Overview

overview

8

Static

static

392c5ce157...69.exe

windows7-x64

8

392c5ce157...69.exe

windows10-2004-x64

8

Analysis

  • max time kernel
    149s
  • max time network
    156s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20220812-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
  • submitted
    02/10/2022, 09:07

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    392c5ce1575ecb8d5f0c08ce375cdddb63370ce8ede8beaa6d72ddd6d337ab69.exe

  • Size

    143KB

  • MD5

    706cf1315565a8f5bf482e52dcde1bf0

  • SHA1

    84bc518cec8a67126dd8aa23661f2d90ebfb015c

  • SHA256

    392c5ce1575ecb8d5f0c08ce375cdddb63370ce8ede8beaa6d72ddd6d337ab69

  • SHA512

    89e79abb33399387574129167a916d7a5d7af5320877b6ecd5bced2ffff1e2c3c0c77fe966fc070eb65280a51d53a700ae82f524048e4f71fd0ffbd20b80061c

  • SSDEEP

    3072:dnrRqBYMmJZbjCJ1zlvq0dUHJ2eEMSJ83bVoou5kCukxRr4T9:dSDi0hq0d7eEMSJYbVRu5kC1RW9

Score
8/10

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Checks computer location settings 2 TTPs 1 IoCs

    Looks up country code configured in the registry, likely geofence.

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\392c5ce1575ecb8d5f0c08ce375cdddb63370ce8ede8beaa6d72ddd6d337ab69.exe
    "C:\Users\Admin\AppData\Local\Temp\392c5ce1575ecb8d5f0c08ce375cdddb63370ce8ede8beaa6d72ddd6d337ab69.exe"
    1⤵
    • Checks computer location settings
    • Suspicious use of WriteProcessMemory
    PID:3408
    • C:\Users\Admin\AppData\Local\Temp\my image sex.exe
      "C:\Users\Admin\AppData\Local\Temp\my image sex.exe"
      2⤵
      • Executes dropped EXE
      • Suspicious use of AdjustPrivilegeToken
      PID:4200

Network

        MITRE ATT&CK Enterprise v6

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Users\Admin\AppData\Local\Temp\my image sex.exe
          Filesize

          184KB

          MD5

          cbe17a812532967692627055177156c8

          SHA1

          96d173dc67d13d72989e21f4e23d7a770fa7a42b

          SHA256

          dea89d18f777e9721e2a6b0ee3ed008b365a1e636e2b8ddf6b74bd67193669a1

          SHA512

          4a05856e06077935200e0ec0fce1a98cd0833121d889110030e26aa13033903f3cbd6c410e56f171c8c8be7d2bda160d339f57462f9e01046505697d474a3058

          Download Submit

        • C:\Users\Admin\AppData\Local\Temp\my image sex.exe
          Filesize

          184KB

          MD5

          cbe17a812532967692627055177156c8

          SHA1

          96d173dc67d13d72989e21f4e23d7a770fa7a42b

          SHA256

          dea89d18f777e9721e2a6b0ee3ed008b365a1e636e2b8ddf6b74bd67193669a1

          SHA512

          4a05856e06077935200e0ec0fce1a98cd0833121d889110030e26aa13033903f3cbd6c410e56f171c8c8be7d2bda160d339f57462f9e01046505697d474a3058

          Download Submit

        • memory/4200-135-0x0000000073F60000-0x0000000074511000-memory.dmp

          Filesize

          5.7MB

          Download

        • memory/4200-136-0x0000000073F60000-0x0000000074511000-memory.dmp

          Filesize

          5.7MB

          Download