Overview

overview

10

Static

static

10

fa26cc4362...ac.exe

windows7-x64

10

fa26cc4362...ac.exe

windows10-2004-x64

3

Analysis

  • max time kernel
    150s
  • max time network
    188s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20220812-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
  • submitted
    03-10-2022 00:24

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    fa26cc43625d08ad545d1deeb0b458272eeb1837ea3f9a7aa69990e532c0caac.exe

  • Size

    23KB

  • MD5

    4523e4a7a2ea3603cdd9192e784ae5f0

  • SHA1

    b653dfee3b0c95d4477db579583bde29a0fe4639

  • SHA256

    fa26cc43625d08ad545d1deeb0b458272eeb1837ea3f9a7aa69990e532c0caac

  • SHA512

    0ef746b0beeaab8974282a9a1c7c516620030a73d97386bf069fc9b83d178b729710db7e39b52fe2fb1b71159c3522b57d0b180973e4d749caa54dfa3ebce962

  • SSDEEP

    384:VoWtkEwn65rgjAsGipk53D16IgXakhbZD0mRvR6JZlbw8hqIusZzZca:a7O89p9rRpcnu8

Score
3/10

Malware Config

Signatures

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

  • Modifies registry class 2 IoCs
  • Suspicious use of SetWindowsHookEx 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\fa26cc43625d08ad545d1deeb0b458272eeb1837ea3f9a7aa69990e532c0caac.exe
    "C:\Users\Admin\AppData\Local\Temp\fa26cc43625d08ad545d1deeb0b458272eeb1837ea3f9a7aa69990e532c0caac.exe"
    1⤵
    • Modifies registry class
    PID:3500
  • C:\Windows\system32\OpenWith.exe
    C:\Windows\system32\OpenWith.exe -Embedding
    1⤵
    • Modifies registry class
    • Suspicious use of SetWindowsHookEx
    PID:2024

Network

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

1
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/3500-132-0x00000000749B0000-0x0000000074F61000-memory.dmp
    Filesize

    5.7MB

    Download
  • memory/3500-133-0x00000000749B0000-0x0000000074F61000-memory.dmp
    Filesize

    5.7MB

    Download