69741145096b04dce809d1b9e23ed980ea1cbc1e9103ff74fb560bbdb041ece8

Analysis

max time kernel
52s
max time network
117s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
27/11/2022, 15:50

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

69741145096b04dce809d1b9e23ed980ea1cbc1e9103ff74fb560bbdb041ece8.exe
Size

297KB
MD5

e02d73a981cd2b6c929e2df8b4549e4a
SHA1

a6c29f021ccb8de22a9bde3bfe44c73c5c5db379
SHA256

69741145096b04dce809d1b9e23ed980ea1cbc1e9103ff74fb560bbdb041ece8
SHA512

5f4d33581207734c241b2f132f4272b66a0b000c568ff79552bc91da3047388e713c4f8da492dcd61a0ca00aa264c3058f9f7d326f966e6a7a866c937deb2dfa
SSDEEP

6144:aNW6alKdtWdpBc3KJU4CjGSXO4lqmmRP3IICUA7WMVi:uaqyc3KJ6aWO/r3I0A7WMVi

Score

7^/10

Malware Config

Signatures

Drops startup file 1 IoCs

description	ioc	Process
File created	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\69741145096b04dce809d1b9e23ed980ea1cbc1e9103ff74fb560bbdb041ece8.lnk	69741145096b04dce809d1b9e23ed980ea1cbc1e9103ff74fb560bbdb041ece8.exe

Loads dropped DLL 1 IoCs

pid	Process
364	69741145096b04dce809d1b9e23ed980ea1cbc1e9103ff74fb560bbdb041ece8.exe

Drops file in Windows directory 1 IoCs

description	ioc	Process
File created	C:\Windows\Tasks\Bidaily Synchronize Task.job	69741145096b04dce809d1b9e23ed980ea1cbc1e9103ff74fb560bbdb041ece8.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

System Information Discovery
T1082

C:\Users\Admin\AppData\Local\Temp\69741145096b04dce809d1b9e23ed980ea1cbc1e9103ff74fb560bbdb041ece8.exe
"C:\Users\Admin\AppData\Local\Temp\69741145096b04dce809d1b9e23ed980ea1cbc1e9103ff74fb560bbdb041ece8.exe"
1⤵
- Drops startup file
- Loads dropped DLL
- Drops file in Windows directory
PID:364

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

\ProgramData\{1fa34c16-f189-c355-1fa3-34c16f18305b}\69741145096b04dce809d1b9e23ed980ea1cbc1e9103ff74fb560bbdb041ece8.exe

Filesize
297KB

MD5
e02d73a981cd2b6c929e2df8b4549e4a

SHA1
a6c29f021ccb8de22a9bde3bfe44c73c5c5db379

SHA256
69741145096b04dce809d1b9e23ed980ea1cbc1e9103ff74fb560bbdb041ece8

SHA512
5f4d33581207734c241b2f132f4272b66a0b000c568ff79552bc91da3047388e713c4f8da492dcd61a0ca00aa264c3058f9f7d326f966e6a7a866c937deb2dfa

Download Submit
memory/364-54-0x0000000076681000-0x0000000076683000-memory.dmp

Filesize
8KB

Download
memory/364-55-0x0000000000A70000-0x0000000000A9F000-memory.dmp

Filesize
188KB

Download