Analysis
-
max time kernel
185s -
max time network
198s -
platform
windows10-2004_x64 -
resource
win10v2004-20221111-en -
resource tags
-
submitted
27-11-2022 22:49
General
-
Target
3a7a7727e57608b41e84fb60bccb4767a7f0e36dafcc8db65bf6a11f4a163406.exe
-
Size
4.4MB
-
MD5
fa25ea66f62fc503a570969d431df329
-
SHA1
5127b92b6fb36944c60a090a01a32a4db54eb05e
-
SHA256
3a7a7727e57608b41e84fb60bccb4767a7f0e36dafcc8db65bf6a11f4a163406
-
SHA512
2cf99eae018604bea3865d468ecc56ee7daec9b8e5b20f1cfdca1b6dc4b4ab6309ccc0303227d6623dbaa9398ffa4f5a8a209e4df60429ae50ec4e2cd08489fe
-
SSDEEP
98304:rg56a8oxDqU7uHBUD86gpR0Gc18CZctvldxmcFHj+:U5AwYk8TnjcSCZcGc
Malware Config
Signatures
-
Executes dropped EXE 2 IoCs
-
UPX packed file 4 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
AutoIT Executable 2 IoCs
AutoIT scripts compiled to PE executables.
-
Drops file in Windows directory 2 IoCs
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.
-
Suspicious behavior: EnumeratesProcesses 2 IoCs
-
Suspicious behavior: GetForegroundWindowSpam 1 IoCs
-
Suspicious use of FindShellTrayWindow 9 IoCs
-
Suspicious use of SendNotifyMessage 4 IoCs
-
Suspicious use of WriteProcessMemory 6 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\3a7a7727e57608b41e84fb60bccb4767a7f0e36dafcc8db65bf6a11f4a163406.exe"C:\Users\Admin\AppData\Local\Temp\3a7a7727e57608b41e84fb60bccb4767a7f0e36dafcc8db65bf6a11f4a163406.exe"1⤵
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
-
C:\Windows\mod.exeC:\Windows/mod.exe2⤵
- Executes dropped EXE
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\file1.exeC:\Users\Admin\AppData\Local\Temp\file1.exe3⤵
- Executes dropped EXE
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of FindShellTrayWindow
-
-
Network
MITRE ATT&CK Enterprise v6
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
3.9MB
MD5bb72dc16a5123fc281c3cba1f9746843
SHA1c1c9dab6e287fb4bb54a95bb1ecefa40997b21b5
SHA2567c89916c3627988e90459654de59dedd044517c66399e77dd99eef8c3659f0b5
SHA512cdbdea9ada37d23da8d8a3cb4e77ecd5244d445eba77fa8cd9616dc9fea2ecce0831a6d7689efbfa92c7dc579319a0d3d829c86358fd31bb7efbfea0acd3cc84
-
Filesize
3.9MB
MD5bb72dc16a5123fc281c3cba1f9746843
SHA1c1c9dab6e287fb4bb54a95bb1ecefa40997b21b5
SHA2567c89916c3627988e90459654de59dedd044517c66399e77dd99eef8c3659f0b5
SHA512cdbdea9ada37d23da8d8a3cb4e77ecd5244d445eba77fa8cd9616dc9fea2ecce0831a6d7689efbfa92c7dc579319a0d3d829c86358fd31bb7efbfea0acd3cc84
-
Filesize
3.5MB
MD542c9cacf190044844c19ec76f15e6751
SHA11d2497ace6a9153f812c49d3160d6ef3bcc3b89f
SHA2567b7b431db27564a24eaaa6db5bff786aff91abf651a578ccff2ada372cb5d7f5
SHA512e850b9d571cc86f31fa3c109c4ac4f769ccd5db2cf1e377d44b4b0f503abce98a11189aa9b9278626ecf2b3969c797b83f584f0432bbd36d347f9beb50770b8c
-
Filesize
3.5MB
MD542c9cacf190044844c19ec76f15e6751
SHA11d2497ace6a9153f812c49d3160d6ef3bcc3b89f
SHA2567b7b431db27564a24eaaa6db5bff786aff91abf651a578ccff2ada372cb5d7f5
SHA512e850b9d571cc86f31fa3c109c4ac4f769ccd5db2cf1e377d44b4b0f503abce98a11189aa9b9278626ecf2b3969c797b83f584f0432bbd36d347f9beb50770b8c
-
Filesize
744KB
-
Filesize
744KB