9d05e6cd8098cdc0a7c1910c2eebeadc3e7f81442bbb69ea41e03390a5e7c9fd

Analysis

max time kernel
20s
max time network
46s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
28/10/2022, 22:30

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

9d05e6cd8098cdc0a7c1910c2eebeadc3e7f81442bbb69ea41e03390a5e7c9fd.exe
Size

932KB
MD5

0f7bfe0b1d83928a4783c8073f91da70
SHA1

6f1d5c1fd1deed3986d9a80c1ca6277e74e29a79
SHA256

9d05e6cd8098cdc0a7c1910c2eebeadc3e7f81442bbb69ea41e03390a5e7c9fd
SHA512

adf931a777d9353fdf153ad49fe37f0f4a5e309016492cad1d6a6478e5cc720d440c1e86700a1bef26adcd028989ae44b61340fd1cf7a63856412d78c73f5508
SSDEEP

12288:71/aGLDCMNpNAkoSzZWD8ayX2MQCw7D0FoWxJpcEi0/3IWV//7cSdAunKMBlRP33:71/aGLDCM4D8ayGMZo8/EsKzpdM7j

Score

3^/10

Malware Config

Signatures

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

System Information Discovery
T1082

C:\Users\Admin\AppData\Local\Temp\9d05e6cd8098cdc0a7c1910c2eebeadc3e7f81442bbb69ea41e03390a5e7c9fd.exe
"C:\Users\Admin\AppData\Local\Temp\9d05e6cd8098cdc0a7c1910c2eebeadc3e7f81442bbb69ea41e03390a5e7c9fd.exe"
1⤵
PID:1080
- C:\ProgramData\gedkw.exe
  "C:\ProgramData\gedkw.exe"
  2⤵
  PID:976

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\ProgramData\Saaaalamm\Mira.h

Filesize
26KB

MD5
41146f8c8599c914ab3175baf640fdfc

SHA1
5360d99898662493d3feda5b0f3448eb30912b0a

SHA256
e6e2d5681f92d6941ea1909282184ccadad8d347298796cec4e2f4ffcfaf9caf

SHA512
1ab3a0852756fe735a3a746cd6bf37ee418934d3d03943b8b38d9e7284740e8713a651cd949d2bdcba5ab2da19ede953df8dd785a3eb2d2ff8d309e9a2051be8

Download Submit
C:\ProgramData\gedkw.exe

Filesize
19KB

MD5
fc6cecd17e02f6f7b0651f28eaed13aa

SHA1
46f1ecf519af1414f6a1bff79a39571553ad63cf

SHA256
042291aa700e44e3fdb016140cd25fd8d29d25300b2375db10887cd6b354eb16

SHA512
5c5404de8034872546e0b49ca5ca8fd339c2026920847c8b67720f617b7bd61f90a7adb62df83cf2313871cf20d9d5d713e8851011b6435dbc1e46ffc811c1cf

Download Submit
C:\ProgramData\gedkw.exe

Filesize
32KB

MD5
0420a121b4213861717bfad422fba7ec

SHA1
ff4620f514968d93e246686b6caf43cea79f3290

SHA256
b521fd8ce0436ebc28127f9935682ca45dd59f36c9f88cecd6fdbcb81d6e5255

SHA512
6e9ed5629b8b0bbf9585809c842ea30f431245e7a0a63d84cd78d4ef8614ce2affbe47be2c5390ecf9480484efcf3318167627e64695b376be54166824ce08ba

Download Submit
\ProgramData\gedkw.exe

Filesize
50KB

MD5
4a2b74a396c705e2fd80d5f08d99164e

SHA1
398ebb98120f3e0b27bd2ba6b33480ba706b0116

SHA256
a2dd943ec3f53685822ea724e7d8a9337db9da4eba4d4e7fb441f7e2fc24b793

SHA512
286e68941046d4d3372d5a22afaf1d0dc3ed555b852f559f8640ddb45084b6c1a8c600df70d0f8384a6010e7a9c9830eaa36f4117c13d4c6a55c1ea97ed587b2

Download Submit
\ProgramData\gedkw.exe

Filesize
41KB

MD5
696405bb2d69989e59c143241f91a8af

SHA1
c7d78a5446a103b955e011c9f41505d1848d3962

SHA256
d7effa24c7863b80f5c0818fe8da6a59acc7574f115f761566fe799c588766ae

SHA512
0672870de527948de19bcc4e3e6f15b665f1485dbfdd17cfb41ea0ac344c8870058466c76c8ee8a7c1e44e3383010bf764fdadaae79a383b519f1d8c709d1257

Download Submit
memory/1080-54-0x0000000076411000-0x0000000076413000-memory.dmp

Filesize
8KB

Download
memory/1080-60-0x0000000000400000-0x000000000044E000-memory.dmp

Filesize
312KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads