Overview

overview

5

Static

static

4b963b838e...46.exe

windows7-x64

5

4b963b838e...46.exe

windows10-2004-x64

1

Analysis

  • max time kernel
    40s
  • max time network
    45s
  • platform
    windows7_x64
  • resource
    win7-20220812-en
  • resource tags

    arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
  • submitted
    11/10/2022, 15:31

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    4b963b838eba615aed9d48e6751ed0f9b69cfdac9c6636896e66784cf35aa946.exe

  • Size

    84KB

  • MD5

    27e64a118e3cff3aafa85b3726666621

  • SHA1

    b326fb0a6539c1034d333a87a410d5b00a8e3a5b

  • SHA256

    4b963b838eba615aed9d48e6751ed0f9b69cfdac9c6636896e66784cf35aa946

  • SHA512

    e825104bfa6cc9bda99a89066166f7c9d247da4f6e6d8d93bdcd6b622603454aa0341dd8bf8fd01a126178e84869d12f1c10671b49ee1001b36fd499f41e4aa4

  • SSDEEP

    1536:egJHZs0kDvxLN3CxCuAh1Aga2yM4LlX0tXTcJf:egtG0kt13h1GpLlX02J

Score
5/10

Malware Config

Signatures

  • Suspicious use of SetThreadContext 1 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

  • Suspicious behavior: EnumeratesProcesses 1 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 2 IoCs
  • Suspicious use of WriteProcessMemory 8 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\4b963b838eba615aed9d48e6751ed0f9b69cfdac9c6636896e66784cf35aa946.exe
    "C:\Users\Admin\AppData\Local\Temp\4b963b838eba615aed9d48e6751ed0f9b69cfdac9c6636896e66784cf35aa946.exe"
    1⤵
    • Suspicious use of SetThreadContext
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:1932
    • C:\Users\Admin\AppData\Local\Temp\4b963b838eba615aed9d48e6751ed0f9b69cfdac9c6636896e66784cf35aa946.exe
      C:\Users\Admin\AppData\Local\Temp\4b963b838eba615aed9d48e6751ed0f9b69cfdac9c6636896e66784cf35aa946.exe
      2⤵
        PID:668
    • C:\Windows\SysWOW64\DllHost.exe
      C:\Windows\SysWOW64\DllHost.exe /Processid:{76D0CB12-7604-4048-B83C-1005C7DDC503}
      1⤵
      • Suspicious use of FindShellTrayWindow
      PID:2016

    Network

    MITRE ATT&CK Enterprise v6

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\Local\Temp\4b963b838eba615aed9d48e6751ed0f9b69cfdac9c6636896e66784cf35aa946.jpg
      Filesize

      9KB

      MD5

      1aa773ce36ff38de30b7e7c3ae13d4a7

      SHA1

      d2130fb97b316452a7f9eb2f11a389ced6928b48

      SHA256

      0f802f794550fcb2adaf8ab9d099b41604eb39bc30b99d2daa6703521d14efef

      SHA512

      52fa2745a5c108b7f65d64576c2232228f13a26a534f5cb4ba9f90ed5abc871494798e765194dedb785c60e907a1ae7f405b566d6e6657056ca1ef2198a199d1

      Download Submit

    • memory/668-55-0x0000000000400000-0x0000000000406000-memory.dmp

      Filesize

      24KB

      Download

    • memory/668-56-0x0000000000400000-0x0000000000406000-memory.dmp

      Filesize

      24KB

      Download

    • memory/668-58-0x0000000000400000-0x0000000000406000-memory.dmp

      Filesize

      24KB

      Download

    • memory/668-60-0x0000000000400000-0x0000000000406000-memory.dmp

      Filesize

      24KB

      Download

    • memory/668-66-0x0000000000400000-0x0000000000406000-memory.dmp

      Filesize

      24KB

      Download

    • memory/1932-54-0x0000000075981000-0x0000000075983000-memory.dmp

      Filesize

      8KB

      Download

    • memory/1932-62-0x00000000002E0000-0x00000000002E4000-memory.dmp

      Filesize

      16KB

      Download