Overview

overview

8

Static

static

e79b0c62fe...95.exe

windows7-x64

8

e79b0c62fe...95.exe

windows10-2004-x64

8

Analysis

  • max time kernel
    92s
  • max time network
    159s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20220812-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
  • submitted
    02/10/2022, 23:26

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    e79b0c62fe4f962385f240e1d9164b3fc4be263cdfc23b3e035b673c04689695.exe

  • Size

    19KB

  • MD5

    7960a3e1e57c3330954e7b4a584cb980

  • SHA1

    eff6d3f5ff2ef1283afc31d09eee298a0909b30a

  • SHA256

    e79b0c62fe4f962385f240e1d9164b3fc4be263cdfc23b3e035b673c04689695

  • SHA512

    c31eef95e9ea6218b5b662f9bcbe6fe3abfbf63de03be1b0827005ae0ec40dbda802a0b45a3092cd15a7f2caa1e52142aaaa99a6d69d8f73d595af2b17dcc0c9

  • SSDEEP

    192:cjdlB2ZAAfyBnKhMS+K+JYw7U3AdhfUd6ORlomDNwKSQjqPL+1C8MxxPeZrd9j:cIZAvJmRPDN/jSyC8MxVsj

Score
8/10

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Checks computer location settings 2 TTPs 2 IoCs

    Looks up country code configured in the registry, likely geofence.

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\e79b0c62fe4f962385f240e1d9164b3fc4be263cdfc23b3e035b673c04689695.exe
    "C:\Users\Admin\AppData\Local\Temp\e79b0c62fe4f962385f240e1d9164b3fc4be263cdfc23b3e035b673c04689695.exe"
    1⤵
    • Checks computer location settings
    • Suspicious use of WriteProcessMemory
    PID:5020
    • C:\Users\Admin\AppData\Local\Temp\comhost.exe
      "C:\Users\Admin\AppData\Local\Temp\comhost.exe"
      2⤵
      • Executes dropped EXE
      • Checks computer location settings
      PID:1084

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\comhost.exe
    Filesize

    19KB

    MD5

    7853656ad4f560a8e1e7c5c4a2ed2f15

    SHA1

    0db6ffbb090f552babc4020059e68d94f9b20877

    SHA256

    55a33ec5deae7f54d57625134225b0f5414c6925898e9b35533b51307f959384

    SHA512

    634167520055ff0f9584beccee3c1a1cf223fdb2d0869e151407b54242e57bedad6dddb2c0c5104de615171bd09649a5a55c6241b29e541bc6c8377201af74a0

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\comhost.exe
    Filesize

    19KB

    MD5

    7853656ad4f560a8e1e7c5c4a2ed2f15

    SHA1

    0db6ffbb090f552babc4020059e68d94f9b20877

    SHA256

    55a33ec5deae7f54d57625134225b0f5414c6925898e9b35533b51307f959384

    SHA512

    634167520055ff0f9584beccee3c1a1cf223fdb2d0869e151407b54242e57bedad6dddb2c0c5104de615171bd09649a5a55c6241b29e541bc6c8377201af74a0

    Download Submit