Overview

overview

10

Static

static

7

MoleculeV_.bin.exe

windows7_x64

7

MoleculeV_.bin.exe

windows10_x64

10

Analysis

  • max time kernel
    122s
  • max time network
    122s
  • platform
    windows7_x64
  • resource
    win7-en-20211104
  • submitted
    21-11-2021 16:18

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    MoleculeV_.bin.exe

  • Size

    461KB

  • MD5

    bb09e9b8daef63d4ebe21fcb2519c5d5

  • SHA1

    9adacd3ed8963404925d72efa1acca50dd9673b8

  • SHA256

    d47e0056a7336be404b2ddf56bdb6897046f6a6ddb0f38bb9f6674ca4c3eaf15

  • SHA512

    18f6d6023d1922a6e81833ef294e7fba4dde436fd67727d30a5f7c9f0b564cd940dca58217222f54454d2177a2fd4303389f4d4e4cd6e2d0290309cfc85f6267

Score
7/10

Malware Config

Signatures

  • Deletes itself 1 IoCs
  • Legitimate hosting services abused for malware hosting/C2 1 TTPs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of WriteProcessMemory 6 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\MoleculeV_.bin.exe
    "C:\Users\Admin\AppData\Local\Temp\MoleculeV_.bin.exe"
    1⤵
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:368
    • C:\Windows\System32\cmd.exe
      "C:\Windows\System32\cmd.exe" /C choice /C Y /N /D Y /T 3 & Del "C:\Users\Admin\AppData\Local\Temp\MoleculeV_.bin.exe"
      2⤵
      • Deletes itself
      • Suspicious use of WriteProcessMemory
      PID:564
      • C:\Windows\system32\choice.exe
        choice /C Y /N /D Y /T 3
        3⤵
          PID:1544

    Network

    MITRE ATT&CK Matrix ATT&CK v6

    Initial Access

    Execution

    Persistence

    Privilege Escalation

    Defense Evasion

    Credential Access

    Discovery

    System Information Discovery

    1
    T1082

    Lateral Movement

    Collection

    Exfiltration

    Command and Control

    Web Service

    1
    T1102

    Impact

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • memory/368-55-0x0000000000AD0000-0x0000000000AD1000-memory.dmp
      Filesize

      4KB

      Download
    • memory/368-57-0x0000000000400000-0x000000000043C000-memory.dmp
      Filesize

      240KB

      Download
    • memory/368-58-0x000000001B040000-0x000000001B042000-memory.dmp
      Filesize

      8KB

      Download
    • memory/564-59-0x0000000000000000-mapping.dmp
      Download
    • memory/1544-60-0x0000000000000000-mapping.dmp
      Download