Analysis
-
max time kernel
25s -
max time network
14s -
platform
windows7_x64 -
resource
win7v20201028 -
submitted
20-01-2021 09:23
Static task
static1
Behavioral task
behavioral1
Sample
06d370217abec9468bc22c30ba3be72b8de1a7459f9e927656dcf2613a314bf6.exe
Resource
win7v20201028
Behavioral task
behavioral2
Sample
06d370217abec9468bc22c30ba3be72b8de1a7459f9e927656dcf2613a314bf6.exe
Resource
win10v20201028
General
-
Target
06d370217abec9468bc22c30ba3be72b8de1a7459f9e927656dcf2613a314bf6.exe
-
Size
27KB
-
MD5
015e93d82958f4edbc4c8807eeefc430
-
SHA1
9517634369b86197f14ae25ffa69a138ab6fe446
-
SHA256
06d370217abec9468bc22c30ba3be72b8de1a7459f9e927656dcf2613a314bf6
-
SHA512
fa9fc3f5565eb6f84331fb068b70b110aefd87d73ec5c9fabda0819886dca3617dbe4b712eda1a68254352f931cd6bca6c4878d515a793697ae410e19884ebbd
Malware Config
Extracted
C:\MSOCache\DECR.TXT
Signatures
-
Enumerates connected drives 3 TTPs 24 IoCs
Attempts to read the root path of hard drives other than the default C: drive.
Processes:
06d370217abec9468bc22c30ba3be72b8de1a7459f9e927656dcf2613a314bf6.exedescription ioc process File opened (read-only) \??\O: 06d370217abec9468bc22c30ba3be72b8de1a7459f9e927656dcf2613a314bf6.exe File opened (read-only) \??\H: 06d370217abec9468bc22c30ba3be72b8de1a7459f9e927656dcf2613a314bf6.exe File opened (read-only) \??\Z: 06d370217abec9468bc22c30ba3be72b8de1a7459f9e927656dcf2613a314bf6.exe File opened (read-only) \??\V: 06d370217abec9468bc22c30ba3be72b8de1a7459f9e927656dcf2613a314bf6.exe File opened (read-only) \??\N: 06d370217abec9468bc22c30ba3be72b8de1a7459f9e927656dcf2613a314bf6.exe File opened (read-only) \??\U: 06d370217abec9468bc22c30ba3be72b8de1a7459f9e927656dcf2613a314bf6.exe File opened (read-only) \??\P: 06d370217abec9468bc22c30ba3be72b8de1a7459f9e927656dcf2613a314bf6.exe File opened (read-only) \??\F: 06d370217abec9468bc22c30ba3be72b8de1a7459f9e927656dcf2613a314bf6.exe File opened (read-only) \??\G: 06d370217abec9468bc22c30ba3be72b8de1a7459f9e927656dcf2613a314bf6.exe File opened (read-only) \??\J: 06d370217abec9468bc22c30ba3be72b8de1a7459f9e927656dcf2613a314bf6.exe File opened (read-only) \??\K: 06d370217abec9468bc22c30ba3be72b8de1a7459f9e927656dcf2613a314bf6.exe File opened (read-only) \??\L: 06d370217abec9468bc22c30ba3be72b8de1a7459f9e927656dcf2613a314bf6.exe File opened (read-only) \??\X: 06d370217abec9468bc22c30ba3be72b8de1a7459f9e927656dcf2613a314bf6.exe File opened (read-only) \??\B: 06d370217abec9468bc22c30ba3be72b8de1a7459f9e927656dcf2613a314bf6.exe File opened (read-only) \??\E: 06d370217abec9468bc22c30ba3be72b8de1a7459f9e927656dcf2613a314bf6.exe File opened (read-only) \??\R: 06d370217abec9468bc22c30ba3be72b8de1a7459f9e927656dcf2613a314bf6.exe File opened (read-only) \??\T: 06d370217abec9468bc22c30ba3be72b8de1a7459f9e927656dcf2613a314bf6.exe File opened (read-only) \??