82822f33cd88d1ad7e5d033ec03bafc9f1002d78567b2600d4bff0464beafbca

Analysis

max time kernel
148s
max time network
153s
platform
windows7_x64
resource
win7-20220901-en
resource tags

arch:x64arch:x86image:win7-20220901-enlocale:en-usos:windows7-x64system
submitted
01/12/2022, 02:29

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

82822f33cd88d1ad7e5d033ec03bafc9f1002d78567b2600d4bff0464beafbca.exe
Size

121KB
MD5

4cba67ec3dab54e1d9abe4145b9ff6fb
SHA1

194326a7dee9a7de0cc24e7cc65d61d14bed3055
SHA256

82822f33cd88d1ad7e5d033ec03bafc9f1002d78567b2600d4bff0464beafbca
SHA512

e8f45d75f7c662a2f0d3973b5247a15d02d8097e17f0f1d7745d31630180a3c619d8ad23998489ebffb8162c32a3f9d946afcd32e834ab793f18be59dc71195a
SSDEEP

3072:cs0gg+gJnb6QIFH9dGMuXIsnw4I1FVSmuA:X7g/+QIN98XXnw4aV7

Score

6^/10

persistence

Malware Config

Signatures

Adds Run key to start application 2 TTPs 2 IoCs

persistence

Registry Run Keys / Startup Folder

T1060

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\USER\S-1-5-21-4063495947-34355257-727531523-1000\Software\Microsoft\Windows\CurrentVersion\RunOnce\HSS = "C:\\Users\\Admin\\AppData\\Local\\Temp\\82822f33cd88d1ad7e5d033ec03bafc9f1002d78567b2600d4bff0464beafbca.exe /cs:1 "	82822f33cd88d1ad7e5d033ec03bafc9f1002d78567b2600d4bff0464beafbca.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-4063495947-34355257-727531523-1000\Software\Microsoft\Windows\CurrentVersion\Run\HSS = "\"C:\\ProgramData\\127766\\HS127_8001.exe\" /s"	82822f33cd88d1ad7e5d033ec03bafc9f1002d78567b2600d4bff0464beafbca.exe

Checks for any installed AV software in registry 1 TTPs 1 IoCs

Security Software Discovery

T1063

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Eset\Nod\	82822f33cd88d1ad7e5d033ec03bafc9f1002d78567b2600d4bff0464beafbca.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

System Information Discovery
T1082

C:\Users\Admin\AppData\Local\Temp\82822f33cd88d1ad7e5d033ec03bafc9f1002d78567b2600d4bff0464beafbca.exe
"C:\Users\Admin\AppData\Local\Temp\82822f33cd88d1ad7e5d033ec03bafc9f1002d78567b2600d4bff0464beafbca.exe"
1⤵
- Adds Run key to start application
- Checks for any installed AV software in registry
PID:832

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

T1060

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Security Software Discovery

T1063

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

memory/832-54-0x00000000003C0000-0x00000000003D1000-memory.dmp

Filesize
68KB

Download
memory/832-55-0x0000000076BA1000-0x0000000076BA3000-memory.dmp

Filesize
8KB

Download
memory/832-56-0x0000000000400000-0x0000000000443000-memory.dmp

Filesize
268KB

Download
memory/832-57-0x00000000003C0000-0x00000000003D1000-memory.dmp

Filesize
68KB

Download
memory/832-58-0x00000000003C0000-0x00000000003C2000-memory.dmp

Filesize
8KB

Download
memory/832-60-0x00000000003C0000-0x00000000003C2000-memory.dmp

Filesize
8KB

Download
memory/832-59-0x00000000003C0000-0x00000000003D1000-memory.dmp

Filesize
68KB

Download