Overview

overview

8

Static

static

a72515fba9...da.exe

windows7-x64

8

a72515fba9...da.exe

windows10-2004-x64

8

Analysis

  • max time kernel
    189s
  • max time network
    185s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20221111-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20221111-enlocale:en-usos:windows10-2004-x64system
  • submitted
    04/12/2022, 06:00

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    a72515fba962724915a4edc989f00e891f77ac5265b583a9b7a61905819687da.exe

  • Size

    59KB

  • MD5

    c00365b1e2d851db61730c2c4713c5d1

  • SHA1

    3b0ee22eaf510ebe90d93adbed154f1207b07b15

  • SHA256

    a72515fba962724915a4edc989f00e891f77ac5265b583a9b7a61905819687da

  • SHA512

    382054cab0a4be58efba2a5030c59967dda3b6f0621e42deb0976f6e7e01574265688fd4f39a83fb333da0ab81b6d95cc6a3abefd2128d776d5acf4a29b8f515

  • SSDEEP

    1536:/dE2eLOKL/108Zgqys0br6NCyoqbOEMqMoL2h9HL9:FEfLOK+8Zgbs0brN/EMqMoL2hr

Score
8/10

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Checks computer location settings 2 TTPs 1 IoCs

    Looks up country code configured in the registry, likely geofence.

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\a72515fba962724915a4edc989f00e891f77ac5265b583a9b7a61905819687da.exe
    "C:\Users\Admin\AppData\Local\Temp\a72515fba962724915a4edc989f00e891f77ac5265b583a9b7a61905819687da.exe"
    1⤵
    • Checks computer location settings
    • Suspicious use of WriteProcessMemory
    PID:1748
    • C:\WINDOWS\temp\uninstaller.exe
      "C:\WINDOWS\temp\uninstaller.exe" C:\Users\Admin\AppData\Local\Temp\a72515fba962724915a4edc989f00e891f77ac5265b583a9b7a61905819687da.exe
      2⤵
      • Executes dropped EXE
      PID:2660

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\WINDOWS\temp\uninstaller.exe
    Filesize

    13KB

    MD5

    c7ea5ef08c01b732f3e1086630736fc8

    SHA1

    24f774a23dd202c89b46da146de0c5c33d314b19

    SHA256

    e46879c33dcbbeffd5fd4569db8dc9b87485f7cbfdcffd13c179277ee2f0d364

    SHA512

    d5f8ee15d0c8d6ae98955ced70cb664a9d967a458a5691bc1b1ea16f1cce96c5124f75110859280c84c248583c69875b60015bd04ce8523b6ba2b28a48ecde47

    Download Submit

  • C:\Windows\Temp\uninstaller.exe
    Filesize

    13KB

    MD5

    c7ea5ef08c01b732f3e1086630736fc8

    SHA1

    24f774a23dd202c89b46da146de0c5c33d314b19

    SHA256

    e46879c33dcbbeffd5fd4569db8dc9b87485f7cbfdcffd13c179277ee2f0d364

    SHA512

    d5f8ee15d0c8d6ae98955ced70cb664a9d967a458a5691bc1b1ea16f1cce96c5124f75110859280c84c248583c69875b60015bd04ce8523b6ba2b28a48ecde47

    Download Submit

  • memory/1748-132-0x0000000000400000-0x0000000000428000-memory.dmp

    Filesize

    160KB

    Download

  • memory/1748-133-0x0000000000400000-0x0000000000428000-memory.dmp

    Filesize

    160KB

    Download

  • memory/1748-134-0x0000000000400000-0x0000000000428000-memory.dmp

    Filesize

    160KB

    Download

  • memory/1748-138-0x0000000000400000-0x0000000000428000-memory.dmp

    Filesize

    160KB

    Download

  • memory/2660-139-0x0000000000400000-0x000000000040F000-memory.dmp

    Filesize

    60KB

    Download

  • memory/2660-140-0x0000000000400000-0x000000000040F000-memory.dmp

    Filesize

    60KB

    Download