Analysis
-
max time kernel
228s -
max time network
253s -
platform
windows10-2004_x64 -
resource
win10v2004-20220812-en -
resource tags
-
submitted
20/10/2022, 05:30
General
-
Target
46fb442e2842dccad4d7e5159f57ce75d29bc974b7c80f7b860f81a444a1bb3b.exe
-
Size
327KB
-
MD5
795675e887c5e5a6b4e03c14f305db30
-
SHA1
71e51057362f6284a1ee3af686d93bc9c2fd60d1
-
SHA256
46fb442e2842dccad4d7e5159f57ce75d29bc974b7c80f7b860f81a444a1bb3b
-
SHA512
3b8102b971f898f9ac15dfe31de05daaddd7fc3f744aec3544a31b255d528069495a464d6a598715939529b32c740597bd5c184850ff7defec34c554238f174e
-
SSDEEP
6144:zuIlWqB+ihabs7Ch9KwyF5LeLodp2D1Mmakda0qL3ks3ih1XGWz:q6Wq4aaE6KwyF5L0Y2D1PqLF3c2Q
Malware Config
Signatures
-
Executes dropped EXE 2 IoCs
-
UPX packed file 2 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
AutoIT Executable 1 IoCs
AutoIT scripts compiled to PE executables.
-
Drops file in System32 directory 1 IoCs
-
Drops file in Windows directory 2 IoCs
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.
-
Suspicious behavior: EnumeratesProcesses 2 IoCs
-
Suspicious use of WriteProcessMemory 12 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\46fb442e2842dccad4d7e5159f57ce75d29bc974b7c80f7b860f81a444a1bb3b.exe"C:\Users\Admin\AppData\Local\Temp\46fb442e2842dccad4d7e5159f57ce75d29bc974b7c80f7b860f81a444a1bb3b.exe"1⤵
- Drops file in System32 directory
- Drops file in Windows directory
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\commander.execommander.exe /C at 9:00 /interactive C:\Windows\svhost.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\at.exeat 9:00 /interactive C:\Windows\svhost.exe3⤵
-
-
-
C:\Windows\SysWOW64\commander.execommander.exe /C schtasks /run /tn at12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\schtasks.exeschtasks /run /tn at13⤵
-
-
Network
MITRE ATT&CK Enterprise v6
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
231KB
MD53517074d6958441a8c689cea98c1c878
SHA1072d8ec9a1573e28e18b1df4939c8b1e2a964b25
SHA256f7b5ecf998b69bc0b962fb6677e8d5e5c31a1c51a881b553bcad8de304c66e09
SHA5124631968e1965ee274dba59d37461cd593d799e5e5fe733638dc98483059593cb67c321cef32790e9e9d659f1b4ccf6bde437d19820a5708bd5411c465661cf07
-
Filesize
231KB
MD53517074d6958441a8c689cea98c1c878
SHA1072d8ec9a1573e28e18b1df4939c8b1e2a964b25
SHA256f7b5ecf998b69bc0b962fb6677e8d5e5c31a1c51a881b553bcad8de304c66e09
SHA5124631968e1965ee274dba59d37461cd593d799e5e5fe733638dc98483059593cb67c321cef32790e9e9d659f1b4ccf6bde437d19820a5708bd5411c465661cf07
-
Filesize
728KB
-
Filesize
728KB