8aad45af9160c2ca8bd362c31dd37bf109766a96a9cacecb1aa848ce5d85f7c9

Analysis

max time kernel
5s
max time network
48s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
29-10-2022 12:32

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

8aad45af9160c2ca8bd362c31dd37bf109766a96a9cacecb1aa848ce5d85f7c9.exe
Size

255KB
MD5

e3fa0d3cca9be11d133a560602deb27c
SHA1

fbb90eb23a4457c24dbbcd05ee500ba2688e606a
SHA256

8aad45af9160c2ca8bd362c31dd37bf109766a96a9cacecb1aa848ce5d85f7c9
SHA512

aff7733b9493edac158329663df337cc6a7ee9c7c8b8630cc15d4c3d7d7dfaca64472480dc6d8f743b117cb5cf369c7f6e2d1b95efae63d94a25d4116080ee6b
SSDEEP

3072:H8Lrufos9CJ3VqDH32GhNvozescJepkvAvOoRKONOG1:sB4L2GhN7ZkkvAvOoRK

Score

8^/10

evasion

Malware Config

Signatures

Modifies Windows Firewall 1 TTPs 1 IoCs

evasion

Modify Existing Service

T1031

pid	Process
2028	netsh.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

System Information Discovery
T1082

C:\Users\Admin\AppData\Local\Temp\8aad45af9160c2ca8bd362c31dd37bf109766a96a9cacecb1aa848ce5d85f7c9.exe
"C:\Users\Admin\AppData\Local\Temp\8aad45af9160c2ca8bd362c31dd37bf109766a96a9cacecb1aa848ce5d85f7c9.exe"
1⤵
PID:1628
- C:\Users\Admin\AppData\Local\Temp\Trojan.exe
  "C:\Users\Admin\AppData\Local\Temp\Trojan.exe"
  2⤵
  PID:1220
- - C:\Windows\system32\netsh.exe
    netsh firewall add allowedprogram "C:\Users\Admin\AppData\Local\Temp\Trojan.exe" "Trojan.exe" ENABLE
    3⤵
    - Modifies Windows Firewall
    PID:2028

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Modify Existing Service

T1031

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Trojan.exe

Filesize
39KB

MD5
78c3a561fccdbb8fb8cc06733eae076e

SHA1
c266f984a06cd3839c549138803b5529e2e5d2bc

SHA256
76c47b002d7a260f1beabad615d2875dd82b9a26d9e62d68ede80b0e069cfbe9

SHA512
3f348334805eb1f56bbb05a5309275120648672c5d02e081bffd51d6fcd5c771c661a8af2bb58c577dde4eb342504580bb5d067ab58f0a61b831de5564e29a2a

Download Submit
C:\Users\Admin\AppData\Local\Temp\Trojan.exe

Filesize
15KB

MD5
6faf25b44e4d48b96cfeee117e197d3f

SHA1
bc76733d331c1bc18986c573328378ab8a56b474

SHA256
75a8375a72d4b8175374eeae7fa55d24a6db11ec4161f4db4df2dcda16570a19

SHA512
b4d7eb9568c117af2ec85c67753fab34f649d37c52d22c51471f62fc1e1f671954ab5ee96c43d2980ef6060d04f48b9e5676934d8f0cc1f8cc0fbbda4faac1f7

Download Submit
memory/1220-59-0x000007FEF47A0000-0x000007FEF51C3000-memory.dmp

Filesize
10.1MB

Download
memory/1220-60-0x000007FEF3070000-0x000007FEF4106000-memory.dmp

Filesize
16.6MB

Download
memory/1220-56-0x0000000000000000-mapping.dmp

Download
memory/1628-54-0x000007FEF47A0000-0x000007FEF51C3000-memory.dmp

Filesize
10.1MB

Download
memory/1628-55-0x000007FEF32B0000-0x000007FEF4346000-memory.dmp

Filesize
16.6MB

Download
memory/2028-61-0x0000000000000000-mapping.dmp

Download
memory/2028-62-0x000007FEFC291000-0x000007FEFC293000-memory.dmp

Filesize
8KB

Download