Overview

overview

10

Static

static

fcd6f1cc2f...7f.exe

windows7-x64

3

fcd6f1cc2f...7f.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    251s
  • max time network
    333s
  • platform
    windows7_x64
  • resource
    win7-20221111-en
  • resource tags

    arch:x64arch:x86image:win7-20221111-enlocale:en-usos:windows7-x64system
  • submitted
    01-12-2022 22:28

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    fcd6f1cc2f300673b3940b9623f4267f.exe

  • Size

    643KB

  • MD5

    fcd6f1cc2f300673b3940b9623f4267f

  • SHA1

    d8f8e1b07996ba6d8d3f482c2ab710853ee91f8b

  • SHA256

    987834ddf97f12dbb06e1f6820fd3436f0226dffa78ac6fcec8b31cc52fdb26b

  • SHA512

    d31c8238e17de73f352e6a7bb62449e7de951b6d5a9e3cc7ebb47403c1b22ffa8e504a979f915fa28f25d3bdf6be7471f72d19d57567a86ff79892a77c094c50

  • SSDEEP

    12288:dec3pbKbflZUMvkEN2KMK+SknwYDZD5BUUEwcfJZSpH+:d1ZbKbUM7MKJYVEEbp

Score
3/10

Malware Config

Signatures

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

  • Creates scheduled task(s) 1 TTPs 1 IoCs

    Schtasks is often used by malware for persistence or to perform post-infection execution.

    persistence
  • Suspicious use of WriteProcessMemory 8 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\fcd6f1cc2f300673b3940b9623f4267f.exe
    "C:\Users\Admin\AppData\Local\Temp\fcd6f1cc2f300673b3940b9623f4267f.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:656
    • C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
      "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\Admin\AppData\Roaming\NdTjnguQflTNNq.exe"
      2⤵
        PID:1976
      • C:\Windows\SysWOW64\schtasks.exe
        "C:\Windows\System32\schtasks.exe" /Create /TN "Updates\NdTjnguQflTNNq" /XML "C:\Users\Admin\AppData\Local\Temp\tmp82A8.tmp"
        2⤵
        • Creates scheduled task(s)
        PID:1088

    Network

    MITRE ATT&CK Enterprise v6

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\Local\Temp\tmp82A8.tmp
      Filesize

      1KB

      MD5

      edb3e309e397be0cbcabcaabe2d27fd3

      SHA1

      f017b40de5560247fe2d200be80614d211fbc1df

      SHA256

      a56278f5ff13d429c1b98318d68ba03046da9e1f71817bb0f57495b4a0859de1

      SHA512

      99ecfc4f34f1719b939ed5a2c45bdbf57406847558a9d25e656e583e51e607ae6bec75c04181d03b5f2af29f11791ddff1f4e3eea714094a78446c369f8e4f5f

      Download Submit
    • memory/656-54-0x0000000000110000-0x00000000001B6000-memory.dmp
      Filesize

      664KB

      Download
    • memory/656-55-0x00000000753F1000-0x00000000753F3000-memory.dmp
      Filesize

      8KB

      Download
    • memory/656-56-0x00000000005B0000-0x00000000005C6000-memory.dmp
      Filesize

      88KB

      Download
    • memory/656-57-0x00000000005C0000-0x00000000005CE000-memory.dmp
      Filesize

      56KB

      Download
    • memory/656-58-0x0000000007D20000-0x0000000007D90000-memory.dmp
      Filesize

      448KB

      Download
    • memory/1088-60-0x0000000000000000-mapping.dmp
      Download
    • memory/1976-59-0x0000000000000000-mapping.dmp
      Download
    • memory/1976-63-0x000000006E3C0000-0x000000006E96B000-memory.dmp
      Filesize

      5.7MB

      Download
    • memory/1976-64-0x000000006E3C0000-0x000000006E96B000-memory.dmp
      Filesize

      5.7MB

      Download