Overview

overview

10

Static

static

Statement ...18.exe

windows7_x64

10

Statement ...18.exe

windows10_x64

5

Analysis

  • max time kernel
    151s
  • max time network
    113s
  • platform
    windows10_x64
  • resource
    win10v20210410
  • submitted
    31-05-2021 11:27

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    Statement SKBMT 09418.exe

  • Size

    993KB

  • MD5

    16fdc46350203434497e1741ea5cd20a

  • SHA1

    f75824509e9ce1b77194724fd34c60bc0c9d28f1

  • SHA256

    1018d102af9093b9a03abe9a660360db6be8f752d992bb7159475fccd78949f5

  • SHA512

    a71d6af40387a94c52d54438fea392969f5f0a330867dc7a2d05de5c07fdfb26724270ca3bbbfaf1ceddd2338254eb158e9ada092fa622315627f0b0553fee12

Score
5/10

Malware Config

Signatures

  • Suspicious use of SetThreadContext 2 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

  • Program crash 1 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of SetWindowsHookEx 2 IoCs
  • Suspicious use of WriteProcessMemory 12 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\Statement SKBMT 09418.exe
    "C:\Users\Admin\AppData\Local\Temp\Statement SKBMT 09418.exe"
    1⤵
    • Suspicious use of SetThreadContext
    • Suspicious use of WriteProcessMemory
    PID:3176
    • C:\Users\Admin\AppData\Local\Temp\Statement SKBMT 09418.exe
      "C:\Users\Admin\AppData\Local\Temp\Statement SKBMT 09418.exe"
      2⤵
      • Suspicious use of SetThreadContext
      • Suspicious behavior: GetForegroundWindowSpam
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:2924
      • C:\Windows\Microsoft.NET\Framework\v2.0.50727\InstallUtil.exe
        "C:\Windows\Microsoft.NET\Framework\v2.0.50727\InstallUtil.exe"
        3⤵
          PID:680
          • C:\Windows\SysWOW64\WerFault.exe
            C:\Windows\SysWOW64\WerFault.exe -u -p 680 -s 88
            4⤵
            • Program crash
            PID:1384

    Network

    MITRE ATT&CK Matrix ATT&CK v6

    Initial Access

    Execution

    Persistence

    Privilege Escalation

    Defense Evasion

    Credential Access

    Discovery

    System Information Discovery

    1
    T1082

    Lateral Movement

    Collection

    Exfiltration

    Command and Control

    Impact

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • memory/680-130-0x0000000000412452-mapping.dmp
      Download
    • memory/2924-125-0x0000000000400000-0x0000000000430000-memory.dmp
      Filesize

      192KB

      Download
    • memory/2924-126-0x00000000004024E0-mapping.dmp
      Download
    • memory/3176-121-0x0000000005020000-0x0000000005024000-memory.dmp
      Filesize

      16KB

      Download
    • memory/3176-119-0x0000000005000000-0x0000000005001000-memory.dmp
      Filesize

      4KB

      Download
    • memory/3176-120-0x0000000005190000-0x0000000005191000-memory.dmp
      Filesize

      4KB

      Download
    • memory/3176-114-0x0000000000660000-0x0000000000661000-memory.dmp
      Filesize

      4KB

      Download
    • memory/3176-122-0x0000000005050000-0x000000000554E000-memory.dmp
      Filesize

      5.0MB

      Download
    • memory/3176-123-0x0000000005CF0000-0x0000000005D82000-memory.dmp
      Filesize

      584KB

      Download
    • memory/3176-124-0x0000000008240000-0x0000000008294000-memory.dmp
      Filesize

      336KB

      Download
    • memory/3176-118-0x00000000050F0000-0x00000000050F1000-memory.dmp
      Filesize

      4KB

      Download
    • memory/3176-117-0x0000000005550000-0x0000000005551000-memory.dmp
      Filesize

      4KB

      Download
    • memory/3176-116-0x0000000004F50000-0x0000000004F51000-memory.dmp
      Filesize

      4KB

      Download