a14ca4d45d73bf20e42272e260f94741e1144ab50a4b560561658ac5cce1c4ed

Analysis

max time kernel
217s
max time network
336s
platform
windows7_x64
resource
win7-20221111-en
resource tags

arch:x64arch:x86image:win7-20221111-enlocale:en-usos:windows7-x64system
submitted
23/11/2022, 20:54

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

a14ca4d45d73bf20e42272e260f94741e1144ab50a4b560561658ac5cce1c4ed.exe
Size

136KB
MD5

dccfd72ff58666a851f390e20a9cbd29
SHA1

7d66c0cd0ee9cf764eb032d55f581654d8ecf050
SHA256

a14ca4d45d73bf20e42272e260f94741e1144ab50a4b560561658ac5cce1c4ed
SHA512

537eb0794968224dd62f462a637decfcc7addc77a0b35147c35b13a72d9e47668f0d059beecfcbc18174acb3a341abaf38acdd6b84407e729c6f089d1ee36e3a
SSDEEP

1536:gd1/qA+X0Mz2LGBrpaqHGqHlN7yr5YA468osozmWQF1UxuQaPQaCU5j:g5+tBB1pF3uaCU5j

Score

7^/10

Malware Config

Signatures

Loads dropped DLL 1 IoCs

pid	Process
580	a14ca4d45d73bf20e42272e260f94741e1144ab50a4b560561658ac5cce1c4ed.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

System Information Discovery
T1082

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
580	a14ca4d45d73bf20e42272e260f94741e1144ab50a4b560561658ac5cce1c4ed.exe

C:\Users\Admin\AppData\Local\Temp\a14ca4d45d73bf20e42272e260f94741e1144ab50a4b560561658ac5cce1c4ed.exe
"C:\Users\Admin\AppData\Local\Temp\a14ca4d45d73bf20e42272e260f94741e1144ab50a4b560561658ac5cce1c4ed.exe"
1⤵
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
PID:580

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

\Users\Admin\AppData\Local\Temp\InstCheck.dll

Filesize
24KB

MD5
82e6f0d32f562ca5eac3dabc49f2f9c9

SHA1
61bed043bdc056426159b572c347a45aeb99abeb

SHA256
8212c03e7dafe28ec6bb909f59b87c3eb73b691fd2224e83ffdc5af5c55fe05a

SHA512
6d3e4e065025db23060c531b49a63161bbdc99c235a4583b83aec8b841b9ca2f6affcbcaf1e3959210f475307f714cc949e0015e6d3655ed65db49cdd57fcd9b

Download Submit
memory/580-57-0x0000000076D71000-0x0000000076D73000-memory.dmp

Filesize
8KB

Download