Overview

overview

3

Static

static

54e7c39588...33.exe

windows7-x64

3

54e7c39588...33.exe

windows10-2004-x64

3

Analysis

  • max time kernel
    40s
  • max time network
    46s
  • platform
    windows7_x64
  • resource
    win7-20220812-en
  • resource tags

    arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
  • submitted
    23-11-2022 15:44

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    54e7c39588ef0e402d7d0669ba91a92338153d336b37e37785cbe13980fe3c33.exe

  • Size

    566KB

  • MD5

    e5e2c8370e3b5cb28012034c0de3d411

  • SHA1

    c36335f3d5cfc1e07eb9c05950055220dff6742d

  • SHA256

    54e7c39588ef0e402d7d0669ba91a92338153d336b37e37785cbe13980fe3c33

  • SHA512

    130e1fa6a6a21614a2be90c661b3a525eb828d904bf16a6fe6878c570bd4f165a0cb8ed73e667018632fa896e6bd73bbe04e31a81ae3bab57e0b0dfe27a68f4d

  • SSDEEP

    12288:jQH1BpaanPdSVXe+GP9YqCyf3IwjkG2hXwMnn20:jSBkan1SRZGP9YqCyQwjkTXwH

Score
3/10

Malware Config

Signatures

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

  • Suspicious behavior: EnumeratesProcesses 5 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of WriteProcessMemory 20 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\54e7c39588ef0e402d7d0669ba91a92338153d336b37e37785cbe13980fe3c33.exe
    "C:\Users\Admin\AppData\Local\Temp\54e7c39588ef0e402d7d0669ba91a92338153d336b37e37785cbe13980fe3c33.exe"
    1⤵
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:1752
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe"
      2⤵
        PID:1716
      • C:\Program Files\Internet Explorer\iexplore.exe
        "C:\Program Files\Internet Explorer\iexplore.exe"
        2⤵
          PID:276
        • C:\Program Files\Internet Explorer\iexplore.exe
          "C:\Program Files\Internet Explorer\iexplore.exe"
          2⤵
            PID:1584
          • C:\Program Files\Internet Explorer\iexplore.exe
            "C:\Program Files\Internet Explorer\iexplore.exe"
            2⤵
              PID:1940
            • C:\Program Files\Internet Explorer\iexplore.exe
              "C:\Program Files\Internet Explorer\iexplore.exe"
              2⤵
                PID:624
            • C:\Windows\SysWOW64\DllHost.exe
              C:\Windows\SysWOW64\DllHost.exe /Processid:{76D0CB12-7604-4048-B83C-1005C7DDC503}
              1⤵
              • Suspicious use of FindShellTrayWindow
              PID:1336

            Network

            MITRE ATT&CK Enterprise v6

            Replay Monitor

            Loading Replay Monitor...

            Downloads

            • C:\Users\Admin\AppData\Local\Temp\DSC_1459.jpg
              Filesize

              132KB

              MD5

              8d93b9d91ecdc6439b085265f9d07dd2

              SHA1

              b50e079158cb06b302ffe1598bd2ecc41d03c3be

              SHA256

              3b51406aafb9c801303a5bb2bb945d585e31d2b15619cee340e8320fd38c8504

              SHA512

              0cf2b8bdfc654d18287b6853a673beed271d8cd16af2b1e39510fe1661265513037952e92599aa491dc0b119763f8bd597bd9cec35fec2271e05e6b22fc7c87d

              Download Submit

            • memory/1752-54-0x0000000076261000-0x0000000076263000-memory.dmp

              Filesize

              8KB

              Download

            • memory/1752-55-0x0000000074C00000-0x00000000751AB000-memory.dmp

              Filesize

              5.7MB

              Download

            • memory/1752-56-0x00000000004B6000-0x00000000004C7000-memory.dmp

              Filesize

              68KB

              Download

            • memory/1752-59-0x00000000004B6000-0x00000000004C7000-memory.dmp

              Filesize

              68KB

              Download

            • memory/1752-58-0x0000000074C00000-0x00000000751AB000-memory.dmp

              Filesize

              5.7MB

              Download