Overview

overview

8

Static

static

8bffe0815c...b3.exe

windows7-x64

8

8bffe0815c...b3.exe

windows10-2004-x64

3

Analysis

  • max time kernel
    144s
  • max time network
    45s
  • platform
    windows7_x64
  • resource
    win7-20220812-en
  • resource tags

    arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
  • submitted
    02/10/2022, 23:05

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    8bffe0815cf7b1156988a770ce0ae479747bf2c9b2def4a98e1106c7316fa8b3.exe

  • Size

    139KB

  • MD5

    07c3ff053b9a3ad933322f895683f1f0

  • SHA1

    051cf6b461ece977f4037c408092a5e661fb8d2f

  • SHA256

    8bffe0815cf7b1156988a770ce0ae479747bf2c9b2def4a98e1106c7316fa8b3

  • SHA512

    3626f6452a94326b13c124faf756403f5c2f68e37d19f416d3d01d1635f9773f906265a5ebac0555909876e00e79ca5a955783ae424c9d9a5e003216004340f0

  • SSDEEP

    3072:doxctdaOZmPKWqdqp1mfwAHy60BrklUWYd0Hn3G3XMc:uxc9ZmPKN2QTS60hklUpeHI

Score
8/10

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Drops file in Windows directory 1 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

  • Program crash 1 IoCs
  • Suspicious behavior: RenamesItself 1 IoCs
  • Suspicious use of WriteProcessMemory 8 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\8bffe0815cf7b1156988a770ce0ae479747bf2c9b2def4a98e1106c7316fa8b3.exe
    "C:\Users\Admin\AppData\Local\Temp\8bffe0815cf7b1156988a770ce0ae479747bf2c9b2def4a98e1106c7316fa8b3.exe"
    1⤵
    • Drops file in Windows directory
    • Suspicious behavior: RenamesItself
    • Suspicious use of WriteProcessMemory
    PID:1248
    • C:\Windows\2.exe
      "C:\Windows\2.exe"
      2⤵
      • Executes dropped EXE
      • Suspicious use of WriteProcessMemory
      PID:1176
      • C:\Windows\SysWOW64\WerFault.exe
        C:\Windows\SysWOW64\WerFault.exe -u -p 1176 -s 36
        3⤵
        • Program crash
        PID:1976

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Windows\2.exe
    Filesize

    118KB

    MD5

    5f790ed513dea0cf7571bcd6dc7c7549

    SHA1

    bf056fe1e762a8b67f95d613e6dcba7e37576d67

    SHA256

    cf52a020e517bd49c39cb6fba14b42ef96e1bf56fcb1eaff7b8284a7a6798ed3

    SHA512

    55b026087f0ef0ad6a49044973247d41b84932297dd124404ee816d2c9392e43c444be43322edba2d12aabf80a3a667a9a074732d5add452be4f13b07e045e8a

    Download Submit

  • memory/1176-59-0x0000000000400000-0x0000000000441000-memory.dmp

    Filesize

    260KB

    Download

  • memory/1248-54-0x0000000075351000-0x0000000075353000-memory.dmp

    Filesize

    8KB

    Download

  • memory/1248-57-0x0000000000400000-0x0000000000425000-memory.dmp

    Filesize

    148KB

    Download

  • memory/1248-58-0x0000000002690000-0x00000000026D1000-memory.dmp

    Filesize

    260KB

    Download

  • memory/1248-61-0x0000000000400000-0x0000000000425000-memory.dmp

    Filesize

    148KB

    Download