Overview

overview

10

Static

static

1

document_M0234.exe

windows7-x64

8

document_M0234.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    893s
  • max time network
    898s
  • platform
    windows7_x64
  • resource
    win7-20220901-en
  • resource tags

    arch:x64arch:x86image:win7-20220901-enlocale:en-usos:windows7-x64system
  • submitted
    01-12-2022 15:19

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    document_M0234.exe

  • Size

    249KB

  • MD5

    0b6c508dec4b6647dca3d1bd61b002d4

  • SHA1

    5f85f53b7f2e54d74fa7733ecc51d5e8819e4bf6

  • SHA256

    1a67a5a9f3b74eb679eb5d2684961322941e9243aafd225c2fc08024f63fb59e

  • SHA512

    036286c289f8b0963acc44d5f35d3527a6ad899b24c72688c64be88274b3cdf837cca618f7827d763e92984c8bf7e8d025abda62dbf4806d192555fd2cd969e7

  • SSDEEP

    6144:gBn1Qvgd4/Vb+WwPpYM1ZKaUqjkb3Gi3S37:wQvF/B/eCMWa1S3p3S37

Score
8/10

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 2 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\document_M0234.exe
    "C:\Users\Admin\AppData\Local\Temp\document_M0234.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious use of WriteProcessMemory
    PID:1464
    • C:\Users\Admin\AppData\Local\Temp\zzlxhi.exe
      "C:\Users\Admin\AppData\Local\Temp\zzlxhi.exe" C:\Users\Admin\AppData\Local\Temp\wcocdnzaguw.y
      2⤵
      • Executes dropped EXE
      PID:1128

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\zzlxhi.exe
    Filesize

    59KB

    MD5

    7933f62d56acf239be280e77cc3cda48

    SHA1

    7ad3dae5e5a4d2e0a7b44e1076df463ec7f921bd

    SHA256

    02ee0374c20a68f1e0f81c8014b75521f09e2c4625e0afeabb0af87dc9aa5715

    SHA512

    79b16980c324db3c65db53166f7eea2b25610693f671b21d3ae89d6f4ffb6a4d2f3a5978b682598ff2830cde51964e25b793f3a18251ebe1450bdfeb8a24aae0

    Download Submit
  • \Users\Admin\AppData\Local\Temp\zzlxhi.exe
    Filesize

    59KB

    MD5

    7933f62d56acf239be280e77cc3cda48

    SHA1

    7ad3dae5e5a4d2e0a7b44e1076df463ec7f921bd

    SHA256

    02ee0374c20a68f1e0f81c8014b75521f09e2c4625e0afeabb0af87dc9aa5715

    SHA512

    79b16980c324db3c65db53166f7eea2b25610693f671b21d3ae89d6f4ffb6a4d2f3a5978b682598ff2830cde51964e25b793f3a18251ebe1450bdfeb8a24aae0

    Download Submit
  • \Users\Admin\AppData\Local\Temp\zzlxhi.exe
    Filesize

    59KB

    MD5

    7933f62d56acf239be280e77cc3cda48

    SHA1

    7ad3dae5e5a4d2e0a7b44e1076df463ec7f921bd

    SHA256

    02ee0374c20a68f1e0f81c8014b75521f09e2c4625e0afeabb0af87dc9aa5715

    SHA512

    79b16980c324db3c65db53166f7eea2b25610693f671b21d3ae89d6f4ffb6a4d2f3a5978b682598ff2830cde51964e25b793f3a18251ebe1450bdfeb8a24aae0

    Download Submit
  • memory/1128-57-0x0000000000000000-mapping.dmp
    Download
  • memory/1464-54-0x00000000758B1000-0x00000000758B3000-memory.dmp
    Filesize

    8KB

    Download