Overview

overview

7

Static

static

86953fef3c...dc.exe

windows7-x64

7

86953fef3c...dc.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    211s
  • max time network
    232s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20221111-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20221111-enlocale:en-usos:windows10-2004-x64system
  • submitted
    29/11/2022, 12:29

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    86953fef3c593f38874c0071863f9d08d9b1199e733ee334bf4946d00fc75fdc.exe

  • Size

    76KB

  • MD5

    c02e2f72f75125722eedfbec15e91ef4

  • SHA1

    020860ee4de7d18a438688c50f81ef16abf9fdce

  • SHA256

    86953fef3c593f38874c0071863f9d08d9b1199e733ee334bf4946d00fc75fdc

  • SHA512

    8b43433fc708fd853c8cd4026daa2f5c488df192221cd7d10b3126f5055c58389724aa5574c964f7f2e7ca2daaf1521ff486a69e65ebd0094370d6ada1724eab

  • SSDEEP

    1536:jnd47nXPeFCi0Jn+mIeTs3xEXf6/Dj6r/q97vKux7N+bpAn1gAL:zdk9Q8sSv6D2rCvXx5+beL

Score
7/10

Malware Config

Signatures

  • Checks computer location settings 2 TTPs 1 IoCs

    Looks up country code configured in the registry, likely geofence.

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\86953fef3c593f38874c0071863f9d08d9b1199e733ee334bf4946d00fc75fdc.exe
    "C:\Users\Admin\AppData\Local\Temp\86953fef3c593f38874c0071863f9d08d9b1199e733ee334bf4946d00fc75fdc.exe"
    1⤵
    • Checks computer location settings
    • Suspicious use of WriteProcessMemory
    PID:1756
    • C:\Windows\SysWOW64\cmd.exe
      "C:\Windows\system32\cmd.exe" /q /c "C:\Users\Admin\AppData\Local\Temp\Zkz..bat" > nul 2> nul
      2⤵
        PID:2364

    Network

          MITRE ATT&CK Enterprise v6

          Replay Monitor

          Loading Replay Monitor...

          Downloads

          • C:\Users\Admin\AppData\Local\Temp\Zkz..bat
            Filesize

            274B

            MD5

            4a342f4a484d31b0139a8b07d758300e

            SHA1

            2e4a00dafb01c0302b7c8ec05670abf1821c4123

            SHA256

            c0704f4313a929eff5ddec74c653f6a6636ddfd0fe79d80bc7dd6b3f771200ed

            SHA512

            72378f6340207ba7f54087edbae0cec33cccaac3e7e551c56471bb5bf3bdfc2efeaa43575c3f0502c61eb61f0d8f40ca6cd88625b3aa47440f5267b82f7e4af4

            Download Submit

          • memory/1756-132-0x0000000000400000-0x0000000000418000-memory.dmp

            Filesize

            96KB

            Download

          • memory/1756-133-0x0000000000400000-0x0000000000418000-memory.dmp

            Filesize

            96KB

            Download

          • memory/1756-135-0x0000000000400000-0x0000000000418000-memory.dmp

            Filesize

            96KB

            Download