Overview

overview

8

Static

static

95933fc720...26.exe

windows7-x64

8

95933fc720...26.exe

windows10-2004-x64

8

Analysis

  • max time kernel
    134s
  • max time network
    148s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20220901-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20220901-enlocale:en-usos:windows10-2004-x64system
  • submitted
    11/10/2022, 07:11

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    95933fc72030880c4785c3b5fcd30811b92a57a47c8d8900e4e4d7e01c173026.exe

  • Size

    19KB

  • MD5

    442faf026a1239c64cb78a1e83bb51e0

  • SHA1

    22f3246e32ce65dd9a4f5e2c58fc0ce9045d07c1

  • SHA256

    95933fc72030880c4785c3b5fcd30811b92a57a47c8d8900e4e4d7e01c173026

  • SHA512

    cc7523834f294cbb316d124482479d7c698ff998c8f7d95d43ae76757f857a9930f2ed9fa61868775e6b5a3e4bb118e0a4825b6242c0a726f34be000ac1e037d

  • SSDEEP

    192:0KtkZAO7mBrXH+t/xM8f1eYW0YDCkJEdKXzfm/+t71j+QkC4duC8ffg0WYm+:0KtkZx6aDM81/mCkJ9D+ePkChLW2

Score
8/10

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Checks computer location settings 2 TTPs 2 IoCs

    Looks up country code configured in the registry, likely geofence.

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\95933fc72030880c4785c3b5fcd30811b92a57a47c8d8900e4e4d7e01c173026.exe
    "C:\Users\Admin\AppData\Local\Temp\95933fc72030880c4785c3b5fcd30811b92a57a47c8d8900e4e4d7e01c173026.exe"
    1⤵
    • Checks computer location settings
    • Suspicious use of WriteProcessMemory
    PID:3916
    • C:\Users\Admin\AppData\Local\Temp\sawon.exe
      "C:\Users\Admin\AppData\Local\Temp\sawon.exe"
      2⤵
      • Executes dropped EXE
      • Checks computer location settings
      PID:2200

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\sawon.exe
    Filesize

    19KB

    MD5

    418af4cfd614d8db22c15efd2cea2447

    SHA1

    c418f4a6f72237170a06305a1460ab18806b1498

    SHA256

    51fd5a84f99b07846028eca44279edfef25d7e6ff703c95bc0e804d6ae154fcc

    SHA512

    f025c61b67dd5edeb0f9a12879ead0fc6337e4e01026dd3add34673d732d8c73f3ee9d214e865ee14750ad6d59fce38b5f6ae43f9d4cb8863fe23a0e35f988fa

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\sawon.exe
    Filesize

    19KB

    MD5

    418af4cfd614d8db22c15efd2cea2447

    SHA1

    c418f4a6f72237170a06305a1460ab18806b1498

    SHA256

    51fd5a84f99b07846028eca44279edfef25d7e6ff703c95bc0e804d6ae154fcc

    SHA512

    f025c61b67dd5edeb0f9a12879ead0fc6337e4e01026dd3add34673d732d8c73f3ee9d214e865ee14750ad6d59fce38b5f6ae43f9d4cb8863fe23a0e35f988fa

    Download Submit