Overview

overview

10

Static

static

6

DUMP_00A10...iR.exe

windows7-x64

7

DgH5SjZFle...DI.exe

windows7-x64

10

Dumped_.exe

windows7-x64

7

EntrateSetup.exe

windows7-x64

9

ErrorFileRemover.exe

windows7-x64

10

ExtraTools.exe

windows7-x64

7

F45F47EDCE...54.exe

windows7-x64

10

decrypt_00...00.exe

windows7-x64

6

dffde400ad...3d.exe

windows7-x64

10

dircrypt.deobf.exe

windows7-x64

10

dma locker 4.0.exe

windows7-x64

9

downloader.js

windows7-x64

10

dump.mem.exe

windows7-x64

6

e0ff79cc94...ss.exe

windows7-x64

7

e37dc428ec...ad.vbs

windows7-x64

1

e5df2d114c...8a.exe

windows7-x64

10

e6c4ae4709...ss.exe

windows7-x64

7

e77df2ce34...2d.exe

windows7-x64

7

e8e07496df...d2.exe

windows7-x64

ea8292721a...1e.exe

windows7-x64

5

eaa857c95f...er.dll

windows7-x64

1

ed3a685ca6...91.exe

windows7-x64

9

edffa07d66...9d5.js

windows7-x64

10

encrypter.exe

windows7-x64

10

encryptor_...81.exe

windows7-x64

9

f002618c01...35.apk

windows7-x64

3

f213e54c85...ea.exe

windows7-x64

1

f2c8eee2cd...3f.exe

windows7-x64

10

f31bfe95e3...7_.exe

windows7-x64

9

f6a8d7a429...da.exe

windows7-x64

10

f915110765...da.exe

windows7-x64

7

fb8823e949...-0.dll

windows7-x64

1

Analysis

  • max time kernel
    300s
  • max time network
    118s
  • platform
    windows7_x64
  • resource
    win7-20241023-en
  • resource tags

    arch:x64arch:x86image:win7-20241023-enlocale:en-usos:windows7-x64system
  • submitted
    22-11-2024 03:27

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    ExtraTools.exe

  • Size

    280KB

  • MD5

    0210d88f1a9c5a5a7eff5c44cf4f7fbc

  • SHA1

    83bff855966cf72a2dd85acae7187caeab556abf

  • SHA256

    06c8e0f6fa2616f4fa92c610a1faea23887ac31db8fa78cede49b6b8c80ec22f

  • SHA512

    42445a8d1a3662e16ee1f5129b8792a47c8b17992940e1ba97a96c11d038d0d5088ca00719c6031e204adefbb18672c58113ac5de66b016a63e330b672fde132

  • SSDEEP

    3072:il+Lkqpd5vh6+RDuUZbEl+Lkqpd5vlpcslRnXfFdRIVLdkVz1ZIGWSt8t81U3Uxu:Ppd5vhrDuUZxpd5vbXfNSLdkryGdY

Score
7/10
discovery

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Suspicious behavior: CmdExeWriteProcessMemorySpam 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of WriteProcessMemory 11 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\ExtraTools.exe
    "C:\Users\Admin\AppData\Local\Temp\ExtraTools.exe"
    1⤵
    • System Location Discovery: System Language Discovery
    • Suspicious use of WriteProcessMemory
    PID:2104
    • C:\Windows\system32\cmd.exe
      "C:\Windows\sysnative\cmd.exe" /c "C:\Users\Admin\AppData\Local\Temp\B367.tmp\ExtraTools.bat "C:\Users\Admin\AppData\Local\Temp\ExtraTools.exe""
      2⤵
      • Suspicious use of WriteProcessMemory
      PID:756
      • C:\Windows\System32\WScript.exe
        "C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\B367.tmp\ErOne.vbs"
        3⤵
          PID:528
        • C:\Users\Admin\AppData\Local\Temp\B367.tmp\chrst.exe
          chrst.exe
          3⤵
          • Executes dropped EXE
          • System Location Discovery: System Language Discovery
          • Suspicious behavior: CmdExeWriteProcessMemorySpam
          • Suspicious behavior: EnumeratesProcesses
          • Suspicious use of AdjustPrivilegeToken
          PID:2792

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\Local\Temp\B367.tmp\ErOne.vbs
      Filesize

      59B

      MD5

      a764fe63c6cc48c851f0d2a8ba73c2b7

      SHA1

      e16351bd38ebcac7e182905767f9b36e078fb5d5

      SHA256

      8c4d90a5343cea107fad96e842404522aadfc416e7cf84adc58fe2ba72bbc919

      SHA512

      b0a93898c66c2ff97f9d8cb1f75364a6c4a0ad5cf3158815f94ffb900796065c8e0d384b392d59bf2b01419adb8c65d2dc846ddebaaea971d64c3300edc63571

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\B367.tmp\ExtraTools.bat
      Filesize

      817B

      MD5

      8f07fa594d84c6e234b336def0b47cdc

      SHA1

      34b88980635c3f2367af03caedc01d50b5e4624a

      SHA256

      dd79d7a80a9087e1fced76ade08394843eab01a8ce263dc2306f46435b451f77

      SHA512

      c33fd26b5399771f4bf9877d717bb730a8101b9f6bd24847084c50b066db7f6e43d56cbf44792eedc94d117c50a988f5d4a46127a34a2115c50fbb4a67ed2047

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\B367.tmp\chrst.exe
      Filesize

      130KB

      MD5

      c657daf595b5d535ccc757ad837eebe8

      SHA1

      894e953e86e54a830a14fac94e57569d184a9c09

      SHA256

      a02565ec78fa1221433e720bd57b044938345b8c65a73143bd9ff73529767526

      SHA512

      21a26bc146dd2a915c17b268b13edc565e9a582d11c1714d89741f4156a880dfe35415d4920a6326d164519f4b28b6371ef9c7bfdb5e19080448bd77b4a20a4b

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\B367.tmp\firefox32.exe
      Filesize

      62KB

      MD5

      866604f3adb9207e29505012215f203f

      SHA1

      718b342c3bc42f3e73c4014c2b105c4d467b0ba6

      SHA256

      978ed9b9c86653e8f10feb9e7f93eb32f2dadeec42ccce498403e96b7bb3e3c9

      SHA512

      cdcdd94e2a4c550a819a28085fe543ed944da298da1409ed111380fbde89f6976a4c7d040750307579b007b4551aa86182d453408436bd7aef35423c49b60f79

      Download Submit

    • memory/2792-44-0x0000000073E2E000-0x0000000073E2F000-memory.dmp

      Filesize

      4KB

      Download

    • memory/2792-45-0x0000000000080000-0x00000000000A8000-memory.dmp

      Filesize

      160KB

      Download

    • memory/2792-46-0x0000000073E2E000-0x0000000073E2F000-memory.dmp

      Filesize

      4KB

      Download