Overview

overview

8

Static

static

8

706ec9c1d7...88.exe

windows7-x64

8

706ec9c1d7...88.exe

windows10-2004-x64

8

Analysis

  • max time kernel
    166s
  • max time network
    208s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20221111-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20221111-enlocale:en-usos:windows10-2004-x64system
  • submitted
    28/11/2022, 06:09

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    706ec9c1d75398d194dbfe89da1ea3d8e938e2b56e8a3b931cd1205d78cac988.exe

  • Size

    12KB

  • MD5

    31651b54b4be240f39f591f6313331bc

  • SHA1

    a09a7fbaec6e49fe7bee2ee745429326e0d129b8

  • SHA256

    706ec9c1d75398d194dbfe89da1ea3d8e938e2b56e8a3b931cd1205d78cac988

  • SHA512

    7afe913a324f24fe8cbc468bcf1e8c5eb55cc60f9e924fd3cbbeee5019a5a84e674486d3162b41eb266d7362e9144668ca70a563c25541740146e4e7d98428b2

  • SSDEEP

    192:8FIftX1vh6Pfa5laIu3xglkrPme8/E35jcMVK/lB+bsVlSIS6c8PFH6hI:/7Ufa5cIu8SmerLVK/ObPG6hI

Score
8/10
upx

Malware Config

Signatures

  • UPX packed file 2 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Checks computer location settings 2 TTPs 1 IoCs

    Looks up country code configured in the registry, likely geofence.

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

  • Modifies registry class 3 IoCs
  • Suspicious behavior: EnumeratesProcesses 2 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\706ec9c1d75398d194dbfe89da1ea3d8e938e2b56e8a3b931cd1205d78cac988.exe
    "C:\Users\Admin\AppData\Local\Temp\706ec9c1d75398d194dbfe89da1ea3d8e938e2b56e8a3b931cd1205d78cac988.exe"
    1⤵
    • Checks computer location settings
    • Modifies registry class
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of WriteProcessMemory
    PID:688
    • C:\Windows\SysWOW64\cmd.exe
      C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\wewt0.bat" "
      2⤵
        PID:3308

    Network

    MITRE ATT&CK Enterprise v6

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\Local\Temp\wewt0.bat
      Filesize

      338B

      MD5

      287ebc26bc9f18c3d7652669050a6de9

      SHA1

      628272bb6c661909c44d74c606b80664cf8946f9

      SHA256

      c3641a441ae635cd7f4b96aa42f3fc83db0186c3e395672fcc7116cb8365dce7

      SHA512

      6ddf7a82a876f440ca65be5d72e6039c48f17bef58e73e7226de8039cf218c046e457f05abb8b961d44593952cc3336b3865a943b5ebfc9d5d1702ee91d53e33

      Download Submit

    • memory/688-132-0x0000000000400000-0x000000000040E000-memory.dmp

      Filesize

      56KB

      Download

    • memory/688-134-0x0000000000400000-0x000000000040E000-memory.dmp

      Filesize

      56KB

      Download