Overview

overview

8

Static

static

8

0db4b5316f...07.exe

windows7-x64

8

0db4b5316f...07.exe

windows10-2004-x64

8

Analysis

  • max time kernel
    147s
  • max time network
    153s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20220812-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
  • submitted
    24-11-2022 03:27

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    0db4b5316fbcee809f3d4155bc4d1df64fcdb610ccb1f8d71fb45b30ea805307.exe

  • Size

    2.7MB

  • MD5

    5a50964524b09b3300897fe524365f2f

  • SHA1

    300eaa16907416e72bc58342671f93d759fa22fc

  • SHA256

    0db4b5316fbcee809f3d4155bc4d1df64fcdb610ccb1f8d71fb45b30ea805307

  • SHA512

    a84400407283b6299ec3d688cd3f0cc200deaeb2690048f58f4bc73c6556073546d2b272fb4417fe68fbe15793f7667b60c49e94e432ae246a246b1df7e1fc61

  • SSDEEP

    49152:eZhsnB5OBFizTLs8litlzaeIwuM40CJhETgG0DbGzP4uCGV40CJhEu40CJhEdrQz:eZIBUBFizTLs8lklqwuu33OsT3E3dkEW

Score
8/10
upx

Malware Config

Signatures

  • UPX packed file 2 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • AutoIT Executable 2 IoCs

    AutoIT scripts compiled to PE executables.

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

Processes

  • C:\Users\Admin\AppData\Local\Temp\0db4b5316fbcee809f3d4155bc4d1df64fcdb610ccb1f8d71fb45b30ea805307.exe
    "C:\Users\Admin\AppData\Local\Temp\0db4b5316fbcee809f3d4155bc4d1df64fcdb610ccb1f8d71fb45b30ea805307.exe"
    1⤵
      PID:4776

    Network

    MITRE ATT&CK Enterprise v6

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • memory/4776-132-0x0000000000400000-0x0000000000512000-memory.dmp

      Filesize

      1.1MB

      Download

    • memory/4776-133-0x0000000000400000-0x0000000000512000-memory.dmp

      Filesize

      1.1MB

      Download