Overview

overview

7

Static

static

5

2fc2fcdec0...35.exe

windows7-x64

7

2fc2fcdec0...35.exe

windows10-2004-x64

3

Analysis

  • max time kernel
    46s
  • max time network
    51s
  • platform
    windows7_x64
  • resource
    win7-20220901-en
  • resource tags

    arch:x64arch:x86image:win7-20220901-enlocale:en-usos:windows7-x64system
  • submitted
    02-10-2022 01:12

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    2fc2fcdec09258ea378d7b66fe1bb1516ab6a9b8009e9cd832ec200c755d5e35.exe

  • Size

    790KB

  • MD5

    6f20b0f61aadb5e1be8c01f82e53df95

  • SHA1

    a66547b3060234a678983d3372473f489e352142

  • SHA256

    2fc2fcdec09258ea378d7b66fe1bb1516ab6a9b8009e9cd832ec200c755d5e35

  • SHA512

    60c662ae8315010cd697bb957e156ce8e56425ca6b1e27a32f7b506a265f4ec1781e735461749d048f58ca68318b81606339992d8f9467102859f9a07910b2cd

  • SSDEEP

    24576:ixqT31T6WE6I5jKqosOm+bJErWbbA5c7s:V6WE6IN95+bJE35co

Score
7/10

Malware Config

Signatures

  • Deletes itself 1 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\2fc2fcdec09258ea378d7b66fe1bb1516ab6a9b8009e9cd832ec200c755d5e35.exe
    "C:\Users\Admin\AppData\Local\Temp\2fc2fcdec09258ea378d7b66fe1bb1516ab6a9b8009e9cd832ec200c755d5e35.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:1584
    • C:\Windows\SysWOW64\cmd.exe
      cmd /c C:\Users\Admin\AppData\Local\Temp\s.cmd
      2⤵
      • Deletes itself
      PID:900

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\s.cmd
    Filesize

    285B

    MD5

    6831c15c74395519d0207ec2865943b1

    SHA1

    9c7e38b4d6e516aefc63afb21187747e3bfe51cf

    SHA256

    e4f6b3795b0b3e9f67fa89e0a9950eeb6e0fcca0244573a1d43c42dfd50fddab

    SHA512

    2cdd372656a9a8a71cd0e5f8bd62995f256623cdfc06027fb62e56dc3e1fea632c6928509145d71f6eb7b1ae5cecd1afef4e61d2f3ca4c95a23c4ad541b025da

    Download Submit

  • memory/900-55-0x0000000000000000-mapping.dmp

    Download

  • memory/1584-54-0x0000000075681000-0x0000000075683000-memory.dmp

    Filesize

    8KB

    Download