Analysis
-
max time kernel
41s -
max time network
46s -
platform
windows7_x64 -
resource
win7-20220812-en -
resource tags
arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system -
submitted
30-11-2022 00:09
Static task
static1
Behavioral task
behavioral1
Sample
f5bea76ffac05afbe19274595801184e.exe
Resource
win7-20220812-en
General
-
Target
f5bea76ffac05afbe19274595801184e.exe
-
Size
278KB
-
MD5
f5bea76ffac05afbe19274595801184e
-
SHA1
93ef457bfcbc5f0860b1b7f6353ed6e9b0afd60e
-
SHA256
40dcfb704112265b383679baa3064cd7355bd02119b117f396e1b0283342362c
-
SHA512
3e1537258907bc3707c5cd0a54b4b5d35516e1ccb2443dfcfb493ecd931a734acf85bf2fb9aede36893b7dd12ee71baac7df48506117aee972bdab68e6a08ab3
-
SSDEEP
6144:QBn1RomeugRHbNAtHRgt/GVl9tSvOBFRQecwcwHa:gavFRy5Ot/OceFRbfHa
Malware Config
Signatures
-
Executes dropped EXE 1 IoCs
Processes:
febcldoukq.exepid process 804 febcldoukq.exe -
Loads dropped DLL 1 IoCs
Processes:
f5bea76ffac05afbe19274595801184e.exepid process 1280 f5bea76ffac05afbe19274595801184e.exe -
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.
-
Suspicious use of WriteProcessMemory 4 IoCs
Processes:
f5bea76ffac05afbe19274595801184e.exedescription pid process target process PID 1280 wrote to memory of 804 1280 f5bea76ffac05afbe19274595801184e.exe febcldoukq.exe PID 1280 wrote to memory of 804 1280 f5bea76ffac05afbe19274595801184e.exe febcldoukq.exe PID 1280 wrote to memory of 804 1280 f5bea76ffac05afbe19274595801184e.exe febcldoukq.exe PID 1280 wrote to memory of 804 1280 f5bea76ffac05afbe19274595801184e.exe febcldoukq.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\f5bea76ffac05afbe19274595801184e.exe"C:\Users\Admin\AppData\Local\Temp\f5bea76ffac05afbe19274595801184e.exe"1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:1280 -
C:\Users\Admin\AppData\Local\Temp\febcldoukq.exe"C:\Users\Admin\AppData\Local\Temp\febcldoukq.exe" C:\Users\Admin\AppData\Local\Temp\uebzn.cef2⤵
- Executes dropped EXE
PID:804
Network
MITRE ATT&CK Enterprise v6
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\AppData\Local\Temp\febcldoukq.exeFilesize
144KB
MD596e050f99502fe7c52fd9b0f10202578
SHA19ace01d602e21ff8bf364a3bb2f46bc7fd285a7b
SHA256c7207f58e7a5bad6efc38c7ddfddbc3b32c28f6bba01d4251a44f6bbdabe4bc3
SHA512e09edf0c05667fd2b684ad48f6938a0fb41c9b346197d5065fe828093789140b1a1f79279d8504428c9ba0b8049fad9d7242015c43b746c854688aa883898e1e
-
\Users\Admin\AppData\Local\Temp\febcldoukq.exeFilesize
144KB
MD596e050f99502fe7c52fd9b0f10202578
SHA19ace01d602e21ff8bf364a3bb2f46bc7fd285a7b
SHA256c7207f58e7a5bad6efc38c7ddfddbc3b32c28f6bba01d4251a44f6bbdabe4bc3
SHA512e09edf0c05667fd2b684ad48f6938a0fb41c9b346197d5065fe828093789140b1a1f79279d8504428c9ba0b8049fad9d7242015c43b746c854688aa883898e1e
-
memory/804-56-0x0000000000000000-mapping.dmp
-
memory/1280-54-0x0000000075811000-0x0000000075813000-memory.dmpFilesize
8KB