Analysis

  • max time kernel
    43s
  • max time network
    128s
  • platform
    windows7_x64
  • resource
    win7-20220812-en
  • resource tags

    arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
  • submitted
    14-10-2022 10:16

General

  • Target

    648dec9bf8fc46309755437ea6626b731bc10aeca2f007fddaf29a30f14d166f.exe

  • Size

    76KB

  • MD5

    62243bd3fa524afb5a368b088a284f38

  • SHA1

    5eb8656459319d948b51dedec5aebb71307e69ae

  • SHA256

    648dec9bf8fc46309755437ea6626b731bc10aeca2f007fddaf29a30f14d166f

  • SHA512

    932bd7f5c302f3ec24c7859efcbbcd533843e9d8f61167fce414e9c5698de76765c391272326ba77ecc307837c74a2a189e840bf192db696f2efb38b9face2aa

  • SSDEEP

    1536:VA7sbuq2p6oHUVOAn3wW6/7DcQ/9Dj4g:Kj1soHUVO531/N4g

Score
6/10

Malware Config

Signatures

  • Maps connected drives based on registry 3 TTPs 2 IoCs

    Disk information is often read in order to detect sandboxing environments.

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

  • Enumerates processes with tasklist 1 TTPs 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of SetWindowsHookEx 1 IoCs
  • Suspicious use of WriteProcessMemory 8 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\648dec9bf8fc46309755437ea6626b731bc10aeca2f007fddaf29a30f14d166f.exe
    "C:\Users\Admin\AppData\Local\Temp\648dec9bf8fc46309755437ea6626b731bc10aeca2f007fddaf29a30f14d166f.exe"
    1⤵
    • Maps connected drives based on registry
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:904
    • C:\Windows\SysWOW64\cmd.exe
      "C:\Windows\System32\cmd.exe" /c tasklist&&del 648dec9bf8fc46309755437ea6626b731b
      2⤵
      • Suspicious use of WriteProcessMemory
      PID:1764
      • C:\Windows\SysWOW64\tasklist.exe
        tasklist
        3⤵
        • Enumerates processes with tasklist
        • Suspicious use of AdjustPrivilegeToken
        PID:1768

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/904-56-0x0000000076201000-0x0000000076203000-memory.dmp

    Filesize

    8KB

  • memory/1764-57-0x0000000000000000-mapping.dmp

  • memory/1768-58-0x0000000000000000-mapping.dmp