f27b7851938a13e2ddcb50f5c12c3c6873edde2bd5856db69a448b7da2268d26

Analysis

max time kernel
208s
max time network
222s
platform
windows7_x64
resource
win7-20221111-en
resource tags

arch:x64arch:x86image:win7-20221111-enlocale:en-usos:windows7-x64system
submitted
24-11-2022 04:10

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

f27b7851938a13e2ddcb50f5c12c3c6873edde2bd5856db69a448b7da2268d26.exe
Size

1.4MB
MD5

d7c69d01197a39921738367d9155d489
SHA1

2c6748c809030d4222f133ad54053ca5b67c1675
SHA256

f27b7851938a13e2ddcb50f5c12c3c6873edde2bd5856db69a448b7da2268d26
SHA512

0df44840cb4f5d631d286f6299d5094299de4341c82246883457a614ac9c3fc5f9ba24257d27b30325904123c2adf3501f670714cdee3f604c30d8d4e92c95d2
SSDEEP

24576:km7WJ9G+jFtpJn7SLibLHlJvsLrS6L5fczyA6djDE8ad6Tz86EeHieAK/PiWWtuj:HYG+jFt0ibLHEJNczyj9FawwuAKnU05

Score

5^/10

Malware Config

Signatures

Suspicious use of NtSetInformationThreadHideFromDebugger 26 IoCs

Processes:

f27b7851938a13e2ddcb50f5c12c3c6873edde2bd5856db69a448b7da2268d26.exe

pid	process
1644	f27b7851938a13e2ddcb50f5c12c3c6873edde2bd5856db69a448b7da2268d26.exe
1644	f27b7851938a13e2ddcb50f5c12c3c6873edde2bd5856db69a448b7da2268d26.exe
1644	f27b7851938a13e2ddcb50f5c12c3c6873edde2bd5856db69a448b7da2268d26.exe
1644	f27b7851938a13e2ddcb50f5c12c3c6873edde2bd5856db69a448b7da2268d26.exe
1644	f27b7851938a13e2ddcb50f5c12c3c6873edde2bd5856db69a448b7da2268d26.exe
1644	f27b7851938a13e2ddcb50f5c12c3c6873edde2bd5856db69a448b7da2268d26.exe
1644	f27b7851938a13e2ddcb50f5c12c3c6873edde2bd5856db69a448b7da2268d26.exe
1644	f27b7851938a13e2ddcb50f5c12c3c6873edde2bd5856db69a448b7da2268d26.exe
1644	f27b7851938a13e2ddcb50f5c12c3c6873edde2bd5856db69a448b7da2268d26.exe
1644	f27b7851938a13e2ddcb50f5c12c3c6873edde2bd5856db69a448b7da2268d26.exe
1644	f27b7851938a13e2ddcb50f5c12c3c6873edde2bd5856db69a448b7da2268d26.exe
1644	f27b7851938a13e2ddcb50f5c12c3c6873edde2bd5856db69a448b7da2268d26.exe
1644	f27b7851938a13e2ddcb50f5c12c3c6873edde2bd5856db69a448b7da2268d26.exe
1644	f27b7851938a13e2ddcb50f5c12c3c6873edde2bd5856db69a448b7da2268d26.exe
1644	f27b7851938a13e2ddcb50f5c12c3c6873edde2bd5856db69a448b7da2268d26.exe
1644	f27b7851938a13e2ddcb50f5c12c3c6873edde2bd5856db69a448b7da2268d26.exe
1644	f27b7851938a13e2ddcb50f5c12c3c6873edde2bd5856db69a448b7da2268d26.exe
1644	f27b7851938a13e2ddcb50f5c12c3c6873edde2bd5856db69a448b7da2268d26.exe
1644	f27b7851938a13e2ddcb50f5c12c3c6873edde2bd5856db69a448b7da2268d26.exe
1644	f27b7851938a13e2ddcb50f5c12c3c6873edde2bd5856db69a448b7da2268d26.exe
1644	f27b7851938a13e2ddcb50f5c12c3c6873edde2bd5856db69a448b7da2268d26.exe
1644	f27b7851938a13e2ddcb50f5c12c3c6873edde2bd5856db69a448b7da2268d26.exe
1644	f27b7851938a13e2ddcb50f5c12c3c6873edde2bd5856db69a448b7da2268d26.exe
1644	f27b7851938a13e2ddcb50f5c12c3c6873edde2bd5856db69a448b7da2268d26.exe
1644	f27b7851938a13e2ddcb50f5c12c3c6873edde2bd5856db69a448b7da2268d26.exe
1644	f27b7851938a13e2ddcb50f5c12c3c6873edde2bd5856db69a448b7da2268d26.exe

Drops file in Program Files directory 3 IoCs

Processes:

f27b7851938a13e2ddcb50f5c12c3c6873edde2bd5856db69a448b7da2268d26.exe

description	ioc	process
File created	C:\Program Files\Windows Media Player\netmon.exe	f27b7851938a13e2ddcb50f5c12c3c6873edde2bd5856db69a448b7da2268d26.exe
File created	C:\Program Files\Windows Media Player\bugtrap.dll	f27b7851938a13e2ddcb50f5c12c3c6873edde2bd5856db69a448b7da2268d26.exe
File created	C:\Program Files\Windows Media Player\house.mp3	f27b7851938a13e2ddcb50f5c12c3c6873edde2bd5856db69a448b7da2268d26.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

System Information Discovery
T1082
Script User-Agent 1 IoCs
Uses user-agent string associated with script host/environment.

