Overview

overview

8

Static

static

3ad57c5d41...14.exe

windows7_x64

8

3ad57c5d41...14.exe

windows10-2004_x64

8

Analysis

  • max time kernel
    42s
  • max time network
    45s
  • platform
    windows7_x64
  • resource
    win7-20220414-en
  • submitted
    11-07-2022 21:51

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    3ad57c5d41a71945e5c66c31cdbe70d592b6da8a8add70c618653db73ede2614.exe

  • Size

    1.4MB

  • MD5

    891860064f823c696324cb157cdc88d6

  • SHA1

    2b06e040f94533625dc9393e80c325e9b1e100d4

  • SHA256

    3ad57c5d41a71945e5c66c31cdbe70d592b6da8a8add70c618653db73ede2614

  • SHA512

    45bc1816207305de36c580867046adaac78817bf2c45bfc31e5fa6d6ed6e0e5a885db56bad73d4e25dc7f015452e3ef1365f34caae66f26794e253a46ac67de1

Score
8/10

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 1 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 2 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\3ad57c5d41a71945e5c66c31cdbe70d592b6da8a8add70c618653db73ede2614.exe
    "C:\Users\Admin\AppData\Local\Temp\3ad57c5d41a71945e5c66c31cdbe70d592b6da8a8add70c618653db73ede2614.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of WriteProcessMemory
    PID:644
    • C:\Users\Admin\AppData\Local\BrightTRAMP\BrightTRAMPUtil.exe
      "C:\Users\Admin\AppData\Local\BrightTRAMP\BrightTRAMPUtil.exe" "C:\Users\Admin\AppData\Local\Temp\3ad57c5d41a71945e5c66c31cdbe70d592b6da8a8add70c618653db73ede2614.exe"
      2⤵
      • Executes dropped EXE
      • Suspicious use of SetWindowsHookEx
      PID:996

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\BrightTRAMP\BrightTRAMPUtil.exe
    Filesize

    3.6MB

    MD5

    cffe2022009fdc3eeaf624ce0caf81f2

    SHA1

    4a2b4fdd5fc2e17138813fb7a0f3c4f2d96fe45d

    SHA256

    94f383e2d630bd5e3dc892869608b34f79148047d395732c70b0872d26998dd8

    SHA512

    be05e8fd6c4e4896aaaf35094ecca68a4058b7c3b76d00de60f4256dc02dc2a987c04902088f9aaf53a3f35822729ff122d5f892a362153c4a41464d4fbcdbb0

    Download Submit

  • \Users\Admin\AppData\Local\BrightTRAMP\BrightTRAMPUtil.exe
    Filesize

    3.6MB

    MD5

    cffe2022009fdc3eeaf624ce0caf81f2

    SHA1

    4a2b4fdd5fc2e17138813fb7a0f3c4f2d96fe45d

    SHA256

    94f383e2d630bd5e3dc892869608b34f79148047d395732c70b0872d26998dd8

    SHA512

    be05e8fd6c4e4896aaaf35094ecca68a4058b7c3b76d00de60f4256dc02dc2a987c04902088f9aaf53a3f35822729ff122d5f892a362153c4a41464d4fbcdbb0

    Download Submit

  • memory/644-54-0x0000000075BF1000-0x0000000075BF3000-memory.dmp

    Filesize

    8KB

    Download

  • memory/644-55-0x0000000075521000-0x0000000075523000-memory.dmp

    Filesize

    8KB

    Download

  • memory/996-57-0x0000000000000000-mapping.dmp

    Download