Overview

overview

10

Static

static

6fd6e22afe...91.exe

windows7-x64

10

6fd6e22afe...91.exe

windows10-2004-x64

8

Analysis

  • max time kernel
    293s
  • max time network
    288s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20221111-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20221111-enlocale:en-usos:windows10-2004-x64system
  • submitted
    04/12/2022, 13:41

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    6fd6e22afeccd65370c0943d215f2173f68e385bd0f891140501c5f29fd7c891.exe

  • Size

    524KB

  • MD5

    021cabfaf60fa5e008cf8e0437a79b6d

  • SHA1

    e164e429fa6200fdc5eebf648439d5075ba6e94d

  • SHA256

    6fd6e22afeccd65370c0943d215f2173f68e385bd0f891140501c5f29fd7c891

  • SHA512

    c51aa78981fede2ea1d5a8de28c366279bf84ef0c8f2745c55ac315dee482a72035644dbd0785dc52aa3ca396221c4a19b2e0355b0c3eea67569f6d071c5e44c

  • SSDEEP

    6144:elIXsL0tvrSVz1DnemeYbpsnEf78AoXh6KkiD0OofzA+/VygHUSCnDU:elIXsgtvm1De5YlOx6lzBH46Ut4

Score
8/10

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Checks computer location settings 2 TTPs 1 IoCs

    Looks up country code configured in the registry, likely geofence.

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\6fd6e22afeccd65370c0943d215f2173f68e385bd0f891140501c5f29fd7c891.exe
    "C:\Users\Admin\AppData\Local\Temp\6fd6e22afeccd65370c0943d215f2173f68e385bd0f891140501c5f29fd7c891.exe"
    1⤵
    • Checks computer location settings
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of WriteProcessMemory
    PID:2076
    • C:\Users\Admin\AppData\Local\Temp\fdiwjegfpns.exe
      "C:\Users\Admin\AppData\Local\Temp\fdiwjegfpns.exe" "c:\users\admin\appdata\local\temp\6fd6e22afeccd65370c0943d215f2173f68e385bd0f891140501c5f29fd7c891.exe*"
      2⤵
      • Executes dropped EXE
      PID:1856

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\fdiwjegfpns.exe
    Filesize

    320KB

    MD5

    867b95b050ca3207e686987d30374691

    SHA1

    594c6824a10abf2018de79f2192dd05ff27e99cc

    SHA256

    11db155fec57144addd1cda41d48eac4d14df7d976f82f67d3adce53df514bf4

    SHA512

    dcddb145e31d38a7a7063f9e71244049c04bde95a6ad05efc6eeeecfc8c2d25bda46101854646e664de15d6e25a83fac3ff15fac4c2af8277d10c4a4eb260d5e

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\fdiwjegfpns.exe
    Filesize

    320KB

    MD5

    867b95b050ca3207e686987d30374691

    SHA1

    594c6824a10abf2018de79f2192dd05ff27e99cc

    SHA256

    11db155fec57144addd1cda41d48eac4d14df7d976f82f67d3adce53df514bf4

    SHA512

    dcddb145e31d38a7a7063f9e71244049c04bde95a6ad05efc6eeeecfc8c2d25bda46101854646e664de15d6e25a83fac3ff15fac4c2af8277d10c4a4eb260d5e

    Download Submit