Overview

overview

8

Static

static

b2a82d07ec...40.exe

windows7-x64

8

b2a82d07ec...40.exe

windows10-2004-x64

8

Analysis

  • max time kernel
    151s
  • max time network
    152s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20220812-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
  • submitted
    01/12/2022, 19:15

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    b2a82d07ec9aea9e239461b024b3e0c992ce4c6258087a16106909f5edf0e840.exe

  • Size

    310KB

  • MD5

    61a2e2cc210015eea462e330a6a83854

  • SHA1

    194364c7b52cbce44afbb66504b0f664cd855d87

  • SHA256

    b2a82d07ec9aea9e239461b024b3e0c992ce4c6258087a16106909f5edf0e840

  • SHA512

    0ed04bffe62dd748c55744a7ea0bffce8e094de675768356ff22597bc438e5a54fc0cdf671abf5e6ecb36701ccaa48774ce2d00b119e5b43b00a6b8d1b2d9bf7

  • SSDEEP

    6144:yWlMpTJUIhGleD75qJ74nDWgRAkPc2fyuGQn8xID0DMFatlL:1M/UIhRD7AcR3PcwGLxe0DttlL

Score
8/10

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Checks computer location settings 2 TTPs 1 IoCs

    Looks up country code configured in the registry, likely geofence.

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\b2a82d07ec9aea9e239461b024b3e0c992ce4c6258087a16106909f5edf0e840.exe
    "C:\Users\Admin\AppData\Local\Temp\b2a82d07ec9aea9e239461b024b3e0c992ce4c6258087a16106909f5edf0e840.exe"
    1⤵
    • Checks computer location settings
    • Suspicious use of WriteProcessMemory
    PID:1264
    • C:\Users\Admin\AppData\Local\Temp\~sfx000AA891B8\Piranha.exe
      "C:\Users\Admin\AppData\Local\Temp\~sfx000AA891B8\Piranha.exe"
      2⤵
      • Executes dropped EXE
      • Suspicious behavior: EnumeratesProcesses
      PID:2784

Network

        MITRE ATT&CK Enterprise v6

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Users\Admin\AppData\Local\Temp\~sfx000AA891B8\Piranha.exe
          Filesize

          24KB

          MD5

          87c048bfa4f4413c7428105204d31b2d

          SHA1

          0506841cb1c69805123230403c710826017d68df

          SHA256

          387440d3bf499a0ed09e830c33746c71bc8412f04401f9b98b19bcd6ca84cc3b

          SHA512

          845cb9b044770e38b44e04d7e5528bdd00b5d3713173839fe08c11e59c34e43917da3236d77687b4ec1abd99bdf664645f6b9a04ee50c39e58339dc8a7effee9

          Download Submit

        • C:\Users\Admin\AppData\Local\Temp\~sfx000AA891B8\Piranha.exe
          Filesize

          24KB

          MD5

          87c048bfa4f4413c7428105204d31b2d

          SHA1

          0506841cb1c69805123230403c710826017d68df

          SHA256

          387440d3bf499a0ed09e830c33746c71bc8412f04401f9b98b19bcd6ca84cc3b

          SHA512

          845cb9b044770e38b44e04d7e5528bdd00b5d3713173839fe08c11e59c34e43917da3236d77687b4ec1abd99bdf664645f6b9a04ee50c39e58339dc8a7effee9

          Download Submit