cf826f2a4bd2d84c74b7c44cf31338b356332e77b7b1f848ab09120cacef4731

Analysis

max time kernel
146s
max time network
163s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
07-11-2022 05:45

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

cf826f2a4bd2d84c74b7c44cf31338b356332e77b7b1f848ab09120cacef4731.exe
Size

348KB
MD5

072e8fbab1eb4fefb0da9b60b08f4ce0
SHA1

913ced36e70415c7c0136fe9d3a93d63917c53a3
SHA256

cf826f2a4bd2d84c74b7c44cf31338b356332e77b7b1f848ab09120cacef4731
SHA512

a6d10083b3f89f6e7a102325e2c7a89e4c8169d3f6279cc42bd1a74c2c1bb3465ccf0f7bb6de0e188282be5ff36294be06da2902bbf4d6a268b594bc8147244e
SSDEEP

6144:59/khz0bKND8YYEAQWt4ot3vvl+RTvRLFVXPQyiLl5XPPIBRotei7FJms:55khBD8AoBvkRTFXeIMFQs

Score

7^/10

Malware Config

Signatures

Drops startup file 1 IoCs

description	ioc	Process
File created	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\cf826f2a4bd2d84c74b7c44cf31338b356332e77b7b1f848ab09120cacef4731.lnk	cf826f2a4bd2d84c74b7c44cf31338b356332e77b7b1f848ab09120cacef4731.exe

Loads dropped DLL 1 IoCs

pid	Process
1112	cf826f2a4bd2d84c74b7c44cf31338b356332e77b7b1f848ab09120cacef4731.exe

Drops file in Windows directory 1 IoCs

description	ioc	Process
File created	C:\Windows\Tasks\Bidaily Synchronize Task.job	cf826f2a4bd2d84c74b7c44cf31338b356332e77b7b1f848ab09120cacef4731.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

System Information Discovery
T1082

C:\Users\Admin\AppData\Local\Temp\cf826f2a4bd2d84c74b7c44cf31338b356332e77b7b1f848ab09120cacef4731.exe
"C:\Users\Admin\AppData\Local\Temp\cf826f2a4bd2d84c74b7c44cf31338b356332e77b7b1f848ab09120cacef4731.exe"
1⤵
- Drops startup file
- Loads dropped DLL
- Drops file in Windows directory
PID:1112

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

\ProgramData\{290af3ac-63b4-cf0a-290a-af3ac63bceb1}\cf826f2a4bd2d84c74b7c44cf31338b356332e77b7b1f848ab09120cacef4731.exe

Filesize
348KB

MD5
072e8fbab1eb4fefb0da9b60b08f4ce0

SHA1
913ced36e70415c7c0136fe9d3a93d63917c53a3

SHA256
cf826f2a4bd2d84c74b7c44cf31338b356332e77b7b1f848ab09120cacef4731

SHA512
a6d10083b3f89f6e7a102325e2c7a89e4c8169d3f6279cc42bd1a74c2c1bb3465ccf0f7bb6de0e188282be5ff36294be06da2902bbf4d6a268b594bc8147244e

Download Submit
memory/1112-54-0x0000000075F51000-0x0000000075F53000-memory.dmp

Filesize
8KB

Download
memory/1112-55-0x00000000009A0000-0x00000000009CF000-memory.dmp

Filesize
188KB

Download