Overview

overview

8

Static

static

13da529a13...25.exe

windows7-x64

8

13da529a13...25.exe

windows10-2004-x64

8

Analysis

  • max time kernel
    149s
  • max time network
    155s
  • platform
    windows7_x64
  • resource
    win7-20221111-en
  • resource tags

    arch:x64arch:x86image:win7-20221111-enlocale:en-usos:windows7-x64system
  • submitted
    23-11-2022 09:05

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    13da529a139ce07efa4e64771b449791021e071c4b23085e5a2d5c510c9ea825.exe

  • Size

    793KB

  • MD5

    6f9e437cd3114aef8abe2e3c4e09fcc7

  • SHA1

    6d6fbae415b504ff30d3f6bee49a30a497eb1919

  • SHA256

    13da529a139ce07efa4e64771b449791021e071c4b23085e5a2d5c510c9ea825

  • SHA512

    a2f2c12949e44b7e193a609b406325eec75505a76e350923f3a35b5da3310f99e10392c1daa801a22a2d34973fff6c076cb1668643cdf660a333e1a63ae79bac

  • SSDEEP

    24576:IFszWS5byefnp9pgp9EQjAyEBVvEqABf/+8aBqUybDsBK:IwreNwBVMvfEjO0K

Score
8/10

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 2 IoCs
  • Drops file in Windows directory 2 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

  • Suspicious behavior: EnumeratesProcesses 4 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of SetWindowsHookEx 19 IoCs
  • Suspicious use of WriteProcessMemory 7 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\13da529a139ce07efa4e64771b449791021e071c4b23085e5a2d5c510c9ea825.exe
    "C:\Users\Admin\AppData\Local\Temp\13da529a139ce07efa4e64771b449791021e071c4b23085e5a2d5c510c9ea825.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious use of WriteProcessMemory
    PID:1388
    • C:\Users\Admin\AppData\Local\Temp\2764\2764.exe
      "C:\Users\Admin\AppData\Local\Temp\2764\2764.exe"
      2⤵
      • Executes dropped EXE
      • Drops file in Windows directory
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of SetWindowsHookEx
      PID:1312

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\2764\2764.exe
    Filesize

    2.0MB

    MD5

    af0ebdcf924b390e8da8cd3bc27dfd2b

    SHA1

    04a0f86d69913a3b212540302481761ea786e734

    SHA256

    8d312e8c8ad98be510c219aff7f069785133cfd6d4723ccf92f88c796581a636

    SHA512

    2b8e42a48d2d196e8e1a6f08a3343029dacd7f63f0c3bf03b3673ab7468bf4819f2c79fdcf71d1e548ba0bd9f7d0223d8e7af2e5473590d7c95154c5a536a86c

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\2764\2764.exe
    Filesize

    2.0MB

    MD5

    af0ebdcf924b390e8da8cd3bc27dfd2b

    SHA1

    04a0f86d69913a3b212540302481761ea786e734

    SHA256

    8d312e8c8ad98be510c219aff7f069785133cfd6d4723ccf92f88c796581a636

    SHA512

    2b8e42a48d2d196e8e1a6f08a3343029dacd7f63f0c3bf03b3673ab7468bf4819f2c79fdcf71d1e548ba0bd9f7d0223d8e7af2e5473590d7c95154c5a536a86c

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\2764\linkconfig.ini
    Filesize

    7B

    MD5

    fb598d01bcb86ec10edf9081c2e5d91a

    SHA1

    f46cf8aac7247782c617d3981f08fcb0355ddf71

    SHA256

    64d32254248525b3dae6d529a096126ea9b294b242e43da21cd695ecb0bcb164

    SHA512

    a42a26bd5201c30d9ae6a657f929113c3eb6521015652f595d3da798771c6fb6ee3ac80a8c42efaa167746916cf8400c9fc0f1aa1c0ce3fa615a242279205ef6

    Download Submit

  • \Users\Admin\AppData\Local\Temp\2764\2764.exe
    Filesize

    2.0MB

    MD5

    af0ebdcf924b390e8da8cd3bc27dfd2b

    SHA1

    04a0f86d69913a3b212540302481761ea786e734

    SHA256

    8d312e8c8ad98be510c219aff7f069785133cfd6d4723ccf92f88c796581a636

    SHA512

    2b8e42a48d2d196e8e1a6f08a3343029dacd7f63f0c3bf03b3673ab7468bf4819f2c79fdcf71d1e548ba0bd9f7d0223d8e7af2e5473590d7c95154c5a536a86c

    Download Submit

  • \Users\Admin\AppData\Local\Temp\2764\2764.exe
    Filesize

    2.0MB

    MD5

    af0ebdcf924b390e8da8cd3bc27dfd2b

    SHA1

    04a0f86d69913a3b212540302481761ea786e734

    SHA256

    8d312e8c8ad98be510c219aff7f069785133cfd6d4723ccf92f88c796581a636

    SHA512

    2b8e42a48d2d196e8e1a6f08a3343029dacd7f63f0c3bf03b3673ab7468bf4819f2c79fdcf71d1e548ba0bd9f7d0223d8e7af2e5473590d7c95154c5a536a86c

    Download Submit

  • memory/1312-57-0x0000000000000000-mapping.dmp

    Download

  • memory/1312-62-0x0000000002060000-0x000000000208C000-memory.dmp

    Filesize

    176KB

    Download

  • memory/1388-54-0x0000000075F51000-0x0000000075F53000-memory.dmp

    Filesize

    8KB

    Download