Overview

overview

8

Static

static

46d340eaf6...8b.exe

windows7-x64

8

46d340eaf6...8b.exe

windows10-2004-x64

8

Analysis

  • max time kernel
    46s
  • max time network
    51s
  • platform
    windows7_x64
  • resource
    win7-20220812-en
  • resource tags

    arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
  • submitted
    30-09-2022 08:03

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    46d340eaf6b78207e24b6011422f1a5b4a566e493d72365c6a1cace11c36b28b.exe

  • Size

    2.0MB

  • MD5

    36171704cde087f839b10c2465d864e1

  • SHA1

    e3baa1c3ee9aa1d5ae61187be2e20ea9cb57d538

  • SHA256

    46d340eaf6b78207e24b6011422f1a5b4a566e493d72365c6a1cace11c36b28b

  • SHA512

    9d13d5aa950a16a36123585917533238cde146ef67d2af23f23dc83aea5764dc90f3533a74747b80f3c113c9895a6e3ac1c6f4801ae2df6d6f9ec5f8b2bc31ae

  • SSDEEP

    49152:SddZjtDrb/TyvO90dL3BmAFd4A64nsfJ7j7TPtGcddRgLj2Dau/oZzQFz1j:Sdfj7zyg5oo

Score
8/10
ransomwarespywarestealer

Malware Config

Signatures

  • Modifies extensions of user files 4 IoCs

    Ransomware generally changes the extension on encrypted files.

    ransomware
  • Deletes itself 1 IoCs
  • Reads user/profile data of web browsers 2 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer
  • Drops desktop.ini file(s) 42 IoCs
  • Enumerates connected drives 3 TTPs 24 IoCs

    Attempts to read the root path of hard drives other than the default C: drive.

  • Drops file in Program Files directory 64 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\46d340eaf6b78207e24b6011422f1a5b4a566e493d72365c6a1cace11c36b28b.exe
    "C:\Users\Admin\AppData\Local\Temp\46d340eaf6b78207e24b6011422f1a5b4a566e493d72365c6a1cace11c36b28b.exe"
    1⤵
    • Modifies extensions of user files
    • Drops desktop.ini file(s)
    • Enumerates connected drives
    • Drops file in Program Files directory
    • Suspicious use of WriteProcessMemory
    PID:1680
    • C:\Windows\system32\cmd.exe
      cmd /c del C:\Users\Admin\AppData\Local\Temp\46d340eaf6b78207e24b6011422f1a5b4a566e493d72365c6a1cace11c36b28b.exe
      2⤵
      • Deletes itself
      PID:1972

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\$Recycle.Bin\S-1-5-21-3845472200-3839195424-595303356-1000\desktop.ini
    Filesize

    129B

    MD5

    826c83f2d48781992644729da8252c37

    SHA1

    0266ff7306eefcb98e510b9534810c38b17ec921

    SHA256

    4c0fa2dcaf3d57287052ef1acdfdaeed1cafda1f2e481c266630a147efb8d9c2

    SHA512

    71b1db2c54165da884634a57266eb9906af6d2a42a8d55f3a1654e06a45153cd061a0387729e3d54dc2034588d9a4fd53d6f267131c78aaa2b057080f0fc8850

    Download Submit

  • memory/1972-55-0x0000000000000000-mapping.dmp

    Download