c9b0d5627271956144cdc06ea9cc72dc14d662e684969800b303c0534c635f63

Analysis

max time kernel
33s
max time network
44s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
04/12/2022, 09:59

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

c9b0d5627271956144cdc06ea9cc72dc14d662e684969800b303c0534c635f63.exe
Size

16KB
MD5

f2f66eae28183fa73c1a2f6568564c4b
SHA1

92c5947ca08640f8f31fd251b677c9cee5a63596
SHA256

c9b0d5627271956144cdc06ea9cc72dc14d662e684969800b303c0534c635f63
SHA512

ac98bf68f6694025c62f32ba8b3d9c92b67cfe70e1764c9ac692692df1ff6c4af98b5eda35633e50e156cab6ad835639b9f1c917a224437da36efbbeefc0baa0
SSDEEP

384:anbt93TrePVOoiV2POSC5xX06InEOnQb2Qowbe:2bt9D7oiV2GSUxX01vnTwbe

Score

6^/10

persistence

Malware Config

Signatures

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1060

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\ASDPLUGIN = "C:\\Windows\\system32\\c9b0d5627271956144cdc06ea9cc72dc14d662e684969800b303c0534c635f63.exe -N"	c9b0d5627271956144cdc06ea9cc72dc14d662e684969800b303c0534c635f63.exe

Drops file in System32 directory 1 IoCs

description	ioc	Process
File created	C:\Windows\SysWOW64\c9b0d5627271956144cdc06ea9cc72dc14d662e684969800b303c0534c635f63.exe	c9b0d5627271956144cdc06ea9cc72dc14d662e684969800b303c0534c635f63.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

System Information Discovery
T1082

C:\Users\Admin\AppData\Local\Temp\c9b0d5627271956144cdc06ea9cc72dc14d662e684969800b303c0534c635f63.exe
"C:\Users\Admin\AppData\Local\Temp\c9b0d5627271956144cdc06ea9cc72dc14d662e684969800b303c0534c635f63.exe"
1⤵
- Adds Run key to start application
- Drops file in System32 directory
PID:2020

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

T1060

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2020-54-0x0000000075451000-0x0000000075453000-memory.dmp

Filesize
8KB

Download