Analysis
-
max time kernel
44s -
max time network
48s -
platform
windows7_x64 -
resource
win7-20220901-en -
resource tags
arch:x64arch:x86image:win7-20220901-enlocale:en-usos:windows7-x64system -
submitted
04-12-2022 04:58
Static task
static1
Behavioral task
behavioral1
Sample
5219732128190b2cf5bcdf3fae5b3ba11af9735c7b331c8d627cd74d346c22d4.exe
Resource
win7-20220901-en
Behavioral task
behavioral2
Sample
5219732128190b2cf5bcdf3fae5b3ba11af9735c7b331c8d627cd74d346c22d4.exe
Resource
win10v2004-20221111-en
General
-
Target
5219732128190b2cf5bcdf3fae5b3ba11af9735c7b331c8d627cd74d346c22d4.exe
-
Size
2.1MB
-
MD5
6078ebe6a896729a28e5577891a352fa
-
SHA1
8df98b640292ea4803230b2b8c9c0c5d3d52ec6f
-
SHA256
5219732128190b2cf5bcdf3fae5b3ba11af9735c7b331c8d627cd74d346c22d4
-
SHA512
5c14af0d27871bd6e22e1c35f4311d3384639de92c161baafdc5b3af80ce0cf6f00e8f6c55e779ee7750285171fe7adfa0c9f1f6487c9ef63e06a0d9124041a1
-
SSDEEP
49152:BRhhTNSh+00XcG/7R4MVo4p87OtpRNcnMSptbpwE:3wh+Z/79Dp8K7rc3b
Malware Config
Signatures
-
Writes to the Master Boot Record (MBR) 1 TTPs 1 IoCs
Bootkits write to the MBR to gain persistence at a level below the operating system.
Processes:
5219732128190b2cf5bcdf3fae5b3ba11af9735c7b331c8d627cd74d346c22d4.exedescription ioc process File opened for modification \??\PhysicalDrive0 5219732128190b2cf5bcdf3fae5b3ba11af9735c7b331c8d627cd74d346c22d4.exe -
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.
-
Modifies registry class 3 IoCs
Processes:
5219732128190b2cf5bcdf3fae5b3ba11af9735c7b331c8d627cd74d346c22d4.exedescription ioc process Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\.key\ = "regfile" 5219732128190b2cf5bcdf3fae5b3ba11af9735c7b331c8d627cd74d346c22d4.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\.key 5219732128190b2cf5bcdf3fae5b3ba11af9735c7b331c8d627cd74d346c22d4.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\.key\ 5219732128190b2cf5bcdf3fae5b3ba11af9735c7b331c8d627cd74d346c22d4.exe -
Suspicious use of SetWindowsHookEx 1 IoCs
Processes:
5219732128190b2cf5bcdf3fae5b3ba11af9735c7b331c8d627cd74d346c22d4.exepid process 1056 5219732128190b2cf5bcdf3fae5b3ba11af9735c7b331c8d627cd74d346c22d4.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\5219732128190b2cf5bcdf3fae5b3ba11af9735c7b331c8d627cd74d346c22d4.exe"C:\Users\Admin\AppData\Local\Temp\5219732128190b2cf5bcdf3fae5b3ba11af9735c7b331c8d627cd74d346c22d4.exe"1⤵
- Writes to the Master Boot Record (MBR)
- Modifies registry class
- Suspicious use of SetWindowsHookEx
Network
MITRE ATT&CK Matrix ATT&CK v6
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/1056-54-0x0000000075A71000-0x0000000075A73000-memory.dmpFilesize
8KB
-
memory/1056-55-0x0000000000400000-0x0000000000AA3000-memory.dmpFilesize
6.6MB
-
memory/1056-56-0x0000000000DE0000-0x0000000000DE3000-memory.dmpFilesize
12KB
-
memory/1056-57-0x0000000000400000-0x0000000000AA3000-memory.dmpFilesize
6.6MB