Overview

overview

8

Static

static

cb6827ac3d...76.exe

windows7-x64

8

cb6827ac3d...76.exe

windows10-2004-x64

8

Analysis

  • max time kernel
    116s
  • max time network
    155s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20220812-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
  • submitted
    19-10-2022 21:41

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    cb6827ac3df14effa0674689b97e47289c837bdb20548fc826676b9504c32d76.exe

  • Size

    18KB

  • MD5

    a0beac55bb85e9beedd1fb3df64d4890

  • SHA1

    a26c0417c08dc463f71cc3ebb688f4261d90f586

  • SHA256

    cb6827ac3df14effa0674689b97e47289c837bdb20548fc826676b9504c32d76

  • SHA512

    215e7ee11eb7b08c3b386d20d1c95ca65439bad1fee8464db7f21d33db1ab79abf4ac9e35a1dfa36d4291eb7827a7ee33b25a05513d7ee6bb438ca4a78efcf3e

  • SSDEEP

    192:ZdSekEVgsoqe0jc1M7cLa2gcKiQWm/L32S5WpkdbXftbrsY5s:ZdSeP+M7cWoKiQ/iSU6dbXlbrsYO

Score
8/10

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Checks computer location settings 2 TTPs 1 IoCs

    Looks up country code configured in the registry, likely geofence.

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\cb6827ac3df14effa0674689b97e47289c837bdb20548fc826676b9504c32d76.exe
    "C:\Users\Admin\AppData\Local\Temp\cb6827ac3df14effa0674689b97e47289c837bdb20548fc826676b9504c32d76.exe"
    1⤵
    • Checks computer location settings
    • Suspicious use of WriteProcessMemory
    PID:1168
    • C:\Users\Admin\AppData\Local\Temp\rupdater.exe
      "C:\Users\Admin\AppData\Local\Temp\rupdater.exe"
      2⤵
      • Executes dropped EXE
      PID:4952

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\rupdater.exe
    Filesize

    19KB

    MD5

    3a24f085d1444fec030d23356df55ad7

    SHA1

    42b49e93299a4e9b521da5c336d49add52b4955b

    SHA256

    a6df2f7ded81285b9ccbdafdf52ec95a8a995d3bf5c53d7f9935c725c8ee8c1f

    SHA512

    b19e42eec4b2d781a6c9e0d20da627a09cbbdc9f787bc6d2d134b8f99396b0dcb7038fd3bde5d4f595f99a80478fc347aa83e0550a8c167cb6524cfce5360173

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\rupdater.exe
    Filesize

    19KB

    MD5

    3a24f085d1444fec030d23356df55ad7

    SHA1

    42b49e93299a4e9b521da5c336d49add52b4955b

    SHA256

    a6df2f7ded81285b9ccbdafdf52ec95a8a995d3bf5c53d7f9935c725c8ee8c1f

    SHA512

    b19e42eec4b2d781a6c9e0d20da627a09cbbdc9f787bc6d2d134b8f99396b0dcb7038fd3bde5d4f595f99a80478fc347aa83e0550a8c167cb6524cfce5360173

    Download Submit