\Y: 06d370217abec9468bc22c30ba3be72b8de1a7459f9e927656dcf2613a314bf6.exe File opened (read-only) \??\M: 06d370217abec9468bc22c30ba3be72b8de1a7459f9e927656dcf2613a314bf6.exe File opened (read-only) \??\Q: 06d370217abec9468bc22c30ba3be72b8de1a7459f9e927656dcf2613a314bf6.exe File opened (read-only) \??\W: 06d370217abec9468bc22c30ba3be72b8de1a7459f9e927656dcf2613a314bf6.exe File opened (read-only) \??\I: 06d370217abec9468bc22c30ba3be72b8de1a7459f9e927656dcf2613a314bf6.exe File opened (read-only) \??\A: 06d370217abec9468bc22c30ba3be72b8de1a7459f9e927656dcf2613a314bf6.exe File opened (read-only) \??\S: 06d370217abec9468bc22c30ba3be72b8de1a7459f9e927656dcf2613a314bf6.exe -
Suspicious behavior: EnumeratesProcesses 114 IoCs
Processes:
06d370217abec9468bc22c30ba3be72b8de1a7459f9e927656dcf2613a314bf6.exepid process 1336 06d370217abec9468bc22c30ba3be72b8de1a7459f9e927656dcf2613a314bf6.exe 1336 06d370217abec9468bc22c30ba3be72b8de1a7459f9e927656dcf2613a314bf6.exe 1336 06d370217abec9468bc22c30ba3be72b8de1a7459f9e927656dcf2613a314bf6.exe 1336 06d370217abec9468bc22c30ba3be72b8de1a7459f9e927656dcf2613a314bf6.exe 1336 06d370217abec9468bc22c30ba3be72b8de1a7459f9e927656dcf2613a314bf6.exe 1336 06d370217abec9468bc22c30ba3be72b8de1a7459f9e927656dcf2613a314bf6.exe 1336 06d370217abec9468bc22c30ba3be72b8de1a7459f9e927656dcf2613a314bf6.exe 1336 06d370217abec9468bc22c30ba3be72b8de1a7459f9e927656dcf2613a314bf6.exe 1336 06d370217abec9468bc22c30ba3be72b8de1a7459f9e927656dcf2613a314bf6.exe 1336 06d370217abec9468bc22c30ba3be72b8de1a7459f9e927656dcf2613a314bf6.exe 1336 06d370217abec9468bc22c30ba3be72b8de1a7459f9e927656dcf2613a314bf6.exe 1336 06d370217abec9468bc22c30ba3be72b8de1a7459f9e927656dcf2613a314bf6.exe 1336 06d370217abec9468bc22c30ba3be72b8de1a7459f9e927656dcf2613a314bf6.exe 1336 06d370217abec9468bc22c30ba3be72b8de1a7459f9e927656dcf2613a314bf6.exe 1336 06d370217abec9468bc22c30ba3be72b8de1a7459f9e927656dcf2613a314bf6.exe 1336 06d370217abec9468bc22c30ba3be72b8de1a7459f9e927656dcf2613a314bf6.exe 1336 06d370217abec9468bc22c30ba3be72b8de1a7459f9e927656dcf2613a314bf6.exe 1336 06d370217abec9468bc22c30ba3be72b8de1a7459f9e927656dcf2613a314bf6.exe 1336 06d370217abec9468bc22c30ba3be72b8de1a7459f9e927656dcf2613a314bf6.exe 1336 06d370217abec9468bc22c30ba3be72b8de1a7459f9e927656dcf2613a314bf6.exe 1336 06d370217abec9468bc22c30ba3be72b8de1a7459f9e927656dcf2613a314bf6.exe 1336 06d370217abec9468bc22c30ba3be72b8de1a7459f9e927656dcf2613a314bf6.exe 1336 06d370217abec9468bc22c30ba3be72b8de1a7459f9e927656dcf2613a314bf6.exe 1336 06d370217abec9468bc22c30ba3be72b8de1a7459f9e927656dcf2613a314bf6.exe 1336 06d370217abec9468bc22c30ba3be72b8de1a7459f9e927656dcf2613a314bf6.exe 1336 06d370217abec9468bc22c30ba3be72b8de1a7459f9e927656dcf2613a314bf6.exe 1336 06d370217abec9468bc22c30ba3be72b8de1a7459f9e927656dcf2613a314bf6.exe 1336 06d370217abec9468bc22c30ba3be72b8de1a7459f9e927656dcf2613a314bf6.exe 