Overview

overview

8

Static

static

e6b39a0907...fa.exe

windows7-x64

8

e6b39a0907...fa.exe

windows10-2004-x64

8

Analysis

  • max time kernel
    153s
  • max time network
    165s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20220812-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
  • submitted
    23-11-2022 12:50

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    e6b39a0907d079e287c16356b2662582e8170b35ab5fc17180d84c4175a7e0fa.exe

  • Size

    136KB

  • MD5

    f977faff2d4ee5f163065ea8e9e47550

  • SHA1

    3ca6ab1611dddbed8e575008722f7a210f564de8

  • SHA256

    e6b39a0907d079e287c16356b2662582e8170b35ab5fc17180d84c4175a7e0fa

  • SHA512

    96e65f89d9421e13f0dc98e829f57aa2808a639099a686dbbd7d3c9d9ee1b3ba17c7e64d30b28771789d1d2d4b02f2139768badc7b9c263734ce6f387d2e23c0

  • SSDEEP

    3072:Wz0WmlPw1F4lPJBDTsBfB1IEbkzAhkibgpg1phtOJEbSYi9wHO:42FwvQzwBfBAz7iMSTtcEbSYcwu

Score
8/10

Malware Config

Signatures

  • Drops file in Drivers directory 2 IoCs
  • Loads dropped DLL 4 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

  • Suspicious behavior: LoadsDriver 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\e6b39a0907d079e287c16356b2662582e8170b35ab5fc17180d84c4175a7e0fa.exe
    "C:\Users\Admin\AppData\Local\Temp\e6b39a0907d079e287c16356b2662582e8170b35ab5fc17180d84c4175a7e0fa.exe"
    1⤵
    • Drops file in Drivers directory
    • Loads dropped DLL
    PID:3952

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\dosss11.dll
    Filesize

    64KB

    MD5

    9a4e32e726ee5b6456a4177a889bf2c7

    SHA1

    d09cc927bcb9afd900369b414ecf0e1c441b0e6f

    SHA256

    fb06e078cf674141e2267988ff1db8a3557f6839b8d1e1820e65a8a75f202e2d

    SHA512

    9ae56c75964773cfb241246e3bc600e2cf97d4d07c883278fd25e0ce4b5aa66c13c88d98ce9cc471fab346aea8f3dc3d28b8d75e35dd26ac728fb890773d382a

    Download Submit
  • C:\Users\Admin\AppData\Local\Temp\dosss11.dll
    Filesize

    64KB

    MD5

    9a4e32e726ee5b6456a4177a889bf2c7

    SHA1

    d09cc927bcb9afd900369b414ecf0e1c441b0e6f

    SHA256

    fb06e078cf674141e2267988ff1db8a3557f6839b8d1e1820e65a8a75f202e2d

    SHA512

    9ae56c75964773cfb241246e3bc600e2cf97d4d07c883278fd25e0ce4b5aa66c13c88d98ce9cc471fab346aea8f3dc3d28b8d75e35dd26ac728fb890773d382a

    Download Submit
  • C:\Users\Admin\AppData\Local\Temp\nsvAF22.tmp\System.dll
    Filesize

    10KB

    MD5

    4eff5fafd746f5decb93a44e3a3d570c

    SHA1

    a11aa7681b7e2df1c7f7492a127d332d1495ea8a

    SHA256

    cf61ddd15d63c25a12caee70f51ea736cfc02195c42e56ee01b33f689d3754c5

    SHA512

    cde82d2a1f28506e4c2264f6b82017a00af32f138ebcdbaf4cc58463870fa626f708aa57465294c5a6f096c886841e7b9112b85bf3ea2f1d8f2da816b51b2d72

    Download Submit
  • C:\Users\Admin\AppData\Local\Temp\nsvAF22.tmp\System.dll
    Filesize

    10KB

    MD5

    4eff5fafd746f5decb93a44e3a3d570c

    SHA1

    a11aa7681b7e2df1c7f7492a127d332d1495ea8a

    SHA256

    cf61ddd15d63c25a12caee70f51ea736cfc02195c42e56ee01b33f689d3754c5

    SHA512

    cde82d2a1f28506e4c2264f6b82017a00af32f138ebcdbaf4cc58463870fa626f708aa57465294c5a6f096c886841e7b9112b85bf3ea2f1d8f2da816b51b2d72

    Download Submit
  • memory/3952-136-0x0000000003060000-0x0000000003072000-memory.dmp
    Filesize

    72KB

    Download