Overview

overview

10

Static

static

f210373e0e...04.exe

windows7-x64

7

f210373e0e...04.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    151s
  • max time network
    35s
  • platform
    windows7_x64
  • resource
    win7-20221111-en
  • resource tags

    arch:x64arch:x86image:win7-20221111-enlocale:en-usos:windows7-x64system
  • submitted
    24-11-2022 17:06

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    f210373e0eef030d2715eb802466944a88025cfd0710dbb39cc4f12df1dd2404.exe

  • Size

    683KB

  • MD5

    7c63776d07a39aac19600d15abeec0ac

  • SHA1

    64213eb74eb8793f014cf0e52b26f7373d5e32f1

  • SHA256

    f210373e0eef030d2715eb802466944a88025cfd0710dbb39cc4f12df1dd2404

  • SHA512

    0e466c95297b3fc587cc13c83f989f1d64e4bd065f2e9d1beca49071865e144f229ecf32f2c76292b27cd9eaa06ff188499012fdfec3b1967afcebff4f98a0b3

  • SSDEEP

    12288:+MlybpQTJ17OtqDkyJfXCdj6kD4Y8akRcCbmwKqgTt/:nRJ1isfFSdPDr8ak3mwKqgTN

Score
7/10

Malware Config

Signatures

  • Loads dropped DLL 1 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

Processes

  • C:\Users\Admin\AppData\Local\Temp\f210373e0eef030d2715eb802466944a88025cfd0710dbb39cc4f12df1dd2404.exe
    "C:\Users\Admin\AppData\Local\Temp\f210373e0eef030d2715eb802466944a88025cfd0710dbb39cc4f12df1dd2404.exe"
    1⤵
    • Loads dropped DLL
    PID:1980

Network

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

1
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

  • \Users\Admin\AppData\Local\Temp\Java\jusched.exe
    Filesize

    600KB

    MD5

    e443da4b87abad4d8546efd8edc967c7

    SHA1

    38e5ea73534769fcadf3a73fbc87eaa35725a49c

    SHA256

    39796311c98c31d0dfe753c99cd67eb5101a95df334d25b82e5772e68bc726d0

    SHA512

    97b6f83d1b70802b98cff3b7a60f23498a10c19280436dab094133bca5ce10a64b29a0550343eb85e7d41e81ac1aa336ee56f322a8d8ee638c259cb6afee7e45

    Download Submit
  • memory/1980-54-0x0000000075F61000-0x0000000075F63000-memory.dmp
    Filesize

    8KB

    Download
  • memory/1980-55-0x00000000745C0000-0x0000000074B6B000-memory.dmp
    Filesize

    5.7MB

    Download
  • memory/1980-56-0x00000000745C0000-0x0000000074B6B000-memory.dmp
    Filesize

    5.7MB

    Download
  • memory/1980-57-0x00000000004F6000-0x0000000000507000-memory.dmp
    Filesize

    68KB

    Download