Analysis

  • max time kernel
    150s
  • max time network
    36s
  • platform
    windows10_x64
  • resource
    win10v20210408
  • submitted
    17-05-2021 02:02

General

  • Target

    01418e2286cef6773c6d678c987bdd5980251d2dd1268145ce05a916b206f95e.exe

  • Size

    42KB

  • MD5

    1f88b765a489e1096518fe301329ad8e

  • SHA1

    d469a09af011ae1809c4e2c16048f7cd14458fa2

  • SHA256

    01418e2286cef6773c6d678c987bdd5980251d2dd1268145ce05a916b206f95e

  • SHA512

    25b5a454f5b3e482c2bc9ed4ab694ca994b8e0a97a845c198692db9ecf98ae58d5b6ed43a98b5b5edf44d8d8d82461bef67206d28b06c41340eda933ccf22d3d

Score
10/10

Malware Config

Signatures

  • Upatre

    Upatre is a generic malware downloader.

  • Executes dropped EXE 1 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\01418e2286cef6773c6d678c987bdd5980251d2dd1268145ce05a916b206f95e.exe
    "C:\Users\Admin\AppData\Local\Temp\01418e2286cef6773c6d678c987bdd5980251d2dd1268145ce05a916b206f95e.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:740
    • C:\Users\Admin\AppData\Local\Temp\szgfw.exe
      "C:\Users\Admin\AppData\Local\Temp\szgfw.exe"
      2⤵
      • Executes dropped EXE
      PID:2752

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/740-114-0x0000000000460000-0x0000000000461000-memory.dmp

    Filesize

    4KB