Overview

overview

8

Static

static

b75a3ba1ff...68.exe

windows7-x64

8

b75a3ba1ff...68.exe

windows10-2004-x64

8

Analysis

  • max time kernel
    155s
  • max time network
    196s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20221111-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20221111-enlocale:en-usos:windows10-2004-x64system
  • submitted
    27-11-2022 19:13

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    b75a3ba1ffdae84d625971b2dfc267f379a1107ebe346254e914510f6aeafc68.exe

  • Size

    685KB

  • MD5

    53558d26234d5ec0db4c18fb33b56fd6

  • SHA1

    b4116048d4f8a36376d07312c664b1098ea02774

  • SHA256

    b75a3ba1ffdae84d625971b2dfc267f379a1107ebe346254e914510f6aeafc68

  • SHA512

    0e01ed94b4f88a0267c6c603f5f0d736b34d654c7384a17d9783d4f9139e0661909ab27b25bd6e8bb01d553e54e44c9961a5d39257489d2ea7052d6be47a194c

  • SSDEEP

    12288:ySnvpg3jf39d4+MkbGKGd4Zfuh2CN+sid3Bfz1aHggnE2yPLol:ySnvmTf3j4+MkbDGmnCN+td391aHggnP

Score
8/10
upx

Malware Config

Signatures

  • UPX packed file 10 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

  • Suspicious behavior: EnumeratesProcesses 4 IoCs
  • Suspicious use of AdjustPrivilegeToken 2 IoCs
  • Suspicious use of SetWindowsHookEx 2 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\b75a3ba1ffdae84d625971b2dfc267f379a1107ebe346254e914510f6aeafc68.exe
    "C:\Users\Admin\AppData\Local\Temp\b75a3ba1ffdae84d625971b2dfc267f379a1107ebe346254e914510f6aeafc68.exe"
    1⤵
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:4576
    • C:\Users\Admin\AppData\Local\Temp\b75a3ba1ffdae84d625971b2dfc267f379a1107ebe346254e914510f6aeafc68.exe
      "C:\Users\Admin\AppData\Local\Temp\b75a3ba1ffdae84d625971b2dfc267f379a1107ebe346254e914510f6aeafc68.exe" /_ShowProgress
      2⤵
        PID:3488

    Network

    MITRE ATT&CK Enterprise v6

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • memory/3488-145-0x00000000021F0000-0x0000000002335000-memory.dmp

      Filesize

      1.3MB

      Download

    • memory/3488-144-0x00000000021F0000-0x0000000002335000-memory.dmp

      Filesize

      1.3MB

      Download

    • memory/3488-149-0x00000000021F0000-0x0000000002335000-memory.dmp

      Filesize

      1.3MB

      Download

    • memory/3488-147-0x00000000021F0000-0x0000000002335000-memory.dmp

      Filesize

      1.3MB

      Download

    • memory/3488-141-0x00000000021F0000-0x0000000002335000-memory.dmp

      Filesize

      1.3MB

      Download

    • memory/3488-146-0x0000000000400000-0x0000000000414000-memory.dmp

      Filesize

      80KB

      Download

    • memory/3488-140-0x0000000000000000-mapping.dmp

      Download

    • memory/4576-133-0x00000000021A0000-0x000000000224C000-memory.dmp

      Filesize

      688KB

      Download

    • memory/4576-139-0x0000000002370000-0x00000000024B5000-memory.dmp

      Filesize

      1.3MB

      Download

    • memory/4576-132-0x0000000000400000-0x0000000000414000-memory.dmp

      Filesize

      80KB

      Download

    • memory/4576-138-0x0000000002370000-0x00000000024B5000-memory.dmp

      Filesize

      1.3MB

      Download

    • memory/4576-137-0x0000000002370000-0x00000000024B5000-memory.dmp

      Filesize

      1.3MB

      Download

    • memory/4576-148-0x0000000002370000-0x00000000024B5000-memory.dmp

      Filesize

      1.3MB

      Download

    • memory/4576-134-0x0000000002370000-0x00000000024B5000-memory.dmp

      Filesize

      1.3MB

      Download