Analysis

  • max time kernel
    4294211s
  • max time network
    124s
  • platform
    windows7_x64
  • resource
    win7-20220311-en
  • submitted
    26-03-2022 04:35

General

  • Target

    minor.exe

  • Size

    27KB

  • MD5

    cc41876131457380518803a6daed9fe3

  • SHA1

    352b01bbd7063ebbd3aedbe8e35408fd51584b1a

  • SHA256

    db57d70cb349c8db6a0fd0a43a7e2ac68edc258457c9cb6b6dbd19a3e348195c

  • SHA512

    284aee559d4734b3ff0732f0e693070498b895cf95de687bc033c113ee195a768d763c05661eaf01171891f517cc27214e1a1e41cfe2900d9a9366dc762c5b25

Score
10/10

Malware Config

Signatures

  • Upatre

    Upatre is a generic malware downloader.

  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 2 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\minor.exe
    "C:\Users\Admin\AppData\Local\Temp\minor.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious use of WriteProcessMemory
    PID:2000
    • C:\Users\Admin\AppData\Local\Temp\szgfw.exe
      "C:\Users\Admin\AppData\Local\Temp\szgfw.exe"
      2⤵
      • Executes dropped EXE
      PID:1636

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/2000-54-0x0000000074C61000-0x0000000074C63000-memory.dmp

    Filesize

    8KB