Overview

overview

7

Static

static

2053cabfcd...c6.exe

windows7-x64

6

2053cabfcd...c6.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    142s
  • max time network
    190s
  • platform
    windows7_x64
  • resource
    win7-20221111-en
  • resource tags

    arch:x64arch:x86image:win7-20221111-enlocale:en-usos:windows7-x64system
  • submitted
    29/11/2022, 14:58

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    2053cabfcdc11ba74c6146c1fc85068abce2515da02783575bc3b6fc733b68c6.exe

  • Size

    420KB

  • MD5

    36b0b7117db939d90551f520d5d01b00

  • SHA1

    2319f0bb15e03852259776675628ec1287c3d369

  • SHA256

    2053cabfcdc11ba74c6146c1fc85068abce2515da02783575bc3b6fc733b68c6

  • SHA512

    4b4a2dfa872fcaeaea6137188b071a2c168b39903ef6905413161c7909b5043b89f6d0c1cc43c2ba249c16c638468bb22a1e5a11eb5b1d67efa548fd431590e4

  • SSDEEP

    6144:jrl4unt0McMHehgSqfWxfh0SM/r01uVs7f/aRvE9mSIE9Svz7geVz65JM7s1E8pG:xLwOeZqgvwa2x6HHVJ4

Score
6/10
persistence

Malware Config

Signatures

  • Adds Run key to start application 2 TTPs 2 IoCs
    persistence
  • Drops desktop.ini file(s) 2 IoCs
  • Drops autorun.inf file 1 TTPs 2 IoCs

    Malware can abuse Windows Autorun to spread further via attached volumes.

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

  • Modifies system certificate store 2 TTPs 3 IoCs
    evasionspywaretrojan
  • Suspicious use of SetWindowsHookEx 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\2053cabfcdc11ba74c6146c1fc85068abce2515da02783575bc3b6fc733b68c6.exe
    "C:\Users\Admin\AppData\Local\Temp\2053cabfcdc11ba74c6146c1fc85068abce2515da02783575bc3b6fc733b68c6.exe"
    1⤵
    • Adds Run key to start application
    • Drops desktop.ini file(s)
    • Drops autorun.inf file
    • Modifies system certificate store
    • Suspicious use of SetWindowsHookEx
    PID:1772

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/1772-56-0x0000000000400000-0x000000000046A000-memory.dmp

    Filesize

    424KB

    Download

  • memory/1772-57-0x00000000757E1000-0x00000000757E3000-memory.dmp

    Filesize

    8KB

    Download

  • memory/1772-58-0x0000000003720000-0x0000000003730000-memory.dmp

    Filesize

    64KB

    Download

  • memory/1772-59-0x0000000000400000-0x000000000046A000-memory.dmp

    Filesize

    424KB

    Download