Overview

overview

6

Static

static

662de71192...99.exe

windows7-x64

6

662de71192...99.exe

windows10-2004-x64

6

Analysis

  • max time kernel
    4s
  • max time network
    55s
  • platform
    windows7_x64
  • resource
    win7-20221111-en
  • resource tags

    arch:x64arch:x86image:win7-20221111-enlocale:en-usos:windows7-x64system
  • submitted
    23-11-2022 17:05

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    662de71192925db286ea61afdfb74b3d179b6729abb0b88b160b60b534ac6b99.exe

  • Size

    311KB

  • MD5

    58355fe98d44a10f8cb004e08cdcc48c

  • SHA1

    7c1ddf0b1786a42f47a5d262d977f282600e369d

  • SHA256

    662de71192925db286ea61afdfb74b3d179b6729abb0b88b160b60b534ac6b99

  • SHA512

    0a36f16b31bbac01510973571dd6adf404463b0aed0644a5acf89385a1ef2d80d611d483d3a79ae019f47c6e976762269f47edbe300f487990e1f0fd3f3ba11e

  • SSDEEP

    6144:XZABbWqsE/Ao+mv8Qv0LVmwq4FU0fNoy6a10okPmC1doyK9ATTZuwN5mGD:pANwRo+mv8QD4+0V16a10oGboyRTVLNf

Score
6/10
discovery

Malware Config

Signatures

  • Checks installed software on the system 1 TTPs

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  • Drops file in Program Files directory 3 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

Processes

  • C:\Users\Admin\AppData\Local\Temp\662de71192925db286ea61afdfb74b3d179b6729abb0b88b160b60b534ac6b99.exe
    "C:\Users\Admin\AppData\Local\Temp\662de71192925db286ea61afdfb74b3d179b6729abb0b88b160b60b534ac6b99.exe"
    1⤵
    • Drops file in Program Files directory
    PID:1332

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/1332-54-0x0000000075351000-0x0000000075353000-memory.dmp
    Filesize

    8KB

    Download