eda19fdbb4cce64e83405258ee10345bba2ac4933f85d59bd6f72a068c80b3f5

Analysis

max time kernel
151s
max time network
157s
platform
windows7_x64
resource
win7-20221111-en
resource tags

arch:x64arch:x86image:win7-20221111-enlocale:en-usos:windows7-x64system
submitted
27-11-2022 04:38

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

eda19fdbb4cce64e83405258ee10345bba2ac4933f85d59bd6f72a068c80b3f5.exe
Size

424KB
MD5

f4ed6c6262dd6ac95c687dfbbe46a6cb
SHA1

349c4cd93aa29122c1ec1c2253f88d19e829804c
SHA256

eda19fdbb4cce64e83405258ee10345bba2ac4933f85d59bd6f72a068c80b3f5
SHA512

69ec0d2438b720b04916ab2c404986c264b4483392191f3d11136e8908308738aa6c60c961fd187099f6073e92ab6a6c735312bb9a1d5a897b75c36d24893c1b
SSDEEP

12288:UgskUuDR24+5jrAqG6orxTDyRBxA6wr90:SnSb+drAqE9kBxw

Score

6^/10

evasion trojan

Malware Config

Signatures

Checks whether UAC is enabled 1 TTPs 1 IoCs

evasion trojan

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA	eda19fdbb4cce64e83405258ee10345bba2ac4933f85d59bd6f72a068c80b3f5.exe

Drops file in Windows directory 2 IoCs

description	ioc	Process
File opened for modification	C:\Windows\i2rz\	eda19fdbb4cce64e83405258ee10345bba2ac4933f85d59bd6f72a068c80b3f5.exe
File created	C:\Windows\X2014	eda19fdbb4cce64e83405258ee10345bba2ac4933f85d59bd6f72a068c80b3f5.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

System Information Discovery
T1082

C:\Users\Admin\AppData\Local\Temp\eda19fdbb4cce64e83405258ee10345bba2ac4933f85d59bd6f72a068c80b3f5.exe
"C:\Users\Admin\AppData\Local\Temp\eda19fdbb4cce64e83405258ee10345bba2ac4933f85d59bd6f72a068c80b3f5.exe"
1⤵
- Checks whether UAC is enabled
- Drops file in Windows directory
PID:856

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

memory/856-54-0x0000000075C11000-0x0000000075C13000-memory.dmp

Filesize
8KB

Download