Analysis
-
max time kernel
43s -
max time network
48s -
platform
windows7_x64 -
resource
win7-20220901-en -
resource tags
arch:x64arch:x86image:win7-20220901-enlocale:en-usos:windows7-x64system -
submitted
30-11-2022 00:14
Static task
static1
Behavioral task
behavioral1
Sample
30571d64c9a9ed267159fa941a20840c.exe
Resource
win7-20220901-en
General
-
Target
30571d64c9a9ed267159fa941a20840c.exe
-
Size
272KB
-
MD5
30571d64c9a9ed267159fa941a20840c
-
SHA1
bfb81d8a7c94781b3bd939bd17d500ae61b2ff70
-
SHA256
85d6c9eac93fb8818d37dc15110ebd060b3e9df48043ee6bcf349df6aed047c5
-
SHA512
5c8b708f3540b9347c36722934c8fc56098a94f8362688a8fa712da99e1b8c2564698eb0bed52e226cdfc40cf8b762e1860f6ea9928260e3f0f35bba9cfda82f
-
SSDEEP
6144:QBn10/UR088uiPuDtJWn42Isu/20+kfAZLrYdwMPTnDMiQH7oPo9:gWLuiPh4rZOH5ZL/MLn4REo9
Malware Config
Signatures
-
Executes dropped EXE 1 IoCs
Processes:
hvbvmxm.exepid process 2044 hvbvmxm.exe -
Loads dropped DLL 1 IoCs
Processes:
30571d64c9a9ed267159fa941a20840c.exepid process 2016 30571d64c9a9ed267159fa941a20840c.exe -
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.
-
Suspicious use of WriteProcessMemory 4 IoCs
Processes:
30571d64c9a9ed267159fa941a20840c.exedescription pid process target process PID 2016 wrote to memory of 2044 2016 30571d64c9a9ed267159fa941a20840c.exe hvbvmxm.exe PID 2016 wrote to memory of 2044 2016 30571d64c9a9ed267159fa941a20840c.exe hvbvmxm.exe PID 2016 wrote to memory of 2044 2016 30571d64c9a9ed267159fa941a20840c.exe hvbvmxm.exe PID 2016 wrote to memory of 2044 2016 30571d64c9a9ed267159fa941a20840c.exe hvbvmxm.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\30571d64c9a9ed267159fa941a20840c.exe"C:\Users\Admin\AppData\Local\Temp\30571d64c9a9ed267159fa941a20840c.exe"1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:2016 -
C:\Users\Admin\AppData\Local\Temp\hvbvmxm.exe"C:\Users\Admin\AppData\Local\Temp\hvbvmxm.exe" C:\Users\Admin\AppData\Local\Temp\ijamguwvje.h2⤵
- Executes dropped EXE
PID:2044
Network
MITRE ATT&CK Enterprise v6
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\AppData\Local\Temp\hvbvmxm.exeFilesize
123KB
MD51eebbbd92b2c0c60f896ff8dcbcedcaa
SHA11291cc58a5664b1acd50d9fd8e0580c519190477
SHA25601b2d4443c383f07ccf3ea521ae9502527eeedf352b92b90a382121b03992ec3
SHA51267efa564f026094bec0a44aaf01fc8072412e6cdeff019631689254a996c8b06cd0ccccee64b3d70b847e9aca7c3dbcde327d0a822988cc5295847990a8d9215
-
\Users\Admin\AppData\Local\Temp\hvbvmxm.exeFilesize
123KB
MD51eebbbd92b2c0c60f896ff8dcbcedcaa
SHA11291cc58a5664b1acd50d9fd8e0580c519190477
SHA25601b2d4443c383f07ccf3ea521ae9502527eeedf352b92b90a382121b03992ec3
SHA51267efa564f026094bec0a44aaf01fc8072412e6cdeff019631689254a996c8b06cd0ccccee64b3d70b847e9aca7c3dbcde327d0a822988cc5295847990a8d9215
-
memory/2016-54-0x0000000075A71000-0x0000000075A73000-memory.dmpFilesize
8KB
-
memory/2044-56-0x0000000000000000-mapping.dmp