Overview

overview

10

Static

static

a369d13217...5a.exe

windows7_x64

3

a369d13217...5a.exe

windows10-2004_x64

10

Analysis

  • max time kernel
    68s
  • max time network
    43s
  • platform
    windows7_x64
  • resource
    win7-20220414-en
  • submitted
    20-05-2022 23:54

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    a369d1321703dce354cfcb0f57106a7ec1bcdcafe7f9fe00a63bbbdf38aa105a.exe

  • Size

    819KB

  • MD5

    132b58b929bda60a63b4e31e734259db

  • SHA1

    7b5562475375ff2e2b28713a650777e6bdba6952

  • SHA256

    a369d1321703dce354cfcb0f57106a7ec1bcdcafe7f9fe00a63bbbdf38aa105a

  • SHA512

    0e2f32cee15498f81fad6772cf44b7033de00815f619b46a3d3164d50be7a10ea47a934f79a9ad372470adef6013e8222139d6646cb0413bc0ff5021302921bb

Score
3/10

Malware Config

Signatures

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

  • Creates scheduled task(s) 1 TTPs 1 IoCs

    Schtasks is often used by malware for persistence or to perform post-infection execution.

    persistence
  • Suspicious behavior: EnumeratesProcesses 5 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of WriteProcessMemory 24 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\a369d1321703dce354cfcb0f57106a7ec1bcdcafe7f9fe00a63bbbdf38aa105a.exe
    "C:\Users\Admin\AppData\Local\Temp\a369d1321703dce354cfcb0f57106a7ec1bcdcafe7f9fe00a63bbbdf38aa105a.exe"
    1⤵
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:776
    • C:\Windows\SysWOW64\schtasks.exe
      "C:\Windows\System32\schtasks.exe" /Create /TN "Updates\YyxkgULjBFG" /XML "C:\Users\Admin\AppData\Local\Temp\tmp9A2E.tmp"
      2⤵
      • Creates scheduled task(s)
      PID:1472
    • C:\Users\Admin\AppData\Local\Temp\a369d1321703dce354cfcb0f57106a7ec1bcdcafe7f9fe00a63bbbdf38aa105a.exe
      "{path}"
      2⤵
        PID:1976
      • C:\Users\Admin\AppData\Local\Temp\a369d1321703dce354cfcb0f57106a7ec1bcdcafe7f9fe00a63bbbdf38aa105a.exe
        "{path}"
        2⤵
          PID:1972
        • C:\Users\Admin\AppData\Local\Temp\a369d1321703dce354cfcb0f57106a7ec1bcdcafe7f9fe00a63bbbdf38aa105a.exe
          "{path}"
          2⤵
            PID:1816
          • C:\Users\Admin\AppData\Local\Temp\a369d1321703dce354cfcb0f57106a7ec1bcdcafe7f9fe00a63bbbdf38aa105a.exe
            "{path}"
            2⤵
              PID:1004
            • C:\Users\Admin\AppData\Local\Temp\a369d1321703dce354cfcb0f57106a7ec1bcdcafe7f9fe00a63bbbdf38aa105a.exe
              "{path}"
              2⤵
                PID:2024

            Network

            MITRE ATT&CK Enterprise v6

            Replay Monitor

            Loading Replay Monitor...

            Downloads

            • C:\Users\Admin\AppData\Local\Temp\tmp9A2E.tmp
              Filesize

              1KB

              MD5

              9cfa3464d3d73925f3411900a4fba9eb

              SHA1

              81cef98889dd8ebc45de3627a1cc02e4b4a183eb

              SHA256

              a8a6ed3377d5f297ee990781dfb83f664b745006ad4edaa323e3d896502f1553

              SHA512

              b182ebe456d0aaf869eb367f96ac4233657b37a9d7ade3d6ba936c184c4ff05e0989ff3dc4f18093376c6afed5bc4ef0d847d700db43085f203a3a48d0ec4eba

              Download Submit

            • memory/776-54-0x00000000003A0000-0x0000000000474000-memory.dmp

              Filesize

              848KB

              Download

            • memory/776-55-0x00000000753B1000-0x00000000753B3000-memory.dmp

              Filesize

              8KB

              Download

            • memory/776-56-0x0000000000310000-0x0000000000318000-memory.dmp

              Filesize

              32KB

              Download

            • memory/776-57-0x0000000004E90000-0x0000000004F32000-memory.dmp

              Filesize

              648KB

              Download

            • memory/1472-58-0x0000000000000000-mapping.dmp

              Download