Overview

overview

8

Static

static

507ce48aa2...b4.exe

windows7-x64

8

507ce48aa2...b4.exe

windows10-2004-x64

8

Analysis

  • max time kernel
    150s
  • max time network
    154s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20220812-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
  • submitted
    01/10/2022, 20:27

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    507ce48aa29f8465a44d59689086fa2fb0412089b8c712b6297e0d1731220fb4.exe

  • Size

    27KB

  • MD5

    61352d92a59644e438b9707407fb5ef0

  • SHA1

    4bcb62766461d94a7a83677b9f90b089b45410e7

  • SHA256

    507ce48aa29f8465a44d59689086fa2fb0412089b8c712b6297e0d1731220fb4

  • SHA512

    ec5d6deba19a7bc39067111636802168ec97a19229bf2483b43ffddc2be3b1942027b7ededa4ccd77470ce7bf64dd14248444cce495be100d054139829eae14f

  • SSDEEP

    768:d/3xd1HXzoy44hXPuxabxgfycDLZe+5JGTF:dv93zoRkWe

Score
8/10

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Checks computer location settings 2 TTPs 1 IoCs

    Looks up country code configured in the registry, likely geofence.

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\507ce48aa29f8465a44d59689086fa2fb0412089b8c712b6297e0d1731220fb4.exe
    "C:\Users\Admin\AppData\Local\Temp\507ce48aa29f8465a44d59689086fa2fb0412089b8c712b6297e0d1731220fb4.exe"
    1⤵
    • Checks computer location settings
    • Suspicious use of WriteProcessMemory
    PID:680
    • C:\Users\Admin\AppData\Local\Temp\update_pdf.exe
      "C:\Users\Admin\AppData\Local\Temp\update_pdf.exe"
      2⤵
      • Executes dropped EXE
      PID:3064

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\update_pdf.exe
    Filesize

    27KB

    MD5

    5294406e03e8408ca12c575cf1f99292

    SHA1

    1387e64ee20667d3063716ffd56479cee6d51750

    SHA256

    8f5399b3de8c4c290abc9ab53195572a77da736cbd2fd87e11cde72392ef0f3e

    SHA512

    781141cace78f4fec145ebd952b9e378e09771369651d4f0b037c1d38fbc7076a6bd70f3ebc9a156b9709a7e9ac5c45e926610f6a586d0faebb6b61ad382c6a3

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\update_pdf.exe
    Filesize

    27KB

    MD5

    5294406e03e8408ca12c575cf1f99292

    SHA1

    1387e64ee20667d3063716ffd56479cee6d51750

    SHA256

    8f5399b3de8c4c290abc9ab53195572a77da736cbd2fd87e11cde72392ef0f3e

    SHA512

    781141cace78f4fec145ebd952b9e378e09771369651d4f0b037c1d38fbc7076a6bd70f3ebc9a156b9709a7e9ac5c45e926610f6a586d0faebb6b61ad382c6a3

    Download Submit