7b9c10f62232b4f3281b0363cd785fff73d2df2daaed2db4a15fec945f0495f3

Analysis

max time kernel
145s
max time network
158s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
06/11/2022, 08:24

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

7b9c10f62232b4f3281b0363cd785fff73d2df2daaed2db4a15fec945f0495f3.exe
Size

13KB
MD5

3042ef3a51eb76c91beafb2df85db1f0
SHA1

04680aeaf25c6910ff32a2b2b0b4d1e694d02c6c
SHA256

7b9c10f62232b4f3281b0363cd785fff73d2df2daaed2db4a15fec945f0495f3
SHA512

aef8141e82acf8ae95288fba48d5007b89200ecf3e586b3abfb8c2e39806ff954a9a06e853b305f9eec34a3b87c33b39da7686bcf6c36d99384f603b28974e9c
SSDEEP

192:vLoUp8hdO7+6ZJzWFAKGlLCl1oynzcN16uCcbJrAAAAA4mv4UL23:vLoUqhdO7+eN6GWl1pcG4rAAAAAHZw

Score

8^/10

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
1948	operaupdater.exe

Loads dropped DLL 1 IoCs

pid	Process
1644	7b9c10f62232b4f3281b0363cd785fff73d2df2daaed2db4a15fec945f0495f3.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

System Information Discovery
T1082

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 1644 wrote to memory of 1948	1644	7b9c10f62232b4f3281b0363cd785fff73d2df2daaed2db4a15fec945f0495f3.exe	28
PID 1644 wrote to memory of 1948	1644	7b9c10f62232b4f3281b0363cd785fff73d2df2daaed2db4a15fec945f0495f3.exe	28
PID 1644 wrote to memory of 1948	1644	7b9c10f62232b4f3281b0363cd785fff73d2df2daaed2db4a15fec945f0495f3.exe	28
PID 1644 wrote to memory of 1948	1644	7b9c10f62232b4f3281b0363cd785fff73d2df2daaed2db4a15fec945f0495f3.exe	28
PID 1644 wrote to memory of 1948	1644	7b9c10f62232b4f3281b0363cd785fff73d2df2daaed2db4a15fec945f0495f3.exe	28
PID 1644 wrote to memory of 1948	1644	7b9c10f62232b4f3281b0363cd785fff73d2df2daaed2db4a15fec945f0495f3.exe	28
PID 1644 wrote to memory of 1948	1644	7b9c10f62232b4f3281b0363cd785fff73d2df2daaed2db4a15fec945f0495f3.exe	28

C:\Users\Admin\AppData\Local\Temp\7b9c10f62232b4f3281b0363cd785fff73d2df2daaed2db4a15fec945f0495f3.exe
"C:\Users\Admin\AppData\Local\Temp\7b9c10f62232b4f3281b0363cd785fff73d2df2daaed2db4a15fec945f0495f3.exe"
1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:1644
- C:\Users\Admin\AppData\Local\Temp\operaupdater.exe
  "C:\Users\Admin\AppData\Local\Temp\operaupdater.exe"
  2⤵
  - Executes dropped EXE
  PID:1948

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\operaupdater.exe

Filesize
13KB

MD5
bd961ea60256ee21e844679523a77405

SHA1
41b6447f614fb03b0c8ffa557b6002454ccbd16c

SHA256
6a8f93fc42b49d3e0f58ee5df0fc861f79779fdd1c3aace0605a771edc04d255

SHA512
b58e12459e15c2693ad3a43f7a2be624a5f96ad49d1bdf327e566c72c9ca8a2e4da9d96af8d0776bd37c629c2dc9db9dee872fa183e192992c30b92d76d7a9e7

Download Submit
C:\Users\Admin\AppData\Local\Temp\operaupdater.exe

Filesize
13KB

MD5
bd961ea60256ee21e844679523a77405

SHA1
41b6447f614fb03b0c8ffa557b6002454ccbd16c

SHA256
6a8f93fc42b49d3e0f58ee5df0fc861f79779fdd1c3aace0605a771edc04d255

SHA512
b58e12459e15c2693ad3a43f7a2be624a5f96ad49d1bdf327e566c72c9ca8a2e4da9d96af8d0776bd37c629c2dc9db9dee872fa183e192992c30b92d76d7a9e7

Download Submit
\Users\Admin\AppData\Local\Temp\operaupdater.exe

Filesize
13KB

MD5
bd961ea60256ee21e844679523a77405

SHA1
41b6447f614fb03b0c8ffa557b6002454ccbd16c

SHA256
6a8f93fc42b49d3e0f58ee5df0fc861f79779fdd1c3aace0605a771edc04d255

SHA512
b58e12459e15c2693ad3a43f7a2be624a5f96ad49d1bdf327e566c72c9ca8a2e4da9d96af8d0776bd37c629c2dc9db9dee872fa183e192992c30b92d76d7a9e7

Download Submit
memory/1644-54-0x0000000075A11000-0x0000000075A13000-memory.dmp

Filesize
8KB

Download