c7f2950e518a15ce75f336df9ed5fa90f7f13dec25e4ef9470dab1b17183aba4

Analysis

max time kernel
42s
max time network
46s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
28/10/2022, 18:53

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

c7f2950e518a15ce75f336df9ed5fa90f7f13dec25e4ef9470dab1b17183aba4.exe
Size

61KB
MD5

0c06e0424a602fd59ce51a0aecd65130
SHA1

8bf3c8ff7487520387febef57a7245d1bb26a625
SHA256

c7f2950e518a15ce75f336df9ed5fa90f7f13dec25e4ef9470dab1b17183aba4
SHA512

cd3466bd6b381cb9cc6b75b5832ca19aeaca870944c9c737d001bf7ced095d553d786a9a8e16602cb8cb3015376911fe515c876c85fcec3f2d484d4c1e8aa650
SSDEEP

768:bZ/KwcvsijOqve2rtwuP+ya1uesvikB3HlSuAlSKuxgwBavytWl/zW:bZ/KwcvsiIKtwuxgWiktH5AlSwHJlr

Score

3^/10

Malware Config

Signatures

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

System Information Discovery
T1082

Modifies registry class 12 IoCs

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\vcard_wab_auto_file\ = "vCard File"	c7f2950e518a15ce75f336df9ed5fa90f7f13dec25e4ef9470dab1b17183aba4.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\vcard_wab_auto_file\shell\open\command	c7f2950e518a15ce75f336df9ed5fa90f7f13dec25e4ef9470dab1b17183aba4.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\vcard_wab_auto_file\DefaultIcon	c7f2950e518a15ce75f336df9ed5fa90f7f13dec25e4ef9470dab1b17183aba4.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\MIME\Database\Content Type\text/x-vcard	c7f2950e518a15ce75f336df9ed5fa90f7f13dec25e4ef9470dab1b17183aba4.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\vcard_wab_auto_file	c7f2950e518a15ce75f336df9ed5fa90f7f13dec25e4ef9470dab1b17183aba4.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\.vcf	c7f2950e518a15ce75f336df9ed5fa90f7f13dec25e4ef9470dab1b17183aba4.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.vcf\ = "vcard_wab_auto_file"	c7f2950e518a15ce75f336df9ed5fa90f7f13dec25e4ef9470dab1b17183aba4.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.vcf\Content Type = "text/x-vcard"	c7f2950e518a15ce75f336df9ed5fa90f7f13dec25e4ef9470dab1b17183aba4.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\vcard_wab_auto_file\shell\open\command\ = "\"C:\\Program Files (x86)\\Windows Mail\\wab.exe\" /vcard %1"	c7f2950e518a15ce75f336df9ed5fa90f7f13dec25e4ef9470dab1b17183aba4.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\vcard_wab_auto_file\DefaultIcon\ = "\"C:\\Program Files (x86)\\Windows Mail\\wab.exe\",1"	c7f2950e518a15ce75f336df9ed5fa90f7f13dec25e4ef9470dab1b17183aba4.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\MIME\Database\Content Type\text/x-vcard\Extension = ".vcf"	c7f2950e518a15ce75f336df9ed5fa90f7f13dec25e4ef9470dab1b17183aba4.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\.wab	c7f2950e518a15ce75f336df9ed5fa90f7f13dec25e4ef9470dab1b17183aba4.exe

C:\Users\Admin\AppData\Local\Temp\c7f2950e518a15ce75f336df9ed5fa90f7f13dec25e4ef9470dab1b17183aba4.exe
"C:\Users\Admin\AppData\Local\Temp\c7f2950e518a15ce75f336df9ed5fa90f7f13dec25e4ef9470dab1b17183aba4.exe"
1⤵
- Modifies registry class
PID:832

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

memory/832-54-0x0000000075091000-0x0000000075093000-memory.dmp

Filesize
8KB

Download
memory/832-55-0x0000000001000000-0x0000000001013000-memory.dmp

Filesize
76KB

Download
memory/832-56-0x0000000074031000-0x0000000074033000-memory.dmp

Filesize
8KB

Download
memory/832-57-0x0000000001000000-0x0000000001013000-memory.dmp

Filesize
76KB

Download