Processes:

description flow ioc

HTTP User-Agent header 3 Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)
Suspicious behavior: RenamesItself 1 IoCs

Processes:

f27b7851938a13e2ddcb50f5c12c3c6873edde2bd5856db69a448b7da2268d26.exe

pid process

1644 f27b7851938a13e2ddcb50f5c12c3c6873edde2bd5856db69a448b7da2268d26.exe

description	flow	ioc
HTTP User-Agent header	3	Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)

C:\Users\Admin\AppData\Local\Temp\f27b7851938a13e2ddcb50f5c12c3c6873edde2bd5856db69a448b7da2268d26.exe
"C:\Users\Admin\AppData\Local\Temp\f27b7851938a13e2ddcb50f5c12c3c6873edde2bd5856db69a448b7da2268d26.exe"
1⤵
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Drops file in Program Files directory
- Suspicious behavior: RenamesItself
PID:1644

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1644-54-0x00000000763D1000-0x00000000763D3000-memory.dmp

Filesize
8KB

Download
memory/1644-55-0x0000000000400000-0x0000000000573000-memory.dmp

Filesize
1.4MB

Download
memory/1644-57-0x0000000075B30000-0x0000000075B77000-memory.dmp

Filesize
284KB

Download
memory/1644-465-0x00000000021C0000-0x00000000022D1000-memory.dmp

Filesize
1.1MB

Download
memory/1644-464-0x00000000021C0000-0x00000000022D1000-memory.dmp

Filesize
1.1MB

Download
memory/1644-467-0x00000000021C0000-0x00000000022D1000-memory.dmp

Filesize
1.1MB

Download
memory/1644-466-0x00000000021C0000-0x00000000022D1000-memory.dmp

Filesize
1.1MB

Download
memory/1644-468-0x00000000021C0000-0x00000000022D1000-memory.dmp

Filesize
1.1MB

Download
memory/1644-469-0x00000000021C0000-0x00000000022D1000-memory.dmp

Filesize
1.1MB

Download
memory/1644-470-0x00000000021C0000-0x00000000022D1000-memory.dmp

Filesize
1.1MB

Download
memory/1644-471-0x00000000021C0000-0x00000000022D1000-memory.dmp

Filesize
1.1MB

Download
memory/1644-472-0x00000000021C0000-0x00000000022D1000-memory.dmp

Filesize
1.1MB

Download
memory/1644-474-0x00000000021C0000-0x00000000022D1000-memory.dmp

Filesize
1.1MB

Download
memory/1644-473-0x00000000021C0000-0x00000000022D1000-memory.dmp

Filesize
1.1MB

Download
memory/1644-475-0x00000000021C0000-0x00000000022D1000-memory.dmp

Filesize
1.1MB

Download
memory/1644-477-0x00000000021C0000-0x00000000022D1000-memory.dmp

Filesize
1.1MB

Download
memory/1644-476-0x00000000021C0000-0x00000000022D1000-memory.dmp

Filesize
1.1MB

Download
memory/1644-478-0x00000000021C0000-0x00000000022D1000-memory.dmp

Filesize
1.1MB

Download
memory/1644-479-0x00000000021C0000-0x00000000022D1000-memory.dmp

Filesize
1.1MB

Download
memory/1644-480-0x00000000021C0000-0x00000000022D1000-memory.dmp

Filesize
1.1MB

Download
memory/1644-481-0x00000000021C0000-0x00000000022D1000-memory.dmp

Filesize
1.1MB

Download
memory/1644-482-0x00000000021C0000-0x00000000022D1000-memory.dmp

Filesize
1.1MB

Download
memory/1644-483-0x00000000021C0000-0x00000000022D1000-memory.dmp

Filesize
1.1MB

Download
memory/1644-484-0x00000000021C0000-0x00000000022D1000-memory.dmp

Filesize
1.1MB

Download
memory/1644-485-0x00000000021C0000-0x00000000022D1000-memory.dmp

Filesize
1.1MB

Download
memory/1644-487-0x00000000021C0000-0x00000000022D1000-memory.dmp

Filesize
1.1MB

Download
memory/1644-486-0x00000000021C0000-0x00000000022D1000-memory.dmp

Filesize
1.1MB

Download
memory/1644-488-0x00000000021C0000-0x00000000022D1000-memory.dmp

Filesize
1.1MB

Download
memory/1644-489-0x00000000021C0000-0x00000000022D1000-memory.dmp

Filesize
1.1MB

Download
memory/1644-490-0x00000000021C0000-0x00000000022D1000-memory.dmp

Filesize
1.1MB

Download
memory/1644-493-0x00000000021C0000-0x00000000022D1000-memory.dmp

Filesize
1.1MB

Download
