Overview

overview

8

Static

static

744575435e...9b.exe

windows7-x64

8

744575435e...9b.exe

windows10-2004-x64

8

Analysis

  • max time kernel
    148s
  • max time network
    46s
  • platform
    windows7_x64
  • resource
    win7-20220812-en
  • resource tags

    arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
  • submitted
    01-12-2022 03:26

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    744575435e68e8b5fe951d951dfed37a24b4e97601c4ec84a9fe3d0e63882d9b.exe

  • Size

    1.3MB

  • MD5

    c9e071b18ca0aea0a89ebf0943f80e53

  • SHA1

    8a22d1362983177821f3e2cdf8eed980777a72f9

  • SHA256

    744575435e68e8b5fe951d951dfed37a24b4e97601c4ec84a9fe3d0e63882d9b

  • SHA512

    bfd6f017ae605110bbd3dcd18516cc82a241bb0a146282d82b472c6ca25e897a04f93bf85fd6eb940e0aeabcc3fdb1e34eb61311829ca61bc52351f873c7f016

  • SSDEEP

    24576:mbwlgdC2aus8fZHu/B6S+xWNU73Za15QQS6UEbk73HYLA:mD8cS0uqJj0bk73HYLA

Score
8/10

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Deletes itself 1 IoCs
  • Loads dropped DLL 1 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

  • Suspicious behavior: EnumeratesProcesses 28 IoCs
  • Suspicious use of WriteProcessMemory 8 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\744575435e68e8b5fe951d951dfed37a24b4e97601c4ec84a9fe3d0e63882d9b.exe
    "C:\Users\Admin\AppData\Local\Temp\744575435e68e8b5fe951d951dfed37a24b4e97601c4ec84a9fe3d0e63882d9b.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious use of WriteProcessMemory
    PID:1480
    • C:\Users\Admin\AppData\Local\Temp\tmp0E.39\smse.exe
      "C:\Users\Admin\AppData\Local\Temp\tmp0E.39\smse.exe" smse tmp0E.39
      2⤵
      • Executes dropped EXE
      • Suspicious behavior: EnumeratesProcesses
      PID:1560
    • C:\Windows\SysWOW64\cmd.exe
      cmd /c C:\Users\Admin\AppData\Local\Temp\$$Windows$$.bat
      2⤵
      • Deletes itself
      PID:980

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\$$Windows$$.bat
    Filesize

    248B

    MD5

    e5f888b7423a79cdde9c730f7502a600

    SHA1

    9d51f9d7dfd90f6ccd3d84f35df66c4f19da9b79

    SHA256

    4f8307870959feca4361424b3883e02e45d8da7b21aeb2ee4e472709bf071f68

    SHA512

    6d04c565f69d1f3521a88f524bd40078a3d1c7424092802b8e70f6a397fa1ebc3046606518fbd745e7ad9bd916c0ee6166b0c571508347c23c6bd1a06e61acb6

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\tmp0E.39\smse.exe
    Filesize

    1.3MB

    MD5

    c9e071b18ca0aea0a89ebf0943f80e53

    SHA1

    8a22d1362983177821f3e2cdf8eed980777a72f9

    SHA256

    744575435e68e8b5fe951d951dfed37a24b4e97601c4ec84a9fe3d0e63882d9b

    SHA512

    bfd6f017ae605110bbd3dcd18516cc82a241bb0a146282d82b472c6ca25e897a04f93bf85fd6eb940e0aeabcc3fdb1e34eb61311829ca61bc52351f873c7f016

    Download Submit

  • \Users\Admin\AppData\Local\Temp\tmp0E.39\smse.exe
    Filesize

    1.3MB

    MD5

    c9e071b18ca0aea0a89ebf0943f80e53

    SHA1

    8a22d1362983177821f3e2cdf8eed980777a72f9

    SHA256

    744575435e68e8b5fe951d951dfed37a24b4e97601c4ec84a9fe3d0e63882d9b

    SHA512

    bfd6f017ae605110bbd3dcd18516cc82a241bb0a146282d82b472c6ca25e897a04f93bf85fd6eb940e0aeabcc3fdb1e34eb61311829ca61bc52351f873c7f016

    Download Submit

  • memory/1480-54-0x0000000076201000-0x0000000076203000-memory.dmp

    Filesize

    8KB

    Download