Analysis

  • max time kernel
    15s
  • max time network
    54s
  • platform
    windows7_x64
  • resource
    win7-20220812-en
  • resource tags

    arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
  • submitted
    27-11-2022 13:35

General

  • Target

    a5077d1c7fc17176c78b2f106f2eaae6a31c448acc8228942aa50e53ccf06253.exe

  • Size

    379KB

  • MD5

    447291ea8aa13d20589581819220e712

  • SHA1

    d2748e8f512be0afbf04f5c0a277755538bc91a3

  • SHA256

    a5077d1c7fc17176c78b2f106f2eaae6a31c448acc8228942aa50e53ccf06253

  • SHA512

    94cf50ca02244fd0b917c667cadef4c7ce1149e8b2f13fd293f18e1c3b7272a4ea210ef13fa40fc2cd56d20842423033f5ac5e3102b67d4e8df09a7534899a08

  • SSDEEP

    6144:m04iD+K0Td1z9ega3xHB3aByOol2X7mPYRrgJ/n0fWIEZURMUE/3japRLMcrqk:m0r+33z9eZBB1EKwRCXmLXrqk

Score
7/10

Malware Config

Signatures

  • Drops startup file 1 IoCs
  • Loads dropped DLL 1 IoCs
  • Drops file in Windows directory 1 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

Processes

  • C:\Users\Admin\AppData\Local\Temp\a5077d1c7fc17176c78b2f106f2eaae6a31c448acc8228942aa50e53ccf06253.exe
    "C:\Users\Admin\AppData\Local\Temp\a5077d1c7fc17176c78b2f106f2eaae6a31c448acc8228942aa50e53ccf06253.exe"
    1⤵
    • Drops startup file
    • Loads dropped DLL
    • Drops file in Windows directory
    PID:1492

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • \ProgramData\{a5809f5b-aca7-55a2-a580-09f5baca7d6e}\a5077d1c7fc17176c78b2f106f2eaae6a31c448acc8228942aa50e53ccf06253.exe

    Filesize

    379KB

    MD5

    447291ea8aa13d20589581819220e712

    SHA1

    d2748e8f512be0afbf04f5c0a277755538bc91a3

    SHA256

    a5077d1c7fc17176c78b2f106f2eaae6a31c448acc8228942aa50e53ccf06253

    SHA512

    94cf50ca02244fd0b917c667cadef4c7ce1149e8b2f13fd293f18e1c3b7272a4ea210ef13fa40fc2cd56d20842423033f5ac5e3102b67d4e8df09a7534899a08

  • memory/1492-54-0x0000000075B41000-0x0000000075B43000-memory.dmp

    Filesize

    8KB

  • memory/1492-55-0x0000000000260000-0x000000000028F000-memory.dmp

    Filesize

    188KB