fcef415be0bed8f1d55fb18bbf06c4fe6f5591c2ee12033fe8df70ad92540c85

Analysis

max time kernel
143s
max time network
148s
platform
windows10-2004_x64
resource
win10v2004-20220901-en
resource tags

arch:x64arch:x86image:win10v2004-20220901-enlocale:en-usos:windows10-2004-x64system
submitted
01/12/2022, 15:15

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

fcef415be0bed8f1d55fb18bbf06c4fe6f5591c2ee12033fe8df70ad92540c85.exe
Size

2.8MB
MD5

ad3d5fc5a3d877c3ef547be9c2ee3cd9
SHA1

25a607c1368365bb8b56cb1e3b29742336e085c4
SHA256

fcef415be0bed8f1d55fb18bbf06c4fe6f5591c2ee12033fe8df70ad92540c85
SHA512

05096885d0f82dd27a5e76624debb1a0e1d5175ff8f503a907dd487d086497c8e03dedbdd510323a41a6450a5f11d33390e2cbce46ba1b9a05b9c1c81b5fa03c
SSDEEP

49152:3gm2PKfj6ZcEv+9OPQ7qwQjQNGzAIxve4D6JqX9qnubgK8UJB:34s6qc+zm7nzAIxW4WU4uj8UJB

Score

8^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/5004-132-0x0000000000400000-0x0000000000594000-memory.dmp	upx

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

System Information Discovery
T1082

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
5004	fcef415be0bed8f1d55fb18bbf06c4fe6f5591c2ee12033fe8df70ad92540c85.exe

C:\Users\Admin\AppData\Local\Temp\fcef415be0bed8f1d55fb18bbf06c4fe6f5591c2ee12033fe8df70ad92540c85.exe
"C:\Users\Admin\AppData\Local\Temp\fcef415be0bed8f1d55fb18bbf06c4fe6f5591c2ee12033fe8df70ad92540c85.exe"
1⤵
- Suspicious use of SetWindowsHookEx
PID:5004

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

memory/5004-132-0x0000000000400000-0x0000000000594000-memory.dmp

Filesize
1.6MB

Download
memory/5004-133-0x0000000000400000-0x0000000000594000-memory.dmp

Filesize
1.6MB

Download
memory/5004-136-0x00000000006F0000-0x00000000006F6000-memory.dmp

Filesize
24KB

Download
memory/5004-138-0x0000000000400000-0x0000000000594000-memory.dmp

Filesize
1.6MB

Download