ef0e17258664bb95ce4cf4f3b2d437f4aa8b9e51b6f64584625b6035e6882dbb

Analysis

max time kernel
3s
max time network
147s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
29-10-2022 07:21

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

ef0e17258664bb95ce4cf4f3b2d437f4aa8b9e51b6f64584625b6035e6882dbb.exe
Size

538KB
MD5

63686e73d0b3d9c374248e54938f5d36
SHA1

a84ab7897b7024ef1536bea1db4114d4389284b6
SHA256

ef0e17258664bb95ce4cf4f3b2d437f4aa8b9e51b6f64584625b6035e6882dbb
SHA512

a31d338df098a82f8563b02eb9ad8c60bdc345c1876b359047c10c4a1517c778335cd18c0f319bd5a7205282b5e772d84994555ab8021f40122bc447d0c78111
SSDEEP

12288:fBpv5l6CUJbrYgx/gOSEuxJArYqMWVj5UNc//////j:JpRliSgxjSEuxJAr7MWqc//////j

Score

3^/10

Malware Config

Signatures

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

System Information Discovery
T1082

C:\Users\Admin\AppData\Local\Temp\ef0e17258664bb95ce4cf4f3b2d437f4aa8b9e51b6f64584625b6035e6882dbb.exe
"C:\Users\Admin\AppData\Local\Temp\ef0e17258664bb95ce4cf4f3b2d437f4aa8b9e51b6f64584625b6035e6882dbb.exe"
1⤵
PID:1960
- C:\Users\Admin\AppData\Local\Temp\ha_markeritis.exe
  C:\Users\Admin\AppData\Local\Temp\ha_markeritis.exe
  2⤵
  PID:1776

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\ha_markeritis.exe

Filesize
23KB

MD5
a128bdba49597f4e217ce903b8338653

SHA1
e21d660c60906cd7addc7764a81b7ecded086bb2

SHA256
c22a6dac7990ba112c238cd350e32377214dad5f38145dd18a395d9a6fcedca5

SHA512
dd9e30c6cef5bffcda2bc57def42ff5267a58b5cf9e2f0e5d2497a6cdac3f13c83c652d81715489553a5b8612bc9865aded918c7e4ef6940b230768154e19ea7

Download Submit
C:\Users\Admin\AppData\Local\Temp\ha_markeritis.exe

Filesize
8KB

MD5
f19ea7dc27b75f4bf2715e32c2746802

SHA1
8778235dfc648a4a6a848d214329c2115e6badb1

SHA256
02f0fc19dcd7376d678c4fc616dbc1bed0833dce3018aeeed31a8a2d9acca654

SHA512
fa76d1e70d56c14e43d89cc5b99f494338049308566e354664a5b373e163dc4258848254823892ed393a2d9d977e00e3970ef26a91c96c97c1c54259b18091e1

Download Submit
\Users\Admin\AppData\Local\Temp\ha_markeritis.exe

Filesize
32KB

MD5
e836b668e2ff41f5b1d747229689bfa0

SHA1
451d592d6e4ff9a4f4a500c12463862a282936a3

SHA256
bb4e2f9706344989abdbe594c45f27dbf322d16f02b78575fbea9d2f2ab0d50b

SHA512
a3cc229ede8904529a1770d2a46a911d207b76c5b5205b96db090b28af3d55e7161a5c842068f979ffbadc236b802920a9984e2c66a5990c9f2e156c59020a0a

Download Submit
\Users\Admin\AppData\Local\Temp\ha_markeritis.exe

Filesize
13KB

MD5
40b3affb968cf8336aae7b8d128ebec5

SHA1
f09f0f3c00b408a682c4700d185a8e26530b3753

SHA256
c0bd5465ee20a7160111607c9da2950735433ad541f24dcfa46b9eb2a7655e31

SHA512
923772f2608ece5110f3483adf91ddb6066b64bd369ccf361220bebc342bdd8b5671fd78d34a8d11b4dca3c9f0835df4183133f946f1c0c5d1563b776e90b9d3

Download Submit
\Users\Admin\AppData\Local\Temp\ha_markeritis.exe

Filesize
19KB

MD5
58b3530a5f60e3323635533881e5a7bb

SHA1
8f7e05771dbe7eadbc21cec59dbcd8ac6ec06ee3

SHA256
c4b616d7872249f15c18073a7d55c56fe919995876d4c002845e1738b1603aa5

SHA512
68c923df352b40d1cf3fb499016fb8071991751466b11aa89b5b28cecd2d15e8469764cfd1001da48d0f900c39417551b29512798f428adc086b8820abea64cf

