Overview

overview

6

Static

static

b265431f41...f3.exe

windows7-x64

6

b265431f41...f3.exe

windows10-2004-x64

6

Analysis

  • max time kernel
    98s
  • max time network
    105s
  • platform
    windows7_x64
  • resource
    win7-20221111-en
  • resource tags

    arch:x64arch:x86image:win7-20221111-enlocale:en-usos:windows7-x64system
  • submitted
    24-11-2022 20:36

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    b265431f41e964b09900df890ebdb7a6d399d0edf76b0afb6664ec39117477f3.exe

  • Size

    35KB

  • MD5

    c0c347f3a4f578634d79aa8e7f614772

  • SHA1

    6efbb01e88d6ba82f8635c0ced1407206838c01c

  • SHA256

    b265431f41e964b09900df890ebdb7a6d399d0edf76b0afb6664ec39117477f3

  • SHA512

    a3a0b775a75c9108e6dc76c433f315d44f2075455744bdba140d0584b16f21f1cd8936fba589f1bf276ccf697ceced92535dc8173f099518bb85a2cc9bd5aaf4

  • SSDEEP

    768:UPRf/KRwPqF+q71LPhnpwY9VSTUPCMRnGF:UPRf/KRwPxq71LP590MRG

Score
6/10
persistence

Malware Config

Signatures

  • Adds Run key to start application 2 TTPs 1 IoCs
    persistence
  • Drops file in Windows directory 3 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

Processes

  • C:\Users\Admin\AppData\Local\Temp\b265431f41e964b09900df890ebdb7a6d399d0edf76b0afb6664ec39117477f3.exe
    "C:\Users\Admin\AppData\Local\Temp\b265431f41e964b09900df890ebdb7a6d399d0edf76b0afb6664ec39117477f3.exe"
    1⤵
    • Adds Run key to start application
    • Drops file in Windows directory
    PID:584

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/584-54-0x0000000076B51000-0x0000000076B53000-memory.dmp

    Filesize

    8KB

    Download

  • memory/584-55-0x0000000074B20000-0x00000000750CB000-memory.dmp

    Filesize

    5.7MB

    Download

  • memory/584-56-0x0000000074B20000-0x00000000750CB000-memory.dmp

    Filesize

    5.7MB

    Download

  • memory/584-57-0x0000000074B20000-0x00000000750CB000-memory.dmp

    Filesize

    5.7MB

    Download