Overview

overview

8

Static

static

c0deabd93e...8e.exe

windows7-x64

8

c0deabd93e...8e.exe

windows10-2004-x64

8

Analysis

  • max time kernel
    90s
  • max time network
    142s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20220812-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
  • submitted
    18-10-2022 04:40

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    c0deabd93e6be63b4f05c7a6662b917a2832edc10db886be77d3869ae3304a8e.exe

  • Size

    110KB

  • MD5

    84863eeca8993ae9136d44b41511903f

  • SHA1

    b913c772b46ae4ee1dff981d33a480ffe4cb545a

  • SHA256

    c0deabd93e6be63b4f05c7a6662b917a2832edc10db886be77d3869ae3304a8e

  • SHA512

    286cf2dd7a15675ac0af561d6014cf1cb1d38acc9cf0288cffe6db5b7b91f7d0510fb85e388b74be42582a267a32093d6980a657d6b0e945680e6571ccf12321

  • SSDEEP

    1536:u7IzJdvRNtIBc6oSCv1WMW/3Gk5cTersWjcdK6U0Bbfx:u6HC9C9WZvnqeUK6U0Bbfx

Score
8/10

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Checks computer location settings 2 TTPs 1 IoCs

    Looks up country code configured in the registry, likely geofence.

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

  • Suspicious use of WriteProcessMemory 6 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\c0deabd93e6be63b4f05c7a6662b917a2832edc10db886be77d3869ae3304a8e.exe
    "C:\Users\Admin\AppData\Local\Temp\c0deabd93e6be63b4f05c7a6662b917a2832edc10db886be77d3869ae3304a8e.exe"
    1⤵
    • Checks computer location settings
    • Suspicious use of WriteProcessMemory
    PID:2072
    • C:\Users\Admin\AppData\Local\Temp\biudfw.exe
      "C:\Users\Admin\AppData\Local\Temp\biudfw.exe"
      2⤵
      • Executes dropped EXE
      PID:1180
    • C:\Windows\SysWOW64\cmd.exe
      C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\sanfdr.bat" "
      2⤵
        PID:1984

    Network

    MITRE ATT&CK Enterprise v6

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\Local\Temp\biudfw.exe
      Filesize

      110KB

      MD5

      dd433483683d1fcf0653a89eb762bd4d

      SHA1

      1eec1dff80089700f1b188b66a4504a0883c54ef

      SHA256

      2fb0c4657fb5dfbb80fb3851667b90251447f912a3be08f6f1f27e8a98c79e94

      SHA512

      f5c6a7986de80e7a70be6b426eee323e8bb40635e5a8938de091db81b152a331a3f59dfa434dcb2c5db0745d7b852bae005cd060b809628d2c245306fe463473

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\biudfw.exe
      Filesize

      110KB

      MD5

      dd433483683d1fcf0653a89eb762bd4d

      SHA1

      1eec1dff80089700f1b188b66a4504a0883c54ef

      SHA256

      2fb0c4657fb5dfbb80fb3851667b90251447f912a3be08f6f1f27e8a98c79e94

      SHA512

      f5c6a7986de80e7a70be6b426eee323e8bb40635e5a8938de091db81b152a331a3f59dfa434dcb2c5db0745d7b852bae005cd060b809628d2c245306fe463473

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\golfinfo.ini
      Filesize

      512B

      MD5

      efd90b3ac908d5482af367de3a82184a

      SHA1

      de9f01d2ed0247b7b347e55c5a09721a60147fb9

      SHA256

      44f3db1bb73bb207a88008ae28d0399f888b5714ccccb2056f4148b4455e693d

      SHA512

      6e3355f895af1d81887d5750033c5a139e4a0e1c2c928aeef1fd37f9c191e754b1f524d252c229ea5e744dbef4dd0a8240d9d3443651d42de198e82a197afb02

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\sanfdr.bat
      Filesize

      338B

      MD5

      3ee272e45d38392d1a20f5ab659355df

      SHA1

      77a4b0a8b6bc62f014d3df99aa38a307b7246cbe

      SHA256

      92ec0718840ffc3e32e49ce91bc2c9013ce063df4d7a8bc29c444873679fba23

      SHA512

      8384b5f61f2d8b258d678ba74b5736d33eca21c2a3af615243b86fc44ad6e5097f41ca283ac933686522e017a13c77bbcf7856deb46e6e62794bb8c85a0734b5

      Download Submit

    • memory/1180-133-0x0000000000000000-mapping.dmp

      Download

    • memory/1180-139-0x0000000000270000-0x0000000000297000-memory.dmp

      Filesize

      156KB

      Download

    • memory/1180-141-0x0000000000270000-0x0000000000297000-memory.dmp

      Filesize

      156KB

      Download

    • memory/1180-142-0x0000000000270000-0x0000000000297000-memory.dmp

      Filesize

      156KB

      Download

    • memory/1984-136-0x0000000000000000-mapping.dmp

      Download

    • memory/2072-132-0x0000000000C50000-0x0000000000C77000-memory.dmp

      Filesize

      156KB

      Download

    • memory/2072-137-0x0000000000C50000-0x0000000000C77000-memory.dmp

      Filesize

      156KB

      Download