7fe59e8a42a4adeb0823c2c384255e7350f0140e0ee49cdb88a59346f3c4ce69

Analysis

max time kernel
65s
max time network
112s
platform
windows7_x64
resource
win7-20221111-en
resource tags

arch:x64arch:x86image:win7-20221111-enlocale:en-usos:windows7-x64system
submitted
27/11/2022, 14:10

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

7fe59e8a42a4adeb0823c2c384255e7350f0140e0ee49cdb88a59346f3c4ce69.exe
Size

296KB
MD5

e607bba278262a33f9930a64e4d79d64
SHA1

f78c37a83d38c63bb3b50388116252b2f7dc2233
SHA256

7fe59e8a42a4adeb0823c2c384255e7350f0140e0ee49cdb88a59346f3c4ce69
SHA512

83f32722937f28796608c86f9c8f0498249a8a2138a191b980ca46230aa87514235c118431a119c00cfea66ba248c2adb48c31a7810fb501207b1e306259092d
SSDEEP

6144:cnAm8IwV9BF+4ojFN72JIZRbfpTPOPRfxkE/Zbz:cnANrVB+4ojr2yRxiFyE/Zbz

Score

7^/10

Malware Config

Signatures

Drops startup file 1 IoCs

description	ioc	Process
File created	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\7fe59e8a42a4adeb0823c2c384255e7350f0140e0ee49cdb88a59346f3c4ce69.lnk	7fe59e8a42a4adeb0823c2c384255e7350f0140e0ee49cdb88a59346f3c4ce69.exe

Loads dropped DLL 1 IoCs

pid	Process
1184	7fe59e8a42a4adeb0823c2c384255e7350f0140e0ee49cdb88a59346f3c4ce69.exe

Drops file in Windows directory 1 IoCs

description	ioc	Process
File created	C:\Windows\Tasks\Bidaily Synchronize Task.job	7fe59e8a42a4adeb0823c2c384255e7350f0140e0ee49cdb88a59346f3c4ce69.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

System Information Discovery
T1082

C:\Users\Admin\AppData\Local\Temp\7fe59e8a42a4adeb0823c2c384255e7350f0140e0ee49cdb88a59346f3c4ce69.exe
"C:\Users\Admin\AppData\Local\Temp\7fe59e8a42a4adeb0823c2c384255e7350f0140e0ee49cdb88a59346f3c4ce69.exe"
1⤵
- Drops startup file
- Loads dropped DLL
- Drops file in Windows directory
PID:1184

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

\ProgramData\{a159c6d9-f305-ad3b-a159-9c6d9f301b67}\7fe59e8a42a4adeb0823c2c384255e7350f0140e0ee49cdb88a59346f3c4ce69.exe

Filesize
296KB

MD5
e607bba278262a33f9930a64e4d79d64

SHA1
f78c37a83d38c63bb3b50388116252b2f7dc2233

SHA256
7fe59e8a42a4adeb0823c2c384255e7350f0140e0ee49cdb88a59346f3c4ce69

SHA512
83f32722937f28796608c86f9c8f0498249a8a2138a191b980ca46230aa87514235c118431a119c00cfea66ba248c2adb48c31a7810fb501207b1e306259092d

Download Submit
memory/1184-54-0x0000000075991000-0x0000000075993000-memory.dmp

Filesize
8KB

Download
memory/1184-55-0x00000000002D0000-0x00000000002FF000-memory.dmp

Filesize
188KB

Download