Overview

overview

8

Static

static

dvdfab_pla...15.exe

windows7_x64

8

dvdfab_pla...15.exe

windows10_x64

8

Resubmissions

23-09-2021 13:58

210923-raaz9aefc4 8

22-08-2021 12:57

210822-9mjev45vne 10

Analysis

  • max time kernel
    143s
  • max time network
    138s
  • platform
    windows7_x64
  • resource
    win7-en-20210920
  • submitted
    23-09-2021 13:58

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    dvdfab_player_6115.exe

  • Size

    102.3MB

  • MD5

    12880e15e937216cb83b7a2cb328909e

  • SHA1

    56fec932ebad7b73b1629bd510416dc33a186ea3

  • SHA256

    fcbf364dfa1211e904b23c5fbd6bb67159d4e4f56777f0445977e38b6d49777f

  • SHA512

    2d63cc5db2eb219c4349e2fdf2436b334779b50b6184c8e54ed65fba0fb803c74dfe0f19f9e404b53511df0d249b8adbd3646dd8f7404b5d9fbb67ab5c42d87d

Score
8/10
upx

Malware Config

Signatures

  • UPX packed file 2 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Suspicious use of SetThreadContext 1 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

  • Suspicious use of AdjustPrivilegeToken 3 IoCs
  • Suspicious use of WriteProcessMemory 15 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\dvdfab_player_6115.exe
    "C:\Users\Admin\AppData\Local\Temp\dvdfab_player_6115.exe"
    1⤵
    • Suspicious use of SetThreadContext
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:968
    • C:\Windows\SysWOW64\cmd.exe
      "C:\Windows\System32\cmd.exe" /c
      2⤵
        PID:516
      • C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe"
        2⤵
        • Suspicious use of AdjustPrivilegeToken
        PID:992

    Network

    MITRE ATT&CK Matrix ATT&CK v6

    Initial Access

    Execution

    Persistence

    Privilege Escalation

    Defense Evasion

    Credential Access

    Discovery

    System Information Discovery

    1
    T1082

    Lateral Movement

    Collection

    Exfiltration

    Command and Control

    Impact

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • memory/516-57-0x0000000000000000-mapping.dmp
      Download
    • memory/968-54-0x0000000000040000-0x0000000000041000-memory.dmp
      Filesize

      4KB

      Download
    • memory/968-56-0x000000000B150000-0x000000000B151000-memory.dmp
      Filesize

      4KB

      Download
    • memory/992-58-0x0000000000400000-0x00000000005F7000-memory.dmp
      Filesize

      2.0MB

      Download
    • memory/992-59-0x00000000005F5A70-mapping.dmp
      Download
    • memory/992-60-0x0000000076B61000-0x0000000076B63000-memory.dmp
      Filesize

      8KB

      Download
    • memory/992-61-0x0000000000400000-0x00000000005F7000-memory.dmp
      Filesize

      2.0MB

      Download
    • memory/992-62-0x0000000002EE0000-0x0000000003EE0000-memory.dmp
      Filesize

      16.0MB

      Download