Overview

overview

8

Static

static

7c3255b419...f7.exe

windows7-x64

8

7c3255b419...f7.exe

windows10-2004-x64

8

Analysis

  • max time kernel
    42s
  • max time network
    49s
  • platform
    windows7_x64
  • resource
    win7-20220812-en
  • resource tags

    arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
  • submitted
    19/09/2022, 11:10

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    7c3255b419f6a79fb152ff7d8d5d020466948b2283f3c431a2e0439886be7af7.exe

  • Size

    258KB

  • MD5

    ffb863cbf57cf76123e8a42155202f06

  • SHA1

    57b17f2c5889177c96fc8ad452c6cff7dbd0a640

  • SHA256

    7c3255b419f6a79fb152ff7d8d5d020466948b2283f3c431a2e0439886be7af7

  • SHA512

    7befec3571e65749063058f501fbcef660c8aad5f2472202a7b5b19702ae25f7424289fdeff0e0da4d92afecd1bdde17f6b3fd8ea1fd3ebbc9d37a270b61dfd0

  • SSDEEP

    6144:u8U2qy6rRZb7jxGYnjiE9hDiPyyw/kyAwhcyqfQj4tfKs:wzy6rRxEAGPyyUdNcyqfDtj

Score
8/10
upx

Malware Config

Signatures

  • Drops file in Drivers directory 8 IoCs
  • Executes dropped EXE 1 IoCs
  • UPX packed file 4 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Loads dropped DLL 2 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

  • Suspicious use of SetWindowsHookEx 1 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\7c3255b419f6a79fb152ff7d8d5d020466948b2283f3c431a2e0439886be7af7.exe
    "C:\Users\Admin\AppData\Local\Temp\7c3255b419f6a79fb152ff7d8d5d020466948b2283f3c431a2e0439886be7af7.exe"
    1⤵
    • Drops file in Drivers directory
    • Loads dropped DLL
    • Suspicious use of WriteProcessMemory
    PID:1708
    • C:\Windows\system32\drivers\etc\start1.exe
      "C:\Windows\system32\drivers\etc\start1.exe"
      2⤵
      • Executes dropped EXE
      • Suspicious use of SetWindowsHookEx
      PID:1952

Network

        MITRE ATT&CK Enterprise v6

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Windows\System32\drivers\etc\start1.exe
          Filesize

          139KB

          MD5

          9c0f625a4594f38dc0b5ed62e6d89e55

          SHA1

          210fc783e2fcf3da9066e163e737a2bc1ac420a7

          SHA256

          b0db9123657c85cb10676591e470dfe5f3e175f13f36641d563417d4362ddac5

          SHA512

          8d3c3da4511ca7e557231ec40c5936bb6204608dbf17c85ab3ed5d28970a2b99903a495fab8ca9ce4be63650f527802937d03dfb6feaeca393c4e0dc1ec2103c

          Download Submit

        • \Windows\System32\drivers\etc\start1.exe
          Filesize

          139KB

          MD5

          9c0f625a4594f38dc0b5ed62e6d89e55

          SHA1

          210fc783e2fcf3da9066e163e737a2bc1ac420a7

          SHA256

          b0db9123657c85cb10676591e470dfe5f3e175f13f36641d563417d4362ddac5

          SHA512

          8d3c3da4511ca7e557231ec40c5936bb6204608dbf17c85ab3ed5d28970a2b99903a495fab8ca9ce4be63650f527802937d03dfb6feaeca393c4e0dc1ec2103c

          Download Submit

        • \Windows\System32\drivers\etc\start1.exe
          Filesize

          139KB

          MD5

          9c0f625a4594f38dc0b5ed62e6d89e55

          SHA1

          210fc783e2fcf3da9066e163e737a2bc1ac420a7

          SHA256

          b0db9123657c85cb10676591e470dfe5f3e175f13f36641d563417d4362ddac5

          SHA512

          8d3c3da4511ca7e557231ec40c5936bb6204608dbf17c85ab3ed5d28970a2b99903a495fab8ca9ce4be63650f527802937d03dfb6feaeca393c4e0dc1ec2103c

          Download Submit

        • memory/1708-54-0x0000000075B11000-0x0000000075B13000-memory.dmp

          Filesize

          8KB

          Download

        • memory/1952-61-0x0000000000400000-0x0000000000419000-memory.dmp

          Filesize

          100KB

          Download