Overview

overview

8

Static

static

3cc9785e2e...c4.exe

windows7-x64

8

3cc9785e2e...c4.exe

windows10-2004-x64

8

Analysis

  • max time kernel
    139s
  • max time network
    153s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20220901-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20220901-enlocale:en-usos:windows10-2004-x64system
  • submitted
    07/11/2022, 16:20

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    3cc9785e2e09c0e95c15c1d3ed3188db60db57e448bdd635d1d49071df33c5c4.exe

  • Size

    73KB

  • MD5

    6a7b720e2f0530aae810719ffe3b8cd3

  • SHA1

    58d896e807b96e2cfbb094bd9da51fe7d1cc1c18

  • SHA256

    3cc9785e2e09c0e95c15c1d3ed3188db60db57e448bdd635d1d49071df33c5c4

  • SHA512

    004bdc113257441b73a394720d366da337cc4d1ce3ab64d26ab66e3bc7e80499d9fc1d48112816703884f15367c6ca8b89fd5cd39e80a8f8d2e58ee9cf9406e4

  • SSDEEP

    1536:oKaLOllgWF1Ho+6lLYCTLINi6bbbbxNi6bbbbi5:aLilV1HotmC/kj

Score
8/10

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Checks computer location settings 2 TTPs 1 IoCs

    Looks up country code configured in the registry, likely geofence.

  • Looks up external IP address via web service 1 IoCs

    Uses a legitimate IP lookup service to find the infected system's external IP.

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\3cc9785e2e09c0e95c15c1d3ed3188db60db57e448bdd635d1d49071df33c5c4.exe
    "C:\Users\Admin\AppData\Local\Temp\3cc9785e2e09c0e95c15c1d3ed3188db60db57e448bdd635d1d49071df33c5c4.exe"
    1⤵
    • Checks computer location settings
    • Suspicious use of WriteProcessMemory
    PID:400
    • C:\Users\Admin\AppData\Local\Temp\lifikuri.exe
      "C:\Users\Admin\AppData\Local\Temp\lifikuri.exe"
      2⤵
      • Executes dropped EXE
      PID:4720

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\lifikuri.exe
    Filesize

    73KB

    MD5

    6732f13398763a4e959d9443c8b3a915

    SHA1

    1c6ecf2ccec67ff52cdab15be8997106f207f2c3

    SHA256

    0e94c7d1e16328e35953e25c7fbcf2f540bf369a1c0010c369915e1c3363bfb8

    SHA512

    8e8082a6547fab89f1fa6c29a5a396996d6bcb3aeadf228990625af502d61ff2da7c9f6c3f649b8b4bb9af0ef4d64941b0afa13c18cf88e8fc67c374230a4ddd

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\lifikuri.exe
    Filesize

    73KB

    MD5

    6732f13398763a4e959d9443c8b3a915

    SHA1

    1c6ecf2ccec67ff52cdab15be8997106f207f2c3

    SHA256

    0e94c7d1e16328e35953e25c7fbcf2f540bf369a1c0010c369915e1c3363bfb8

    SHA512

    8e8082a6547fab89f1fa6c29a5a396996d6bcb3aeadf228990625af502d61ff2da7c9f6c3f649b8b4bb9af0ef4d64941b0afa13c18cf88e8fc67c374230a4ddd

    Download Submit

  • memory/400-132-0x0000000002290000-0x00000000022B5000-memory.dmp

    Filesize

    148KB

    Download

  • memory/400-133-0x0000000000400000-0x00000000004243F0-memory.dmp

    Filesize

    144KB

    Download