521c8349436418231553314db8585e8737387e58f89d688fd7bc5114c18ea8d5

Analysis

max time kernel
238s
max time network
335s
platform
windows7_x64
resource
win7-20221111-en
resource tags

arch:x64arch:x86image:win7-20221111-enlocale:en-usos:windows7-x64system
submitted
27/11/2022, 17:21

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

521c8349436418231553314db8585e8737387e58f89d688fd7bc5114c18ea8d5.exe
Size

297KB
MD5

e6147b0e9e48d6fa55a7c54168793a98
SHA1

80a9aacd5d561790ec86655bde6f119555c72e84
SHA256

521c8349436418231553314db8585e8737387e58f89d688fd7bc5114c18ea8d5
SHA512

7b052f9025da3536b4f10c12272e840b538068da64a771807bf6efba1fdb845c5b8831affb68cdbb24cb2da6de415e3cfdc5f9d4d823cc5f35bf56fa531fb5d4
SSDEEP

6144:TjUpvhiBCI6diElseoQxIoilYa5+kSVpBP3A+AaDlFAjGbBfI3T9VVm2VUY:HIv6C35SeoCIoiLAkyH4+AaDl85hmqUY

Score

7^/10

Malware Config

Signatures

Drops startup file 1 IoCs

description	ioc	Process
File created	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\521c8349436418231553314db8585e8737387e58f89d688fd7bc5114c18ea8d5.lnk	521c8349436418231553314db8585e8737387e58f89d688fd7bc5114c18ea8d5.exe

Loads dropped DLL 1 IoCs

pid	Process
716	521c8349436418231553314db8585e8737387e58f89d688fd7bc5114c18ea8d5.exe

Drops file in Windows directory 1 IoCs

description	ioc	Process
File created	C:\Windows\Tasks\Bidaily Synchronize Task.job	521c8349436418231553314db8585e8737387e58f89d688fd7bc5114c18ea8d5.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

System Information Discovery
T1082

C:\Users\Admin\AppData\Local\Temp\521c8349436418231553314db8585e8737387e58f89d688fd7bc5114c18ea8d5.exe
"C:\Users\Admin\AppData\Local\Temp\521c8349436418231553314db8585e8737387e58f89d688fd7bc5114c18ea8d5.exe"
1⤵
- Drops startup file
- Loads dropped DLL
- Drops file in Windows directory
PID:716

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

\ProgramData\{caed8dcf-7bf2-e5f6-caed-d8dcf7bf373d}\521c8349436418231553314db8585e8737387e58f89d688fd7bc5114c18ea8d5.exe

Filesize
297KB

MD5
e6147b0e9e48d6fa55a7c54168793a98

SHA1
80a9aacd5d561790ec86655bde6f119555c72e84

SHA256
521c8349436418231553314db8585e8737387e58f89d688fd7bc5114c18ea8d5

SHA512
7b052f9025da3536b4f10c12272e840b538068da64a771807bf6efba1fdb845c5b8831affb68cdbb24cb2da6de415e3cfdc5f9d4d823cc5f35bf56fa531fb5d4

Download Submit
memory/716-54-0x0000000074E61000-0x0000000074E63000-memory.dmp

Filesize
8KB

Download
memory/716-55-0x0000000000950000-0x000000000097F000-memory.dmp

Filesize
188KB

Download