Overview

overview

7

Static

static

480a377441...3a.exe

windows7-x64

4

480a377441...3a.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    182s
  • max time network
    198s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20221111-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20221111-enlocale:en-usos:windows10-2004-x64system
  • submitted
    25/11/2022, 21:36

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    480a3774416faa3362b59d6fa9ba0ea5c55c0e6a6e295032269d95ac45f5853a.exe

  • Size

    49KB

  • MD5

    f48d640494b4c5062b0c88834b2c845b

  • SHA1

    b734a76e93e17541c9b917e03ff50e974653fb53

  • SHA256

    480a3774416faa3362b59d6fa9ba0ea5c55c0e6a6e295032269d95ac45f5853a

  • SHA512

    9d5dbe19bcea29932cd1f3dd094cab6ce4b8757be5856ed2062f99f95bf0a85106742d720002fab7637a21aff43622b4b2fe93896f34b20b036f9b6d596960da

  • SSDEEP

    768:HsCu4BAeirX2dXKGEIBcls+Hw+KopawseTcq1kzCsP4oeGvhIR5e:Hju2WrmRzBcl1HwjwNsgHsPzeGZIf

Score
7/10

Malware Config

Signatures

  • Checks computer location settings 2 TTPs 1 IoCs

    Looks up country code configured in the registry, likely geofence.

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

  • Checks processor information in registry 2 TTPs 3 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Enumerates system info in registry 2 TTPs 3 IoCs
  • Modifies registry class 1 IoCs
  • Suspicious behavior: AddClipboardFormatListener 2 IoCs
  • Suspicious use of SetWindowsHookEx 7 IoCs
  • Suspicious use of WriteProcessMemory 2 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\480a3774416faa3362b59d6fa9ba0ea5c55c0e6a6e295032269d95ac45f5853a.exe
    "C:\Users\Admin\AppData\Local\Temp\480a3774416faa3362b59d6fa9ba0ea5c55c0e6a6e295032269d95ac45f5853a.exe"
    1⤵
    • Checks computer location settings
    • Modifies registry class
    • Suspicious use of WriteProcessMemory
    PID:4128
    • C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE
      "C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE" /n "C:\Users\Admin\AppData\Local\Temp\480a3774416faa3362b59d6fa9ba0ea5c55c0e6a6e295032269d95ac45f5853a.rtf" /o ""
      2⤵
      • Checks processor information in registry
      • Enumerates system info in registry
      • Suspicious behavior: AddClipboardFormatListener
      • Suspicious use of SetWindowsHookEx
      PID:4756

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\480a3774416faa3362b59d6fa9ba0ea5c55c0e6a6e295032269d95ac45f5853a.rtf
    Filesize

    3KB

    MD5

    284850baa4906da63dd3c4d6b835fb03

    SHA1

    d2929834b25db5f679a5f7026c5da6cec153f7ce

    SHA256

    e9cb60622d4f5228466f5fb9bf06a5da1668097c6bdcb9088cb6040372845492

    SHA512

    234e855adea91e902bfc1d407bd95498c7a84e55ed077171291957e5940c69b0ef6a35a40e8e60eb4709f029fcec0f75ef65f92e4505ce69bc7239736042a6e0

    Download Submit

  • memory/4128-132-0x0000000000401000-0x0000000000403000-memory.dmp

    Filesize

    8KB

    Download

  • memory/4128-133-0x0000000000400000-0x0000000000410000-memory.dmp

    Filesize

    64KB

    Download

  • memory/4756-135-0x00007FFA41590000-0x00007FFA415A0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/4756-136-0x00007FFA41590000-0x00007FFA415A0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/4756-137-0x00007FFA41590000-0x00007FFA415A0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/4756-138-0x00007FFA41590000-0x00007FFA415A0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/4756-139-0x00007FFA41590000-0x00007FFA415A0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/4756-140-0x00007FFA3ECC0000-0x00007FFA3ECD0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/4756-141-0x00007FFA3ECC0000-0x00007FFA3ECD0000-memory.dmp

    Filesize

    64KB

    Download