Overview

overview

7

Static

static

7cb512c189...d9.exe

windows7-x64

7

7cb512c189...d9.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    61s
  • max time network
    63s
  • platform
    windows7_x64
  • resource
    win7-20220812-en
  • resource tags

    arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
  • submitted
    27/11/2022, 12:59

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    7cb512c189916646157591a8e89faf938fe30d74e27524d47f73c8dad797ccd9.exe

  • Size

    298KB

  • MD5

    e4c51bceddd6d4e36a1e7d5dcc409636

  • SHA1

    f44a651dafe7ff756098a2c45e63b5a8d233a3d8

  • SHA256

    7cb512c189916646157591a8e89faf938fe30d74e27524d47f73c8dad797ccd9

  • SHA512

    ae9ebdf2266ad3dc650682a98421929fef1f2b45d012ec19a9c49ecf465432ea0b6b7397978d67850b54810c11fe1de7f30ba6b0717995b7ab10d0e399ccb81f

  • SSDEEP

    6144:YI7mPGBaExlSZvC4q7Q2PvDExlJ1tBxg2zUfnFrTK5S:iGRnStCZ77zSTxglnFrTK5S

Score
7/10

Malware Config

Signatures

  • Drops startup file 1 IoCs
  • Loads dropped DLL 1 IoCs
  • Drops file in Windows directory 1 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

Processes

  • C:\Users\Admin\AppData\Local\Temp\7cb512c189916646157591a8e89faf938fe30d74e27524d47f73c8dad797ccd9.exe
    "C:\Users\Admin\AppData\Local\Temp\7cb512c189916646157591a8e89faf938fe30d74e27524d47f73c8dad797ccd9.exe"
    1⤵
    • Drops startup file
    • Loads dropped DLL
    • Drops file in Windows directory
    PID:1628

Network

        MITRE ATT&CK Enterprise v6

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • \ProgramData\{631e47fe-415e-c106-631e-e47fe4151ff9}\7cb512c189916646157591a8e89faf938fe30d74e27524d47f73c8dad797ccd9.exe
          Filesize

          298KB

          MD5

          e4c51bceddd6d4e36a1e7d5dcc409636

          SHA1

          f44a651dafe7ff756098a2c45e63b5a8d233a3d8

          SHA256

          7cb512c189916646157591a8e89faf938fe30d74e27524d47f73c8dad797ccd9

          SHA512

          ae9ebdf2266ad3dc650682a98421929fef1f2b45d012ec19a9c49ecf465432ea0b6b7397978d67850b54810c11fe1de7f30ba6b0717995b7ab10d0e399ccb81f

          Download Submit

        • memory/1628-54-0x0000000074AD1000-0x0000000074AD3000-memory.dmp

          Filesize

          8KB

          Download

        • memory/1628-55-0x0000000000660000-0x000000000068F000-memory.dmp

          Filesize

          188KB

          Download