Overview

overview

7

Static

static

97153f7a4c...02.exe

windows7-x64

3

97153f7a4c...02.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    91s
  • max time network
    150s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20220901-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20220901-enlocale:en-usos:windows10-2004-x64system
  • submitted
    04/12/2022, 06:28

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    97153f7a4c984adbad1c87d09f6e16472cbfb90db0aaafdaa5a12e0cf0248c02.exe

  • Size

    117KB

  • MD5

    73f49591958b725c3cfbbe297dc7a0aa

  • SHA1

    b466214a7f28917e9817dfb99770a67808c4cb99

  • SHA256

    97153f7a4c984adbad1c87d09f6e16472cbfb90db0aaafdaa5a12e0cf0248c02

  • SHA512

    286fb18e3dd5356727ca9bc288e82b59b91dcfca8e0c5647fde2e7bbd21e55186f5fa71abd5cc76112a0790e8bd580a8b7fbb8f943df862998007613001b3c17

  • SSDEEP

    3072:+8U2yJN5f661xRZbALxB1Ojdgx8GYgw/XeyXJkr:+8U2qy6rRZb7jxGYgWxJG

Score
7/10

Malware Config

Signatures

  • Checks computer location settings 2 TTPs 1 IoCs

    Looks up country code configured in the registry, likely geofence.

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\97153f7a4c984adbad1c87d09f6e16472cbfb90db0aaafdaa5a12e0cf0248c02.exe
    "C:\Users\Admin\AppData\Local\Temp\97153f7a4c984adbad1c87d09f6e16472cbfb90db0aaafdaa5a12e0cf0248c02.exe"
    1⤵
    • Checks computer location settings
    • Suspicious use of WriteProcessMemory
    PID:1608
    • C:\Windows\SysWOW64\mshta.exe
      "C:\Windows\System32\mshta.exe" "javascript:new ActiveXObject('WScript.Shell').Run('SOLA_2.0_55731176612273.bat',0);window.close()"
      2⤵
        PID:4852

    Network

    MITRE ATT&CK Enterprise v6

    Replay Monitor

    Loading Replay Monitor...

    Downloads