807da526f96455cf70cf2c8105cf72e2b4bc4266491ebf2a767f90a3fb50e0df

Analysis

max time kernel
43s
max time network
47s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
06/11/2022, 14:55

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

807da526f96455cf70cf2c8105cf72e2b4bc4266491ebf2a767f90a3fb50e0df.exe
Size

213KB
MD5

0d2829488f4165b76a8f3d4d230088a9
SHA1

6686001314092a2c396aad07df4c6abd5f7a7f70
SHA256

807da526f96455cf70cf2c8105cf72e2b4bc4266491ebf2a767f90a3fb50e0df
SHA512

e3d46144b2fa05a9d3d667d1e49568ddcc46d7e0af99298c10cc487363f8ada1ee13be8dfd57e1284f10ac7023aed7fcc3f43902067e094d1f94ff58b2c6bf84
SSDEEP

6144:QKrxiyLvmWVXGlDPBPy+Vz7ZtPZl/zKyR8:dtLXhcPBPy+VvZthl/b8

Score

6^/10

discovery

Malware Config

Signatures

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

Drops file in Program Files directory 3 IoCs

description	ioc	Process
File opened for modification	C:\Program Files (x86)\Company\NewProduct\server - pr09ramm3r.exe	807da526f96455cf70cf2c8105cf72e2b4bc4266491ebf2a767f90a3fb50e0df.exe
File opened for modification	C:\Program Files (x86)\Company\NewProduct\Uninstall.exe	807da526f96455cf70cf2c8105cf72e2b4bc4266491ebf2a767f90a3fb50e0df.exe
File created	C:\Program Files (x86)\Company\NewProduct\Uninstall.ini	807da526f96455cf70cf2c8105cf72e2b4bc4266491ebf2a767f90a3fb50e0df.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

System Information Discovery
T1082

C:\Users\Admin\AppData\Local\Temp\807da526f96455cf70cf2c8105cf72e2b4bc4266491ebf2a767f90a3fb50e0df.exe
"C:\Users\Admin\AppData\Local\Temp\807da526f96455cf70cf2c8105cf72e2b4bc4266491ebf2a767f90a3fb50e0df.exe"
1⤵
- Drops file in Program Files directory
PID:1788

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1788-54-0x00000000761F1000-0x00000000761F3000-memory.dmp

Filesize
8KB

Download