Overview

overview

10

Static

static

8

10c410851b...78.exe

windows7_x64

1

10c410851b...78.exe

windows10_x64

1

Bat-To-Exe...er-x64

linux_amd64

Bat-To-Exe...er-x64

linux_mipsel

Bat-To-Exe...er-x64

linux_mips

Bat-To-Exe...er-x86

linux_amd64

Bat-To-Exe...er-x86

linux_mipsel

Bat-To-Exe...er-x86

linux_mips

Bat-To-Exe...er.dmg

macos_amd64

1

Bat-To-Exe...64.exe

windows7_x64

3

Bat-To-Exe...64.exe

windows10_x64

1

Bat-To-Exe...86.exe

windows7_x64

3

Bat-To-Exe...86.exe

windows10_x64

1

25ac59efdf...c7.exe

windows7_x64

10

25ac59efdf...c7.exe

windows10_x64

8

3523671dc7...2a.exe

windows7_x64

8

3523671dc7...2a.exe

windows10_x64

8

4a32ef4d91...8a.exe

windows7_x64

8

4a32ef4d91...8a.exe

windows10_x64

8

6f081f8143...3b.exe

windows7_x64

8

6f081f8143...3b.exe

windows10_x64

8

79b2065107...61.exe

windows7_x64

8

79b2065107...61.exe

windows10_x64

8

baa54f7d1e...d8.exe

windows7_x64

8

baa54f7d1e...d8.exe

windows10_x64

8

Analysis

  • max time kernel
    123s
  • max time network
    135s
  • platform
    windows10_x64
  • resource
    win10-en-20211014
  • submitted
    25-10-2021 08:18

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    25ac59efdfd4db2857bd58ebb437dfe9c5d55edfbbbadaaaf27b0f631d3325c7.exe

  • Size

    2.3MB

  • MD5

    102a230cc900e7fc9f1a58be6f976cb3

  • SHA1

    8e3facc711322eb7ebaa16e5c2e92696f1fc1ce8

  • SHA256

    25ac59efdfd4db2857bd58ebb437dfe9c5d55edfbbbadaaaf27b0f631d3325c7

  • SHA512

    925003fe0f6ff00824f42b00a26edf9805691037e09a212a6b5bf3a0e44a1072d457a1aa1fe19500a074fe92c46e08d86c985287af838492a6d1d2210928f0cf

Score
8/10

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

  • Suspicious behavior: EnumeratesProcesses 2 IoCs
  • Suspicious use of WriteProcessMemory 2 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\25ac59efdfd4db2857bd58ebb437dfe9c5d55edfbbbadaaaf27b0f631d3325c7.exe
    "C:\Users\Admin\AppData\Local\Temp\25ac59efdfd4db2857bd58ebb437dfe9c5d55edfbbbadaaaf27b0f631d3325c7.exe"
    1⤵
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of WriteProcessMemory
    PID:2336
    • C:\Users\Admin\AppData\Local\Temp\F463.tmp\zeronet-downloader.exe
      "C:\Users\Admin\AppData\Local\Temp\F463.tmp\zeronet-downloader.exe"
      2⤵
      • Executes dropped EXE
      PID:1160

Network

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

1
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\F463.tmp\zeronet-downloader.exe
    MD5

    9e0722e16793b9e6ffd8b48f4033a236

    SHA1

    b76ebcc61e0d16a93feca87525966d0c4f571ec3

    SHA256

    b5782642408eb1aa19df1781e8de277e0f586f66632b3171069630651c11e988

    SHA512

    f12b277330eeac8e04d3d5b69b37c690897fc49c6586e4ec9c5aa412cd64c07fd9c4edfe6607d01fa49ec6efb3d594af6277555ce70cf0d970d1c29ef5f04bd9

    Download Submit
  • C:\Users\Admin\AppData\Local\Temp\F463.tmp\zeronet-downloader.exe
    MD5

    9e0722e16793b9e6ffd8b48f4033a236

    SHA1

    b76ebcc61e0d16a93feca87525966d0c4f571ec3

    SHA256

    b5782642408eb1aa19df1781e8de277e0f586f66632b3171069630651c11e988

    SHA512

    f12b277330eeac8e04d3d5b69b37c690897fc49c6586e4ec9c5aa412cd64c07fd9c4edfe6607d01fa49ec6efb3d594af6277555ce70cf0d970d1c29ef5f04bd9

    Download Submit
  • memory/1160-118-0x0000000000000000-mapping.dmp
    Download