Overview

overview

8

Static

static

817820d64d...eb.exe

windows7-x64

8

817820d64d...eb.exe

windows10-2004-x64

8

Analysis

  • max time kernel
    159s
  • max time network
    168s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20220812-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
  • submitted
    03/10/2022, 23:31

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    817820d64dbb1d2f3e63ca3cbce1259fbdb9e5c8cd98b8ae005fdfe7731ce7eb.exe

  • Size

    104KB

  • MD5

    6e27023aab1197a071abf2e914c63332

  • SHA1

    83377e5de06befb014b9f0392f5519d702f88ba2

  • SHA256

    817820d64dbb1d2f3e63ca3cbce1259fbdb9e5c8cd98b8ae005fdfe7731ce7eb

  • SHA512

    be8d0a950f4e9d3de9f9e2496508597b51dfaa212d2f38eaa14b61259b6c0888d0d931d5e1a409bfb35829cd3894e9296e62b2b84a5e324003d99af337d4e59a

  • SSDEEP

    1536:M0NlConoPtbkuOL5vLJWnYlrbPMPXvPWPRPpPLCOzSo4BszKhyMee+FWMktOOqwT:hPgErlLCO14BiKhyMN+FPLI

Score
8/10

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Checks computer location settings 2 TTPs 1 IoCs

    Looks up country code configured in the registry, likely geofence.

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

  • Suspicious use of SetWindowsHookEx 2 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\817820d64dbb1d2f3e63ca3cbce1259fbdb9e5c8cd98b8ae005fdfe7731ce7eb.exe
    "C:\Users\Admin\AppData\Local\Temp\817820d64dbb1d2f3e63ca3cbce1259fbdb9e5c8cd98b8ae005fdfe7731ce7eb.exe"
    1⤵
    • Checks computer location settings
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:4588
    • C:\Users\Admin\nauru.exe
      "C:\Users\Admin\nauru.exe"
      2⤵
      • Executes dropped EXE
      • Suspicious use of SetWindowsHookEx
      PID:1080

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\nauru.exe
    Filesize

    104KB

    MD5

    3a0337401e524cb1c4c08558f7d2799e

    SHA1

    31bb0969d4d4a9371714353352fbe1317ed2b91d

    SHA256

    bb803a7ba20a3c7b64e685a39164ef8998da4124646bd49d759306e9ee2b5c43

    SHA512

    8b7dbbf472942279651e4c9cef7f1e6eece18f69528a9ff5ba6b0b83eb7208f3283bca4f548807a03d45266ac76cc05fa812a63822ec77aa9c2f73cacb25e7ce

    Download Submit

  • C:\Users\Admin\nauru.exe
    Filesize

    104KB

    MD5

    3a0337401e524cb1c4c08558f7d2799e

    SHA1

    31bb0969d4d4a9371714353352fbe1317ed2b91d

    SHA256

    bb803a7ba20a3c7b64e685a39164ef8998da4124646bd49d759306e9ee2b5c43

    SHA512

    8b7dbbf472942279651e4c9cef7f1e6eece18f69528a9ff5ba6b0b83eb7208f3283bca4f548807a03d45266ac76cc05fa812a63822ec77aa9c2f73cacb25e7ce

    Download Submit