f38390bf0c34b44ce6fc857294a1dc5010c77eb8e746ae5a3204916c54258861

Analysis

max time kernel
4s
max time network
122s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
29-10-2022 01:55

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

f38390bf0c34b44ce6fc857294a1dc5010c77eb8e746ae5a3204916c54258861.exe
Size

333KB
MD5

7f56018a42c0af21498df939b8689f73
SHA1

5e1043f9afa58630559c83bc6d6fac5c0c39f53c
SHA256

f38390bf0c34b44ce6fc857294a1dc5010c77eb8e746ae5a3204916c54258861
SHA512

7f7a5e60401c8bbb61da8820d5608ef02eb4ab8cee3b0de3ba222b3353c32702835ebe90f138433a3e0afd251e246d0a2c674a79e2fd823f3485fee7bf3c5545
SSDEEP

6144:ZXYJRKf7rGjyHKuNoMs58tnGSDU4afkWyeU3W/+NLjJoxGq6IElz:ZXYufHGjyHKuaMs58tnGSnZmmhFYGq6T

Score

3^/10

Malware Config

Signatures

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

System Information Discovery
T1082

Suspicious use of AdjustPrivilegeToken 2 IoCs

description	pid	Process
Token: 33	1980	f38390bf0c34b44ce6fc857294a1dc5010c77eb8e746ae5a3204916c54258861.exe
Token: SeIncBasePriorityPrivilege	1980	f38390bf0c34b44ce6fc857294a1dc5010c77eb8e746ae5a3204916c54258861.exe

C:\Users\Admin\AppData\Local\Temp\f38390bf0c34b44ce6fc857294a1dc5010c77eb8e746ae5a3204916c54258861.exe
"C:\Users\Admin\AppData\Local\Temp\f38390bf0c34b44ce6fc857294a1dc5010c77eb8e746ae5a3204916c54258861.exe"
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:1980
- C:\Users\Admin\AppData\Local\Xenocode\Sandbox\1.0.0.0\2010.01.15T13.01\Virtual\STUBEXE\@APPDATALOCAL@\Temp\Win.exe
  "C:\Users\Admin\AppData\Local\Temp\Win.exe"
  2⤵
  PID:1512
- - C:\Users\Admin\AppData\Local\Xenocode\Sandbox\1.0.0.0\2010.01.15T13.01\Native\STUBEXE\@SYSTEM@\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 1512 -s 200
    3⤵
    PID:1640

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Xenocode\Sandbox\1.0.0.0\2010.01.15T13.01\Native\STUBEXE\@SYSTEM@\WerFault.exe

Filesize
17KB

MD5
36e3fa60e628d7cbd22bc1dc8ccd6a11

SHA1
7ae9f7da10ee11131aa0f48c8be00ad0a59bce11

SHA256
af12be88da7a4dff7849f9af96130976e137d2c854e699bedccb778dc0842e83

SHA512
0ab35aedae2c77e64f89be4280296cdbda268f91e78d8cdfd07f417f133d4f8fc003f2f40eea3f4b3bf7c78d56bc14c31d0c45616201e25070d53d04f86c4346

Download Submit
C:\Users\Admin\AppData\Local\Xenocode\Sandbox\1.0.0.0\2010.01.15T13.01\Virtual\STUBEXE\@APPDATALOCAL@\Temp\Win.exe

Filesize
17KB

MD5
043c51b5683e79d80cbdbfa00e9f77a4

SHA1
ed18233e54ac7073613f8c334f2c1c3e18290461

SHA256
4d60172a4ff72d67b9d1ced63901e6dd056984e802e9b169ab06fbeebc328c15

SHA512
d98fa9211a191448249e179f2f19907f79cd4ef810cd0a0fcd689ec4f0fb716bd147aeecd9bd8bbf5ab121c754ba02312e8ffd7edda56956df12a31e41642c22

Download Submit
\Users\Admin\AppData\Local\Xenocode\Sandbox\1.0.0.0\2010.01.15T13.01\Native\STUBEXE\@SYSTEM@\WerFault.exe

Filesize
17KB

MD5
36e3fa60e628d7cbd22bc1dc8ccd6a11

SHA1
7ae9f7da10ee11131aa0f48c8be00ad0a59bce11

SHA256
af12be88da7a4dff7849f9af96130976e137d2c854e699bedccb778dc0842e83

SHA512
0ab35aedae2c77e64f89be4280296cdbda268f91e78d8cdfd07f417f133d4f8fc003f2f40eea3f4b3bf7c78d56bc14c31d0c45616201e25070d53d04f86c4346

Download Submit
\Users\Admin\AppData\Local\Xenocode\Sandbox\1.0.0.0\2010.01.15T13.01\Virtual\STUBEXE\@APPDATALOCAL@\Temp\Win.exe

Filesize
17KB

MD5
043c51b5683e79d80cbdbfa00e9f77a4

SHA1
ed18233e54ac7073613f8c334f2c1c3e18290461

SHA256
4d60172a4ff72d67b9d1ced63901e6dd056984e802e9b169ab06fbeebc328c15

SHA512
d98fa9211a191448249e179f2f19907f79cd4ef810cd0a0fcd689ec4f0fb716bd147aeecd9bd8bbf5ab121c754ba02312e8ffd7edda56956df12a31e41642c22

