510b0abed1d9560ec050a2b291231931e85d7f7e7f15ed7dfd1a41a22f0f34ac

Analysis

max time kernel
194s
max time network
202s
platform
windows10-2004_x64
resource
win10v2004-20220812-en
resource tags

arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
submitted
26-11-2022 04:20

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

510b0abed1d9560ec050a2b291231931e85d7f7e7f15ed7dfd1a41a22f0f34ac.exe
Size

688KB
MD5

42d085dff1bf12f8ab7f57fafdf9dc15
SHA1

62103dbeacf57605baf13802d1eb2a18d7a3656c
SHA256

510b0abed1d9560ec050a2b291231931e85d7f7e7f15ed7dfd1a41a22f0f34ac
SHA512

a73bbae819123ed1fdafc75c4ee6be4df82aa042ac564c9e89efe90f4c3c94c3964628d70a5fca41093101e946b23e58eed8244024e29cc656c06e5c537efccf
SSDEEP

12288:WnvpS1w3sPVESMn/QLPNPjQ6XlsZwOcmxwaxIxVdWYRJJJkXu19TDbJ:WnvUq3sdW/qjQ6X5OlwaxInddLkunPb

Score

8^/10

upx

Malware Config

Signatures

Downloads MZ/PE file

UPX packed file 6 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

Processes:

resource	yara_rule
behavioral2/memory/1756-134-0x00000000022A0000-0x00000000023E6000-memory.dmp	upx
behavioral2/memory/1756-137-0x00000000022A0000-0x00000000023E6000-memory.dmp	upx
behavioral2/memory/1756-138-0x00000000022A0000-0x00000000023E6000-memory.dmp	upx
behavioral2/memory/1756-139-0x00000000022A0000-0x00000000023E6000-memory.dmp	upx
behavioral2/memory/1756-140-0x00000000022A0000-0x00000000023E6000-memory.dmp	upx
behavioral2/memory/1756-141-0x00000000022A0000-0x00000000023E6000-memory.dmp	upx

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

System Information Discovery
T1082

Suspicious behavior: EnumeratesProcesses 4 IoCs

Processes:

510b0abed1d9560ec050a2b291231931e85d7f7e7f15ed7dfd1a41a22f0f34ac.exe

pid	process
1756	510b0abed1d9560ec050a2b291231931e85d7f7e7f15ed7dfd1a41a22f0f34ac.exe
1756	510b0abed1d9560ec050a2b291231931e85d7f7e7f15ed7dfd1a41a22f0f34ac.exe
1756	510b0abed1d9560ec050a2b291231931e85d7f7e7f15ed7dfd1a41a22f0f34ac.exe
1756	510b0abed1d9560ec050a2b291231931e85d7f7e7f15ed7dfd1a41a22f0f34ac.exe

Suspicious use of AdjustPrivilegeToken 2 IoCs

Processes:

510b0abed1d9560ec050a2b291231931e85d7f7e7f15ed7dfd1a41a22f0f34ac.exe

description	pid	process
Token: SeShutdownPrivilege	1756	510b0abed1d9560ec050a2b291231931e85d7f7e7f15ed7dfd1a41a22f0f34ac.exe
Token: SeCreatePagefilePrivilege	1756	510b0abed1d9560ec050a2b291231931e85d7f7e7f15ed7dfd1a41a22f0f34ac.exe

Suspicious use of SetWindowsHookEx 2 IoCs

Processes:

510b0abed1d9560ec050a2b291231931e85d7f7e7f15ed7dfd1a41a22f0f34ac.exe

pid	process
1756	510b0abed1d9560ec050a2b291231931e85d7f7e7f15ed7dfd1a41a22f0f34ac.exe
1756	510b0abed1d9560ec050a2b291231931e85d7f7e7f15ed7dfd1a41a22f0f34ac.exe

C:\Users\Admin\AppData\Local\Temp\510b0abed1d9560ec050a2b291231931e85d7f7e7f15ed7dfd1a41a22f0f34ac.exe
"C:\Users\Admin\AppData\Local\Temp\510b0abed1d9560ec050a2b291231931e85d7f7e7f15ed7dfd1a41a22f0f34ac.exe"
1⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SetWindowsHookEx
PID:1756

Network

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1756-132-0x0000000000400000-0x0000000000414000-memory.dmp

Filesize
80KB

Download
memory/1756-133-0x00000000021F0000-0x000000000229D000-memory.dmp

Filesize
692KB

Download
memory/1756-134-0x00000000022A0000-0x00000000023E6000-memory.dmp

Filesize
1.3MB

Download
memory/1756-137-0x00000000022A0000-0x00000000023E6000-memory.dmp

Filesize
1.3MB

Download
memory/1756-138-0x00000000022A0000-0x00000000023E6000-memory.dmp

Filesize
1.3MB

Download
memory/1756-139-0x00000000022A0000-0x00000000023E6000-memory.dmp

Filesize
1.3MB

Download
memory/1756-140-0x00000000022A0000-0x00000000023E6000-memory.dmp

Filesize
1.3MB

Download
memory/1756-141-0x00000000022A0000-0x00000000023E6000-memory.dmp

Filesize
1.3MB

Download