Analysis
-
max time kernel
114s -
max time network
178s -
platform
windows10-2004_x64 -
resource
win10v2004-20220901-en -
resource tags
-
submitted
05-09-2022 15:53
General
-
Target
a6dbbf3d861bcc796d59c88856aa1537ad9929bb48026eade107b1ab504dbf75.exe
-
Size
275KB
-
MD5
2699d6901bf39ed2c81836e9171e90d8
-
SHA1
a3a1d6435bd32be22c4a751f415cf87988171f71
-
SHA256
a6dbbf3d861bcc796d59c88856aa1537ad9929bb48026eade107b1ab504dbf75
-
SHA512
95257b9f31780f480824cb58b132628c65c4a0976328e0f3b3ea9d50bf0ce438e1b1d7ffb888da4f3a44e1fc1d981bdd3230f10a9842d8f426c671a45ab1417d
-
SSDEEP
6144:XrjarNfw1eNQlaAQrJMKhEZ6JLi7sQcEEckscTi:7j31eal27lEsBDk
Malware Config
Signatures
-
Loads dropped DLL 1 IoCs
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.
-
Program crash 1 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\a6dbbf3d861bcc796d59c88856aa1537ad9929bb48026eade107b1ab504dbf75.exe"C:\Users\Admin\AppData\Local\Temp\a6dbbf3d861bcc796d59c88856aa1537ad9929bb48026eade107b1ab504dbf75.exe"1⤵
- Loads dropped DLL
-
C:\Windows\system32\WerFault.exeC:\Windows\system32\WerFault.exe -u -p 2892 -s 9802⤵
- Program crash
-
-
C:\Windows\system32\WerFault.exeC:\Windows\system32\WerFault.exe -pss -s 412 -p 2892 -ip 28921⤵
Network
MITRE ATT&CK Enterprise v6
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
742KB
MD5ef939a3c948a2453c8d7a5e26cd6d3ee
SHA1bad8376ab0316b08ac7bb6970347ddb6119c2b16
SHA2561ae0956eaa392a7b74bed80d8e0a3a8b2ff7c0e24a9050af630e1427b3198d8f
SHA512de58c2a4186e0fae8f99a7d426e3df37ccdabd2c65974920e5ac32c73e0a4448c5104d19294a6dc942c86eb756185fc595d3e2095709778160266074f0e3fdc6