Overview

overview

10

Static

static

14da004cc9...d8.dll

windows7-x64

10

14da004cc9...d8.dll

windows10-2004-x64

10

Analysis

  • max time kernel
    38s
  • max time network
    41s
  • platform
    windows7_x64
  • resource
    win7-20220812-en
  • resource tags

    arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
  • submitted
    07-10-2022 19:09

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    14da004cc96b910fb75abb86df09e318d92f4fb8dda39c8bd6a8e0601b6605d8.dll

  • Size

    782KB

  • MD5

    b348a8ea634ee62341dd4d550a59ac2a

  • SHA1

    ae2b651868055c8ce8efed055c152d60601276c1

  • SHA256

    14da004cc96b910fb75abb86df09e318d92f4fb8dda39c8bd6a8e0601b6605d8

  • SHA512

    bc7ddc29182f747fff6f6553a40a4344f51139e8c93d7d0432abdc7d4502a47ea7614c830a5fd0c9ba9b7fe020db3337009fe1ea319d8bfdc917bd1fedc151e1

  • SSDEEP

    12288:MJKq8anpHpFmpoq3vjbL6c1jO4lOXLDw/jv4JCxJj2:AJ8ljCxDwLv4E

Score
10/10
egregorransomware

Malware Config

Signatures

  • Egregor Ransomware

    Variant of the Sekhmet ransomware first seen in September 2020.

    ransomwareegregor
  • Suspicious use of AdjustPrivilegeToken 4 IoCs
  • Suspicious use of WriteProcessMemory 7 IoCs

Processes

  • C:\Windows\system32\regsvr32.exe
    regsvr32 /s C:\Users\Admin\AppData\Local\Temp\14da004cc96b910fb75abb86df09e318d92f4fb8dda39c8bd6a8e0601b6605d8.dll
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:1672
    • C:\Windows\SysWOW64\regsvr32.exe
      /s C:\Users\Admin\AppData\Local\Temp\14da004cc96b910fb75abb86df09e318d92f4fb8dda39c8bd6a8e0601b6605d8.dll
      2⤵
        PID:1580
    • C:\Windows\explorer.exe
      "C:\Windows\explorer.exe"
      1⤵
        PID:1192
      • C:\Windows\system32\AUDIODG.EXE
        C:\Windows\system32\AUDIODG.EXE 0x56c
        1⤵
        • Suspicious use of AdjustPrivilegeToken
        PID:1756

      Network

      MITRE ATT&CK Matrix

      Replay Monitor

      Loading Replay Monitor...

      Downloads

      • memory/1580-56-0x0000000075BD1000-0x0000000075BD3000-memory.dmp

        Filesize

        8KB

        Download

      • memory/1580-57-0x0000000000290000-0x00000000002CF000-memory.dmp

        Filesize

        252KB

        Download

      • memory/1580-63-0x0000000000290000-0x00000000002CF000-memory.dmp

        Filesize

        252KB

        Download

      • memory/1672-54-0x000007FEFBC01000-0x000007FEFBC03000-memory.dmp

        Filesize

        8KB

        Download