9f10fb7f0b66113f999e392b71df536bfaab9b3996070d6fc55988209784bdae

Analysis

max time kernel
157s
max time network
207s
platform
windows10-2004_x64
resource
win10v2004-20221111-en
resource tags

arch:x64arch:x86image:win10v2004-20221111-enlocale:en-usos:windows10-2004-x64system
submitted
23-11-2022 09:46

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

9f10fb7f0b66113f999e392b71df536bfaab9b3996070d6fc55988209784bdae.exe
Size

1.7MB
MD5

b448a09024bb77ccd73760c88d0ede70
SHA1

af18c4124376bcad3003582e0272257f0f0bd1b1
SHA256

9f10fb7f0b66113f999e392b71df536bfaab9b3996070d6fc55988209784bdae
SHA512

363d55bd12ec166c18614e120a3669b1bc685c0e8a513428ac6241e843259d3a13aff63b961e2958045647b5f6e2d7d49a741491d11434d8ff8c57d4f23a05ea
SSDEEP

49152:jVuOSqreBrLW+SDCvFo5DDazxTJCBZOPz9y84TRxrODgzQZc89tZOO5Hsb:jVuOSuOrLW+jv+DDed74T7OhK81mb

Score

8^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

Processes:

resource	yara_rule
behavioral2/memory/2000-132-0x0000000000400000-0x0000000000456000-memory.dmp	upx

Loads dropped DLL 3 IoCs

Processes:

9f10fb7f0b66113f999e392b71df536bfaab9b3996070d6fc55988209784bdae.exe

pid	process
2000	9f10fb7f0b66113f999e392b71df536bfaab9b3996070d6fc55988209784bdae.exe
2000	9f10fb7f0b66113f999e392b71df536bfaab9b3996070d6fc55988209784bdae.exe
2000	9f10fb7f0b66113f999e392b71df536bfaab9b3996070d6fc55988209784bdae.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

System Information Discovery
T1082

C:\Users\Admin\AppData\Local\Temp\9f10fb7f0b66113f999e392b71df536bfaab9b3996070d6fc55988209784bdae.exe
"C:\Users\Admin\AppData\Local\Temp\9f10fb7f0b66113f999e392b71df536bfaab9b3996070d6fc55988209784bdae.exe"
1⤵
- Loads dropped DLL
PID:2000

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Temp\10T3P5PA\9f10fb7f0b66113f999e392b71df536bfaab9b3996070d6fc55988209784bdae\plugins\0\StdUI.dll

Filesize
147KB

MD5
0ef0df3c28f135fa78eb9dfcf1b0499e

SHA1
ca21f49137267b3edc8f5aae86bec80f43cd4890

SHA256
8d987a52990bf4ea755240b7a1ea7f73a16b1fd67f3e91fc21e87a4f7d443546

SHA512
26bd1e5b0996a6b653b5456e361fa373b0b0505536bb9b8095b1f1389b244810aa51513be2af1585408a0f151db2cadbb65abc02e64b8ca5e8b2e6c5d502746b

Download Submit
C:\Temp\10T3P5PA\9f10fb7f0b66113f999e392b71df536bfaab9b3996070d6fc55988209784bdae\plugins\0\StdUI.dll

Filesize
147KB

MD5
0ef0df3c28f135fa78eb9dfcf1b0499e

SHA1
ca21f49137267b3edc8f5aae86bec80f43cd4890

SHA256
8d987a52990bf4ea755240b7a1ea7f73a16b1fd67f3e91fc21e87a4f7d443546

SHA512
26bd1e5b0996a6b653b5456e361fa373b0b0505536bb9b8095b1f1389b244810aa51513be2af1585408a0f151db2cadbb65abc02e64b8ca5e8b2e6c5d502746b

Download Submit
C:\Temp\10T3P5PA\unpack.dll

Filesize
34KB

MD5
97bb07c04a2f3a0dace5aff04d305455

SHA1
2a966dfb6463a5c26ffb3a247dc9281bb57d25cf

SHA256
2adc86ef09b5aea46bc3ee88d1740760b3ce6ae5fa92fb6eceb6efc1e6c942d9

SHA512
9b00d6c26dfa946b78f73192c78edd6ae6027c377406f8e57089db8426b9664c972c77eb5b998430d9ab99c750b47d8e18203b737afcedec9a9dd09404c07c9f

Download Submit
memory/2000-132-0x0000000000400000-0x0000000000456000-memory.dmp

Filesize
344KB

Download
memory/2000-134-0x0000000002360000-0x0000000002387000-memory.dmp

Filesize
156KB

Download
memory/2000-135-0x0000000002361000-0x000000000237E000-memory.dmp

Filesize
116KB

Download
memory/2000-138-0x0000000002B60000-0x0000000002B89000-memory.dmp

Filesize
164KB

Download