664110cb21dca93409955f3ca87ca008dfaeac40bd990622d653c76f82d2d1ca

Analysis

max time kernel
40s
max time network
49s
platform
windows7_x64
resource
win7-20220901-en
resource tags

arch:x64arch:x86image:win7-20220901-enlocale:en-usos:windows7-x64system
submitted
21/10/2022, 00:26

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

664110cb21dca93409955f3ca87ca008dfaeac40bd990622d653c76f82d2d1ca.exe
Size

51KB
MD5

75a6e053cb64ad177b693c8b75c09c2a
SHA1

aeb0fb2713015aeaa1eb50bbbf0c4c04acc9ade2
SHA256

664110cb21dca93409955f3ca87ca008dfaeac40bd990622d653c76f82d2d1ca
SHA512

ee17d5811032bc0e503d1a92d27c1ebd1c930d7706beca83d042a9ae4d041f2db5531ad128759aad11f24d948e766de4e1bdac81d42c80006916b591463de34f
SSDEEP

768:04GXdAFiWEYc6o+ip8Rh2BpjILt77frr3Ctnk48x:Em0W06mp8RkBpkLNaBk5x

Score

7^/10

Malware Config

Signatures

Drops startup file 1 IoCs

description	ioc	Process
File created	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\APMV.lnk	664110cb21dca93409955f3ca87ca008dfaeac40bd990622d653c76f82d2d1ca.exe

Loads dropped DLL 1 IoCs

pid	Process
1156	664110cb21dca93409955f3ca87ca008dfaeac40bd990622d653c76f82d2d1ca.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

System Information Discovery
T1082

C:\Users\Admin\AppData\Local\Temp\664110cb21dca93409955f3ca87ca008dfaeac40bd990622d653c76f82d2d1ca.exe
"C:\Users\Admin\AppData\Local\Temp\664110cb21dca93409955f3ca87ca008dfaeac40bd990622d653c76f82d2d1ca.exe"
1⤵
- Drops startup file
- Loads dropped DLL
PID:1156

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

\Users\Admin\AppData\Roaming\APMV\APMV.exe

Filesize
39KB

MD5
0e37391795a0c915d40fe2df6706acd3

SHA1
01064f3c31fb08ff696759b3fea3e91c30bd4422

SHA256
a8232b9fc2be93b2ba96bd70e5121c90b82a62f62fee660aa3944ceaf5c89e11

SHA512
4148c3ff5841aea16d50fd6a916deb0e7f25e9d59f727a3e9c2d0ddb358406d565060698d0533953bfe2d92296cacb2341f5ed18904ad1e70a14dad04a948439

Download Submit
memory/1156-54-0x0000000076461000-0x0000000076463000-memory.dmp

Filesize
8KB

Download