Analysis

  • max time kernel
    42s
  • max time network
    46s
  • platform
    windows7_x64
  • resource
    win7-20220812-en
  • resource tags

    arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
  • submitted
    28/10/2022, 18:53

General

  • Target

    c7f2950e518a15ce75f336df9ed5fa90f7f13dec25e4ef9470dab1b17183aba4.exe

  • Size

    61KB

  • MD5

    0c06e0424a602fd59ce51a0aecd65130

  • SHA1

    8bf3c8ff7487520387febef57a7245d1bb26a625

  • SHA256

    c7f2950e518a15ce75f336df9ed5fa90f7f13dec25e4ef9470dab1b17183aba4

  • SHA512

    cd3466bd6b381cb9cc6b75b5832ca19aeaca870944c9c737d001bf7ced095d553d786a9a8e16602cb8cb3015376911fe515c876c85fcec3f2d484d4c1e8aa650

  • SSDEEP

    768:bZ/KwcvsijOqve2rtwuP+ya1uesvikB3HlSuAlSKuxgwBavytWl/zW:bZ/KwcvsiIKtwuxgWiktH5AlSwHJlr

Score
3/10

Malware Config

Signatures

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

  • Modifies registry class 12 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\c7f2950e518a15ce75f336df9ed5fa90f7f13dec25e4ef9470dab1b17183aba4.exe
    "C:\Users\Admin\AppData\Local\Temp\c7f2950e518a15ce75f336df9ed5fa90f7f13dec25e4ef9470dab1b17183aba4.exe"
    1⤵
    • Modifies registry class
    PID:832

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/832-54-0x0000000075091000-0x0000000075093000-memory.dmp

    Filesize

    8KB

  • memory/832-55-0x0000000001000000-0x0000000001013000-memory.dmp

    Filesize

    76KB

  • memory/832-56-0x0000000074031000-0x0000000074033000-memory.dmp

    Filesize

    8KB

  • memory/832-57-0x0000000001000000-0x0000000001013000-memory.dmp

    Filesize

    76KB