Overview

overview

8

Static

static

70e9c6eb61...95.exe

windows7-x64

8

70e9c6eb61...95.exe

windows10-2004-x64

8

Analysis

  • max time kernel
    194s
  • max time network
    207s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20221111-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20221111-enlocale:en-usos:windows10-2004-x64system
  • submitted
    23-11-2022 10:40

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    70e9c6eb610060e489ab54804466093a5c2b41ec54b14cd8da3e09e0d5d81995.exe

  • Size

    19KB

  • MD5

    19b2552be7e6ffee0881705650ebb155

  • SHA1

    9ce62cbb4e20a23ab89b4d2b63fcb571a1a7f8b4

  • SHA256

    70e9c6eb610060e489ab54804466093a5c2b41ec54b14cd8da3e09e0d5d81995

  • SHA512

    fea7759998529083099629de9b43d9763b854b957b1b0cac54ceb0e18ed528f0ae84b339ff378b4e726b0ec2f89c282c82d96854bc59c9c09ddb2b8d5cf3226c

  • SSDEEP

    192:h6IC9B9FFnuZi4polNYf5NIEaS6e5Mbb8O0F+Q1H638I9+51OZ:+FhlENIEapeGb7c+Q1H63VzZ

Score
8/10

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Checks computer location settings 2 TTPs 1 IoCs

    Looks up country code configured in the registry, likely geofence.

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\70e9c6eb610060e489ab54804466093a5c2b41ec54b14cd8da3e09e0d5d81995.exe
    "C:\Users\Admin\AppData\Local\Temp\70e9c6eb610060e489ab54804466093a5c2b41ec54b14cd8da3e09e0d5d81995.exe"
    1⤵
    • Checks computer location settings
    • Suspicious use of WriteProcessMemory
    PID:4052
    • C:\Users\Admin\AppData\Local\Temp\mclkc.exe
      "C:\Users\Admin\AppData\Local\Temp\mclkc.exe"
      2⤵
      • Executes dropped EXE
      PID:4740

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\mclkc.exe
    Filesize

    19KB

    MD5

    a76bce669f45f1ab1bca633f1409cd18

    SHA1

    3566d2a80f79de7afee4d1b6235c96c24f580e5b

    SHA256

    128c9b09d88116ee4c2c36b22850d6a12035864162b320638fa091999c7c3a31

    SHA512

    fe490c1761b5603321cef9526cbee13b574762e49fe1f0c3730cff8dab271141e8900b682a94e8cf7a4f29f2f806515886a842f8c25271a035fc8084cd014ee1

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\mclkc.exe
    Filesize

    19KB

    MD5

    a76bce669f45f1ab1bca633f1409cd18

    SHA1

    3566d2a80f79de7afee4d1b6235c96c24f580e5b

    SHA256

    128c9b09d88116ee4c2c36b22850d6a12035864162b320638fa091999c7c3a31

    SHA512

    fe490c1761b5603321cef9526cbee13b574762e49fe1f0c3730cff8dab271141e8900b682a94e8cf7a4f29f2f806515886a842f8c25271a035fc8084cd014ee1

    Download Submit

  • memory/4740-132-0x0000000000000000-mapping.dmp

    Download