Analysis

  • max time kernel
    39s
  • max time network
    30s
  • platform
    windows7_x64
  • resource
    win7-20221111-en
  • resource tags

    arch:x64arch:x86image:win7-20221111-enlocale:en-usos:windows7-x64system
  • submitted
    23-11-2022 23:14

General

  • Target

    b84ac56586dd1129e00dffe8229df393541ca5846306946b1cd4ed946b2b36c9.exe

  • Size

    860KB

  • MD5

    56d71caa95dd6e8f1c8c63f1ddfe72d0

  • SHA1

    e2dfed7f87b89f49c1dea3ffdff0cc508c249891

  • SHA256

    b84ac56586dd1129e00dffe8229df393541ca5846306946b1cd4ed946b2b36c9

  • SHA512

    b8739d605655eb5a4e7694242f6f5fe00e49d47353c358ea050072ec7da30e2f819ba7ea316abac08cf2c234607e3fb01e94c85afa9c81e5176aebae7ec024e6

  • SSDEEP

    12288:9RBk7MpC7tYR4eYLEkiw4PKEgOHS1ZBvKEjGbCJlLQzROAvDb3j0H6LVch:9FQeYLbKKEPS1bvKE2yQzROArb3jIGE

Score
5/10

Malware Config

Signatures

  • AutoIT Executable 1 IoCs

    AutoIT scripts compiled to PE executables.

  • Suspicious use of SetThreadContext 1 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

  • Suspicious behavior: EnumeratesProcesses 5 IoCs
  • Suspicious use of WriteProcessMemory 9 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\b84ac56586dd1129e00dffe8229df393541ca5846306946b1cd4ed946b2b36c9.exe
    "C:\Users\Admin\AppData\Local\Temp\b84ac56586dd1129e00dffe8229df393541ca5846306946b1cd4ed946b2b36c9.exe"
    1⤵
    • Suspicious use of SetThreadContext
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of WriteProcessMemory
    PID:1892
    • C:\Users\Admin\AppData\Local\Temp\b84ac56586dd1129e00dffe8229df393541ca5846306946b1cd4ed946b2b36c9.exe
      "C:\Users\Admin\AppData\Local\Temp\b84ac56586dd1129e00dffe8229df393541ca5846306946b1cd4ed946b2b36c9.exe"
      2⤵
        PID:752

    Network

    MITRE ATT&CK Enterprise v6

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • memory/752-56-0x0000000000400000-0x0000000000439000-memory.dmp

      Filesize

      228KB

    • memory/752-57-0x0000000000400000-0x0000000000439000-memory.dmp

      Filesize

      228KB

    • memory/752-59-0x0000000000400000-0x0000000000439000-memory.dmp

      Filesize

      228KB

    • memory/752-60-0x0000000000400000-0x0000000000439000-memory.dmp

      Filesize

      228KB

    • memory/752-62-0x0000000000400000-0x0000000000439000-memory.dmp

      Filesize

      228KB

    • memory/752-63-0x0000000000432055-mapping.dmp

    • memory/752-66-0x0000000000400000-0x0000000000439000-memory.dmp

      Filesize

      228KB

    • memory/1892-54-0x00000000760B1000-0x00000000760B3000-memory.dmp

      Filesize

      8KB

    • memory/1892-55-0x0000000000400000-0x00000000004E7000-memory.dmp

      Filesize

      924KB