Analysis
-
max time kernel
267s -
max time network
307s -
platform
windows10-2004_x64 -
resource
win10v2004-20221111-en -
resource tags
-
submitted
23-11-2022 18:57
General
-
Target
1b9f65f8385b6482b5125216ffff8106d6665ddc5ec66f192a7a43ee32765516.exe
-
Size
84KB
-
MD5
58442dfa80848810537232ac6b984b30
-
SHA1
91e2980df1c7607e394c71165792ec93331a76ea
-
SHA256
1b9f65f8385b6482b5125216ffff8106d6665ddc5ec66f192a7a43ee32765516
-
SHA512
82f7341a0250edce4607264cb4ff203cf67b1e293572d0dcc651d44d106447e1a58d41aa2c99bb8126698b6ba18d80578e215035d8ede557d3a83fcedfe900d5
-
SSDEEP
1536:aWPXlG3w3whaFd6gPKcNj1NpNQ6NeYN1l:jPXlGA3wkzEcF1NpxNV
Malware Config
Signatures
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.
-
Suspicious use of WriteProcessMemory 8 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\1b9f65f8385b6482b5125216ffff8106d6665ddc5ec66f192a7a43ee32765516.exe"C:\Users\Admin\AppData\Local\Temp\1b9f65f8385b6482b5125216ffff8106d6665ddc5ec66f192a7a43ee32765516.exe"1⤵
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://go.microsoft.com/fwlink/?prd=11324&pver=4.5&sbp=AppLaunch2&plcid=0x409&o1=SHIM_NOVERSION_FOUND&version=(null)&processName=1b9f65f8385b6482b5125216ffff8106d6665ddc5ec66f192a7a43ee32765516.exe&platform=0009&osver=6&isServer=0&shimver=4.0.30319.02⤵
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xf8,0xfc,0x100,0x40,0x104,0x7ffae38b46f8,0x7ffae38b4708,0x7ffae38b47183⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://go.microsoft.com/fwlink/?prd=11324&pver=4.5&sbp=AppLaunch2&plcid=0x409&o1=SHIM_NOVERSION_FOUND&version=(null)&processName=1b9f65f8385b6482b5125216ffff8106d6665ddc5ec66f192a7a43ee32765516.exe&platform=0009&osver=6&isServer=0&shimver=4.0.30319.02⤵
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7ffae38b46f8,0x7ffae38b4708,0x7ffae38b47183⤵
Network
MITRE ATT&CK Enterprise v6
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
152B
MD559f470bde9e3126df8c82dc46d1dd8d7
SHA19dba6f67877f88260136270230a1f3d9652e7f57
SHA256283032bfd5ee5dfc0345b8974aab2081c522b2e2559014534a981b36b5312b47
SHA512f8aecc9de011255505226a8dc0787c34d3e784d818240bdb7a4224632f3c79bb9e933ab9c9c77211e1fda15e558df9229ca91ed36cd55e38272d5d9ea03bd568
-
-
-
-