Overview

overview

8

Static

static

a3d01c9eda...50.exe

windows7-x64

8

a3d01c9eda...50.exe

windows10-2004-x64

4

Analysis

  • max time kernel
    82s
  • max time network
    69s
  • platform
    windows7_x64
  • resource
    win7-20220812-en
  • resource tags

    arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
  • submitted
    29/11/2022, 16:08

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    a3d01c9edadb15296d0311fc037807a8aff1f83620e3bdf3411a73a1b6e7b150.exe

  • Size

    180KB

  • MD5

    cd6a000e663489f6a977e57fc50d8c28

  • SHA1

    7240b6348a00e1f45757d3b36475634a03d69e95

  • SHA256

    a3d01c9edadb15296d0311fc037807a8aff1f83620e3bdf3411a73a1b6e7b150

  • SHA512

    08342125d441bbff4c4fe65aed51a69de8eaceb90e67225a6818f3fbda060d5259221c16f4ec553637f14e280783b65831c5dcba3d9637b3018222ed49849bc7

  • SSDEEP

    3072:YBAp5XhKpN4eOyVTGfhEClj8jTk+0hW3iRyC/xu6zS91Oja1:PbXE9OiTGfhEClq9P3K/Q6zPja1

Score
8/10

Malware Config

Signatures

  • Blocklisted process makes network request 2 IoCs
  • Drops file in Drivers directory 3 IoCs
  • Drops file in Program Files directory 4 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

  • Suspicious use of WriteProcessMemory 12 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\a3d01c9edadb15296d0311fc037807a8aff1f83620e3bdf3411a73a1b6e7b150.exe
    "C:\Users\Admin\AppData\Local\Temp\a3d01c9edadb15296d0311fc037807a8aff1f83620e3bdf3411a73a1b6e7b150.exe"
    1⤵
    • Drops file in Program Files directory
    • Suspicious use of WriteProcessMemory
    PID:1132
    • C:\Windows\SysWOW64\cmd.exe
      cmd /c ""C:\Program Files (x86)\v storonu\E230\10\EcuadoryGalapagos.bat" "
      2⤵
      • Drops file in Drivers directory
      PID:1900
    • C:\Windows\SysWOW64\WScript.exe
      "C:\Windows\System32\WScript.exe" "C:\Program Files (x86)\v storonu\E230\ultar\Latesttraveladvicefor.vbs"
      2⤵
      • Drops file in Drivers directory
      PID:1644
    • C:\Windows\SysWOW64\WScript.exe
      "C:\Windows\System32\WScript.exe" "C:\Program Files (x86)\v storonu\E230\ultar\Simplyenteryouremailaddress.vbs"
      2⤵
      • Blocklisted process makes network request
      PID:1592

Network

        MITRE ATT&CK Enterprise v6

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Program Files (x86)\v storonu\E230\10\EcuadoryGalapagos.bat
          Filesize

          1KB

          MD5

          b45596645f8a658db976251e9ce5d7c7

          SHA1

          bd0c84d84a76cc9e2358207ea03d3ab5a5dff035

          SHA256

          702be40ef48db1290115c5dd05df6c9c94390a30c98cb5220ff7bf4990f733e8

          SHA512

          32f48a74006833cdec21f9c052e087d6a2d9871a300254e89d099fd37ea020cfa4a76c7012c5beaa42a084a57759f2d16866bd24f5ccbe1e8a91199ce5097aa9

          Download Submit

        • C:\Program Files (x86)\v storonu\E230\ultar\Latesttraveladvicefor.vbs
          Filesize

          809B

          MD5

          a70692ab2116330248298ab46d71658e

          SHA1

          a9894c3ae7849d53db122fddcb22d2f954015a77

          SHA256

          bffc14839a75eab23e75d0dd831b4f0b8433fdbfb81ac6489288ac004ce5c025

          SHA512

          c7839f4a5aff4c7b3ca67df7f6e168a34d39623070ab3e46d9ccf33462b1efd8b007ef185d4d863894ec63492595f4b1eb28d29c0930deb3ca50235d576b4f1a

          Download Submit

        • C:\Program Files (x86)\v storonu\E230\ultar\Simplyenteryouremailaddress.vbs
          Filesize

          558B

          MD5

          d839f13ade51408ab182246646f7223a

          SHA1

          2246609ea30998516fff536e0d71145421f745ce

          SHA256

          2df0ed636eb52f9f65073cda0e155364349792a4be8259ec145e3b3600546086

          SHA512

          54d757fb46b473d12d651087b6aefb6012f1bbde7a52cb8cb13e37f9168ac497154c59d79249fdde079dcfafaeca38fb6c04602a123382aa46fdc560812dae5b

          Download Submit

        • C:\Program Files (x86)\v storonu\E230\ultar\moskaraskakokokoko.hiq
          Filesize

          58B

          MD5

          d823f748ed12d50c515876d46a705ae9

          SHA1

          f0115bb382f99b6897474bcdf4dd70db049f7889

          SHA256

          cdf198797a0863beeb6da7bf8e970881aae84676beaaf87a397d4d8ae6bfef3d

          SHA512

          68181dde08d1dcdb3d4f1220d04a75c68b06c73fb71c130bf08776e56fe6080c4e14bea533592edbe2c5af8166f9ef756ff217cc83cb93158e73e093c9ce5c68

          Download Submit

        • C:\Windows\System32\drivers\etc\hosts
          Filesize

          1KB

          MD5

          61613a3238bf1eb1b636aec368429b88

          SHA1

          1cc7919e2e64245424c896d8d766106dd2adf52c

          SHA256

          d103f25e2cbf2b0a9534536ad228c3c4ae46844c516ed9ecf4149d7b50bcebdd

          SHA512

          cb50ebf01a92cd6a4540f5f1242b74b20b9220844189533cdf55bf33a755981000d0e3bb9d904ef657ca24c25a84b23dd7653193ccfbc0e833cf2f8565c5ff0f

          Download Submit

        • memory/1132-54-0x0000000075561000-0x0000000075563000-memory.dmp

          Filesize

          8KB

          Download