Overview

overview

10

Static

static

10

TrashMalwa...in.exe

windows10-2004-x64

8

TrashMalwa...er.exe

windows10-2004-x64

8

TrashMalwa...nk.exe

windows10-2004-x64

8

TrashMalwa...oN.bat

windows10-2004-x64

8

TrashMalwa...zz.exe

windows10-2004-x64

6

TrashMalwa...de.exe

windows10-2004-x64

8

TrashMalwa...20.exe

windows10-2004-x64

7

TrashMalwa...ll.exe

windows10-2004-x64

8

TrashMalwa...le.exe

windows10-2004-x64

8

TrashMalwa...oe.bat

windows10-2004-x64

TrashMalwa....0.exe

windows10-2004-x64

7

TrashMalwa....0.exe

windows10-2004-x64

8

TrashMalwa....0.exe

windows10-2004-x64

8

TrashMalwa...ic.exe

windows10-2004-x64

6

TrashMalwa...OD.exe

windows10-2004-x64

10

TrashMalwa...um.exe

windows10-2004-x64

6

TrashMalwa...er.exe

windows10-2004-x64

8

TrashMalwa...MZ.exe

windows10-2004-x64

1

TrashMalwa...ch.exe

windows10-2004-x64

8

TrashMalwa....5.exe

windows10-2004-x64

8

TrashMalwa...ol.exe

windows10-2004-x64

8

TrashMalwa...hm.exe

windows10-2004-x64

10

TrashMalwa...10.exe

windows10-2004-x64

7

TrashMalwa...V6.exe

windows10-2004-x64

7

TrashMalwa.../x.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    69s
  • max time network
    183s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20220812-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
  • submitted
    18-09-2022 14:13

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    TrashMalwares-main/x.exe

  • Size

    88KB

  • MD5

    eb5ad0a90c7c3a23b51243844e41d780

  • SHA1

    f07ad60430f5316cbfa8297c0fe8c69600f9f647

  • SHA256

    d3032a664ef73356f62babe4ce53be27a7b0587f4c10036b4eec61a5435cfadc

  • SHA512

    3bd11b208af263bec179931d0a55d29fbed59cca6ee8e2bb840d84ee52838401574b1812db3de792edf762258d108585fcf00a380e58b451a2e02180d3603122

  • SSDEEP

    1536:kmHmtXYg8pWDM021JlT68U/xoA4YoiGnEZVsu5zNrMjcXdUd:xHmteWDM02nlcGTYoiGnEZau5zNrMjcw

Score
7/10

Malware Config

Signatures

  • Checks computer location settings 2 TTPs 1 IoCs

    Looks up country code configured in the registry, likely geofence.

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\TrashMalwares-main\x.exe
    "C:\Users\Admin\AppData\Local\Temp\TrashMalwares-main\x.exe"
    1⤵
    • Checks computer location settings
    • Suspicious use of WriteProcessMemory
    PID:3580
    • C:\Windows\SysWOW64\cmd.exe
      C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\is64.bat" "
      2⤵
        PID:4916

    Network

    MITRE ATT&CK Matrix ATT&CK v6

    Initial Access

    Execution

    Persistence

    Privilege Escalation

    Defense Evasion

    Credential Access

    Discovery

    Query Registry

    1
    T1012

    System Information Discovery

    2
    T1082

    Lateral Movement

    Collection

    Exfiltration

    Command and Control

    Impact

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\Local\Temp\is64.bat
      Filesize

      181B

      MD5

      225edee1d46e0a80610db26b275d72fb

      SHA1

      ce206abf11aaf19278b72f5021cc64b1b427b7e8

      SHA256

      e1befb57d724c9dc760cf42d7e0609212b22faeb2dc0c3ffe2fbd7134ff69559

      SHA512

      4f01a2a248a1322cb690b7395b818d2780e46f4884e59f1ab96125d642b6358eea97c7fad6023ef17209b218daa9c88d15ea2b92f124ecb8434c0c7b4a710504

      Download Submit
    • C:\Users\Admin\AppData\Local\Temp\is64.txt
      MD5

      d41d8cd98f00b204e9800998ecf8427e

      SHA1

      da39a3ee5e6b4b0d3255bfef95601890afd80709

      SHA256

      e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

      SHA512

      cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

      Download Submit
    • memory/4916-132-0x0000000000000000-mapping.dmp
      Download