Overview

overview

9

Static

static

f1cfe9ab11...fe.exe

windows7-x64

f1cfe9ab11...fe.exe

windows10-2004-x64

9

Analysis

  • max time kernel
    119s
  • max time network
    124s
  • platform
    windows7_x64
  • resource
    win7-20220901-en
  • resource tags

    arch:x64arch:x86image:win7-20220901-enlocale:en-usos:windows7-x64system
  • submitted
    25-11-2022 11:08

Sharing

Copy URL
Twitter E-mail

Errors

Reason
Machine shutdown
Report Analysis Logs

General

  • Target

    f1cfe9ab11101a9282e43b355614e0e6c929ebed5f6c10c0c1ff61e714e24afe.exe

  • Size

    1.9MB

  • MD5

    ccab2ea95f8895bc7eca9ee67158b661

  • SHA1

    bbf463386c061082cdca777fddabfeef82c647b3

  • SHA256

    f1cfe9ab11101a9282e43b355614e0e6c929ebed5f6c10c0c1ff61e714e24afe

  • SHA512

    93c8c27889aeb91655a17a27ba8ba37d5abf93d8f1c71d526d3bafeb5dd9749a4b05072441872022cc0def6ac1a3696c65b68e12dabf85ab3cda2ee9bda8932b

  • SSDEEP

    49152:kEaGqcDaYybXkdlMDoRco9yXfdqhf+P+3vkN3VGES:kfmaTOeU+o9mdqQP+3spS

Score
9/10
evasionransomware

Malware Config

Signatures

  • Modifies boot configuration data using bcdedit 1 TTPs 1 IoCs
    ransomwareevasion
  • Suspicious behavior: EnumeratesProcesses 13 IoCs
  • Suspicious use of AdjustPrivilegeToken 64 IoCs
  • Suspicious use of WriteProcessMemory 9 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\f1cfe9ab11101a9282e43b355614e0e6c929ebed5f6c10c0c1ff61e714e24afe.exe
    "C:\Users\Admin\AppData\Local\Temp\f1cfe9ab11101a9282e43b355614e0e6c929ebed5f6c10c0c1ff61e714e24afe.exe"
    1⤵
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:592
    • C:\Windows\system32\cmd.exe
      cmd.exe /c bcdedit /set safeboot network
      2⤵
      • Suspicious use of WriteProcessMemory
      PID:1928
      • C:\Windows\system32\bcdedit.exe
        bcdedit /set safeboot network
        3⤵
        • Modifies boot configuration data using bcdedit
        PID:2032
    • C:\Windows\system32\shutdown.exe
      shutdown -r -t 00
      2⤵
        PID:1760
    • C:\Windows\system32\AUDIODG.EXE
      C:\Windows\system32\AUDIODG.EXE 0x1b4
      1⤵
        PID:1828
      • C:\Windows\system32\LogonUI.exe
        "LogonUI.exe" /flags:0x0
        1⤵
          PID:1444
        • C:\Windows\system32\LogonUI.exe
          "LogonUI.exe" /flags:0x1
          1⤵
            PID:1696

          Network

          MITRE ATT&CK Enterprise v6

          Replay Monitor

          Loading Replay Monitor...

          Downloads

          • memory/592-54-0x0000000000F30000-0x0000000000F3A000-memory.dmp
            Filesize

            40KB

            Download
          • memory/592-55-0x000000001B0B0000-0x000000001B2B6000-memory.dmp
            Filesize

            2.0MB

            Download
          • memory/592-56-0x000000001AE70000-0x000000001B032000-memory.dmp
            Filesize

            1.8MB

            Download
          • memory/592-57-0x000000001BA00000-0x000000001BBCC000-memory.dmp
            Filesize

            1.8MB

            Download
          • memory/592-58-0x000000001BF20000-0x000000001C13C000-memory.dmp
            Filesize

            2.1MB

            Download
          • memory/592-59-0x000000001ACA7000-0x000000001ACC6000-memory.dmp
            Filesize

            124KB

            Download
          • memory/592-63-0x000000001ACA7000-0x000000001ACC6000-memory.dmp
            Filesize

            124KB

            Download
          • memory/1444-64-0x000007FEFBB51000-0x000007FEFBB53000-memory.dmp
            Filesize

            8KB

            Download
          • memory/1760-62-0x0000000000000000-mapping.dmp
            Download
          • memory/1928-60-0x0000000000000000-mapping.dmp
            Download
          • memory/2032-61-0x0000000000000000-mapping.dmp
            Download