Analysis

  • max time kernel
    37s
  • max time network
    46s
  • platform
    windows7_x64
  • resource
    win7-20220812-en
  • resource tags

    arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
  • submitted
    05-09-2022 15:53

General

  • Target

    a6dbbf3d861bcc796d59c88856aa1537ad9929bb48026eade107b1ab504dbf75.exe

  • Size

    275KB

  • MD5

    2699d6901bf39ed2c81836e9171e90d8

  • SHA1

    a3a1d6435bd32be22c4a751f415cf87988171f71

  • SHA256

    a6dbbf3d861bcc796d59c88856aa1537ad9929bb48026eade107b1ab504dbf75

  • SHA512

    95257b9f31780f480824cb58b132628c65c4a0976328e0f3b3ea9d50bf0ce438e1b1d7ffb888da4f3a44e1fc1d981bdd3230f10a9842d8f426c671a45ab1417d

  • SSDEEP

    6144:XrjarNfw1eNQlaAQrJMKhEZ6JLi7sQcEEckscTi:7j31eal27lEsBDk

Score
7/10

Malware Config

Signatures

  • Loads dropped DLL 1 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

  • Program crash 1 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\a6dbbf3d861bcc796d59c88856aa1537ad9929bb48026eade107b1ab504dbf75.exe
    "C:\Users\Admin\AppData\Local\Temp\a6dbbf3d861bcc796d59c88856aa1537ad9929bb48026eade107b1ab504dbf75.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious use of WriteProcessMemory
    PID:1648
    • C:\Windows\system32\WerFault.exe
      C:\Windows\system32\WerFault.exe -u -p 1648 -s 508
      2⤵
      • Program crash
      PID:272

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • \Users\Admin\AppData\Local\Temp\TestInstaller\libEGL.dll

    Filesize

    742KB

    MD5

    ef939a3c948a2453c8d7a5e26cd6d3ee

    SHA1

    bad8376ab0316b08ac7bb6970347ddb6119c2b16

    SHA256

    1ae0956eaa392a7b74bed80d8e0a3a8b2ff7c0e24a9050af630e1427b3198d8f

    SHA512

    de58c2a4186e0fae8f99a7d426e3df37ccdabd2c65974920e5ac32c73e0a4448c5104d19294a6dc942c86eb756185fc595d3e2095709778160266074f0e3fdc6

  • memory/272-56-0x0000000000000000-mapping.dmp

  • memory/1648-54-0x000007FEFB931000-0x000007FEFB933000-memory.dmp

    Filesize

    8KB