Analysis
-
max time kernel
38s -
max time network
43s -
platform
windows7_x64 -
resource
win7-20220812-en -
resource tags
arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system -
submitted
23/11/2022, 16:33
Behavioral task
behavioral1
Sample
الادبي.exe
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
الادبي.exe
Resource
win10v2004-20220812-en
Behavioral task
behavioral3
Sample
العلمي.exe
Resource
win7-20221111-en
Behavioral task
behavioral4
Sample
العلمي.exe
Resource
win10v2004-20221111-en
Behavioral task
behavioral5
Sample
كل العراق.exe
Resource
win7-20221111-en
Behavioral task
behavioral6
Sample
كل العراق.exe
Resource
win10v2004-20221111-en
General
-
Target
الادبي.exe
-
Size
27KB
-
MD5
2dbe2b2f3e81131526c4beec1d1a575e
-
SHA1
dbae8830aafe88359e9150d5ca07f11c040b8692
-
SHA256
b68ac54d841c7d343fbd6db2bdd43e9859d4dcf74fca3ae76627be882dcce402
-
SHA512
339b6dfd8d400f2017afe5e21a765e7cc3845e852eb493bc5f415708083ad41269f726770ab1e4d48f0e94df857232afe12751bb1a399e3aefa816f897dc609e
-
SSDEEP
768:KmVSOaNQgb8+JYC3300O+0LB7kObffLJznnnnnnn:KtUCno5kObfTJznnnnnnn
Malware Config
Signatures
-
Executes dropped EXE 1 IoCs
pid Process 1352 Trojan.exe -
Loads dropped DLL 2 IoCs
pid Process 2000 الادبي.exe 2000 الادبي.exe -
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.
-
Suspicious use of WriteProcessMemory 4 IoCs
description pid Process procid_target PID 2000 wrote to memory of 1352 2000 الادبي.exe 26 PID 2000 wrote to memory of 1352 2000 الادبي.exe 26 PID 2000 wrote to memory of 1352 2000 الادبي.exe 26 PID 2000 wrote to memory of 1352 2000 الادبي.exe 26
Processes
Network
MITRE ATT&CK Enterprise v6
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
27KB
MD52dbe2b2f3e81131526c4beec1d1a575e
SHA1dbae8830aafe88359e9150d5ca07f11c040b8692
SHA256b68ac54d841c7d343fbd6db2bdd43e9859d4dcf74fca3ae76627be882dcce402
SHA512339b6dfd8d400f2017afe5e21a765e7cc3845e852eb493bc5f415708083ad41269f726770ab1e4d48f0e94df857232afe12751bb1a399e3aefa816f897dc609e
-
Filesize
27KB
MD52dbe2b2f3e81131526c4beec1d1a575e
SHA1dbae8830aafe88359e9150d5ca07f11c040b8692
SHA256b68ac54d841c7d343fbd6db2bdd43e9859d4dcf74fca3ae76627be882dcce402
SHA512339b6dfd8d400f2017afe5e21a765e7cc3845e852eb493bc5f415708083ad41269f726770ab1e4d48f0e94df857232afe12751bb1a399e3aefa816f897dc609e
-
Filesize
27KB
MD52dbe2b2f3e81131526c4beec1d1a575e
SHA1dbae8830aafe88359e9150d5ca07f11c040b8692
SHA256b68ac54d841c7d343fbd6db2bdd43e9859d4dcf74fca3ae76627be882dcce402
SHA512339b6dfd8d400f2017afe5e21a765e7cc3845e852eb493bc5f415708083ad41269f726770ab1e4d48f0e94df857232afe12751bb1a399e3aefa816f897dc609e
-
Filesize
27KB
MD52dbe2b2f3e81131526c4beec1d1a575e
SHA1dbae8830aafe88359e9150d5ca07f11c040b8692
SHA256b68ac54d841c7d343fbd6db2bdd43e9859d4dcf74fca3ae76627be882dcce402
SHA512339b6dfd8d400f2017afe5e21a765e7cc3845e852eb493bc5f415708083ad41269f726770ab1e4d48f0e94df857232afe12751bb1a399e3aefa816f897dc609e