Overview

overview

7

Static

static

d9b8263d23...13.exe

windows7-x64

7

d9b8263d23...13.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    112s
  • max time network
    127s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20220901-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20220901-enlocale:en-usos:windows10-2004-x64system
  • submitted
    11/10/2022, 06:35

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    d9b8263d23ef8e92bef37d8f0a59dc517e0ca0cb47b9f82b5706451267463e13.exe

  • Size

    105KB

  • MD5

    1f449d7a47024c652e5e891d46cdd93b

  • SHA1

    cf40e5d198eb044fd49340528b44bc383451f9cf

  • SHA256

    d9b8263d23ef8e92bef37d8f0a59dc517e0ca0cb47b9f82b5706451267463e13

  • SHA512

    2a621410fba4c562973f746ba35957bded436cf6829388edf5825ce14a507859e284ee939c1be54d02d6a1f08bd550d81776e6cb195c1bb56c73932938454afb

  • SSDEEP

    3072:CkRGnBcBSFWV1kWZO5gIA1sHJqJKBYOgJBwS8t1lox1xd1pCi:WcDg5o6HJNqO4BUaXd1pCi

Score
7/10

Malware Config

Signatures

  • Drops startup file 2 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

  • Suspicious use of FindShellTrayWindow 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\d9b8263d23ef8e92bef37d8f0a59dc517e0ca0cb47b9f82b5706451267463e13.exe
    "C:\Users\Admin\AppData\Local\Temp\d9b8263d23ef8e92bef37d8f0a59dc517e0ca0cb47b9f82b5706451267463e13.exe"
    1⤵
    • Drops startup file
    • Suspicious use of FindShellTrayWindow
    PID:3140

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads