Overview

overview

7

Static

static

aa663811ae...8d.exe

windows7-x64

7

aa663811ae...8d.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    123s
  • max time network
    155s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20220812-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
  • submitted
    25/11/2022, 18:59

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    aa663811ae1f82844bfc5312062f3360b6f1ff3a05b8b02d2f2dcc6388401d8d.exe

  • Size

    198KB

  • MD5

    7f53bc4e13eda740711e4034c3c80675

  • SHA1

    e25d02c0233a553b8822ed7e8a5010b764fec8c1

  • SHA256

    aa663811ae1f82844bfc5312062f3360b6f1ff3a05b8b02d2f2dcc6388401d8d

  • SHA512

    3319981079dd30ccd87073914b35352753c93f6c5e600ec99547b5afb3c4aba2e200be758a4e7095467cdddddb4d02d2a55d5950be05448b5dae78663aa95b23

  • SSDEEP

    3072:Kd178LL6mx8Y+NJ7rhNONxzNw+UUaVSvs1C8/ehoraNUXtMLWM:KdF8LL6Y+NYz2dUvs1C8/ehoraNUXSqM

Score
7/10

Malware Config

Signatures

  • Checks computer location settings 2 TTPs 1 IoCs

    Looks up country code configured in the registry, likely geofence.

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

  • Runs ping.exe 1 TTPs 5 IoCs
  • Suspicious use of WriteProcessMemory 18 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\aa663811ae1f82844bfc5312062f3360b6f1ff3a05b8b02d2f2dcc6388401d8d.exe
    "C:\Users\Admin\AppData\Local\Temp\aa663811ae1f82844bfc5312062f3360b6f1ff3a05b8b02d2f2dcc6388401d8d.exe"
    1⤵
    • Checks computer location settings
    • Suspicious use of WriteProcessMemory
    PID:1944
    • C:\Windows\SysWOW64\cmd.exe
      C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\818.bat" "C:\Users\Admin\AppData\Local\Temp\aa663811ae1f82844bfc5312062f3360b6f1ff3a05b8b02d2f2dcc6388401d8d.exe""
      2⤵
      • Suspicious use of WriteProcessMemory
      PID:4224
      • C:\Windows\SysWOW64\PING.EXE
        ping 1.1.1.1 -n 1 -w 1000
        3⤵
        • Runs ping.exe
        PID:1448
      • C:\Windows\SysWOW64\PING.EXE
        ping 1.1.1.1 -n 1 -w 1000
        3⤵
        • Runs ping.exe
        PID:3028
      • C:\Windows\SysWOW64\PING.EXE
        ping 1.1.1.1 -n 1 -w 1000
        3⤵
        • Runs ping.exe
        PID:4704
      • C:\Windows\SysWOW64\PING.EXE
        ping 1.1.1.1 -n 1 -w 1000
        3⤵
        • Runs ping.exe
        PID:1608
      • C:\Windows\SysWOW64\PING.EXE
        ping 1.1.1.1 -n 1 -w 1000
        3⤵
        • Runs ping.exe
        PID:3640

Network

        MITRE ATT&CK Enterprise v6

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Users\Admin\AppData\Local\Temp\818.bat
          Filesize

          205B

          MD5

          af942e21a17f04903c52cb28a9b89542

          SHA1

          ebcfe47bad384564346db4141d26e3e68f9f984f

          SHA256

          c62a90b84dac61f74122f6eaa01665155a18b28a68b799a963f8a877194f922d

          SHA512

          790decec1485e8fc42c3ee09a3e871ee95fdf2bf2e5f15556de0a5b5db2106114d79206acf2dcf3e7c0dbe9df7b1298e0b3f7247a34d9d3bd9f296cc9b61211a

          Download Submit