Overview

overview

10

Static

static

8

0032588b8d...091.js

windows7_x64

1

0032588b8d...091.js

windows10_x64

1

09002c686e...2b.exe

windows7_x64

10

09002c686e...2b.exe

windows10_x64

10

0b1551c0be...16.exe

windows7_x64

1

0b1551c0be...16.exe

windows10_x64

1

1048caa70a...29.exe

windows7_x64

10

1048caa70a...29.exe

windows10_x64

10

1c3170b776...b0.exe

windows7_x64

3

1c3170b776...b0.exe

windows10_x64

3

240387329d...62.exe

windows7_x64

1

240387329d...62.exe

windows10_x64

1

2573b35645...9a.exe

windows7_x64

10

2573b35645...9a.exe

windows10_x64

10

2df6c36b47...51.exe

windows7_x64

7

2df6c36b47...51.exe

windows10_x64

7

2df6c36b47...1).exe

windows7_x64

7

2df6c36b47...1).exe

windows10_x64

7

2e4319ff62...8b.dll

windows7_x64

1

2e4319ff62...8b.dll

windows10_x64

3

2fba2aba4b...07.exe

windows7_x64

1

2fba2aba4b...07.exe

windows10_x64

1

3ed5d687a4...bd.exe

windows7_x64

3

3ed5d687a4...bd.exe

windows10_x64

3

4fc17a5cf8...d5.exe

windows7_x64

6

4fc17a5cf8...d5.exe

windows10_x64

6

5942a02bc0...d3.dll

windows7_x64

10

5942a02bc0...d3.dll

windows10_x64

10

6e7785213d...3d.exe

windows7_x64

8

6e7785213d...3d.exe

windows10_x64

8

83c64ed85d...a0.exe

windows7_x64

10

83c64ed85d...a0.exe

windows10_x64

10

Analysis

  • max time kernel
    11s
  • max time network
    116s
  • platform
    windows10_x64
  • resource
    win10v20201028
  • submitted
    15-03-2021 09:51

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    2df6c36b4784f4934afabe081335830ee9c00520070582b5a381335b4350f951.exe

  • Size

    120KB

  • MD5

    a487bae084bbd75ecbdc5d9fede362ba

  • SHA1

    6342522e5fd28c6a40cb4443c0300ee16caaa504

  • SHA256

    2df6c36b4784f4934afabe081335830ee9c00520070582b5a381335b4350f951

  • SHA512

    bb6905072339b8c7f94b1a9edf825678f1a279b5968a68728d764c546f363d2059c3e819f15968c1c68aa4ab33ac36021e155443f785806050bfc71c65d68873

Score
7/10

Malware Config

Signatures

  • Loads dropped DLL 9 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

Processes

  • C:\Users\Admin\AppData\Local\Temp\2df6c36b4784f4934afabe081335830ee9c00520070582b5a381335b4350f951.exe
    "C:\Users\Admin\AppData\Local\Temp\2df6c36b4784f4934afabe081335830ee9c00520070582b5a381335b4350f951.exe"
    1⤵
    • Loads dropped DLL
    PID:4092

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/4092-5-0x0000000002241000-0x0000000002256000-memory.dmp

    Filesize

    84KB

    Download

  • memory/4092-8-0x0000000002281000-0x0000000002284000-memory.dmp

    Filesize

    12KB

    Download

  • memory/4092-14-0x0000000002281000-0x0000000002284000-memory.dmp

    Filesize

    12KB

    Download