Overview

overview

6

Static

static

1ad8a1483e...77.exe

windows7-x64

6

1ad8a1483e...77.exe

windows10-2004-x64

6

Analysis

  • max time kernel
    24s
  • max time network
    46s
  • platform
    windows7_x64
  • resource
    win7-20220812-en
  • resource tags

    arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
  • submitted
    12/10/2022, 14:52

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    1ad8a1483eeaf7b73cb2427dd778726c77b72789b617346236df8580e5b8d777.exe

  • Size

    512KB

  • MD5

    5e4152fcfbf50569f54b5f8e767c0ecf

  • SHA1

    5098afbee5beb0a9f6d27c3a6197ae39e1173eb7

  • SHA256

    1ad8a1483eeaf7b73cb2427dd778726c77b72789b617346236df8580e5b8d777

  • SHA512

    8ed02dcf6fdc836eb06a0fd829d69cb49d1c6d3276020dc74cc8a6aa2140ec80763f48824e71d1f3eb61844c4d672f851c3e66b30920caa569e6612dccb0997f

  • SSDEEP

    6144:UKrxiyLvmWVXGldpFK4XBPEIXjgQjQMbFko2LAIHo0RfHiYSIYDNBab7Y2:JtLXhupVBcejgQZ+I0RfCfIqNc7Y2

Score
6/10
discovery

Malware Config

Signatures

  • Checks installed software on the system 1 TTPs

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  • Drops file in Program Files directory 3 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

Processes

  • C:\Users\Admin\AppData\Local\Temp\1ad8a1483eeaf7b73cb2427dd778726c77b72789b617346236df8580e5b8d777.exe
    "C:\Users\Admin\AppData\Local\Temp\1ad8a1483eeaf7b73cb2427dd778726c77b72789b617346236df8580e5b8d777.exe"
    1⤵
    • Drops file in Program Files directory
    PID:1020

Network

        MITRE ATT&CK Enterprise v6

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • memory/1020-54-0x00000000762D1000-0x00000000762D3000-memory.dmp

          Filesize

          8KB

          Download