Resubmissions

02-09-2021 19:12

210902-xwla1aeefq 10

02-09-2021 19:09

210902-xtsbjabea9 8

Analysis

  • max time kernel
    124s
  • max time network
    172s
  • platform
    windows7_x64
  • resource
    win7v20210408
  • submitted
    02-09-2021 19:09

General

  • Target

    __xiibsjtw.kau.exe

  • Size

    5.9MB

  • MD5

    57520f580ba9eea9cf87fe5d597af880

  • SHA1

    47fd9f66c205dfa28212ae60b3640861c8634a74

  • SHA256

    795df135da908b0f6ddc88660741a38ebdf34914296b1dd6326a337cf35ed22b

  • SHA512

    6a8503435eedd4a98d3ec4fd71af5ec797d8f6fe1c41e1c1cc0e24dea8ce4894f2df64a96d29ca478e85276d0810bda21b299273dcb14ba96b6c5fa4f6f0799b

Score
7/10

Malware Config

Signatures

  • Loads dropped DLL 2 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\__xiibsjtw.kau.exe
    "C:\Users\Admin\AppData\Local\Temp\__xiibsjtw.kau.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious behavior: GetForegroundWindowSpam
    PID:1076

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/1076-60-0x0000000075AA1000-0x0000000075AA3000-memory.dmp

    Filesize

    8KB