Overview

overview

8

Static

static

b123d48102...72.exe

windows7-x64

8

b123d48102...72.exe

windows10-2004-x64

8

Analysis

  • max time kernel
    135s
  • max time network
    149s
  • platform
    windows7_x64
  • resource
    win7-20220812-en
  • resource tags

    arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
  • submitted
    24-11-2022 00:35

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    b123d481020439b084064e532e6a158a38fd9c4a279478cda6a2a4929cc59672.exe

  • Size

    196KB

  • MD5

    2ebee12be851ff81ad38c76e079b6340

  • SHA1

    76b2f46f7289f657bff71d63521ca307a80f8022

  • SHA256

    b123d481020439b084064e532e6a158a38fd9c4a279478cda6a2a4929cc59672

  • SHA512

    01b33bc21ffd43ef4f6199bf0db2eb0b78d105c618a8aee891e05ca944e4a601ba1b7ee03466d57b3285926638038d27045b4eb9e1dbcf510ef314404c2e2062

  • SSDEEP

    1536:aXBYjfC24mFVsIgvo3X4iZpTha5VlA8mP7aoL8E:aX+0mFmIgvo4iZhha5r6aoL8E

Score
8/10

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 2 IoCs
  • Drops file in Program Files directory 3 IoCs
  • Drops file in Windows directory 1 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\b123d481020439b084064e532e6a158a38fd9c4a279478cda6a2a4929cc59672.exe
    "C:\Users\Admin\AppData\Local\Temp\b123d481020439b084064e532e6a158a38fd9c4a279478cda6a2a4929cc59672.exe"
    1⤵
    • Loads dropped DLL
    • Drops file in Program Files directory
    • Drops file in Windows directory
    • Suspicious use of WriteProcessMemory
    PID:1784
    • C:\Program Files (x86)\4cae10e9\jusched.exe
      "C:\Program Files (x86)\4cae10e9\jusched.exe"
      2⤵
      • Executes dropped EXE
      PID:1768

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Program Files (x86)\4cae10e9\4cae10e9
    Filesize

    17B

    MD5

    bff3d8f76e182194c4a2abf1aabba9f3

    SHA1

    07e5b604bb505a800b3e0ac16fee483b70595768

    SHA256

    6bc8a4f93eaa1b3e7cfa696855bf6a852cf6555d694bc03e337261a27e58246f

    SHA512

    0c5def3bb01ed166d4135190e131c27be4b6039987e269b6c3fca07677b3c637868397f207df631a098182a6bd3c795e6dd34541f82c5ecd6062441af0af7f50

    Download Submit

  • C:\Program Files (x86)\4cae10e9\info_a
    Filesize

    12B

    MD5

    731a92fb0c843b25e3e0a8c7e25825a4

    SHA1

    3f6b3f5086389639e803483fd1f8bff83e66fb55

    SHA256

    f9dd2c0a06f428f7ba2dc7cde9d174d4394f3b73ab2a52c18c2efa6ba7c830b4

    SHA512

    f571a0bd097b35a586c940d8a5156680933ab1b6b72c18ed43653efe14dc7113085afeec2dbaff0633b99d4e08ea245a405af8593aa3b453ee3c3b1d7bbb17b9

    Download Submit

  • C:\Program Files (x86)\4cae10e9\jusched.exe
    Filesize

    196KB

    MD5

    6a64ae8447144c0bb9c3c5a40ae29ed1

    SHA1

    dc12c12a52880a30c9a07defbe3459f1356a21b5

    SHA256

    78ea5feac851595d4ad064df6eb2c78d1a75126835744ef4075f7f553b6ad41b

    SHA512

    c06c176696b65b7f485bcd1a9af39fe16e7601c46c41064d0de78df1445c3de4364a46a8246e0ea8d7df67ee926844220a35b6383e68406919987dd44b6368cc

    Download Submit

  • \Program Files (x86)\4cae10e9\jusched.exe
    Filesize

    196KB

    MD5

    6a64ae8447144c0bb9c3c5a40ae29ed1

    SHA1

    dc12c12a52880a30c9a07defbe3459f1356a21b5

    SHA256

    78ea5feac851595d4ad064df6eb2c78d1a75126835744ef4075f7f553b6ad41b

    SHA512

    c06c176696b65b7f485bcd1a9af39fe16e7601c46c41064d0de78df1445c3de4364a46a8246e0ea8d7df67ee926844220a35b6383e68406919987dd44b6368cc

    Download Submit

  • \Program Files (x86)\4cae10e9\jusched.exe
    Filesize

    196KB

    MD5

    6a64ae8447144c0bb9c3c5a40ae29ed1

    SHA1

    dc12c12a52880a30c9a07defbe3459f1356a21b5

    SHA256

    78ea5feac851595d4ad064df6eb2c78d1a75126835744ef4075f7f553b6ad41b

    SHA512

    c06c176696b65b7f485bcd1a9af39fe16e7601c46c41064d0de78df1445c3de4364a46a8246e0ea8d7df67ee926844220a35b6383e68406919987dd44b6368cc

    Download Submit

  • memory/1768-59-0x0000000000000000-mapping.dmp

    Download

  • memory/1768-62-0x0000000000400000-0x0000000000466000-memory.dmp

    Filesize

    408KB

    Download

  • memory/1768-64-0x0000000000400000-0x0000000000466000-memory.dmp

    Filesize

    408KB

    Download

  • memory/1784-54-0x0000000000400000-0x0000000000466000-memory.dmp

    Filesize

    408KB

    Download

  • memory/1784-55-0x00000000753C1000-0x00000000753C3000-memory.dmp

    Filesize

    8KB

    Download

  • memory/1784-56-0x0000000000400000-0x0000000000466000-memory.dmp

    Filesize

    408KB

    Download

  • memory/1784-61-0x0000000000400000-0x0000000000466000-memory.dmp

    Filesize

    408KB

    Download