Overview

overview

7

Static

static

c39e56b0bd...40.exe

windows7-x64

7

c39e56b0bd...40.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    91s
  • max time network
    154s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20220812-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
  • submitted
    24-11-2022 19:38

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    c39e56b0bd1e366996098bae792e2e678de0ad2ac728b7ebc3b42fe6646a3a40.exe

  • Size

    98KB

  • MD5

    c909275fc05c6266dcf6f6cf53fd0465

  • SHA1

    7372efe2c3a2af0fb6f45ddeab552950d7eb0073

  • SHA256

    c39e56b0bd1e366996098bae792e2e678de0ad2ac728b7ebc3b42fe6646a3a40

  • SHA512

    429b45ba1e895e2c1ae6eed04e81bd7d15b1bc596778bc956ede285f3297dd6f8f8afac25e08fd7442d8294fd270b001140839c720090b8ec34d1a4833b358b6

  • SSDEEP

    1536:+v5MASDL6vr9s8hPBArSj74ckzblHY0kWloZLtnckP390q+3hk5159:+vkgS8h+r84pG06oq+G513

Score
7/10

Malware Config

Signatures

  • Checks computer location settings 2 TTPs 1 IoCs

    Looks up country code configured in the registry, likely geofence.

  • Drops file in Windows directory 1 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

  • Suspicious behavior: EnumeratesProcesses 2 IoCs
  • Suspicious use of WriteProcessMemory 2 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\c39e56b0bd1e366996098bae792e2e678de0ad2ac728b7ebc3b42fe6646a3a40.exe
    "C:\Users\Admin\AppData\Local\Temp\c39e56b0bd1e366996098bae792e2e678de0ad2ac728b7ebc3b42fe6646a3a40.exe"
    1⤵
    • Checks computer location settings
    • Drops file in Windows directory
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of WriteProcessMemory
    PID:4204
    • C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\killfile.bat" "
      2⤵
        PID:2028

    Network

    MITRE ATT&CK Matrix ATT&CK v6

    Initial Access

    Execution

    Persistence

    Privilege Escalation

    Defense Evasion

    Credential Access

    Discovery

    Query Registry

    1
    T1012

    System Information Discovery

    2
    T1082

    Lateral Movement

    Collection

    Exfiltration

    Command and Control

    Impact

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\Local\Temp\killfile.bat
      Filesize

      301B

      MD5

      2e016f3fadd4896684f55dcb1a61ad4d

      SHA1

      cec966e09438ff0ec1d3bc97349257e598694785

      SHA256

      a3b78d563cd65083afa19eaca625276791d3dd3bed3fbcdc99b0a2a3901d8fc0

      SHA512

      a39b96b02623f743bf4cf9b9add022941bc86d7e3a09b72560152e11b7f4c046a58a3d40848d36f32be7e38fdd00208056679af0b5f7e4eb59cd2d82d755adf3

      Download Submit
    • memory/2028-132-0x0000000000000000-mapping.dmp
      Download