Overview

overview

7

Static

static

fcdcaed145...d8.exe

windows7-x64

7

fcdcaed145...d8.exe

windows10-2004-x64

4

Analysis

  • max time kernel
    56s
  • max time network
    49s
  • platform
    windows7_x64
  • resource
    win7-20220901-en
  • resource tags

    arch:x64arch:x86image:win7-20220901-enlocale:en-usos:windows7-x64system
  • submitted
    24-11-2022 16:30

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    fcdcaed145f2a8bc5a5dc15a0374781e6fd8f737f746bfd91badcd7cc04ccbd8.exe

  • Size

    98KB

  • MD5

    e9b477fcebed6acc91e1e167099f7fc5

  • SHA1

    9134a6330c3a790219286e0dfa27f280ec8e5f32

  • SHA256

    fcdcaed145f2a8bc5a5dc15a0374781e6fd8f737f746bfd91badcd7cc04ccbd8

  • SHA512

    b5ab0a04d55aa213905c9f3d1084c36ed6d005093c4faff83cf87feb40d2547f3ecb05ff65a1eba181b9985556a18dd13c3f0da99c048e4aa03e1500d433164b

  • SSDEEP

    1536:nv5MASDL6vr9s8hPBArSj74ckzblHY0kWloZLtnckP390q+3dk5159:nvkgS8h+r84pG06oq+6513

Score
7/10

Malware Config

Signatures

  • Deletes itself 1 IoCs
  • Drops file in Windows directory 1 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

  • Suspicious behavior: EnumeratesProcesses 1 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\fcdcaed145f2a8bc5a5dc15a0374781e6fd8f737f746bfd91badcd7cc04ccbd8.exe
    "C:\Users\Admin\AppData\Local\Temp\fcdcaed145f2a8bc5a5dc15a0374781e6fd8f737f746bfd91badcd7cc04ccbd8.exe"
    1⤵
    • Drops file in Windows directory
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of WriteProcessMemory
    PID:1064
    • C:\Windows\system32\cmd.exe
      cmd /c ""C:\Users\Admin\AppData\Local\Temp\killfile.bat" "
      2⤵
      • Deletes itself
      PID:1672

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\killfile.bat
    Filesize

    301B

    MD5

    5d0369d6e25e61c1338f334b6e33270c

    SHA1

    a335b253826fb2b949ba22ebeac985f9599f7b38

    SHA256

    2d3e5428fd0d68f2227a54c451bab904acefad4917d86c61788071ebe8952460

    SHA512

    a9977e9e4718c6fadaab13ad93f6cfe80441538c367ba8ec580c5c1982de2a38b9f2e6d37a1ccdb7d498d2f8765e9f8017258a4887ef85e1a60366f218a3d0a2

    Download Submit

  • memory/1064-54-0x0000000075BB1000-0x0000000075BB3000-memory.dmp

    Filesize

    8KB

    Download

  • memory/1672-55-0x0000000000000000-mapping.dmp

    Download