1bc1be8a2c93b5b43c44faeda1bb133e69cf512d5f63c16b8a6a0f5d8293a49a

Analysis

max time kernel
91s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20220812-en
resource tags

arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
submitted
19/09/2022, 04:02

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

1bc1be8a2c93b5b43c44faeda1bb133e69cf512d5f63c16b8a6a0f5d8293a49a.exe
Size

278KB
MD5

349ffadbb51703fdd5d20176d1dbd2a0
SHA1

a5f6d644e89585ee3292f90306601a30cb2757f0
SHA256

1bc1be8a2c93b5b43c44faeda1bb133e69cf512d5f63c16b8a6a0f5d8293a49a
SHA512

0e600e12e4530f8245b718510bc660763ed685c5b79414aee05aee047fe8f135317c6fbb36be11849ad1c02f854a2c699da3d7e0d51288a37f7f916c4df747d0
SSDEEP

6144:OnWK748Seo5inFYlQyYfXKtFJYZxxkkQWCjokrJ8Qdb0O46p:sR487oUnFDPCtFKfxkkQ5jtB0+

Score

8^/10

upx

Malware Config

Signatures

UPX packed file 3 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/976-132-0x0000000000400000-0x00000000004AC000-memory.dmp	upx
behavioral2/memory/976-133-0x0000000000400000-0x00000000004AC000-memory.dmp	upx
behavioral2/memory/976-134-0x0000000000400000-0x00000000004AC000-memory.dmp	upx

AutoIT Executable 2 IoCs

AutoIT scripts compiled to PE executables.

resource	yara_rule
behavioral2/memory/976-133-0x0000000000400000-0x00000000004AC000-memory.dmp	autoit_exe
behavioral2/memory/976-134-0x0000000000400000-0x00000000004AC000-memory.dmp	autoit_exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

System Information Discovery
T1082

C:\Users\Admin\AppData\Local\Temp\1bc1be8a2c93b5b43c44faeda1bb133e69cf512d5f63c16b8a6a0f5d8293a49a.exe
"C:\Users\Admin\AppData\Local\Temp\1bc1be8a2c93b5b43c44faeda1bb133e69cf512d5f63c16b8a6a0f5d8293a49a.exe"
1⤵
PID:976

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

memory/976-132-0x0000000000400000-0x00000000004AC000-memory.dmp

Filesize
688KB

Download
memory/976-133-0x0000000000400000-0x00000000004AC000-memory.dmp

Filesize
688KB

Download
memory/976-134-0x0000000000400000-0x00000000004AC000-memory.dmp

Filesize
688KB

Download