Overview

overview

7

Static

static

9e01c0a9a8...1e.exe

windows7-x64

7

9e01c0a9a8...1e.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    70s
  • max time network
    149s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20220901-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20220901-enlocale:en-usos:windows10-2004-x64system
  • submitted
    23/11/2022, 23:20

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    9e01c0a9a8c1c4f94290f7e9f8d0c4e11010ce064026c01ae9ef7cfdf6855a1e.exe

  • Size

    77KB

  • MD5

    34eb9b327161dc2d053224f03ae6358d

  • SHA1

    d1adaad6b4521691d3ceda388f65f89ca25a046b

  • SHA256

    9e01c0a9a8c1c4f94290f7e9f8d0c4e11010ce064026c01ae9ef7cfdf6855a1e

  • SHA512

    67de861465e1b6893bbd8a7353ba08cc0c82a805e05293188c3bd1922e748758c9e9a13edbcde04e06a3b0da20ecc2761c359a4b3293df622bbabbf91019209e

  • SSDEEP

    1536:qgCruD6/Rfjw1KUE6KAJFeOm0zZx6WswnDCvIt:YqD6/5jwyGJEOm66WswnMIt

Score
7/10

Malware Config

Signatures

  • Checks computer location settings 2 TTPs 1 IoCs

    Looks up country code configured in the registry, likely geofence.

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\9e01c0a9a8c1c4f94290f7e9f8d0c4e11010ce064026c01ae9ef7cfdf6855a1e.exe
    "C:\Users\Admin\AppData\Local\Temp\9e01c0a9a8c1c4f94290f7e9f8d0c4e11010ce064026c01ae9ef7cfdf6855a1e.exe"
    1⤵
    • Checks computer location settings
    • Suspicious use of WriteProcessMemory
    PID:3400
    • C:\Windows\SysWOW64\cmd.exe
      "C:\Windows\system32\cmd.exe" /q /c "C:\Users\Admin\AppData\Local\Temp\Fwb..bat" > nul 2> nul
      2⤵
        PID:3816

    Network

    MITRE ATT&CK Enterprise v6

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\Local\Temp\Fwb..bat
      Filesize

      274B

      MD5

      c7e386cff47b25ed848ac503a8a3ab48

      SHA1

      a539213cb563976d3d179d8a7315d9634c886eb0

      SHA256

      83f880f5d73fcd79f2b6c663d75cf2e41c3ec640f6a4bbc7f209c2937bf77d44

      SHA512

      0672b537770a64e200746fe9f896a380191a562fe8d65caa3a849d6ecdc29ee74a1a5c0b8882116977848630d63617b31fbcc583e40e5ee1db401e963dfb63f5

      Download Submit

    • memory/3400-132-0x00000000021A0000-0x00000000021B7000-memory.dmp

      Filesize

      92KB

      Download

    • memory/3400-133-0x0000000000400000-0x000000000041B000-memory.dmp

      Filesize

      108KB

      Download

    • memory/3400-135-0x0000000000400000-0x000000000041B000-memory.dmp

      Filesize

      108KB

      Download