Overview

overview

8

Static

static

b123d48102...72.exe

windows7-x64

8

b123d48102...72.exe

windows10-2004-x64

8

Analysis

  • max time kernel
    151s
  • max time network
    156s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20220812-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
  • submitted
    24-11-2022 00:35

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    b123d481020439b084064e532e6a158a38fd9c4a279478cda6a2a4929cc59672.exe

  • Size

    196KB

  • MD5

    2ebee12be851ff81ad38c76e079b6340

  • SHA1

    76b2f46f7289f657bff71d63521ca307a80f8022

  • SHA256

    b123d481020439b084064e532e6a158a38fd9c4a279478cda6a2a4929cc59672

  • SHA512

    01b33bc21ffd43ef4f6199bf0db2eb0b78d105c618a8aee891e05ca944e4a601ba1b7ee03466d57b3285926638038d27045b4eb9e1dbcf510ef314404c2e2062

  • SSDEEP

    1536:aXBYjfC24mFVsIgvo3X4iZpTha5VlA8mP7aoL8E:aX+0mFmIgvo4iZhha5r6aoL8E

Score
8/10

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Checks computer location settings 2 TTPs 1 IoCs

    Looks up country code configured in the registry, likely geofence.

  • Drops file in Program Files directory 3 IoCs
  • Drops file in Windows directory 1 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\b123d481020439b084064e532e6a158a38fd9c4a279478cda6a2a4929cc59672.exe
    "C:\Users\Admin\AppData\Local\Temp\b123d481020439b084064e532e6a158a38fd9c4a279478cda6a2a4929cc59672.exe"
    1⤵
    • Checks computer location settings
    • Drops file in Program Files directory
    • Drops file in Windows directory
    • Suspicious use of WriteProcessMemory
    PID:4348
    • C:\Program Files (x86)\c3fa0e79\jusched.exe
      "C:\Program Files (x86)\c3fa0e79\jusched.exe"
      2⤵
      • Executes dropped EXE
      PID:4768

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Program Files (x86)\c3fa0e79\c3fa0e79
    Filesize

    17B

    MD5

    bff3d8f76e182194c4a2abf1aabba9f3

    SHA1

    07e5b604bb505a800b3e0ac16fee483b70595768

    SHA256

    6bc8a4f93eaa1b3e7cfa696855bf6a852cf6555d694bc03e337261a27e58246f

    SHA512

    0c5def3bb01ed166d4135190e131c27be4b6039987e269b6c3fca07677b3c637868397f207df631a098182a6bd3c795e6dd34541f82c5ecd6062441af0af7f50

    Download Submit

  • C:\Program Files (x86)\c3fa0e79\info_a
    Filesize

    12B

    MD5

    731a92fb0c843b25e3e0a8c7e25825a4

    SHA1

    3f6b3f5086389639e803483fd1f8bff83e66fb55

    SHA256

    f9dd2c0a06f428f7ba2dc7cde9d174d4394f3b73ab2a52c18c2efa6ba7c830b4

    SHA512

    f571a0bd097b35a586c940d8a5156680933ab1b6b72c18ed43653efe14dc7113085afeec2dbaff0633b99d4e08ea245a405af8593aa3b453ee3c3b1d7bbb17b9

    Download Submit

  • C:\Program Files (x86)\c3fa0e79\jusched.exe
    Filesize

    196KB

    MD5

    17611647b61cc6309317c4a1f2455cf5

    SHA1

    9cc50aa8308f798c18d7470abc02975af3d70725

    SHA256

    fb1cc6e6646301b390d74fe3d720d65b4de32d60c64a957f875eaa318f777cd7

    SHA512

    96f7ff9aad5d773118c46518879485b45de75f740028d58dcaf8b3dab2b80f2a52ff182c0c4baf6e3927e528ba7a7321166f1bc469bb9775005e84590a9f7216

    Download Submit

  • C:\Program Files (x86)\c3fa0e79\jusched.exe
    Filesize

    196KB

    MD5

    17611647b61cc6309317c4a1f2455cf5

    SHA1

    9cc50aa8308f798c18d7470abc02975af3d70725

    SHA256

    fb1cc6e6646301b390d74fe3d720d65b4de32d60c64a957f875eaa318f777cd7

    SHA512

    96f7ff9aad5d773118c46518879485b45de75f740028d58dcaf8b3dab2b80f2a52ff182c0c4baf6e3927e528ba7a7321166f1bc469bb9775005e84590a9f7216

    Download Submit

  • memory/4348-132-0x0000000000400000-0x0000000000466000-memory.dmp

    Filesize

    408KB

    Download

  • memory/4348-133-0x0000000000400000-0x0000000000466000-memory.dmp

    Filesize

    408KB

    Download

  • memory/4348-136-0x0000000000400000-0x0000000000466000-memory.dmp

    Filesize

    408KB

    Download

  • memory/4768-134-0x0000000000000000-mapping.dmp

    Download

  • memory/4768-138-0x0000000000400000-0x0000000000466000-memory.dmp

    Filesize

    408KB

    Download

  • memory/4768-140-0x0000000000400000-0x0000000000466000-memory.dmp

    Filesize

    408KB

    Download