Overview

overview

3

Static

static

1

9efe3735bf...b2.exe

windows7-x64

3

9efe3735bf...b2.exe

windows10-2004-x64

3

Analysis

  • max time kernel
    206s
  • max time network
    215s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20221111-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20221111-enlocale:en-usos:windows10-2004-x64system
  • submitted
    29/11/2022, 09:15 UTC

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    9efe3735bf3d2d6f4d76f4474c2b17cb5fb199fdefb25a9e11ba2b1772cd7eb2.exe

  • Size

    564KB

  • MD5

    442236d6aa313bdd432f72e4cb82766d

  • SHA1

    0fe215ad1c6d389d569b785ec30930fa3b666ac9

  • SHA256

    9efe3735bf3d2d6f4d76f4474c2b17cb5fb199fdefb25a9e11ba2b1772cd7eb2

  • SHA512

    db2f433d7682e2d88642be6cfce35abf0572abb10b946537a33506773adb8acea8ca3e0fec7a170b4f039c447303514052ec8598ccf76f39002dab5342dce261

  • SSDEEP

    12288:/GQlIdQ8lIglrNYlPGAHQlmKgGRPcIxWcOAt://IdQ8KglrNYltim/GRJx8At

Score
3/10

Malware Config

Signatures

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

  • Suspicious use of FindShellTrayWindow 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\9efe3735bf3d2d6f4d76f4474c2b17cb5fb199fdefb25a9e11ba2b1772cd7eb2.exe
    "C:\Users\Admin\AppData\Local\Temp\9efe3735bf3d2d6f4d76f4474c2b17cb5fb199fdefb25a9e11ba2b1772cd7eb2.exe"
    1⤵
    • Suspicious use of FindShellTrayWindow
    PID:4252

Network

  • flag-unknown
    DNS
    97.97.242.52.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    97.97.242.52.in-addr.arpa
    IN PTR
    Response
  • flag-unknown
    DNS
    f.7.6.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.7.0.0.0.0.3.0.1.3.0.6.2.ip6.arpa
    Remote address:
    8.8.8.8:53
    Request
    f.7.6.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.7.0.0.0.0.3.0.1.3.0.6.2.ip6.arpa
    IN PTR
    Response
  • 20.189.173.11:443
    322 B
     7
  • 8.238.111.126:80
    322 B
     7
  • 104.80.225.205:443
    322 B
     7
  • 40.126.32.136:443
    260 B
     5
  • 40.126.32.136:443
    260 B
     5
  • 96.16.53.148:80
    322 B
     7
  • 96.16.53.148:80
    322 B
     7
  • 8.8.8.8:53
    97.97.242.52.in-addr.arpa
    dns
    71 B
     145 B
     1
    1

    DNS Request

    97.97.242.52.in-addr.arpa

  • 8.8.8.8:53
    f.7.6.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.7.0.0.0.0.3.0.1.3.0.6.2.ip6.arpa
    dns
    118 B
     204 B
     1
    1

    DNS Request

    f.7.6.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.7.0.0.0.0.3.0.1.3.0.6.2.ip6.arpa

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.