Download Submit
\Users\Admin\AppData\Local\Temp\ha_markeritis.exe

Filesize
26KB

MD5
4238e176221d1eab64e5fc81166601be

SHA1
45cbfac10b4d4f74eb6e276e95e47196e500379a

SHA256
14a90408bf2ea8717959707111517c039c9565c1f49ec1626b3413329202ba93

SHA512
90dc2d6c49129d3c9e886f09ccef6d72ac7ac1ff8c7e4c19eb36894f7d0ba0ef220770f3fdf92bda712f82d85b137e6fcec857af3bfba66fb749ada178540d08

Download Submit
\Users\Admin\AppData\Local\Temp\ha_markeritis.exe

Filesize
17KB

MD5
c4ac9ce1368b9ae7bc68a6f689a12bb9

SHA1
cfd6cf1624ef7b05611ef38a1d6dce2ec5b0e643

SHA256
bc73d855295cf87e7cebd80850574ed47fcf194026feddd0a6f30468187b690e

SHA512
8ef92ffa64d36418e168bd1f1d6289791e6ba080fec8d4fa7d5b96f6b03c9c79dea4ad8fb0cd4aa8423c18178bba896aa8021e5033f2017678f99a58329d9173

Download Submit
\Users\Admin\AppData\Local\Temp\nsj655A.tmp\System.dll

Filesize
10KB

MD5
810f3a0aefe36a9f63e29e604bea91a9

SHA1
2559d3d4adf51f8ecbe2d07e669e344eb7d0bd80

SHA256
f160eb7a1b4eb8d2e99e7424ae058acd81ba5019e43cbfa0ce81e3102b356779

SHA512
836b73c38ab60260e1bc81ebf8347e14d02453fc361b7d6f10f137287b8189f8bc43758ce2d9def8fd1c71112aab7ef1930af2d64ae69f6d4e58a6fe17b310bb

Download Submit
\Users\Admin\AppData\Local\Temp\nsj655A.tmp\System.dll

Filesize
10KB

MD5
810f3a0aefe36a9f63e29e604bea91a9

SHA1
2559d3d4adf51f8ecbe2d07e669e344eb7d0bd80

SHA256
f160eb7a1b4eb8d2e99e7424ae058acd81ba5019e43cbfa0ce81e3102b356779

SHA512
836b73c38ab60260e1bc81ebf8347e14d02453fc361b7d6f10f137287b8189f8bc43758ce2d9def8fd1c71112aab7ef1930af2d64ae69f6d4e58a6fe17b310bb

Download Submit
\Users\Admin\AppData\Local\Temp\nsj655A.tmp\System.dll

Filesize
8KB

MD5
2d760158f2a93735f9ed88dd6d15385d

SHA1
8f4d205ef66331e6f156f631aa8f71bcc33220ef

SHA256
12808fd20f9097d2048f152f7eb9e3b65027b70b004b9bcce10a7c5a16d3deff

SHA512
9046e3c415a9139f6fb139d40b3d561cbf09b44ad1acb7f473f578b20924b3ca60ccedf015e3beb16639fa1eed6a5d493840b32d333701f08b78884c2ee7d96e

Download Submit
\Users\Admin\AppData\Local\Temp\nsj655A.tmp\System.dll

Filesize
10KB

MD5
810f3a0aefe36a9f63e29e604bea91a9

SHA1
2559d3d4adf51f8ecbe2d07e669e344eb7d0bd80

SHA256
f160eb7a1b4eb8d2e99e7424ae058acd81ba5019e43cbfa0ce81e3102b356779

SHA512
836b73c38ab60260e1bc81ebf8347e14d02453fc361b7d6f10f137287b8189f8bc43758ce2d9def8fd1c71112aab7ef1930af2d64ae69f6d4e58a6fe17b310bb

Download Submit
\Users\Admin\AppData\Local\Temp\nsj655A.tmp\System.dll

Filesize
10KB

MD5
810f3a0aefe36a9f63e29e604bea91a9

SHA1
2559d3d4adf51f8ecbe2d07e669e344eb7d0bd80

SHA256
f160eb7a1b4eb8d2e99e7424ae058acd81ba5019e43cbfa0ce81e3102b356779

SHA512
836b73c38ab60260e1bc81ebf8347e14d02453fc361b7d6f10f137287b8189f8bc43758ce2d9def8fd1c71112aab7ef1930af2d64ae69f6d4e58a6fe17b310bb

Download Submit
\Users\Admin\AppData\Local\Temp\nsj655A.tmp\System.dll

Filesize
10KB

MD5
810f3a0aefe36a9f63e29e604bea91a9

SHA1
2559d3d4adf51f8ecbe2d07e669e344eb7d0bd80

SHA256
f160eb7a1b4eb8d2e99e7424ae058acd81ba5019e43cbfa0ce81e3102b356779

SHA512
836b73c38ab60260e1bc81ebf8347e14d02453fc361b7d6f10f137287b8189f8bc43758ce2d9def8fd1c71112aab7ef1930af2d64ae69f6d4e58a6fe17b310bb

