Analysis

  • max time kernel
    157s
  • max time network
    207s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20221111-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20221111-enlocale:en-usos:windows10-2004-x64system
  • submitted
    23-11-2022 09:46

General

  • Target

    9f10fb7f0b66113f999e392b71df536bfaab9b3996070d6fc55988209784bdae.exe

  • Size

    1.7MB

  • MD5

    b448a09024bb77ccd73760c88d0ede70

  • SHA1

    af18c4124376bcad3003582e0272257f0f0bd1b1

  • SHA256

    9f10fb7f0b66113f999e392b71df536bfaab9b3996070d6fc55988209784bdae

  • SHA512

    363d55bd12ec166c18614e120a3669b1bc685c0e8a513428ac6241e843259d3a13aff63b961e2958045647b5f6e2d7d49a741491d11434d8ff8c57d4f23a05ea

  • SSDEEP

    49152:jVuOSqreBrLW+SDCvFo5DDazxTJCBZOPz9y84TRxrODgzQZc89tZOO5Hsb:jVuOSuOrLW+jv+DDed74T7OhK81mb

Score
8/10
upx

Malware Config

Signatures

  • UPX packed file 1 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

  • Loads dropped DLL 3 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

Processes

  • C:\Users\Admin\AppData\Local\Temp\9f10fb7f0b66113f999e392b71df536bfaab9b3996070d6fc55988209784bdae.exe
    "C:\Users\Admin\AppData\Local\Temp\9f10fb7f0b66113f999e392b71df536bfaab9b3996070d6fc55988209784bdae.exe"
    1⤵
    • Loads dropped DLL
    PID:2000

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Temp\10T3P5PA\9f10fb7f0b66113f999e392b71df536bfaab9b3996070d6fc55988209784bdae\plugins\0\StdUI.dll

    Filesize

    147KB

    MD5

    0ef0df3c28f135fa78eb9dfcf1b0499e

    SHA1

    ca21f49137267b3edc8f5aae86bec80f43cd4890

    SHA256

    8d987a52990bf4ea755240b7a1ea7f73a16b1fd67f3e91fc21e87a4f7d443546

    SHA512

    26bd1e5b0996a6b653b5456e361fa373b0b0505536bb9b8095b1f1389b244810aa51513be2af1585408a0f151db2cadbb65abc02e64b8ca5e8b2e6c5d502746b

  • C:\Temp\10T3P5PA\9f10fb7f0b66113f999e392b71df536bfaab9b3996070d6fc55988209784bdae\plugins\0\StdUI.dll

    Filesize

    147KB

    MD5

    0ef0df3c28f135fa78eb9dfcf1b0499e

    SHA1

    ca21f49137267b3edc8f5aae86bec80f43cd4890

    SHA256

    8d987a52990bf4ea755240b7a1ea7f73a16b1fd67f3e91fc21e87a4f7d443546

    SHA512

    26bd1e5b0996a6b653b5456e361fa373b0b0505536bb9b8095b1f1389b244810aa51513be2af1585408a0f151db2cadbb65abc02e64b8ca5e8b2e6c5d502746b

  • C:\Temp\10T3P5PA\unpack.dll

    Filesize

    34KB

    MD5

    97bb07c04a2f3a0dace5aff04d305455

    SHA1

    2a966dfb6463a5c26ffb3a247dc9281bb57d25cf

    SHA256

    2adc86ef09b5aea46bc3ee88d1740760b3ce6ae5fa92fb6eceb6efc1e6c942d9

    SHA512

    9b00d6c26dfa946b78f73192c78edd6ae6027c377406f8e57089db8426b9664c972c77eb5b998430d9ab99c750b47d8e18203b737afcedec9a9dd09404c07c9f

  • memory/2000-132-0x0000000000400000-0x0000000000456000-memory.dmp

    Filesize

    344KB

  • memory/2000-134-0x0000000002360000-0x0000000002387000-memory.dmp

    Filesize

    156KB

  • memory/2000-135-0x0000000002361000-0x000000000237E000-memory.dmp

    Filesize

    116KB

  • memory/2000-138-0x0000000002B60000-0x0000000002B89000-memory.dmp

    Filesize

    164KB