Overview

overview

10

Static

static

c0784c03bf...5d.exe

windows7_x64

10

c0784c03bf...5d.exe

windows10-2004_x64

8

Analysis

  • max time kernel
    187s
  • max time network
    203s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-en-20220112
  • submitted
    20-02-2022 02:30

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    c0784c03bfbe0ea483b6ae318d51de57ae1019cec8b6a12cbd58f66d59fd545d.exe

  • Size

    123KB

  • MD5

    d1f9c714cf20a56b8d9098576b414a54

  • SHA1

    0fa4bfde84904faa39e495719ee2b8082726cd69

  • SHA256

    c0784c03bfbe0ea483b6ae318d51de57ae1019cec8b6a12cbd58f66d59fd545d

  • SHA512

    8aac5846d4ee49e550064c2c10bd0ec3ee0606cef67654b88635c5bf51da97aa59a7ad29b48b0bbe4b1f3e429691e175824e117d957183fabcb0f6c1a00737e0

Score
8/10

Malware Config

Signatures

  • Executes dropped EXE 2 IoCs
  • Checks computer location settings 2 TTPs 1 IoCs

    Looks up country code configured in the registry, likely geofence.

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

  • Checks processor information in registry 2 TTPs 2 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Modifies data under HKEY_USERS 19 IoCs
  • Suspicious use of WriteProcessMemory 6 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\c0784c03bfbe0ea483b6ae318d51de57ae1019cec8b6a12cbd58f66d59fd545d.exe
    "C:\Users\Admin\AppData\Local\Temp\c0784c03bfbe0ea483b6ae318d51de57ae1019cec8b6a12cbd58f66d59fd545d.exe"
    1⤵
    • Checks computer location settings
    • Suspicious use of WriteProcessMemory
    PID:3476
    • C:\Users\Admin\AppData\Local\Temp\BkDSMcdxPrep.exe
      "C:\Users\Admin\AppData\Local\Temp\BkDSMcdxPrep.exe" 9 REP
      2⤵
      • Executes dropped EXE
      PID:3660
    • C:\Users\Admin\AppData\Local\Temp\rARjfXkNSlan.exe
      "C:\Users\Admin\AppData\Local\Temp\rARjfXkNSlan.exe" 8 LAN
      2⤵
      • Executes dropped EXE
      PID:3604
  • C:\Windows\system32\MusNotifyIcon.exe
    %systemroot%\system32\MusNotifyIcon.exe NotifyTrayIcon 13
    1⤵
    • Checks processor information in registry
    PID:2456
  • C:\Windows\System32\svchost.exe
    C:\Windows\System32\svchost.exe -k NetworkService -p
    1⤵
    • Modifies data under HKEY_USERS
    PID:1896

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\BkDSMcdxPrep.exe
    MD5

    d1f9c714cf20a56b8d9098576b414a54

    SHA1

    0fa4bfde84904faa39e495719ee2b8082726cd69

    SHA256

    c0784c03bfbe0ea483b6ae318d51de57ae1019cec8b6a12cbd58f66d59fd545d

    SHA512

    8aac5846d4ee49e550064c2c10bd0ec3ee0606cef67654b88635c5bf51da97aa59a7ad29b48b0bbe4b1f3e429691e175824e117d957183fabcb0f6c1a00737e0

    Download Submit
  • C:\Users\Admin\AppData\Local\Temp\BkDSMcdxPrep.exe
    MD5

    d1f9c714cf20a56b8d9098576b414a54

    SHA1

    0fa4bfde84904faa39e495719ee2b8082726cd69

    SHA256

    c0784c03bfbe0ea483b6ae318d51de57ae1019cec8b6a12cbd58f66d59fd545d

    SHA512

    8aac5846d4ee49e550064c2c10bd0ec3ee0606cef67654b88635c5bf51da97aa59a7ad29b48b0bbe4b1f3e429691e175824e117d957183fabcb0f6c1a00737e0

    Download Submit
  • C:\Users\Admin\AppData\Local\Temp\rARjfXkNSlan.exe
    MD5

    d1f9c714cf20a56b8d9098576b414a54

    SHA1

    0fa4bfde84904faa39e495719ee2b8082726cd69

    SHA256

    c0784c03bfbe0ea483b6ae318d51de57ae1019cec8b6a12cbd58f66d59fd545d

    SHA512

    8aac5846d4ee49e550064c2c10bd0ec3ee0606cef67654b88635c5bf51da97aa59a7ad29b48b0bbe4b1f3e429691e175824e117d957183fabcb0f6c1a00737e0

    Download Submit
  • C:\Users\Admin\AppData\Local\Temp\rARjfXkNSlan.exe
    MD5

    d1f9c714cf20a56b8d9098576b414a54

    SHA1

    0fa4bfde84904faa39e495719ee2b8082726cd69

    SHA256

    c0784c03bfbe0ea483b6ae318d51de57ae1019cec8b6a12cbd58f66d59fd545d

    SHA512

    8aac5846d4ee49e550064c2c10bd0ec3ee0606cef67654b88635c5bf51da97aa59a7ad29b48b0bbe4b1f3e429691e175824e117d957183fabcb0f6c1a00737e0

    Download Submit