Overview

overview

7

Static

static

2d01f6a9dd...15.exe

windows7-x64

3

2d01f6a9dd...15.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    137s
  • max time network
    156s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20220812-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
  • submitted
    03/10/2022, 23:42

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    2d01f6a9ddfb230e877f58b1095cefb2fcdbc247e81e8399764e5574e6114815.exe

  • Size

    196KB

  • MD5

    5c7480d47c89cd43aa33dc021baa29d0

  • SHA1

    0251ba226fccd230e915646fa9be4be0b9387d3a

  • SHA256

    2d01f6a9ddfb230e877f58b1095cefb2fcdbc247e81e8399764e5574e6114815

  • SHA512

    b74ec19632b199fece4313377635ee9680729bd06926ae18940cff1295009816ba4f98b6d2b17e4f4d4489f0766c0f619e8e4b95ec5d1a3899e41772e51a9406

  • SSDEEP

    3072:aM65zTN7RH9Avfv3fpp0dL5qxpubZyejITv9fXFg1:1mTNJ0fv3Bp0dLiobP+v9fVa

Score
7/10

Malware Config

Signatures

  • Checks computer location settings 2 TTPs 1 IoCs

    Looks up country code configured in the registry, likely geofence.

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

  • Runs ping.exe 1 TTPs 1 IoCs
  • Suspicious use of WriteProcessMemory 6 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\2d01f6a9ddfb230e877f58b1095cefb2fcdbc247e81e8399764e5574e6114815.exe
    "C:\Users\Admin\AppData\Local\Temp\2d01f6a9ddfb230e877f58b1095cefb2fcdbc247e81e8399764e5574e6114815.exe"
    1⤵
    • Checks computer location settings
    • Suspicious use of WriteProcessMemory
    PID:628
    • C:\Windows\SysWOW64\cmd.exe
      "C:\Windows\system32\cmd.exe" /c "C:\Users\Admin\AppData\Local\Temp\650E.tmp.bat" >> NUL
      2⤵
      • Suspicious use of WriteProcessMemory
      PID:3564
      • C:\Windows\SysWOW64\PING.EXE
        ping 127.0.0.1 -n 2 -w 1000
        3⤵
        • Runs ping.exe
        PID:3684

Network

        MITRE ATT&CK Enterprise v6

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Users\Admin\AppData\Local\Temp\650E.tmp.bat
          Filesize

          130B

          MD5

          a3f8bff6259511e55fbc21aa7f0d302e

          SHA1

          2edff6cd037401c61d7f0434cfd1768ec43c0a0e

          SHA256

          fb69fbe41e6f9cfc8aa289bf5e8986548d35af79e2252b9f4e7035f5af2c094b

          SHA512

          0041bfe1cd2ebc004d2a0ea0f3944a69923abda85accfb434c2b3b66edcbd5d0437fc87ca337c875fcc55b88ffb9de5f5afaf300acd020a40f6f6d9259c6a68e

          Download Submit