b0b57744586eaf094b196cb09755de78f0866f3dd6b14458e044263c6000e723

Analysis

max time kernel
43s
max time network
50s
platform
windows7_x64
resource
win7-20220901-en
resource tags

arch:x64arch:x86image:win7-20220901-enlocale:en-usos:windows7-x64system
submitted
27/11/2022, 18:46

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

b0b57744586eaf094b196cb09755de78f0866f3dd6b14458e044263c6000e723.exe
Size

352KB
MD5

32c2e7eb5cb3af881ad1fa58af214f90
SHA1

e2855ef0bc6e05ce4640434db9dde1daf6bf6b6c
SHA256

b0b57744586eaf094b196cb09755de78f0866f3dd6b14458e044263c6000e723
SHA512

5d6e0bbc9c7aed1dd4cc1f4da0fe4841d0f32f0a21139c1fd020f01ae8e4744181af02d1f9053cc8a0832308b18fdf867d45ecfa894d969790fb7a4ae8e79ed5
SSDEEP

6144:6B9mda39gw7O7LnVI2JgHDiDbno5QvE/2RD8QODM8TBFGaCgr5U7:6BpO7LnVI2Jg+HoP5U7

Score

7^/10

Malware Config

Signatures

Drops startup file 1 IoCs

description	ioc	Process
File created	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\b0b57744586eaf094b196cb09755de78f0866f3dd6b14458e044263c6000e723.lnk	b0b57744586eaf094b196cb09755de78f0866f3dd6b14458e044263c6000e723.exe

Loads dropped DLL 1 IoCs

pid	Process
1696	b0b57744586eaf094b196cb09755de78f0866f3dd6b14458e044263c6000e723.exe

Drops file in Windows directory 1 IoCs

description	ioc	Process
File created	C:\Windows\Tasks\Bidaily Synchronize Task.job	b0b57744586eaf094b196cb09755de78f0866f3dd6b14458e044263c6000e723.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

System Information Discovery
T1082

C:\Users\Admin\AppData\Local\Temp\b0b57744586eaf094b196cb09755de78f0866f3dd6b14458e044263c6000e723.exe
"C:\Users\Admin\AppData\Local\Temp\b0b57744586eaf094b196cb09755de78f0866f3dd6b14458e044263c6000e723.exe"
1⤵
- Drops startup file
- Loads dropped DLL
- Drops file in Windows directory
PID:1696

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

\ProgramData\{22c5504d-b5fb-9276-22c5-5504db5f4136}\b0b57744586eaf094b196cb09755de78f0866f3dd6b14458e044263c6000e723.exe

Filesize
352KB

MD5
32c2e7eb5cb3af881ad1fa58af214f90

SHA1
e2855ef0bc6e05ce4640434db9dde1daf6bf6b6c

SHA256
b0b57744586eaf094b196cb09755de78f0866f3dd6b14458e044263c6000e723

SHA512
5d6e0bbc9c7aed1dd4cc1f4da0fe4841d0f32f0a21139c1fd020f01ae8e4744181af02d1f9053cc8a0832308b18fdf867d45ecfa894d969790fb7a4ae8e79ed5

Download Submit
memory/1696-54-0x0000000074E41000-0x0000000074E43000-memory.dmp

Filesize
8KB

Download
memory/1696-55-0x0000000000670000-0x000000000069F000-memory.dmp

Filesize
188KB

Download