1336 06d370217abec9468bc22c30ba3be72b8de1a7459f9e927656dcf2613a314bf6.exe 1336 06d370217abec9468bc22c30ba3be72b8de1a7459f9e927656dcf2613a314bf6.exe 1336 06d370217abec9468bc22c30ba3be72b8de1a7459f9e927656dcf2613a314bf6.exe 1336 06d370217abec9468bc22c30ba3be72b8de1a7459f9e927656dcf2613a314bf6.exe 1336 06d370217abec9468bc22c30ba3be72b8de1a7459f9e927656dcf2613a314bf6.exe 1336 06d370217abec9468bc22c30ba3be72b8de1a7459f9e927656dcf2613a314bf6.exe 1336 06d370217abec9468bc22c30ba3be72b8de1a7459f9e927656dcf2613a314bf6.exe 1336 06d370217abec9468bc22c30ba3be72b8de1a7459f9e927656dcf2613a314bf6.exe 1336 06d370217abec9468bc22c30ba3be72b8de1a7459f9e927656dcf2613a314bf6.exe 1336 06d370217abec9468bc22c30ba3be72b8de1a7459f9e927656dcf2613a314bf6.exe 1336 06d370217abec9468bc22c30ba3be72b8de1a7459f9e927656dcf2613a314bf6.exe 1336 06d370217abec9468bc22c30ba3be72b8de1a7459f9e927656dcf2613a314bf6.exe 1336 06d370217abec9468bc22c30ba3be72b8de1a7459f9e927656dcf2613a314bf6.exe 1336 06d370217abec9468bc22c30ba3be72b8de1a7459f9e927656dcf2613a314bf6.exe 1336 06d370217abec9468bc22c30ba3be72b8de1a7459f9e927656dcf2613a314bf6.exe 1336 06d370217abec9468bc22c30ba3be72b8de1a7459f9e927656dcf2613a314bf6.exe 1336 06d370217abec9468bc22c30ba3be72b8de1a7459f9e927656dcf2613a314bf6.exe 1336 06d370217abec9468bc22c30ba3be72b8de1a7459f9e927656dcf2613a314bf6.exe 1336 06d370217abec9468bc22c30ba3be72b8de1a7459f9e927656dcf2613a314bf6.exe 1336 06d370217abec9468bc22c30ba3be72b8de1a7459f9e927656dcf2613a314bf6.exe 1336 06d370217abec9468bc22c30ba3be72b8de1a7459f9e927656dcf2613a314bf6.exe 1336 06d370217abec9468bc22c30ba3be72b8de1a7459f9e927656dcf2613a314bf6.exe 1336 06d370217abec9468bc22c30ba3be72b8de1a7459f9e927656dcf2613a314bf6.exe 1336 06d370217abec9468bc22c30ba3be72b8de1a7459f9e927656dcf2613a314bf6.exe 1336 06d370217abec9468bc22c30ba3be72b8de1a7459f9e927656dcf2613a314bf6.exe 1336 06d370217abec9468bc22c30ba3be72b8de1a7459f9e927656dcf2613a314bf6.exe 1336 06d370217abec9468bc22c30ba3be72b8de1a7459f9e927656dcf2613a314bf6.exe 1336 06d370217abec9468bc22c30ba3be72b8de1a7459f9e927656dcf2613a314bf6.exe 1336 06d370217abec9468bc22c30ba3be72b8de1a7459f9e927656dcf2613a314bf6.exe 1336 06d370217abec9468bc22c30ba3be72b8de1a7459f9e927656dcf2613a314bf6.exe 1336 06d370217abec9468bc22c30ba3be72b8de1a7459f9e927656dcf2613a314bf6.exe 1336 06d370217abec9468bc22c30ba3be72b8de1a7459f9e927656dcf2613a314bf6.exe 1336 06d370217abec9468bc22c30ba3be72b8de1a7459f9e927656dcf2613a314bf6.exe 1336 06d370217abec9468bc22c30ba3be72b8de1a7459f9e927656dcf2613a314bf6.exe 1336 06d370217abec9468bc22c30ba3be72b8de1a7459f9e927656dcf2613a314bf6.exe 1336 06d370217abec9468bc22c30ba3be72b8de1a7459f9e927656dcf2613a314bf6.exe
Processes
Network
MITRE ATT&CK Matrix ATT&CK v6
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/1336-2-0x0000000075DE1000-0x0000000075DE3000-memory.dmpFilesize
8KB