Overview

overview

8

Static

static

8

dd86a5bde1...0c.exe

windows7-x64

8

dd86a5bde1...0c.exe

windows10-2004-x64

8

Analysis

  • max time kernel
    37s
  • max time network
    41s
  • platform
    windows7_x64
  • resource
    win7-20220812-en
  • resource tags

    arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
  • submitted
    21-10-2022 05:15

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    dd86a5bde1d04610f78c3a119f1f814e12c5371d6984adb18518c8839ca0ce0c.exe

  • Size

    124KB

  • MD5

    7cf3a882c0942a5128b8d42c91f8c46f

  • SHA1

    75aef8b803c9a985b2355630359d0880b8e539f8

  • SHA256

    dd86a5bde1d04610f78c3a119f1f814e12c5371d6984adb18518c8839ca0ce0c

  • SHA512

    5ed12cd5697cdc963e37af63f9eb09f5d4a68456e52713ac52a2832e018f1bed364e2ca73fdd098c85c7f0b2e79b3a6d74b457ed6a2d20922af8a7f6353421f9

  • SSDEEP

    1536:IJQBjSrTycWn49lUrCPetV5Pg8Dsa2dNZTwmMYnbN7FQvX+SKsFqb5pPUCjRmkYY:djX6UrCPKPgQ1eZTwmHRZPngdgRs

Score
8/10
upx

Malware Config

Signatures

  • UPX packed file 1 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Deletes itself 1 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\dd86a5bde1d04610f78c3a119f1f814e12c5371d6984adb18518c8839ca0ce0c.exe
    "C:\Users\Admin\AppData\Local\Temp\dd86a5bde1d04610f78c3a119f1f814e12c5371d6984adb18518c8839ca0ce0c.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:748
    • C:\Windows\SysWOW64\cmd.exe
      "C:\Windows\system32\cmd.exe" /q /c "C:\Users\Admin\AppData\Local\Temp\Fvb..bat" > nul 2> nul
      2⤵
      • Deletes itself
      PID:1980

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\Fvb..bat
    Filesize

    274B

    MD5

    4f6239602f727f48a828b2025178bda9

    SHA1

    49a8c24ea9145494866249bc75f90db7958ff82a

    SHA256

    1fd028ec32e318abf721895ab5379b0e1f26a5065857a7bbdfd566401406c82e

    SHA512

    7927ae498553af12749eb98069e0ae3ecc412c7b1fbccf966b5221af7ba419cfa03eef9e76edecabbbcb12c80c9200d8eb294527b1b67e06ccf6a04263102bdd

    Download Submit

  • memory/748-54-0x0000000000400000-0x0000000000421000-memory.dmp

    Filesize

    132KB

    Download

  • memory/748-55-0x0000000074FB1000-0x0000000074FB3000-memory.dmp

    Filesize

    8KB

    Download

  • memory/748-56-0x0000000000400000-0x0000000000421000-memory.dmp

    Filesize

    132KB

    Download

  • memory/748-58-0x0000000000400000-0x0000000000421000-memory.dmp

    Filesize

    132KB

    Download