Overview

overview

10

Static

static

1

db102a6735...8d.exe

windows7-x64

8

db102a6735...8d.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    250s
  • max time network
    333s
  • platform
    windows7_x64
  • resource
    win7-20221111-en
  • resource tags

    arch:x64arch:x86image:win7-20221111-enlocale:en-usos:windows7-x64system
  • submitted
    30-11-2022 01:20

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    db102a67350060a1e967aef81118f18d.exe

  • Size

    311KB

  • MD5

    db102a67350060a1e967aef81118f18d

  • SHA1

    a3131a3df17a154e41c09973ca8a9aabac29929e

  • SHA256

    98420cf47e19574739cff3f1f74bd3c6c70e103d0b28040b64fd3c77588c7ee7

  • SHA512

    daad205a305f7774164f0ed2298501e8a4cade236b93f63db31e40713a66a379145a2e9ca861f8c337dcb5e3a29cbe50b1b77589941e1e1c7090c950766de7a3

  • SSDEEP

    6144:NBn0ph65gGns2YvYPUaC55QAU4wVdsTbUi:EpoGHiO554Nbwb3

Score
8/10

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 1 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\db102a67350060a1e967aef81118f18d.exe
    "C:\Users\Admin\AppData\Local\Temp\db102a67350060a1e967aef81118f18d.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious use of WriteProcessMemory
    PID:1340
    • C:\Users\Admin\AppData\Local\Temp\iscan.exe
      "C:\Users\Admin\AppData\Local\Temp\iscan.exe" C:\Users\Admin\AppData\Local\Temp\zxtnbfvzh.c
      2⤵
      • Executes dropped EXE
      PID:960

Network

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

1
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\iscan.exe
    Filesize

    122KB

    MD5

    2b4b3369e04dedd66517641db0f5a8ab

    SHA1

    a5e482597f6f2d68250a4eb28911683e50fac4de

    SHA256

    a4c4bf78e737ccadbabf71b57e5676a846d9adfc5442344eda8267325223b964

    SHA512

    67eb46ab147ad92db741b60f851a78b6bf88f2da93601542ee67d4faad448ceca73938207f5daeb0153d5d2c1c84a64949cd7856f404c0781c4e9633727354cc

    Download Submit
  • \Users\Admin\AppData\Local\Temp\iscan.exe
    Filesize

    122KB

    MD5

    2b4b3369e04dedd66517641db0f5a8ab

    SHA1

    a5e482597f6f2d68250a4eb28911683e50fac4de

    SHA256

    a4c4bf78e737ccadbabf71b57e5676a846d9adfc5442344eda8267325223b964

    SHA512

    67eb46ab147ad92db741b60f851a78b6bf88f2da93601542ee67d4faad448ceca73938207f5daeb0153d5d2c1c84a64949cd7856f404c0781c4e9633727354cc

    Download Submit
  • memory/960-56-0x0000000000000000-mapping.dmp
    Download
  • memory/1340-54-0x00000000753F1000-0x00000000753F3000-memory.dmp
    Filesize

    8KB

    Download