Download Submit
\Users\Admin\AppData\Local\Temp\nsj655A.tmp\System.dll

Filesize
10KB

MD5
810f3a0aefe36a9f63e29e604bea91a9

SHA1
2559d3d4adf51f8ecbe2d07e669e344eb7d0bd80

SHA256
f160eb7a1b4eb8d2e99e7424ae058acd81ba5019e43cbfa0ce81e3102b356779

SHA512
836b73c38ab60260e1bc81ebf8347e14d02453fc361b7d6f10f137287b8189f8bc43758ce2d9def8fd1c71112aab7ef1930af2d64ae69f6d4e58a6fe17b310bb

Download Submit
\Users\Admin\AppData\Local\Temp\nsj655A.tmp\System.dll

Filesize
10KB

MD5
810f3a0aefe36a9f63e29e604bea91a9

SHA1
2559d3d4adf51f8ecbe2d07e669e344eb7d0bd80

SHA256
f160eb7a1b4eb8d2e99e7424ae058acd81ba5019e43cbfa0ce81e3102b356779

SHA512
836b73c38ab60260e1bc81ebf8347e14d02453fc361b7d6f10f137287b8189f8bc43758ce2d9def8fd1c71112aab7ef1930af2d64ae69f6d4e58a6fe17b310bb

Download Submit
\Users\Admin\AppData\Local\Temp\nsj655A.tmp\System.dll

Filesize
10KB

MD5
810f3a0aefe36a9f63e29e604bea91a9

SHA1
2559d3d4adf51f8ecbe2d07e669e344eb7d0bd80

SHA256
f160eb7a1b4eb8d2e99e7424ae058acd81ba5019e43cbfa0ce81e3102b356779

SHA512
836b73c38ab60260e1bc81ebf8347e14d02453fc361b7d6f10f137287b8189f8bc43758ce2d9def8fd1c71112aab7ef1930af2d64ae69f6d4e58a6fe17b310bb

Download Submit
\Users\Admin\AppData\Local\Temp\nsj655A.tmp\System.dll

Filesize
10KB

MD5
810f3a0aefe36a9f63e29e604bea91a9

SHA1
2559d3d4adf51f8ecbe2d07e669e344eb7d0bd80

SHA256
f160eb7a1b4eb8d2e99e7424ae058acd81ba5019e43cbfa0ce81e3102b356779

SHA512
836b73c38ab60260e1bc81ebf8347e14d02453fc361b7d6f10f137287b8189f8bc43758ce2d9def8fd1c71112aab7ef1930af2d64ae69f6d4e58a6fe17b310bb

Download Submit
\Users\Admin\AppData\Local\Temp\nsj655A.tmp\System.dll

Filesize
10KB

MD5
810f3a0aefe36a9f63e29e604bea91a9

SHA1
2559d3d4adf51f8ecbe2d07e669e344eb7d0bd80

SHA256
f160eb7a1b4eb8d2e99e7424ae058acd81ba5019e43cbfa0ce81e3102b356779

SHA512
836b73c38ab60260e1bc81ebf8347e14d02453fc361b7d6f10f137287b8189f8bc43758ce2d9def8fd1c71112aab7ef1930af2d64ae69f6d4e58a6fe17b310bb

Download Submit
\Users\Admin\AppData\Local\Temp\nsj655A.tmp\System.dll

Filesize
10KB

MD5
810f3a0aefe36a9f63e29e604bea91a9

SHA1
2559d3d4adf51f8ecbe2d07e669e344eb7d0bd80

SHA256
f160eb7a1b4eb8d2e99e7424ae058acd81ba5019e43cbfa0ce81e3102b356779

SHA512
836b73c38ab60260e1bc81ebf8347e14d02453fc361b7d6f10f137287b8189f8bc43758ce2d9def8fd1c71112aab7ef1930af2d64ae69f6d4e58a6fe17b310bb

Download Submit
\Users\Admin\AppData\Local\Temp\nsj655A.tmp\System.dll

Filesize
10KB

MD5
810f3a0aefe36a9f63e29e604bea91a9

SHA1
2559d3d4adf51f8ecbe2d07e669e344eb7d0bd80

SHA256
f160eb7a1b4eb8d2e99e7424ae058acd81ba5019e43cbfa0ce81e3102b356779

SHA512
836b73c38ab60260e1bc81ebf8347e14d02453fc361b7d6f10f137287b8189f8bc43758ce2d9def8fd1c71112aab7ef1930af2d64ae69f6d4e58a6fe17b310bb

Download Submit
memory/1960-54-0x0000000076321000-0x0000000076323000-memory.dmp

Filesize
8KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads