Overview

overview

10

Static

static

10

01/2015.5.27/01.vir

windows7_x64

3

01/2015.5.27/01.vir

windows10_x64

3

PER-DCOMP-...ao.dll

windows7_x64

1

PER-DCOMP-...ao.dll

windows10_x64

1

01/2015.5.27/03.exe

windows7_x64

8

01/2015.5.27/03.exe

windows10_x64

8

01/2015.5.27/04.exe

windows7_x64

1

01/2015.5.27/04.exe

windows10_x64

1

01/2015.5.27/05.exe

windows7_x64

10

01/2015.5.27/05.exe

windows10_x64

10

01/2015.5.27/07.exe

windows7_x64

7

01/2015.5.27/07.exe

windows10_x64

7

01/2015.5.27/09.exe

windows7_x64

10

01/2015.5.27/09.exe

windows10_x64

10

01/2015.5.27/10.exe

windows7_x64

10

01/2015.5.27/10.exe

windows10_x64

10

01/2015.5.27/12.pdf

windows7_x64

1

01/2015.5.27/12.pdf

windows10_x64

1

01/2015.5.27/13.pdf

windows7_x64

1

01/2015.5.27/13.pdf

windows10_x64

1

01/2015.5.27/14.exe

windows7_x64

8

01/2015.5.27/14.exe

windows10_x64

8

01/2015.5.27/15.dll

windows7_x64

1

01/2015.5.27/15.dll

windows10_x64

1

01/2015.5.27/16.rtf

windows7_x64

10

01/2015.5.27/16.rtf

windows10_x64

1

01/2015.5.27/17.pdf

windows7_x64

1

01/2015.5.27/17.pdf

windows10_x64

1

01/2015.5.27/18.doc

windows7_x64

1

01/2015.5.27/18.doc

windows10_x64

1

Analysis

  • max time kernel
    160s
  • max time network
    160s
  • platform
    windows7_x64
  • resource
    win7-en-20211208
  • submitted
    28-01-2022 13:34

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    01/2015.5.27/07.exe

  • Size

    180KB

  • MD5

    6b0b9ad0c784552500e86aba824c0aaf

  • SHA1

    1f571f395edc5722cb80bfd3e2f39730876a1019

  • SHA256

    233aa10f5c89d48d93c689c7593bba95e29bc570e2819317d4863471ecf2dc02

  • SHA512

    7259a760c5a4b9a24f698ae9239a417a5818b0195c32d06db61acda804817aa1063d499f93e58d3a0a4827d5c32f9982d3c5809a1cb738962cb65f0c0c41b81a

Score
7/10

Malware Config

Signatures

  • Drops startup file 1 IoCs
  • Loads dropped DLL 1 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

Processes

  • C:\Users\Admin\AppData\Local\Temp\01\2015.5.27\07.exe
    "C:\Users\Admin\AppData\Local\Temp\01\2015.5.27\07.exe"
    1⤵
    • Drops startup file
    • Loads dropped DLL
    PID:1732

Network

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

1
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

  • \Users\Admin\AppData\Local\Temp\acb6d2a8.dll
    MD5

    7d7191feaa71ce7537233a4226967175

    SHA1

    2a0a26313611acbd7366bcc7821c3079f3cba6de

    SHA256

    1a309d70a9fe256382bcc73866882fe6ed2be9ce223164aa4a415d06a6c7d259

    SHA512

    512e2c8f58923888c7bdad50de3da06779e2090dc491e46951b64a272b31ce4093a071ce0963d2ec79849dcefa1410970b2f59068ac3cec9647a0b15ced187dd

    Download Submit
  • memory/1732-55-0x0000000076371000-0x0000000076373000-memory.dmp
    Filesize

    8KB

    Download
  • memory/1732-59-0x0000000000670000-0x00000000006A5000-memory.dmp
    Filesize

    212KB

    Download
  • memory/1732-60-0x0000000000230000-0x000000000024D000-memory.dmp
    Filesize

    116KB

    Download