Analysis

  • max time kernel
    157s
  • max time network
    230s
  • platform
    windows7_x64
  • resource
    win7-20221111-en
  • resource tags

    arch:x64arch:x86image:win7-20221111-enlocale:en-usos:windows7-x64system
  • submitted
    04/12/2022, 09:03

General

  • Target

    c77e4ca0711859c750a706d84615db0db171cf743e74478fc1951a4427522a5e.exe

  • Size

    324KB

  • MD5

    fb483a28d226865596be7eee3835f0d8

  • SHA1

    1a17f6fde84203a2fd0a042c7aab4ecf32414781

  • SHA256

    c77e4ca0711859c750a706d84615db0db171cf743e74478fc1951a4427522a5e

  • SHA512

    58b723ad00489afe7c889ae850f8ac190babbfd114674351e561de658a06cbee5082d23d6635b2806781e8692065811f15823e6695e006966931bc9f6afc693f

  • SSDEEP

    6144:qAoZqAYTSE0CzjeNH0LCZhwcU8oa7bN4iAdyk2xoexG:qZ0eZhJ9H7bSbMkWoexG

Score
6/10

Malware Config

Signatures

  • Adds Run key to start application 2 TTPs 2 IoCs
  • Drops desktop.ini file(s) 2 IoCs
  • Drops autorun.inf file 1 TTPs 2 IoCs

    Malware can abuse Windows Autorun to spread further via attached volumes.

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

  • Modifies system certificate store 2 TTPs 3 IoCs
  • Suspicious use of SetWindowsHookEx 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\c77e4ca0711859c750a706d84615db0db171cf743e74478fc1951a4427522a5e.exe
    "C:\Users\Admin\AppData\Local\Temp\c77e4ca0711859c750a706d84615db0db171cf743e74478fc1951a4427522a5e.exe"
    1⤵
    • Adds Run key to start application
    • Drops desktop.ini file(s)
    • Drops autorun.inf file
    • Modifies system certificate store
    • Suspicious use of SetWindowsHookEx
    PID:1776

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/1776-56-0x0000000075C31000-0x0000000075C33000-memory.dmp

    Filesize

    8KB