Download Submit

  • C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms5\FormsViewAttachmentIcons.jpg
    Filesize

    6KB

    MD5

    69337b0278b1533107f81a2aa04a5683

    SHA1

    6e710dc94f1bcc03559eba52f19672b60ae38f63

    SHA256

    97fd01e184205cdf0da5ab6fbfeaae3ce5ebe9c25f3e0a7dd6f235737a9bd536

    SHA512

    10a836910e932da754ff178974910bf11d4db54a9b788ac9ba9fdded117e8926a8983a580bd6970a2b89b39bdf1c222f0c916d329fbeced0ba7d0798a435bfa5

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\cleen.bat
    Filesize

    227B

    MD5

    d6497ec019a727eed918c1f2f0a650c3

    SHA1

    0f522422b6f1ca9cb5dec89c63676bbca7a1e5bf

    SHA256

    3685684522f7015bba342f0f2e3f7d77de99ebe1c0d8abbda4f31c8ccced3a63

    SHA512

    8a974bc95f3d6f516ef69c3d0768f0298290709ceac6bc1ded24c7b88c555d6ef728ba6a0dafc06c257e54d3ea1a2bf901c6308d25d87f1503d56ba812a483a0

    Download Submit

  • C:\Users\Admin\Desktop\OutRename.xlsx
    Filesize

    14KB

    MD5

    b90cc7975a271604bd5081cbf810c014

    SHA1

    eced4946605d107166df9c5a70465f6482dbde5d

    SHA256

    00f950270f18d866c1a94112cfa5b339e45dabaa1fb8fb8e039386b3bf9570ef

    SHA512

    a897a68a573ace344f7824108f8b2d50bea0e23f5737984b85db7366d95a17d1f532231d1a8ab1d7b9bff15905f7473063b2791a443025c5bf4916aa9d3678b8

    Download Submit

  • C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\ASPdotNET_logo.jpg
    Filesize

    26KB

    MD5

    7ae3f5e273d032e129573fd35ab18617

    SHA1

    f0448dbd8476d909386b3b7b6b03395d86c4f1db

    SHA256

    30b094f371e6e1838e62100ccc6a2c522eb174a4d245ad43607e2c497c7f711a

    SHA512

    e81462c02760a8ef31a87267df4f028a059eb40606d9fe228decfab0697da1bbf72527d91331c5d2b42c963fb549e1945896bbb19868c9b75e11c40efd5671e7

    Download Submit

  • C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\darkBlue_GRAD.jpg
    Filesize

    9KB

    MD5

    6a5cd90fbf5427110743d4a7e1a940a9

    SHA1

    ae3dfcc93782111784ba9b75bebdf9ed0e44ac05

    SHA256

    9cfd5e2b57446ce514648304dafb571304dbb4a2de421b0ca20b6f28b677e6f5

    SHA512

    50789e7e075c464b9b875bb6f8f28faef367e63ad4989bd34481d45bbe62e1ef74a3cebff52fe8065bd04a8e34d60ff4b020a06ea51afe648a1a295613e30734

    Download Submit

  • C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\help.jpg
    Filesize

    1KB

    MD5

    809f2e22aa6bd8d23044a96fe1ca0183

    SHA1

    f5963dbe5a820390661511e7a7a914c637094977

    SHA256

    0b86b7a576c3a86a073321895915b98713d83f0c637a53d254109b27883bc995

    SHA512

    9e46c0a6d6a5fdb40dac96f508fb419ebf5f528c53e9c0acea1674bf3da7f268c8c1d7cc956b6d11bba308978c46fce79fbe114d0dbb12ec34e94448822b212d

    Download Submit

  • C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASP.NETWebAdminFiles\Images\topGradRepeat.jpg
    Filesize

    10KB

    MD5

    b7c4eaea9d8de103303bd2d5a5eb4e9d

    SHA1

    f61ea5cb72d86838a80cbad7d018f128f6f4c892

    SHA256

    c33557e20b798c6f987da2d1dbfca4df523d4dbc0d90b358ac51a063a86fc07f

    SHA512

    5a215ed8f157d17e319be7a9b6ef44ae94dfb4da0a7e70820b207196f5214545353cec3a614934f5ec87b92e3f822c91f785bc7820f87c9611051e725c465da2

    Download Submit

  • memory/2420-1-0x0000000000220000-0x0000000000221000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2420-238-0x0000000000400000-0x00000000004A6000-memory.dmp

    Filesize

    664KB

    Download

  • memory/2420-2-0x0000000000400000-0x00000000004A6000-memory.dmp

    Filesize

    664KB

    Download

  • memory/2420-904-0x0000000000400000-0x00000000004A6000-memory.dmp

    Filesize

    664KB

    Download

  • memory/2420-1303-0x0000000000400000-0x00000000004A6000-memory.dmp

    Filesize

    664KB

    Download

  • memory/2420-3-0x0000000000220000-0x0000000000221000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2420-1356-0x0000000000400000-0x00000000004A6000-memory.dmp

    Filesize

    664KB

    Download