Overview

overview

7

Static

static

5e4b15435b...dd.exe

windows7-x64

7

5e4b15435b...dd.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    45s
  • max time network
    49s
  • platform
    windows7_x64
  • resource
    win7-20220901-en
  • resource tags

    arch:x64arch:x86image:win7-20220901-enlocale:en-usos:windows7-x64system
  • submitted
    02/10/2022, 10:31 UTC

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    5e4b15435b9aabf9d0885b063ec42e762244e0d76dfc1d6fb6426e1f94bbb1dd.exe

  • Size

    94KB

  • MD5

    63c666d3be7b923c966a23891b18eba0

  • SHA1

    6e619cc0002e32f339da50014987649153262f57

  • SHA256

    5e4b15435b9aabf9d0885b063ec42e762244e0d76dfc1d6fb6426e1f94bbb1dd

  • SHA512

    ca329cf4449199181446e69d065cfaac8db75964f51e43947b3c5f8e2caf2256e2b3f95849cc418cd9c6e33d3ad3bd4ed1dbdb7605c215aae585c58ac1447a50

  • SSDEEP

    1536:HvmG2zuawM5Txwn99lje8XN0PCnGhiNL6iuqCnxjoww43+XhL:H+ZwT/Ve2JGhilaqChowT09

Score
7/10

Malware Config

Signatures

  • Deletes itself 1 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\5e4b15435b9aabf9d0885b063ec42e762244e0d76dfc1d6fb6426e1f94bbb1dd.exe
    "C:\Users\Admin\AppData\Local\Temp\5e4b15435b9aabf9d0885b063ec42e762244e0d76dfc1d6fb6426e1f94bbb1dd.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:996
    • C:\Windows\SysWOW64\cmd.exe
      "C:\Windows\system32\cmd.exe" /q /c "C:\Users\Admin\AppData\Local\Temp\Uwp..bat" > nul 2> nul
      2⤵
      • Deletes itself
      PID:596

Network

  • flag-us
    DNS
    ikea.com
    5e4b15435b9aabf9d0885b063ec42e762244e0d76dfc1d6fb6426e1f94bbb1dd.exe
    Remote address:
    8.8.8.8:53
    Request
    ikea.com
    IN A
    Response
    ikea.com
    IN A
    23.203.72.42
  • flag-us
    DNS
    sitesell.com
    5e4b15435b9aabf9d0885b063ec42e762244e0d76dfc1d6fb6426e1f94bbb1dd.exe
    Remote address:
    8.8.8.8:53
    Request
    sitesell.com
    IN A
    Response
    sitesell.com
    IN A
    172.67.75.143
    sitesell.com
    IN A
    104.26.11.231
    sitesell.com
    IN A
    104.26.10.231
  • flag-us
    DNS
    google.ae
    5e4b15435b9aabf9d0885b063ec42e762244e0d76dfc1d6fb6426e1f94bbb1dd.exe
    Remote address:
    8.8.8.8:53
    Request
    google.ae
    IN A
    Response
    google.ae
    IN A
    142.251.39.99
  • flag-us
    DNS
    gexque.in
    5e4b15435b9aabf9d0885b063ec42e762244e0d76dfc1d6fb6426e1f94bbb1dd.exe
    Remote address:
    8.8.8.8:53
    Request
    gexque.in
    IN A
    Response
  • flag-us
    DNS
    rooftopjam.in
    5e4b15435b9aabf9d0885b063ec42e762244e0d76dfc1d6fb6426e1f94bbb1dd.exe
    Remote address:
    8.8.8.8:53
    Request
    rooftopjam.in
    IN A
    Response
  • flag-us
    DNS
    jumppack.in
    5e4b15435b9aabf9d0885b063ec42e762244e0d76dfc1d6fb6426e1f94bbb1dd.exe
    Remote address:
    8.8.8.8:53
    Request
    jumppack.in
    IN A
    Response
No results found
  • 8.8.8.8:53
    ikea.com
    dns
    5e4b15435b9aabf9d0885b063ec42e762244e0d76dfc1d6fb6426e1f94bbb1dd.exe
    54 B
     70 B
     1
    1

    DNS Request

    ikea.com

    DNS Response

    23.203.72.42

  • 8.8.8.8:53
    sitesell.com
    dns
    5e4b15435b9aabf9d0885b063ec42e762244e0d76dfc1d6fb6426e1f94bbb1dd.exe
    58 B
     106 B
     1
    1

    DNS Request

    sitesell.com

    DNS Response

    172.67.75.143
    104.26.11.231
    104.26.10.231

  • 8.8.8.8:53
    google.ae
    dns
    5e4b15435b9aabf9d0885b063ec42e762244e0d76dfc1d6fb6426e1f94bbb1dd.exe
    55 B
     71 B
     1
    1

    DNS Request

    google.ae

    DNS Response

    142.251.39.99

  • 8.8.8.8:53
    gexque.in
    dns
    5e4b15435b9aabf9d0885b063ec42e762244e0d76dfc1d6fb6426e1f94bbb1dd.exe
    55 B
     108 B
     1
    1

    DNS Request

    gexque.in

  • 8.8.8.8:53
    rooftopjam.in
    dns
    5e4b15435b9aabf9d0885b063ec42e762244e0d76dfc1d6fb6426e1f94bbb1dd.exe
    59 B
     112 B
     1
    1

    DNS Request

    rooftopjam.in

  • 8.8.8.8:53
    jumppack.in
    dns
    5e4b15435b9aabf9d0885b063ec42e762244e0d76dfc1d6fb6426e1f94bbb1dd.exe
    57 B
     110 B
     1
    1

    DNS Request

    jumppack.in

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\Uwp..bat
    Filesize

    274B

    MD5

    fe3c225af55ff133f968b9b86da0279a

    SHA1

    047a78bec540e49f99104712917f5ea26e57e813

    SHA256

    92c05b124905d191414ce4cbdb50ac49fe03849c10549b746fdfc0497b40f70e

    SHA512

    307b56876d54b482a8d9031f4df66cc70f933009837bfe0ef662aae1455fa60446ecc468ed96df10615acbe43c6065317fa43c44c740678d0ff5a8b4baf3d7c7

    Download Submit

  • memory/996-54-0x00000000760E1000-0x00000000760E3000-memory.dmp

    Filesize

    8KB

    Download

  • memory/996-55-0x0000000000400000-0x000000000041D000-memory.dmp

    Filesize

    116KB

    Download

  • memory/996-57-0x0000000000400000-0x000000000041D000-memory.dmp

    Filesize

    116KB

    Download

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.