Overview

overview

8

Static

static

9c13942dad...0c.exe

windows7-x64

8

9c13942dad...0c.exe

windows10-2004-x64

8

Analysis

  • max time kernel
    180s
  • max time network
    219s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20220812-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
  • submitted
    29/11/2022, 16:07

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    9c13942daddc91dc034e6c3e32d497d88e56bf3b131eed4b834cee12e274450c.exe

  • Size

    179KB

  • MD5

    b66bf290ca1acc73fb0b07623672c58c

  • SHA1

    c8505c22fd0dd5b83f922504121dede2ae044602

  • SHA256

    9c13942daddc91dc034e6c3e32d497d88e56bf3b131eed4b834cee12e274450c

  • SHA512

    be0b3236a1ed3bd96a5061e2952eb332e4d97e745f0a538b2175cea93761859c04855c2abd2b53dbec773582937e65f12c6e3a5bc44ae3ce7b9078cd58490b43

  • SSDEEP

    3072:LBAp5XhKpN4eOyVTGfhEClj8jTk+0hioiT9MY9ev5:2bXE9OiTGfhEClq91d9eB

Score
8/10

Malware Config

Signatures

  • Blocklisted process makes network request 1 IoCs
  • Drops file in Drivers directory 3 IoCs
  • Checks computer location settings 2 TTPs 1 IoCs

    Looks up country code configured in the registry, likely geofence.

  • Drops file in Program Files directory 4 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

  • Modifies registry class 1 IoCs
  • Suspicious use of WriteProcessMemory 9 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\9c13942daddc91dc034e6c3e32d497d88e56bf3b131eed4b834cee12e274450c.exe
    "C:\Users\Admin\AppData\Local\Temp\9c13942daddc91dc034e6c3e32d497d88e56bf3b131eed4b834cee12e274450c.exe"
    1⤵
    • Checks computer location settings
    • Drops file in Program Files directory
    • Modifies registry class
    • Suspicious use of WriteProcessMemory
    PID:4320
    • C:\Windows\SysWOW64\cmd.exe
      C:\Windows\system32\cmd.exe /c ""C:\Program Files (x86)\Plastic goa\Auve\sellmeforalls.bat" "
      2⤵
      • Drops file in Drivers directory
      PID:2044
    • C:\Windows\SysWOW64\WScript.exe
      "C:\Windows\System32\WScript.exe" "C:\Program Files (x86)\Plastic goa\Auve\soapandpillows.vbs"
      2⤵
      • Blocklisted process makes network request
      PID:4268
    • C:\Windows\SysWOW64\WScript.exe
      "C:\Windows\System32\WScript.exe" "C:\Program Files (x86)\Plastic goa\Auve\trollingna_suse.vbs"
      2⤵
      • Drops file in Drivers directory
      PID:4456

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Program Files (x86)\Plastic goa\Auve\sellmeforalls.bat
    Filesize

    2KB

    MD5

    cf9154718db674139fd6e14ce20af445

    SHA1

    1c93beb33d6c8b2a29b79045d8c3e0cd3a45cc37

    SHA256

    367fa9c74ccfef37a92b7b8f8e24780cc07d2d6dbde41db6488cdbfc33014472

    SHA512

    187c209c249e02e50265ceaca571895cffc9b20829230784a83a992aeda8dadc0d7855e824365402cb14dd16f3a42d259588fdc26c9aba9ef76f590d864bfabf

    Download Submit

  • C:\Program Files (x86)\Plastic goa\Auve\soapandpillows.vbs
    Filesize

    351B

    MD5

    41812b1dd5f1e767c8bef244b175b2c3

    SHA1

    bb215ecd63d6c18666803a04e6ae5fecb51343c1

    SHA256

    d5812aa43b8fe92533cd71d4b47371f9f984e39d2493750052384409c8d0e97b

    SHA512

    247aece2a9dee90cf61e6ad301cd26e77991e8b90cbddf4ab33609fc01c2475d7d9046307f406f943481264ab38929183d52c13fb830209230fe5e2dad023e5c

    Download Submit

  • C:\Program Files (x86)\Plastic goa\Auve\toni.ha
    Filesize

    44B

    MD5

    42c13679ce973c60b3d2c527a530933b

    SHA1

    ed8cdcb4a58bd7c4cf05d1b7b0ee3a2492707a9c

    SHA256

    9259a89ee5489176ea9b9ec20a8a771e0e8c70f8e9ee2d3b5c80bb7f27ddddf4

    SHA512

    c95e8249bfca0a218a5bb5d036f72d232fee33f3bda89376138ce969390beae9f5a08348f00e6fb3ec7eae24a9d4406ef0c23fe246569bcc67d42f4149d22cc5

    Download Submit

  • C:\Program Files (x86)\Plastic goa\Auve\trollingna_suse.vbs
    Filesize

    622B

    MD5

    974a99a96408742f427e7b95d80ce8b1

    SHA1

    c69a1b4af2d49aee6c2dfff3c3b444d66ba7da42

    SHA256

    af22cac5f439d7ca1a3ad5a3a71fb3f7001f86ae6d7d4be77885d4b64ba983f5

    SHA512

    b29a5e5dd88ac2d06a1b5d6a1d81b508f4b70ae04d53172301949eb730342f8a80ffd15c39c6f22c07b72b9d1e46f7e0a11a209792f5fae9ccdb4ea8bf4b9fd1

    Download Submit

  • C:\Windows\System32\drivers\etc\hosts
    Filesize

    1KB

    MD5

    f9b1dbb110ac1aa5f1c5adef36ba72a3

    SHA1

    7a40a2e2fa4fea23bc62dcf3cb174213722718db

    SHA256

    3785479f8dced8ca5d640d4c202b830eb9332d0fa15afa59caeb444de8dbe157

    SHA512

    e289787c2e511b9d4fa3a9fc64739df864051ec8964ac352653b2aecd5e35df8e2b2af7631a7ede95aaf5596813380f1ce61cd1cdeffa9f53d840c6622d95b39

    Download Submit