Overview

overview

9

Static

static

8

080540b15c...f5.exe

windows7_x64

8

080540b15c...f5.exe

windows10_x64

8

16937c50e9...9a.exe

windows7_x64

9

16937c50e9...9a.exe

windows10_x64

9

2fc4602468...5b.exe

windows7_x64

8

2fc4602468...5b.exe

windows10_x64

3

2fd826bdb8...14.exe

windows7_x64

8

2fd826bdb8...14.exe

windows10_x64

8

cool summer.exe

windows7_x64

3

cool summer.exe

windows10_x64

3

iext3.fne.dll

windows7_x64

1

iext3.fne.dll

windows10_x64

1

krnln.fnr.dll

windows7_x64

1

krnln.fnr.dll

windows10_x64

1

xplib.fne.dll

windows7_x64

1

xplib.fne.dll

windows10_x64

1

4373d18b2b...83.exe

windows7_x64

8

4373d18b2b...83.exe

windows10_x64

8

485e37b429...f9.exe

windows7_x64

1

485e37b429...f9.exe

windows10_x64

1

59c049de6d...14.exe

windows7_x64

8

59c049de6d...14.exe

windows10_x64

8

641da56f29...fc.exe

windows7_x64

9

641da56f29...fc.exe

windows10_x64

9

64b4fe7baf...60.exe

windows7_x64

1

64b4fe7baf...60.exe

windows10_x64

1

74368a064e...e0.exe

windows7_x64

8

74368a064e...e0.exe

windows10_x64

8

c087a84574...ce.exe

windows7_x64

7

c087a84574...ce.exe

windows10_x64

3

90eca63d6a...52.exe

windows7_x64

8

90eca63d6a...52.exe

windows10_x64

3

Analysis

  • max time kernel
    8s
  • max time network
    16s
  • platform
    windows7_x64
  • resource
    win7v20201028
  • submitted
    15-03-2021 23:08

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    2fc4602468f243f742b496683ee9bd6ff22c4c85b56567eff3df2bf7ef5c495b.exe

  • Size

    100KB

  • MD5

    ab3bfa9ef77a888353ed05d0bed7e931

  • SHA1

    71c44b922b3de2db1e6c63a846e92850973526fc

  • SHA256

    2fc4602468f243f742b496683ee9bd6ff22c4c85b56567eff3df2bf7ef5c495b

  • SHA512

    4e48b0f765a8a9af0dfe035b98c9ea2b3928a802111e04f12b82d8f7222b9565006e6c282451a26ee33ea0b581502ca5c475e76ebfc001cb16d4b93d02e24b81

Score
8/10

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 1 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\2fc4602468f243f742b496683ee9bd6ff22c4c85b56567eff3df2bf7ef5c495b.exe
    "C:\Users\Admin\AppData\Local\Temp\2fc4602468f243f742b496683ee9bd6ff22c4c85b56567eff3df2bf7ef5c495b.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious use of WriteProcessMemory
    PID:372
    • C:\Users\Admin\AppData\Local\Temp\hhcbrnaff.exe
      "C:\Users\Admin\AppData\Local\Temp\hhcbrnaff.exe"
      2⤵
      • Executes dropped EXE
      PID:1180

Network

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

1
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\hhcbrnaff.exe
    MD5

    6fe195b17738cb803d3c293f852c1071

    SHA1

    5b88d218f72b3cfe3439a0d6f67c31a5e17e9fc0

    SHA256

    0c82e17f246c4442e185b10c934242e999fb85c5a6a8b2739b9b0b2e12e32258

    SHA512

    8843d89ae803716cb0878f78e881ab039f50a1a3036c955fc2fce7ff84b1aa099c6a074c0bf440fffe0b58c61015ec92f55a2c62e7742a298d03fc1497a646bf

    Download Submit
  • C:\Users\Admin\AppData\Local\Temp\hhcbrnaff.exe
    MD5

    6fe195b17738cb803d3c293f852c1071

    SHA1

    5b88d218f72b3cfe3439a0d6f67c31a5e17e9fc0

    SHA256

    0c82e17f246c4442e185b10c934242e999fb85c5a6a8b2739b9b0b2e12e32258

    SHA512

    8843d89ae803716cb0878f78e881ab039f50a1a3036c955fc2fce7ff84b1aa099c6a074c0bf440fffe0b58c61015ec92f55a2c62e7742a298d03fc1497a646bf

    Download Submit
  • \Users\Admin\AppData\Local\Temp\hhcbrnaff.exe
    MD5

    6fe195b17738cb803d3c293f852c1071

    SHA1

    5b88d218f72b3cfe3439a0d6f67c31a5e17e9fc0

    SHA256

    0c82e17f246c4442e185b10c934242e999fb85c5a6a8b2739b9b0b2e12e32258

    SHA512

    8843d89ae803716cb0878f78e881ab039f50a1a3036c955fc2fce7ff84b1aa099c6a074c0bf440fffe0b58c61015ec92f55a2c62e7742a298d03fc1497a646bf

    Download Submit
  • memory/372-2-0x00000000765E1000-0x00000000765E3000-memory.dmp
    Filesize

    8KB

    Download
  • memory/372-9-0x0000000002680000-0x0000000002A80000-memory.dmp
    Filesize

    4.0MB

    Download
  • memory/372-8-0x0000000000540000-0x0000000000541000-memory.dmp
    Filesize

    4KB

    Download
  • memory/976-12-0x000007FEF7790000-0x000007FEF7A0A000-memory.dmp
    Filesize

    2.5MB

    Download
  • memory/1180-4-0x0000000000000000-mapping.dmp
    Download
  • memory/1180-10-0x0000000001D40000-0x0000000001D41000-memory.dmp
    Filesize

    4KB

    Download
  • memory/1180-11-0x0000000002670000-0x0000000002A70000-memory.dmp
    Filesize

    4.0MB

    Download