Overview

overview

7

Static

static

717f0e27d8...11.exe

windows7-x64

5

717f0e27d8...11.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    45s
  • max time network
    51s
  • platform
    windows7_x64
  • resource
    win7-20220901-en
  • resource tags

    arch:x64arch:x86image:win7-20220901-enlocale:en-usos:windows7-x64system
  • submitted
    25/11/2022, 10:46 UTC

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    717f0e27d80a58d7cd9dbba4460efce546c68e6cd5e17e6bc604e0f596b7e311.exe

  • Size

    1.5MB

  • MD5

    f91c4e92d892e7f886ab7e42701a3426

  • SHA1

    fd82d7112e6b69876a4d13fbda9c913435c9fb72

  • SHA256

    717f0e27d80a58d7cd9dbba4460efce546c68e6cd5e17e6bc604e0f596b7e311

  • SHA512

    8e46ecf8c7369f33297116f634d71e4bfa8b88c1af4d72bc8040cb4c99a302e9819aa42a8be322d280021757ed09c1a1af884d0fecabcd97109e550626d00d48

  • SSDEEP

    24576:Hpa/O74CNt3r2J2FC3eUldZUJ3OlKU4UDcc6Cy+9eGe:wcZC35VcOcmDcc6CdI

Score
5/10

Malware Config

Signatures

  • Suspicious use of SetThreadContext 1 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

  • Modifies Internet Explorer settings 1 TTPs 1 IoCs
    adwarespyware
  • Runs ping.exe 1 TTPs 1 IoCs
  • Suspicious use of SetWindowsHookEx 5 IoCs
  • Suspicious use of WriteProcessMemory 19 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\717f0e27d80a58d7cd9dbba4460efce546c68e6cd5e17e6bc604e0f596b7e311.exe
    "C:\Users\Admin\AppData\Local\Temp\717f0e27d80a58d7cd9dbba4460efce546c68e6cd5e17e6bc604e0f596b7e311.exe"
    1⤵
    • Suspicious use of SetThreadContext
    • Suspicious use of WriteProcessMemory
    PID:1600
    • C:\Windows\SysWOW64\cmd.exe
      "C:\Windows\System32\cmd.exe" /c ping -c 5 8.8.8.8
      2⤵
      • Suspicious use of WriteProcessMemory
      PID:852
      • C:\Windows\SysWOW64\PING.EXE
        ping -c 5 8.8.8.8
        3⤵
        • Runs ping.exe
        PID:688
    • C:\Users\Admin\AppData\Local\Temp\717f0e27d80a58d7cd9dbba4460efce546c68e6cd5e17e6bc604e0f596b7e311.exe
      "C:\Users\Admin\AppData\Local\Temp\717f0e27d80a58d7cd9dbba4460efce546c68e6cd5e17e6bc604e0f596b7e311.exe"
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      PID:1332

Network

  • flag-unknown
    DNS
    v4mabu.g06bky5m0p.com
    717f0e27d80a58d7cd9dbba4460efce546c68e6cd5e17e6bc604e0f596b7e311.exe
    Remote address:
    8.8.8.8:53
    Request
    v4mabu.g06bky5m0p.com
    IN A
    Response
No results found
  • 8.8.8.8:53
    v4mabu.g06bky5m0p.com
    dns
    717f0e27d80a58d7cd9dbba4460efce546c68e6cd5e17e6bc604e0f596b7e311.exe
    67 B
     140 B
     1
    1

    DNS Request

    v4mabu.g06bky5m0p.com

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/1332-64-0x0000000000400000-0x00000000004DF000-memory.dmp

    Filesize

    892KB

    Download

  • memory/1332-57-0x0000000000400000-0x00000000004DF000-memory.dmp

    Filesize

    892KB

    Download

  • memory/1332-59-0x0000000000400000-0x00000000004DF000-memory.dmp

    Filesize

    892KB

    Download

  • memory/1332-56-0x0000000000400000-0x00000000004DF000-memory.dmp

    Filesize

    892KB

    Download

  • memory/1332-61-0x0000000000400000-0x00000000004DF000-memory.dmp

    Filesize

    892KB

    Download

  • memory/1332-66-0x0000000000400000-0x00000000004DF000-memory.dmp

    Filesize

    892KB

    Download

  • memory/1332-68-0x0000000000400000-0x00000000004DF000-memory.dmp

    Filesize

    892KB

    Download

  • memory/1332-72-0x0000000000400000-0x00000000004DF000-memory.dmp

    Filesize

    892KB

    Download

  • memory/1332-73-0x0000000000400000-0x00000000004DF000-memory.dmp

    Filesize

    892KB

    Download

  • memory/1332-75-0x0000000000400000-0x00000000004DF000-memory.dmp

    Filesize

    892KB

    Download

  • memory/1600-54-0x00000000752B1000-0x00000000752B3000-memory.dmp

    Filesize

    8KB

    Download

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.