memory/1644-492-0x00000000021C0000-0x00000000022D1000-memory.dmp

Filesize
1.1MB

Download
memory/1644-491-0x00000000021C0000-0x00000000022D1000-memory.dmp

Filesize
1.1MB

Download
memory/1644-494-0x00000000021C0000-0x00000000022D1000-memory.dmp

Filesize
1.1MB

Download
memory/1644-495-0x00000000021C0000-0x00000000022D1000-memory.dmp

Filesize
1.1MB

Download
memory/1644-496-0x00000000021C0000-0x00000000022D1000-memory.dmp

Filesize
1.1MB

Download
memory/1644-499-0x00000000021C0000-0x00000000022D1000-memory.dmp

Filesize
1.1MB

Download
memory/1644-498-0x00000000021C0000-0x00000000022D1000-memory.dmp

Filesize
1.1MB

Download
memory/1644-497-0x00000000021C0000-0x00000000022D1000-memory.dmp

Filesize
1.1MB

Download
memory/1644-500-0x00000000021C0000-0x00000000022D1000-memory.dmp

Filesize
1.1MB

Download
memory/1644-501-0x00000000021C0000-0x00000000022D1000-memory.dmp

Filesize
1.1MB

Download
memory/1644-502-0x00000000021C0000-0x00000000022D1000-memory.dmp

Filesize
1.1MB

Download
memory/1644-503-0x00000000021C0000-0x00000000022D1000-memory.dmp

Filesize
1.1MB

Download
memory/1644-504-0x00000000021C0000-0x00000000022D1000-memory.dmp

Filesize
1.1MB

Download
memory/1644-505-0x00000000021C0000-0x00000000022D1000-memory.dmp

Filesize
1.1MB

Download
memory/1644-506-0x00000000021C0000-0x00000000022D1000-memory.dmp

Filesize
1.1MB

Download
memory/1644-507-0x00000000021C0000-0x00000000022D1000-memory.dmp

Filesize
1.1MB

Download
memory/1644-508-0x00000000021C0000-0x00000000022D1000-memory.dmp

Filesize
1.1MB

Download
memory/1644-510-0x00000000021C0000-0x00000000022D1000-memory.dmp

Filesize
1.1MB

Download
memory/1644-509-0x00000000021C0000-0x00000000022D1000-memory.dmp

Filesize
1.1MB

Download
memory/1644-511-0x00000000021C0000-0x00000000022D1000-memory.dmp

Filesize
1.1MB

Download
memory/1644-512-0x00000000021C0000-0x00000000022D1000-memory.dmp

Filesize
1.1MB

Download
memory/1644-513-0x00000000021C0000-0x00000000022D1000-memory.dmp

Filesize
1.1MB

Download
memory/1644-514-0x00000000021C0000-0x00000000022D1000-memory.dmp

Filesize
1.1MB

Download
memory/1644-515-0x00000000021C0000-0x00000000022D1000-memory.dmp

Filesize
1.1MB

Download
memory/1644-516-0x00000000021C0000-0x00000000022D1000-memory.dmp

Filesize
1.1MB

Download
memory/1644-517-0x00000000021C0000-0x00000000022D1000-memory.dmp

Filesize
1.1MB

Download
memory/1644-518-0x00000000021C0000-0x00000000022D1000-memory.dmp

Filesize
1.1MB

Download
memory/1644-519-0x00000000021C0000-0x00000000022D1000-memory.dmp

Filesize
1.1MB

Download
memory/1644-520-0x00000000021C0000-0x00000000022D1000-memory.dmp

Filesize
1.1MB

Download
memory/1644-521-0x00000000021C0000-0x00000000022D1000-memory.dmp

Filesize
1.1MB

Download
memory/1644-522-0x00000000021C0000-0x00000000022D1000-memory.dmp

Filesize
1.1MB

Download
memory/1644-523-0x00000000021C0000-0x00000000022D1000-memory.dmp

Filesize
1.1MB

Download
memory/1644-524-0x00000000021C0000-0x00000000022D1000-memory.dmp

Filesize
1.1MB

Download
memory/1644-525-0x00000000021C0000-0x00000000022D1000-memory.dmp

Filesize
1.1MB

Download
memory/1644-1333-0x00000000002F0000-0x00000000003F0000-memory.dmp

Filesize
1024KB

Download
memory/1644-1334-0x0000000002030000-0x00000000021B1000-memory.dmp

Filesize
1.5MB

Download
memory/1644-3477-0x00000000002F0000-0x00000000003F0000-memory.dmp

Filesize
1024KB

Download
memory/1644-4350-0x00000000021C0000-0x00000000022D1000-memory.dmp

Filesize
1.1MB

Download
memory/1644-4352-0x00000000022E0000-0x00000000023E1000-memory.dmp

Filesize
1.0MB

Download
memory/1644-4353-0x0000000000400000-0x0000000000573000-memory.dmp

Filesize
1.4MB

Download