Overview

overview

10

Static

static

1

3bf70c8247...57.exe

windows7-x64

10

3bf70c8247...57.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    186s
  • max time network
    194s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20221111-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20221111-enlocale:en-usos:windows10-2004-x64system
  • submitted
    28-11-2022 14:45

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    3bf70c8247290ae1962330eaabadcb09762378301b45709faf063c2151183157.exe

  • Size

    82KB

  • MD5

    ede518e477765a20a6e0aaaee3040c88

  • SHA1

    786f17d5708896423468ac149b1a693ccadd7009

  • SHA256

    3bf70c8247290ae1962330eaabadcb09762378301b45709faf063c2151183157

  • SHA512

    6e2b0f905a8c454899014d938485898664e00546449bee6194aa443176d7585b47db02aa658bccae06ea4ff8f97b84777158b0ff2edee984a22b42beb0705106

  • SSDEEP

    1536:VwJOoN1oYaoZ5iV685XJPCmXrX9W3a36LWYSwrlcu3XeoAgGTnMszVqZQ9lr:VwJ52Y7ZoH5XJambtWqqLWYhqoA9Tn7Z

Score
7/10

Malware Config

Signatures

  • Loads dropped DLL 2 IoCs
  • Suspicious use of SetThreadContext 1 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

  • Suspicious use of WriteProcessMemory 7 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\3bf70c8247290ae1962330eaabadcb09762378301b45709faf063c2151183157.exe
    "C:\Users\Admin\AppData\Local\Temp\3bf70c8247290ae1962330eaabadcb09762378301b45709faf063c2151183157.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious use of SetThreadContext
    • Suspicious use of WriteProcessMemory
    PID:1432
    • C:\Users\Admin\AppData\Local\Temp\3bf70c8247290ae1962330eaabadcb09762378301b45709faf063c2151183157.exe
      "C:\Users\Admin\AppData\Local\Temp\3bf70c8247290ae1962330eaabadcb09762378301b45709faf063c2151183157.exe"
      2⤵
        PID:4012

    Network

    MITRE ATT&CK Matrix ATT&CK v6

    Initial Access

    Execution

    Persistence

    Privilege Escalation

    Defense Evasion

    Credential Access

    Discovery

    System Information Discovery

    1
    T1082

    Lateral Movement

    Collection

    Exfiltration

    Command and Control

    Impact

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\Local\Temp\nsc1CB1.tmp\coon.dll
      Filesize

      66KB

      MD5

      d1fab492d5c805bdc293b108896b8967

      SHA1

      840ca14c9173c5ea7e42556cc6567fd76dfdec19

      SHA256

      76a4321aaa9816f4725bd69711bcba322cc1bae6a703d5f916cf2431a1696b0e

      SHA512

      2169a6105a013f76e8588a34a7a1536e0cfa22268dd0f63105ee8782b1b45a215e5c2c3d0847f70e368a864660c35bfd526247f64c3b9871e3fc608e139c5a66

      Download Submit
    • C:\Users\Admin\AppData\Local\Temp\nsc1CB1.tmp\coon.dll
      Filesize

      66KB

      MD5

      d1fab492d5c805bdc293b108896b8967

      SHA1

      840ca14c9173c5ea7e42556cc6567fd76dfdec19

      SHA256

      76a4321aaa9816f4725bd69711bcba322cc1bae6a703d5f916cf2431a1696b0e

      SHA512

      2169a6105a013f76e8588a34a7a1536e0cfa22268dd0f63105ee8782b1b45a215e5c2c3d0847f70e368a864660c35bfd526247f64c3b9871e3fc608e139c5a66

      Download Submit
    • memory/1432-134-0x0000000002270000-0x0000000002289000-memory.dmp
      Filesize

      100KB

      Download
    • memory/4012-135-0x0000000000000000-mapping.dmp
      Download
    • memory/4012-136-0x0000000000400000-0x0000000000405000-memory.dmp
      Filesize

      20KB

      Download