Overview

overview

9

Static

static

8

080540b15c...f5.exe

windows7_x64

8

080540b15c...f5.exe

windows10_x64

8

16937c50e9...9a.exe

windows7_x64

9

16937c50e9...9a.exe

windows10_x64

9

2fc4602468...5b.exe

windows7_x64

8

2fc4602468...5b.exe

windows10_x64

3

2fd826bdb8...14.exe

windows7_x64

8

2fd826bdb8...14.exe

windows10_x64

8

cool summer.exe

windows7_x64

3

cool summer.exe

windows10_x64

3

iext3.fne.dll

windows7_x64

1

iext3.fne.dll

windows10_x64

1

krnln.fnr.dll

windows7_x64

1

krnln.fnr.dll

windows10_x64

1

xplib.fne.dll

windows7_x64

1

xplib.fne.dll

windows10_x64

1

4373d18b2b...83.exe

windows7_x64

8

4373d18b2b...83.exe

windows10_x64

8

485e37b429...f9.exe

windows7_x64

1

485e37b429...f9.exe

windows10_x64

1

59c049de6d...14.exe

windows7_x64

8

59c049de6d...14.exe

windows10_x64

8

641da56f29...fc.exe

windows7_x64

9

641da56f29...fc.exe

windows10_x64

9

64b4fe7baf...60.exe

windows7_x64

1

64b4fe7baf...60.exe

windows10_x64

1

74368a064e...e0.exe

windows7_x64

8

74368a064e...e0.exe

windows10_x64

8

c087a84574...ce.exe

windows7_x64

7

c087a84574...ce.exe

windows10_x64

3

90eca63d6a...52.exe

windows7_x64

8

90eca63d6a...52.exe

windows10_x64

3

Analysis

  • max time kernel
    71s
  • max time network
    128s
  • platform
    windows10_x64
  • resource
    win10v20201028
  • submitted
    15-03-2021 23:08

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    4373d18b2bf09478387fc4e762cf29d6a9ba886e2f39dd4353fb6e8b33fee083.exe

  • Size

    25KB

  • MD5

    cd4cc1545d329de2398ff457e712edb2

  • SHA1

    969b04cf87e367ad0c29ffc8c039cdde63196637

  • SHA256

    4373d18b2bf09478387fc4e762cf29d6a9ba886e2f39dd4353fb6e8b33fee083

  • SHA512

    4ed085bfc53b63c2d25fff05d919731d3dd151759803062b964275f3881f16e3ac77c415e1ad3a94ed46dcc889d1b3eb9932372e81dbcb384339c913500f2fa9

Score
8/10

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\4373d18b2bf09478387fc4e762cf29d6a9ba886e2f39dd4353fb6e8b33fee083.exe
    "C:\Users\Admin\AppData\Local\Temp\4373d18b2bf09478387fc4e762cf29d6a9ba886e2f39dd4353fb6e8b33fee083.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:1160
    • C:\Users\Admin\AppData\Local\Temp\hhcbrnaff.exe
      "C:\Users\Admin\AppData\Local\Temp\hhcbrnaff.exe"
      2⤵
      • Executes dropped EXE
      PID:3292

Network

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

1
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\hhcbrnaff.exe
    MD5

    2fa45b880aaff0ffbdee7fab2fe26fc1

    SHA1

    88cf0017bd1fe25b139ed825b328461fb03acbf6

    SHA256

    e60dd14ebcd97bbe06906e8fd7fcfcfae2fb040994569e60922108b1e9271033

    SHA512

    fbd6645994fd5de26b77e61a80dcf8d12404803783f2bbc471c3dd08629158237436aab41eead2663c0e72e276afbc6368957dbac4e5b1cf6cbbf6ccfd511468

    Download Submit
  • C:\Users\Admin\AppData\Local\Temp\hhcbrnaff.exe
    MD5

    2fa45b880aaff0ffbdee7fab2fe26fc1

    SHA1

    88cf0017bd1fe25b139ed825b328461fb03acbf6

    SHA256

    e60dd14ebcd97bbe06906e8fd7fcfcfae2fb040994569e60922108b1e9271033

    SHA512

    fbd6645994fd5de26b77e61a80dcf8d12404803783f2bbc471c3dd08629158237436aab41eead2663c0e72e276afbc6368957dbac4e5b1cf6cbbf6ccfd511468

    Download Submit
  • memory/1160-2-0x0000000002630000-0x0000000002A30000-memory.dmp
    Filesize

    4.0MB

    Download
  • memory/3292-3-0x0000000000000000-mapping.dmp
    Download
  • memory/3292-6-0x00000000024E0000-0x00000000028E0000-memory.dmp
    Filesize

    4.0MB

    Download