Overview

overview

10

Static

static

PO CBV87654469.exe

windows7-x64

10

PO CBV87654469.exe

windows10-2004-x64

3

Analysis

  • max time kernel
    3s
  • max time network
    19s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20220812-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
  • submitted
    29-09-2022 20:32

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    PO CBV87654469.exe

  • Size

    428KB

  • MD5

    c6152a34c16494d6e75c276de8d76827

  • SHA1

    4e75fb1f68ae10b98e432c443d740229c370453f

  • SHA256

    d92c973ecc0a47bbb7d56fdec3471e90a88b49406b27b743f3f01433b0163ca8

  • SHA512

    0a2accb3101a3a91babeb526f69e77865b25b01d2be0b19776f1663ac0f7cccf5611acebddecfc495dcfd8948a813a799fd4b5d2c6cfba836acce70fab6a0ab5

  • SSDEEP

    6144:uTouKrWBEu3/Z2lpGDHU3ykJFqNbi/PRNU2Pg1++F8lTx4DN/Y8FyT+:uToPWBv/cpGrU3ywumk6g1bZDNw8Fyq

Score
3/10

Malware Config

Signatures

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

  • Program crash 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\PO CBV87654469.exe
    "C:\Users\Admin\AppData\Local\Temp\PO CBV87654469.exe"
    1⤵
      PID:3464
      • C:\Users\Admin\AppData\Local\Temp\xwsddqazr.exe
        "C:\Users\Admin\AppData\Local\Temp\xwsddqazr.exe"
        2⤵
          PID:1684
          • C:\Users\Admin\AppData\Local\Temp\xwsddqazr.exe
            "C:\Users\Admin\AppData\Local\Temp\xwsddqazr.exe"
            3⤵
              PID:4412
            • C:\Windows\SysWOW64\WerFault.exe
              C:\Windows\SysWOW64\WerFault.exe -u -p 1684 -s 476
              3⤵
              • Program crash
              PID:4972
        • C:\Windows\SysWOW64\WerFault.exe
          C:\Windows\SysWOW64\WerFault.exe -pss -s 432 -p 1684 -ip 1684
          1⤵
            PID:968

          Network

          MITRE ATT&CK Matrix ATT&CK v6

          Initial Access

          Execution

          Persistence

          Privilege Escalation

          Defense Evasion

          Credential Access

          Discovery

          System Information Discovery

          1
          T1082

          Lateral Movement

          Collection

          Exfiltration

          Command and Control

          Impact

          Replay Monitor

          Loading Replay Monitor...

          Downloads

          • C:\Users\Admin\AppData\Local\Temp\achvm.rm
            Filesize

            111KB

            MD5

            359a6caf917b1afbd4c95bb48e8b8845

            SHA1

            0f7bbf539e8334e1b2114272b6771924f75f2da7

            SHA256

            1cbd0b2cf91d16bba768292491ac0253eaed3328b6672ae394272ea4c98ad412

            SHA512

            bfa9a75f2208886d62f81e6b6a9eccf7fe9cb3b9b238e4a43650865b78509ba671d61ea40dd44c66ee89597e3f5a6aa0229870774d9c8a0ea0cfedf3d59697a7

            Download Submit
          • C:\Users\Admin\AppData\Local\Temp\xpapnectlh.sc
            Filesize

            4KB

            MD5

            e885fb743b9bff846d3e2b8a4449798c

            SHA1

            4c905a49a9a03153b49d0e785f63018ccb4bc74a

            SHA256

            1c40c8c83e270b5322b3d3141ceea3bf37ce82dad5fb9f3e7630bdfe94089a0a

            SHA512

            f9f9870a554003fbe3913c4816543b9d441c9d87b34ef07ce743dcc5c582cc120f6ba503f3de524006f396145cddd1f998cb489cdf83aed9f862be98fdab4023

            Download Submit
          • C:\Users\Admin\AppData\Local\Temp\xwsddqazr.exe
            Filesize

            57KB

            MD5

            cb79ef15f5378caf0a87679a2bc441b8

            SHA1

            7e08672e9e7f478bc18786e486ca930cc29114db

            SHA256

            a244ee10c1987f8a76171460b337923fcd861f6916677258362db2f39abcd6db

            SHA512

            4c1da3e4ee8b897b8da2d55762973b24594e7237f259e4c406b1ee9764f9b8bfc8b72a6fd83902df16b504476edb5d56ff22e2c435aca7f1003925699fb87950

            Download Submit
          • C:\Users\Admin\AppData\Local\Temp\xwsddqazr.exe
            Filesize

            57KB

            MD5

            cb79ef15f5378caf0a87679a2bc441b8

            SHA1

            7e08672e9e7f478bc18786e486ca930cc29114db

            SHA256

            a244ee10c1987f8a76171460b337923fcd861f6916677258362db2f39abcd6db

            SHA512

            4c1da3e4ee8b897b8da2d55762973b24594e7237f259e4c406b1ee9764f9b8bfc8b72a6fd83902df16b504476edb5d56ff22e2c435aca7f1003925699fb87950

            Download Submit
          • C:\Users\Admin\AppData\Local\Temp\xwsddqazr.exe
            Filesize

            57KB

            MD5

            cb79ef15f5378caf0a87679a2bc441b8

            SHA1

            7e08672e9e7f478bc18786e486ca930cc29114db

            SHA256

            a244ee10c1987f8a76171460b337923fcd861f6916677258362db2f39abcd6db

            SHA512

            4c1da3e4ee8b897b8da2d55762973b24594e7237f259e4c406b1ee9764f9b8bfc8b72a6fd83902df16b504476edb5d56ff22e2c435aca7f1003925699fb87950

            Download Submit
          • memory/1684-132-0x0000000000000000-mapping.dmp
            Download
          • memory/4412-137-0x0000000000000000-mapping.dmp
            Download