Overview

overview

8

Static

static

5033859217...b7.exe

windows7-x64

8

5033859217...b7.exe

windows10-2004-x64

8

Analysis

  • max time kernel
    57s
  • max time network
    53s
  • platform
    windows7_x64
  • resource
    win7-20220901-en
  • resource tags

    arch:x64arch:x86image:win7-20220901-enlocale:en-usos:windows7-x64system
  • submitted
    29/10/2022, 15:54

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    50338592178ead92cfe4b287e45ef6e7f202fdfcd17a39500f85bad5cb165cb7.exe

  • Size

    179KB

  • MD5

    2927ec35dbe114b9ed78e123012c1aec

  • SHA1

    ddfe99b11689ae37492ec9c40e701b813c32399e

  • SHA256

    50338592178ead92cfe4b287e45ef6e7f202fdfcd17a39500f85bad5cb165cb7

  • SHA512

    c4b7a66fa9deca3d5f8ef2395532ad663c7981511a03dee552603de6d9bd909ee6f0567a1e39636c19abc455aeeb0b488c445ceb9840b3dff8648484ac04528a

  • SSDEEP

    3072:nBAp5XhKpN4eOyVTGfhEClj8jTk+0hEobv00xXqi3alThZ2NaLMY482:qbXE9OiTGfhEClq9F2

Score
8/10

Malware Config

Signatures

  • Blocklisted process makes network request 2 IoCs
  • Drops file in Drivers directory 3 IoCs
  • Drops file in Program Files directory 4 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

  • Suspicious use of WriteProcessMemory 12 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\50338592178ead92cfe4b287e45ef6e7f202fdfcd17a39500f85bad5cb165cb7.exe
    "C:\Users\Admin\AppData\Local\Temp\50338592178ead92cfe4b287e45ef6e7f202fdfcd17a39500f85bad5cb165cb7.exe"
    1⤵
    • Drops file in Program Files directory
    • Suspicious use of WriteProcessMemory
    PID:1364
    • C:\Windows\SysWOW64\cmd.exe
      cmd /c ""C:\Program Files (x86)\Koa Gioaf\LpZ\another_way_to_point.bat" "
      2⤵
      • Drops file in Drivers directory
      PID:1372
    • C:\Windows\SysWOW64\WScript.exe
      "C:\Windows\System32\WScript.exe" "C:\Program Files (x86)\Koa Gioaf\LpZ\try_LSD_bitch.vbs"
      2⤵
      • Blocklisted process makes network request
      PID:996
    • C:\Windows\SysWOW64\WScript.exe
      "C:\Windows\System32\WScript.exe" "C:\Program Files (x86)\Koa Gioaf\LpZ\take_some_salt.vbs"
      2⤵
      • Drops file in Drivers directory
      PID:320

Network

        MITRE ATT&CK Enterprise v6

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Program Files (x86)\Koa Gioaf\LpZ\another_way_to_point.bat
          Filesize

          2KB

          MD5

          db5f3673a4dc74d0da3f273cff31a279

          SHA1

          9b4d556d6524e687c0f31f412386f67c69c26459

          SHA256

          0a76597228bbc81d4fa059cb6b2e256cfbf2f0638e60b01798957d1802d7bea3

          SHA512

          b259177040f3d7445b27330d88ed0e6a9417a7172eb535ee394d2f58788086acd0ced330b58c72f9d67b5a224d91b4d128b54743c2078191aecbf96e1b96d5ff

          Download Submit

        • C:\Program Files (x86)\Koa Gioaf\LpZ\faka.sa
          Filesize

          44B

          MD5

          4238759abaf72f4f95870408ffea8424

          SHA1

          db4ca2996840a544a604f19797ef77ffb6c4c25c

          SHA256

          ce77105b3fd1b9caf749b1d6daffe7a7980f8313d0b2ef31fbffd3664454f1f1

          SHA512

          de0b9edfef5775bbc33a7761114c6ccc71b6b8b6f91feed1044f37a05e8a1ab1f828edfc5b5e60712044f88d1520df15eda72bc182f73d111ef13f0bb154c986

          Download Submit

        • C:\Program Files (x86)\Koa Gioaf\LpZ\take_some_salt.vbs
          Filesize

          618B

          MD5

          258c1300c42c86757415d6cf4271f4c3

          SHA1

          726ee6dc5261bf7e43a0648a27909e8ced860ac5

          SHA256

          0f3feda028b050f2421b2092c7556dffdceb1f49d5670a43db7c986bf524f7d8

          SHA512

          f5d5d6ab11b93f0048d9ebb0a3c435911b358c2e99f1729c13607f458f9b5e8afa66f0d4bfa74770556c04c1493c78d7efd0810ef9fd1b0be6f5ef001f5aa163

          Download Submit

        • C:\Program Files (x86)\Koa Gioaf\LpZ\try_LSD_bitch.vbs
          Filesize

          357B

          MD5

          3807cd93fe40c05f43450ca9f106fd6f

          SHA1

          d26883819bf247d6db51c82418ed909d09aab8a2

          SHA256

          20cd6c934766b48ff53bb4f97f1c387484d142e6fc2b2af9ca60d95afd6e151b

          SHA512

          cae7461e98f2abda2a3bdd8a6a116b7261ad734f4d0b31b6df3514b509f6a03ad7cdb25c9409be653490d033e735287d0b913efbf4687283bdcbf11c8d7281d1

          Download Submit

        • C:\Windows\System32\drivers\etc\hosts
          Filesize

          1KB

          MD5

          1b1fd635e933bd857dc5d56f3e76a98c

          SHA1

          6a3edd5a88e1c6da782e8ab3b64c9e2759e4b202

          SHA256

          bcffc20c6ac48224e198fa67a6c7579e68b10178f61f60dd2ac85f4ea497c069

          SHA512

          b901834197e1e0c451a8ef5ac02550bba7a1dbcf3c017699f6413d3cddf80e7121985423985fb4e7578da9125cee4672b3b4b5320b68eced02ce8dfa560d00fd

          Download Submit

        • memory/1364-54-0x0000000075091000-0x0000000075093000-memory.dmp

          Filesize

          8KB

          Download