Overview

overview

8

Static

static

5983df5bde...b3.exe

windows7-x64

8

5983df5bde...b3.exe

windows10-2004-x64

8

Analysis

  • max time kernel
    19s
  • max time network
    46s
  • platform
    windows7_x64
  • resource
    win7-20220812-en
  • resource tags

    arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
  • submitted
    27-11-2022 17:02

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    5983df5bde3c35da4eaa684145c9cf413c99ae29decc2088880d5b2ee8af90b3.exe

  • Size

    724KB

  • MD5

    951ddc162aca63083933b40f4fc3c0b9

  • SHA1

    4fa550b4146807e4714219960088cc0a5af6db98

  • SHA256

    5983df5bde3c35da4eaa684145c9cf413c99ae29decc2088880d5b2ee8af90b3

  • SHA512

    9213f0d345ae73039132bc99250f03366f78435a8598fdab2210e9a850f7b1c1b598d58013049ac49148abdbc29993078b892067acdd76b5d604936c595d4927

  • SSDEEP

    12288:vScaAytRpk6f21DgftyF9jJQ/e/AdfwQY3csQv/QrdBgorD3GnZY:agytvk6f2wy9jJQ/e/AdfwQY3ZQv/QrQ

Score
8/10

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\5983df5bde3c35da4eaa684145c9cf413c99ae29decc2088880d5b2ee8af90b3.exe
    "C:\Users\Admin\AppData\Local\Temp\5983df5bde3c35da4eaa684145c9cf413c99ae29decc2088880d5b2ee8af90b3.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:1364
    • C:\Users\Admin\AppData\LocalOuTVsCVrca.exe
      "C:\Users\Admin\AppData\LocalOuTVsCVrca.exe"
      2⤵
      • Executes dropped EXE
      PID:1192

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalOuTVsCVrca.exe
    Filesize

    698KB

    MD5

    fb6725769d2af5b27e57c2b31e6b8b6b

    SHA1

    cdf314c8591e50cf443e440f0f35f6621f3936b9

    SHA256

    b0331adf3ce97fbf545ae4a3004f4bc0e312aee5b231f40de4a04e55ed7d3bc1

    SHA512

    17eb09832b40cea064a26f1e3d157c9642cd3b1e587e9ba078233cc1ee0a47c7a31d83c2bd9b8a9f5a6acb5663b2f427b350b5582d31b72bbbbafb041cf64c44

    Download Submit

  • C:\Users\Admin\AppData\LocalOuTVsCVrca.exe
    Filesize

    698KB

    MD5

    fb6725769d2af5b27e57c2b31e6b8b6b

    SHA1

    cdf314c8591e50cf443e440f0f35f6621f3936b9

    SHA256

    b0331adf3ce97fbf545ae4a3004f4bc0e312aee5b231f40de4a04e55ed7d3bc1

    SHA512

    17eb09832b40cea064a26f1e3d157c9642cd3b1e587e9ba078233cc1ee0a47c7a31d83c2bd9b8a9f5a6acb5663b2f427b350b5582d31b72bbbbafb041cf64c44

    Download Submit

  • memory/1192-60-0x0000000074C91000-0x0000000074C93000-memory.dmp

    Filesize

    8KB

    Download

  • memory/1192-61-0x0000000074000000-0x00000000745AB000-memory.dmp

    Filesize

    5.7MB

    Download

  • memory/1192-62-0x0000000074000000-0x00000000745AB000-memory.dmp

    Filesize

    5.7MB

    Download

  • memory/1364-54-0x000007FEF3AD0000-0x000007FEF44F3000-memory.dmp

    Filesize

    10.1MB

    Download

  • memory/1364-55-0x000007FEFB761000-0x000007FEFB763000-memory.dmp

    Filesize

    8KB

    Download

  • memory/1364-59-0x000000001ACF0000-0x000000001AD00000-memory.dmp

    Filesize

    64KB

    Download