Overview

overview

8

Static

static

1

dcfdd9fbae...02.exe

windows7-x64

8

dcfdd9fbae...02.exe

windows10-2004-x64

8

Analysis

  • max time kernel
    188s
  • max time network
    195s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20220812-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
  • submitted
    07/11/2022, 10:02

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    dcfdd9fbaead8a88da69c3c236acd023d2da6d3917b291e4890a0d525220e502.exe

  • Size

    97KB

  • MD5

    0e8eba4e5c892aa4a09d707e35daef06

  • SHA1

    a7b7ea36f903b7f5404c04447a53c1549442f48a

  • SHA256

    dcfdd9fbaead8a88da69c3c236acd023d2da6d3917b291e4890a0d525220e502

  • SHA512

    3cb3d4f98bd83372f628bd19f14ece0ebefa669c5fc3d634e70459f50f672af503764ffa0fdf12e025252437a777117ab74b91aafaf14c56cba0a816d6c823f9

  • SSDEEP

    1536:6pgpHzb9dZVX9fHMvG0D3XJcMVqHPAfWQnrhQwRANI7LmK+utKcmjxFSs2p2T3r0:4gXdZt9P6D3XJcMVqvQBJjfm/S16rn0

Score
8/10

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\dcfdd9fbaead8a88da69c3c236acd023d2da6d3917b291e4890a0d525220e502.exe
    "C:\Users\Admin\AppData\Local\Temp\dcfdd9fbaead8a88da69c3c236acd023d2da6d3917b291e4890a0d525220e502.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:1180
    • C:\Users\Admin\AppData\Local\Temp\nsf754.tmp\rmfsiknr.exe
      C:\Users\Admin\AppData\Local\Temp\nsf754.tmp\rmfsiknr.exe
      2⤵
      • Executes dropped EXE
      PID:4628

Network

        MITRE ATT&CK Enterprise v6

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Users\Admin\AppData\Local\Temp\nsf754.tmp\rmfsiknr.exe
          Filesize

          23KB

          MD5

          9775363761b511f205a8af193487289b

          SHA1

          49414612e36ecdcc513f1e4a5c5fb86ef4bdfce2

          SHA256

          bdbf687a80526d228c986fa8bed936c31b58555f957fb01a87c1a8fedc821842

          SHA512

          cd864e2d64a045e0755ebaecb508c0d45185d8baa3a9cf569c96cfd07cab400e1b42e5e25f0a542b64a22e219b202b8620c38bf55fc589e3b59a8f4d7b769e5e

          Download Submit

        • C:\Users\Admin\AppData\Local\Temp\nsf754.tmp\rmfsiknr.exe
          Filesize

          23KB

          MD5

          9775363761b511f205a8af193487289b

          SHA1

          49414612e36ecdcc513f1e4a5c5fb86ef4bdfce2

          SHA256

          bdbf687a80526d228c986fa8bed936c31b58555f957fb01a87c1a8fedc821842

          SHA512

          cd864e2d64a045e0755ebaecb508c0d45185d8baa3a9cf569c96cfd07cab400e1b42e5e25f0a542b64a22e219b202b8620c38bf55fc589e3b59a8f4d7b769e5e

          Download Submit