Overview

overview

8

Static

static

4ba795a56c...1f.exe

windows7-x64

8

4ba795a56c...1f.exe

windows10-2004-x64

8

Analysis

  • max time kernel
    107s
  • max time network
    98s
  • platform
    windows7_x64
  • resource
    win7-20221111-en
  • resource tags

    arch:x64arch:x86image:win7-20221111-enlocale:en-usos:windows7-x64system
  • submitted
    29/11/2022, 17:31

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    4ba795a56c90d9473d7bae78be7f0ad274face2fcffec28e76200961c8c06f1f.exe

  • Size

    140KB

  • MD5

    a6fe1d2d5c4d42da096f889373839334

  • SHA1

    0bbe49943f152b525156208cd0dad663efea46e9

  • SHA256

    4ba795a56c90d9473d7bae78be7f0ad274face2fcffec28e76200961c8c06f1f

  • SHA512

    c16509616b1efe1c5c88d212da9efa7fd68432025cf6a4ab23e94bf84b7dfc743123015577378635be3bb87c4eecfe0a885df76c35022fe2a7544a16521321cf

  • SSDEEP

    3072:HBAp5XhKpN4eOyVTGfhEClj8jTk+0hYJVjvok:KbXE9OiTGfhEClq9bJVz

Score
8/10

Malware Config

Signatures

  • Blocklisted process makes network request 2 IoCs
  • Drops file in Drivers directory 1 IoCs
  • Drops file in Program Files directory 3 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

  • Suspicious use of WriteProcessMemory 8 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\4ba795a56c90d9473d7bae78be7f0ad274face2fcffec28e76200961c8c06f1f.exe
    "C:\Users\Admin\AppData\Local\Temp\4ba795a56c90d9473d7bae78be7f0ad274face2fcffec28e76200961c8c06f1f.exe"
    1⤵
    • Drops file in Program Files directory
    • Suspicious use of WriteProcessMemory
    PID:2032
    • C:\Windows\SysWOW64\cmd.exe
      cmd /c ""C:\Program Files (x86)\dns2\dns\stidno.bat" "
      2⤵
      • Drops file in Drivers directory
      PID:760
    • C:\Windows\SysWOW64\WScript.exe
      "C:\Windows\System32\WScript.exe" "C:\Program Files (x86)\dns2\dns\obidno.vbs"
      2⤵
      • Blocklisted process makes network request
      PID:1484

Network

        MITRE ATT&CK Enterprise v6

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Program Files (x86)\dns2\dns\data.txt
          Filesize

          3B

          MD5

          069059b7ef840f0c74a814ec9237b6ec

          SHA1

          114d4eefde1dae3983e7a79f04c72feb9a3a7efd

          SHA256

          65a699905c02619370bcf9207f5a477c3d67130ca71ec6f750e07fe8d510b084

          SHA512

          8f38ba1b52fdbe35907eeb02f4cdd923dc608cbb560f1415cbac5858345e8aeaa3f43756602e2ec5f5e7637d65a627ccffa8cd636237110a9e8e207ad70d6bb5

          Download Submit

        • C:\Program Files (x86)\dns2\dns\obidno.vbs
          Filesize

          965B

          MD5

          4aaa49a0d0f388ef9458d5647d93e5bc

          SHA1

          60d01fc724a749f11e9adbf8324215cb1b15976b

          SHA256

          54b38f0740dc184d583161a98068d766b28356a551c3a9f8d9f8f5c9af03d7c3

          SHA512

          8585ce097f0af2e5f52916a03aba7858300a7735bced2b8ef047d3351602218d2e97def3f56a78e9ec3221cdb4420a906026ddfed7c50982959b4c6c62a2fb66

          Download Submit

        • C:\Program Files (x86)\dns2\dns\stidno.bat
          Filesize

          3KB

          MD5

          f9a55197332f781ea279ad522617f921

          SHA1

          c98e9cdad3e2baa7ae123e4d4493534a249bfc89

          SHA256

          e3d875953cd028393e3a4f621c00dc81cb9c992f7ba3fb7ac411499d6d2e8e45

          SHA512

          b36ae819e11070458095a78d8b8dbb9c47f8aa0a38b7d1781a03be39ba552ab8e3b7fa9bf632274020b51a3483e1ec0bf4be866b63e57d6e6a91d8e6bdfc1812

          Download Submit

        • memory/2032-54-0x0000000075291000-0x0000000075293000-memory.dmp

          Filesize

          8KB

          Download