Download Submit
memory/1512-704-0x0000000000400000-0x0000000000407000-memory.dmp

Filesize
28KB

Download
memory/1512-702-0x000000000053B000-0x000000000053D000-memory.dmp

Filesize
8KB

Download
memory/1512-701-0x00000000004F0000-0x000000000055C000-memory.dmp

Filesize
432KB

Download
memory/1640-984-0x00000000003AB000-0x00000000003AD000-memory.dmp

Filesize
8KB

Download
memory/1640-706-0x0000000000360000-0x00000000003CC000-memory.dmp

Filesize
432KB

Download
memory/1640-985-0x0000000001000000-0x000000000105B000-memory.dmp

Filesize
364KB

Download
memory/1640-987-0x0000000000360000-0x00000000003CC000-memory.dmp

Filesize
432KB

Download
memory/1980-105-0x00000000002D0000-0x000000000033C000-memory.dmp

Filesize
432KB

Download
memory/1980-344-0x00000000002D0000-0x000000000033C000-memory.dmp

Filesize
432KB

Download
memory/1980-97-0x00000000002D0000-0x000000000033C000-memory.dmp

Filesize
432KB

Download
memory/1980-95-0x00000000002D0000-0x000000000033C000-memory.dmp

Filesize
432KB

Download
memory/1980-91-0x00000000002D0000-0x000000000033C000-memory.dmp

Filesize
432KB

Download
memory/1980-87-0x00000000002D0000-0x000000000033C000-memory.dmp

Filesize
432KB

Download
memory/1980-85-0x00000000002D0000-0x000000000033C000-memory.dmp

Filesize
432KB

Download
memory/1980-83-0x00000000002D0000-0x000000000033C000-memory.dmp

Filesize
432KB

Download
memory/1980-79-0x00000000002D0000-0x000000000033C000-memory.dmp

Filesize
432KB

Download
memory/1980-77-0x00000000002D0000-0x000000000033C000-memory.dmp

Filesize
432KB

Download
memory/1980-75-0x00000000002D0000-0x000000000033C000-memory.dmp

Filesize
432KB

Download
memory/1980-73-0x00000000002D0000-0x000000000033C000-memory.dmp

Filesize
432KB

Download
memory/1980-71-0x00000000002D0000-0x000000000033C000-memory.dmp

Filesize
432KB

Download
memory/1980-69-0x00000000002D0000-0x000000000033C000-memory.dmp

Filesize
432KB

Download
memory/1980-67-0x00000000002D0000-0x000000000033C000-memory.dmp

Filesize
432KB

Download
memory/1980-65-0x00000000002D0000-0x000000000033C000-memory.dmp

Filesize
432KB

Download
memory/1980-61-0x00000000002D0000-0x000000000033C000-memory.dmp

Filesize
432KB

Download
memory/1980-99-0x00000000002D0000-0x000000000033C000-memory.dmp

Filesize
432KB

Download
memory/1980-345-0x000000000031B000-0x000000000031D000-memory.dmp

Filesize
8KB

Download
memory/1980-59-0x00000000002D0000-0x000000000033C000-memory.dmp

Filesize
432KB

Download
memory/1980-57-0x00000000002D0000-0x000000000033C000-memory.dmp

Filesize
432KB

Download
memory/1980-54-0x00000000002D0000-0x000000000033C000-memory.dmp

Filesize
432KB

Download
memory/1980-101-0x00000000002D0000-0x000000000033C000-memory.dmp

Filesize
432KB

Download
memory/1980-55-0x00000000002D0000-0x000000000033C000-memory.dmp

Filesize
432KB

Download
memory/1980-107-0x00000000002D0000-0x000000000033C000-memory.dmp

Filesize
432KB

Download
memory/1980-109-0x00000000002D0000-0x000000000033C000-memory.dmp

Filesize
432KB

Download
memory/1980-111-0x00000000002D0000-0x000000000033C000-memory.dmp

Filesize
432KB

Download
memory/1980-115-0x00000000002D0000-0x000000000033C000-memory.dmp

Filesize
432KB

Download
memory/1980-117-0x00000000002D0000-0x000000000033C000-memory.dmp

Filesize
432KB

Download
memory/1980-113-0x00000000002D0000-0x000000000033C000-memory.dmp

Filesize
432KB

Download
memory/1980-103-0x00000000002D0000-0x000000000033C000-memory.dmp

Filesize
432KB

Download
memory/1980-93-0x00000000002D0000-0x000000000033C000-memory.dmp

Filesize
432KB

Download
memory/1980-89-0x00000000002D0000-0x000000000033C000-memory.dmp

Filesize
432KB

Download
memory/1980-81-0x00000000002D0000-0x000000000033C000-memory.dmp

Filesize
432KB

Download
memory/1980-986-0x00000000002D0000-0x000000000033C000-memory.dmp

Filesize
432KB

Download
memory/1980-63-0x00000000002D0000-0x000000000033C000-memory.dmp

Filesize
432KB

Download