Overview

overview

7

Static

static

0443a03632...74.exe

windows7-x64

3

0443a03632...74.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    6s
  • max time network
    32s
  • platform
    windows7_x64
  • resource
    win7-20221111-en
  • resource tags

    arch:x64arch:x86image:win7-20221111-enlocale:en-usos:windows7-x64system
  • submitted
    28/11/2022, 01:24

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    0443a03632997d289fe6f772017c8266e6fc73e9f667c4ee6d6389d2bd5a9a74.exe

  • Size

    589KB

  • MD5

    0012e12d17f2a9116395ee5bd66ac26d

  • SHA1

    e873b18aeac01a898e5438d8926c91f420036a0a

  • SHA256

    0443a03632997d289fe6f772017c8266e6fc73e9f667c4ee6d6389d2bd5a9a74

  • SHA512

    aa90f3df8ce8d617083e5a83c194664e8b6e61b597436c08223a5983409a0e998794e69fa1032ec480f3df180ffeee691541664b08f39097d0911601b100b8d1

  • SSDEEP

    12288:gzy6rRxEwbpnfkjuVtPuVcG6YO/uV1ObuVtFnvysf1Q1TkAQTuiH7:z6rTnbp8iVtGVcG9pV1OqVtFnSQT3b

Score
3/10

Malware Config

Signatures

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

  • Modifies Internet Explorer settings 1 TTPs 1 IoCs
    adwarespyware
  • Suspicious use of WriteProcessMemory 16 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\0443a03632997d289fe6f772017c8266e6fc73e9f667c4ee6d6389d2bd5a9a74.exe
    "C:\Users\Admin\AppData\Local\Temp\0443a03632997d289fe6f772017c8266e6fc73e9f667c4ee6d6389d2bd5a9a74.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:1748
    • C:\Windows\SysWOW64\mshta.exe
      "C:\Windows\System32\mshta.exe" "javascript:new ActiveXObject('WScript.Shell').Run('SOLA_2.0_10571531419233.bat',0);window.close()"
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of WriteProcessMemory
      PID:700
      • C:\Windows\SysWOW64\cmd.exe
        cmd /c ""C:\Users\Admin\AppData\Local\Temp\SOLA_2.0_10571531419233.bat" "
        3⤵
        • Suspicious use of WriteProcessMemory
        PID:580
        • C:\Windows\SysWOW64\cmd.exe
          C:\Windows\system32\cmd.exe /c date /t
          4⤵
            PID:1696
          • C:\Windows\SysWOW64\cmd.exe
            C:\Windows\system32\cmd.exe /c dir C:\Windows\explorer.exe
            4⤵
              PID:1020

      Network

      MITRE ATT&CK Enterprise v6

      Replay Monitor

      Loading Replay Monitor...

      Downloads

      • C:\Users\Admin\AppData\Local\Temp\SOLA_2.0_10571531419233.bat
        Filesize

        10KB

        MD5

        37965e063f11423a24314a76ff17f423

        SHA1

        227136f2bfb46fd43a48038526434b7cf678f843

        SHA256

        d27f1c5cd06bd860700b4ac4dac27b533c99ff26383c4a946e8f82b548b52a97

        SHA512

        8911444a170e8e8e9da10d9503d3def3f86bbe814532b863f2755d486d37abe945a1eb666ecc6227eb320f6d10f4a06fa355903760a3c0c1110007e9840c96a0

        Download Submit

      • memory/1748-54-0x0000000076381000-0x0000000076383000-memory.dmp

        Filesize

        8KB

        Download