f20d4ac6bc6f0873bc106dbbfde21901eb841b0d67ff7f2add9c37a6c2b90da2

Analysis

max time kernel
12s
max time network
48s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
29/10/2022, 05:25

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

f20d4ac6bc6f0873bc106dbbfde21901eb841b0d67ff7f2add9c37a6c2b90da2.exe
Size

60KB
MD5

7ef2517e1c2819fa4ed127f98445dd3d
SHA1

b3fee72f164da60bdb068023bab7dbedfc352150
SHA256

f20d4ac6bc6f0873bc106dbbfde21901eb841b0d67ff7f2add9c37a6c2b90da2
SHA512

ffc886beb1d79f6237d097dfa489a323752ca1b9efd3f5fe8c0b5128d615d24bf3f1ee639a24403bf4b19eb660f293706647a2b198d0f1980b0727f7478caf88
SSDEEP

1536:uFo9rVDgXkfyWjZRwp6/OrCF/w12TItl+zEK:R9GXCZRwpiOY/w12TSvK

Score

3^/10

Malware Config

Signatures

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

System Information Discovery
T1082

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
1980	f20d4ac6bc6f0873bc106dbbfde21901eb841b0d67ff7f2add9c37a6c2b90da2.exe

C:\Users\Admin\AppData\Local\Temp\f20d4ac6bc6f0873bc106dbbfde21901eb841b0d67ff7f2add9c37a6c2b90da2.exe
"C:\Users\Admin\AppData\Local\Temp\f20d4ac6bc6f0873bc106dbbfde21901eb841b0d67ff7f2add9c37a6c2b90da2.exe"
1⤵
- Suspicious use of SetWindowsHookEx
PID:1980
- C:\Users\Admin\xauig.exe
  "C:\Users\Admin\xauig.exe"
  2⤵
  PID:932

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\xauig.exe

Filesize
5KB

MD5
9bb818f862841fcef7db3342d5fdbd36

SHA1
92d1913f36b5ecaad56a8e5ccc0e999650c0e5e6

SHA256
8ccda20c8b261d99203b0388abebd4542131a78be8299ba30eb616622e998b39

SHA512
214463b4474b554172efba775fd4100ddfe10483edde8f5398aa4ba77172acd7b5e40b38325cc4706b620fa57a9f6c752a5418baf9f82356384077270c8981da

Download Submit
C:\Users\Admin\xauig.exe

Filesize
4KB

MD5
7c6ef7f9d68f23d5949eccf048e39849

SHA1
bee285a9596d45028faf49eeb1459835bad63789

SHA256
2ee36898adf73ff8cd49c97705499dea404bd675bd4a70f65f2161208b83d11b

SHA512
b96f8e1692d88d605d88910c3b63f5d4a223e537673dc7d4d303ea7d6c231742d70f08d9cd555ef39226d8902040787b9d60fbbac618ee07094e361475e85110

Download Submit
\Users\Admin\xauig.exe

Filesize
13KB

MD5
e1de1d8b153b4d3d9d270b3c1e5128f9

SHA1
2e38a7a88a47d4eed24110ca9d97bd2d384ccebf

SHA256
d67c62add80146c1fd5903197dbdcee3c5c1c76f8386bb4f3d3760f3c6d02e99

SHA512
efc51aa3d5423cd7942096e14b30c67e062c2f375ba5117fe9eb9392256366bd3408ca2adde5b05237ca18520db7b05ec400856ac7a97d03f4a069282dcd8218

Download Submit
\Users\Admin\xauig.exe

Filesize
27KB

MD5
9158b4e76b32f4c03daa85d8dfc90b73

SHA1
e7b5c8fbda92c2dcff426a4f2a5b6259c5f60419

SHA256
2b56fa89752a1b99fee12b76051a4d786dfb1db8cc95d3fa8089a299f8107b6d

SHA512
88e34a00ea5c712517d16a63df16c7a33093aa0cc8f13d7d1fe0b090bb2c0c03fab9cf0eeea3d851e191d10a0eb3e9685cf5a10106c93f90792972d1334f676b

Download Submit
memory/1980-56-0x00000000756B1000-0x00000000756B3000-memory.dmp

Filesize
8KB

Download