Overview

overview

6

Static

static

b54707455a...74.exe

windows7-x64

6

b54707455a...74.exe

windows10-2004-x64

4

Analysis

  • max time kernel
    172s
  • max time network
    194s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20220812-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
  • submitted
    26-11-2022 22:45

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    b54707455a020020585ad3a0ba361b5ec5d1d52fc82fe7130186a716887f1274.exe

  • Size

    252KB

  • MD5

    3ee7f6f8ecc7aa5eebec6e2768183f74

  • SHA1

    cc7a374f855db0fddf3b0059363c13725613d1ba

  • SHA256

    b54707455a020020585ad3a0ba361b5ec5d1d52fc82fe7130186a716887f1274

  • SHA512

    350a1a6e99ef758ed08f7d01c16a50a9b627b6fb55c246664c15b44704fa8168c7d2d3aae1ca155a07722efea7f46465eca106750b698753c38df2427f2e9e76

  • SSDEEP

    6144:i8bRwCxWXAS8ewZ2c5+BDTzmT8qNTqhnokgI5h:r1nxWQS8eHg+QbtqSk

Score
4/10

Malware Config

Signatures

  • Drops file in Windows directory 1 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

  • Checks processor information in registry 2 TTPs 3 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Enumerates system info in registry 2 TTPs 2 IoCs
  • Suspicious use of AdjustPrivilegeToken 6 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\b54707455a020020585ad3a0ba361b5ec5d1d52fc82fe7130186a716887f1274.exe
    "C:\Users\Admin\AppData\Local\Temp\b54707455a020020585ad3a0ba361b5ec5d1d52fc82fe7130186a716887f1274.exe"
    1⤵
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:4028
    • C:\Windows\Microsoft.NET\Framework\v2.0.50727\dw20.exe
      dw20.exe -x -s 992
      2⤵
      • Drops file in Windows directory
      • Checks processor information in registry
      • Enumerates system info in registry
      • Suspicious use of AdjustPrivilegeToken
      PID:1396

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/1396-134-0x0000000000000000-mapping.dmp
    Download
  • memory/4028-132-0x00000000751C0000-0x0000000075771000-memory.dmp
    Filesize

    5.7MB

    Download
  • memory/4028-133-0x00000000751C0000-0x0000000075771000-memory.dmp
    Filesize

    5.7MB

    Download
  • memory/4028-135-0x00000000751C0000-0x0000000075771000-memory.dmp
    Filesize

    5.7MB

    Download