Overview

overview

6

Static

static

294ddb4993...d3.exe

windows7-x64

6

294ddb4993...d3.exe

windows10-2004-x64

6

Analysis

  • max time kernel
    41s
  • max time network
    46s
  • platform
    windows7_x64
  • resource
    win7-20220812-en
  • resource tags

    arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
  • submitted
    02/10/2022, 07:33

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    294ddb49932c11d610d3355f4f0ddb8fa97526866e0a29e6dca2a7c3b161b1d3.exe

  • Size

    417KB

  • MD5

    719fb30e6d3759c4eea69e497f5da7e2

  • SHA1

    896f657d8308049500cfdfaa57560eea5bc6aea7

  • SHA256

    294ddb49932c11d610d3355f4f0ddb8fa97526866e0a29e6dca2a7c3b161b1d3

  • SHA512

    72184aca9d2aded2151df204bdd55b2f57e09b6aa3d4364b60298f69b743a1543f44ff6898fccae00ce47c5e9e2deda3f853219e508491003606504ed7d92d68

  • SSDEEP

    6144:QKrxiyLvmWVXGl4KvfMxTEb1mtRk3qTQ3YxqkZ2ktaXymL1h8F4D8o6JZ1468:dtLXhmvfn1mRk1IJ2dXyI1eI6JT468

Score
6/10
discovery

Malware Config

Signatures

  • Checks installed software on the system 1 TTPs

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  • Drops file in Program Files directory 3 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

Processes

  • C:\Users\Admin\AppData\Local\Temp\294ddb49932c11d610d3355f4f0ddb8fa97526866e0a29e6dca2a7c3b161b1d3.exe
    "C:\Users\Admin\AppData\Local\Temp\294ddb49932c11d610d3355f4f0ddb8fa97526866e0a29e6dca2a7c3b161b1d3.exe"
    1⤵
    • Drops file in Program Files directory
    PID:1388

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/1388-54-0x0000000075E11000-0x0000000075E13000-memory.dmp

    Filesize

    8KB

    Download