Overview

overview

3

Static

static

54e7c39588...33.exe

windows7-x64

3

54e7c39588...33.exe

windows10-2004-x64

3

Analysis

  • max time kernel
    283s
  • max time network
    300s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20221111-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20221111-enlocale:en-usos:windows10-2004-x64system
  • submitted
    23-11-2022 15:44

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    54e7c39588ef0e402d7d0669ba91a92338153d336b37e37785cbe13980fe3c33.exe

  • Size

    566KB

  • MD5

    e5e2c8370e3b5cb28012034c0de3d411

  • SHA1

    c36335f3d5cfc1e07eb9c05950055220dff6742d

  • SHA256

    54e7c39588ef0e402d7d0669ba91a92338153d336b37e37785cbe13980fe3c33

  • SHA512

    130e1fa6a6a21614a2be90c661b3a525eb828d904bf16a6fe6878c570bd4f165a0cb8ed73e667018632fa896e6bd73bbe04e31a81ae3bab57e0b0dfe27a68f4d

  • SSDEEP

    12288:jQH1BpaanPdSVXe+GP9YqCyf3IwjkG2hXwMnn20:jSBkan1SRZGP9YqCyQwjkTXwH

Score
3/10

Malware Config

Signatures

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

  • Suspicious behavior: EnumeratesProcesses 10 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of WriteProcessMemory 10 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\54e7c39588ef0e402d7d0669ba91a92338153d336b37e37785cbe13980fe3c33.exe
    "C:\Users\Admin\AppData\Local\Temp\54e7c39588ef0e402d7d0669ba91a92338153d336b37e37785cbe13980fe3c33.exe"
    1⤵
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:4752
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe"
      2⤵
        PID:4828
      • C:\Program Files\Internet Explorer\iexplore.exe
        "C:\Program Files\Internet Explorer\iexplore.exe"
        2⤵
          PID:2744
        • C:\Program Files\Internet Explorer\iexplore.exe
          "C:\Program Files\Internet Explorer\iexplore.exe"
          2⤵
            PID:3408
          • C:\Program Files\Internet Explorer\iexplore.exe
            "C:\Program Files\Internet Explorer\iexplore.exe"
            2⤵
              PID:4736
            • C:\Program Files\Internet Explorer\iexplore.exe
              "C:\Program Files\Internet Explorer\iexplore.exe"
              2⤵
                PID:5048

            Network

            MITRE ATT&CK Enterprise v6

            Replay Monitor

            Loading Replay Monitor...

            Downloads

            • memory/4752-132-0x00000000749A0000-0x0000000074F51000-memory.dmp

              Filesize

              5.7MB

              Download

            • memory/4752-133-0x00000000749A0000-0x0000000074F51000-memory.dmp

              Filesize

              5.7MB

              Download