Analysis
-
max time kernel
132s -
max time network
13s -
platform
windows7_x64 -
resource
win7v20210410 -
submitted
04-05-2021 16:11
General
-
Target
UFCECfFhnlan.exe
-
Size
140KB
-
MD5
c0f972c5e033c0b4dc268a805cfa16a2
-
SHA1
a3f38579feb14d3b20289e453b41d88232145f68
-
SHA256
d8a0d25776c28e17e724da2b1c8fdae28d7c6b32cfa9d3d2a20f3f57ff370488
-
SHA512
de7803c4119355be7e06616abbfbf44b4ee23ba2caa987b630ad520126187c1f9eb2308f0ba5ba51cc8287fa75e5251d4e9d5ad940e8beb90b97f65d4890ca47
Score
8/10
Malware Config
Signatures
-
Executes dropped EXE 2 IoCs
-
Loads dropped DLL 4 IoCs
-
Modifies file permissions 1 TTPs 2 IoCs
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.
-
Suspicious use of WriteProcessMemory 8 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\UFCECfFhnlan.exe"C:\Users\Admin\AppData\Local\Temp\UFCECfFhnlan.exe"1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\vNnBtwWpgrep.exe"C:\Users\Admin\AppData\Local\Temp\vNnBtwWpgrep.exe" 9 REP2⤵
- Executes dropped EXE
-
-
C:\Users\Admin\AppData\Local\Temp\BRgykdKqclan.exe"C:\Users\Admin\AppData\Local\Temp\BRgykdKqclan.exe" 8 LAN2⤵
- Executes dropped EXE
-
-
C:\Users\Admin\AppData\Local\Temp\ZODxpEfRAlan.exe"C:\Users\Admin\AppData\Local\Temp\ZODxpEfRAlan.exe" 8 LAN2⤵
-
-
C:\Windows\SysWOW64\icacls.exeicacls "C:\*" /grant Everyone:F /T /C /Q2⤵
- Modifies file permissions
-
-
C:\Windows\SysWOW64\icacls.exeicacls "D:\*" /grant Everyone:F /T /C /Q2⤵
- Modifies file permissions
-
Network
MITRE ATT&CK Enterprise v6
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
8KB