Overview

overview

7

Static

static

6b4a56b85f...87.exe

windows7-x64

3

6b4a56b85f...87.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    36s
  • max time network
    47s
  • platform
    windows7_x64
  • resource
    win7-20220812-en
  • resource tags

    arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
  • submitted
    19/09/2022, 16:25

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    6b4a56b85f6364d1d50b5202ebc0fa289c1a8a85951b64b5b08fe6c0bfff1587.exe

  • Size

    706KB

  • MD5

    03c985ac05c0ff63d8761aacc9b02729

  • SHA1

    5a281cbaf11aca4f831155997f6c5845dbe71d6c

  • SHA256

    6b4a56b85f6364d1d50b5202ebc0fa289c1a8a85951b64b5b08fe6c0bfff1587

  • SHA512

    e9ef19b1643d68ba8848fdf7645c5b3f13145cb29ac9f6b19ce1a1fc9dc47007519d241b99cd0b3a3d9fb84b4de57fe38be3a8cc4b77b5bd5cb75d0e43ceb9d4

  • SSDEEP

    12288:gzy6rRxE1bpnfkjuVtPuVcG6YO/uV1ObuVtFnvysf1Q1TkAQTuiHd6nwc:z6rTgbp8iVtGVcG9pV1OqVtFnSQT396P

Score
3/10

Malware Config

Signatures

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

  • Modifies Internet Explorer settings 1 TTPs 1 IoCs
    adwarespyware
  • Suspicious use of WriteProcessMemory 16 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\6b4a56b85f6364d1d50b5202ebc0fa289c1a8a85951b64b5b08fe6c0bfff1587.exe
    "C:\Users\Admin\AppData\Local\Temp\6b4a56b85f6364d1d50b5202ebc0fa289c1a8a85951b64b5b08fe6c0bfff1587.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2028
    • C:\Windows\SysWOW64\mshta.exe
      "C:\Windows\System32\mshta.exe" "javascript:new ActiveXObject('WScript.Shell').Run('SOLA_2.0_300582206131825.bat',0);window.close()"
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of WriteProcessMemory
      PID:628
      • C:\Windows\SysWOW64\cmd.exe
        cmd /c ""C:\Users\Admin\AppData\Local\Temp\SOLA_2.0_300582206131825.bat" "
        3⤵
        • Suspicious use of WriteProcessMemory
        PID:1412
        • C:\Windows\SysWOW64\cmd.exe
          C:\Windows\system32\cmd.exe /c date /t
          4⤵
            PID:1276
          • C:\Windows\SysWOW64\cmd.exe
            C:\Windows\system32\cmd.exe /c dir C:\Windows\explorer.exe
            4⤵
              PID:1168

      Network

      MITRE ATT&CK Enterprise v6

      Replay Monitor

      Loading Replay Monitor...

      Downloads

      • C:\Users\Admin\AppData\Local\Temp\SOLA_2.0_300582206131825.bat
        Filesize

        10KB

        MD5

        f41b61de9f7aa5b108bb3e8005553d79

        SHA1

        a3190e94a2656c33631c8ea78908390f18757e6e

        SHA256

        a0d634e5eead496d0409df99bcd563741009d1b02e2c5ce364b1336e07e31c4d

        SHA512

        5ad715770c76019008e37d3c7ac4a8857e509085f4cbccd2919bc7ca11b48f07b9ac4e3e12d4c02deda0eca1906599ff1b082ce545da9b44e80c8b8e225015ef

        Download Submit

      • memory/2028-54-0x0000000075DF1000-0x0000000075DF3000-memory.dmp

        Filesize

        8KB

        Download