Overview

overview

8

Static

static

c5c330b341...48.exe

windows7-x64

8

c5c330b341...48.exe

windows10-2004-x64

8

Analysis

  • max time kernel
    151s
  • max time network
    126s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20220812-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
  • submitted
    22/09/2022, 08:23

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    c5c330b341abd7f009f16b6187a71c9a2e98480e50498f78bb03003f48603848.exe

  • Size

    1.3MB

  • MD5

    7ef0594d8fcedc2800b2d40bc98c2301

  • SHA1

    809c8a1a3d5f047624cce62a966ce3ccb2052d97

  • SHA256

    c5c330b341abd7f009f16b6187a71c9a2e98480e50498f78bb03003f48603848

  • SHA512

    4a18e5771c836299f8a07f0b243bcdf36a2d4ad5269fe3fa39fb19c0d455627d7c6e0bd21feb5ca1a88b0c4fa8c9128a374c2ede96a788bbcbd2839042236cba

  • SSDEEP

    24576:r793eQtxNLxCRR7WhTyfSF9Rjk9A/nxWdoCt/6aWJnbPZ6V7Yx2LlDRT:r71btgz6hTyfyrw9UQoXa4PZ6Vcx2RDp

Score
8/10

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Checks computer location settings 2 TTPs 2 IoCs

    Looks up country code configured in the registry, likely geofence.

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

  • Modifies registry class 1 IoCs
  • Suspicious use of WriteProcessMemory 6 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\c5c330b341abd7f009f16b6187a71c9a2e98480e50498f78bb03003f48603848.exe
    "C:\Users\Admin\AppData\Local\Temp\c5c330b341abd7f009f16b6187a71c9a2e98480e50498f78bb03003f48603848.exe"
    1⤵
    • Checks computer location settings
    • Modifies registry class
    • Suspicious use of WriteProcessMemory
    PID:504
    • C:\Windows\SysWOW64\WScript.exe
      "C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\upload.vbs"
      2⤵
      • Checks computer location settings
      • Suspicious use of WriteProcessMemory
      PID:1512
      • C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\IspUSBDirect.exe
        "C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\IspUSBDirect.exe"
        3⤵
        • Executes dropped EXE
        PID:4908

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\IspUSBDirect.exe
    Filesize

    1.1MB

    MD5

    54fb66b38fcf7b5f644a0b27f3b28876

    SHA1

    e9f51a58fecb0d486e5fc4cec180d2bc27988c7a

    SHA256

    7324c6bb0c44470f5cfb4806a920fe8698b865d5240a04287f9fbd76e17f1c6f

    SHA512

    e22e48a0513004b7961c3ef5e569845fcbd14ada64de5ed5b410693060143385abce6bed6eb742998a8fe4823cdb615285af80d71c5fe6ae4d940421553be865

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\IspUSBDirect.exe
    Filesize

    1.1MB

    MD5

    54fb66b38fcf7b5f644a0b27f3b28876

    SHA1

    e9f51a58fecb0d486e5fc4cec180d2bc27988c7a

    SHA256

    7324c6bb0c44470f5cfb4806a920fe8698b865d5240a04287f9fbd76e17f1c6f

    SHA512

    e22e48a0513004b7961c3ef5e569845fcbd14ada64de5ed5b410693060143385abce6bed6eb742998a8fe4823cdb615285af80d71c5fe6ae4d940421553be865

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\upload.vbs
    Filesize

    263B

    MD5

    9d228f8cfdee65bb623c4fe705279b17

    SHA1

    aac8fb36c753b1b8b25b99454ca294fd46fa20c7

    SHA256

    1870cd367e7079dc3978bb0430503cd398b2443f8afc47dac934ba594faa0072

    SHA512

    17d7424ae97b993653ed1ed1eff6645cb37655d5a60717ae58f9b41e31c7413ce418866eb812562ced162c3c8172fc4e32db981d23909602e222d0a8f24ec022

    Download Submit