8f226fb77fa1a0e61066c2faf5da7f0714653db997d2bd9123e630fa5476c62b

Analysis

max time kernel
9s
max time network
33s
platform
windows7_x64
resource
win7-20221111-en
resource tags

arch:x64arch:x86image:win7-20221111-enlocale:en-usos:windows7-x64system
submitted
04-12-2022 14:02

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

8f226fb77fa1a0e61066c2faf5da7f0714653db997d2bd9123e630fa5476c62b.exe
Size

2.3MB
MD5

8c78d185cc5708794e8f9ca49ebe91f0
SHA1

f568f1785358f1ae85c16652d740bc69c4cca596
SHA256

8f226fb77fa1a0e61066c2faf5da7f0714653db997d2bd9123e630fa5476c62b
SHA512

8837d389051861de1eb887942d1f5e5ee7b427ee6c469d41422449fe184c805709f4b2a9464ee3659876763bb51c3784f896eec9d9931603f77ca305cc821ee9
SSDEEP

49152:D85W11HiF5F+BhvwTn9cU5fICbO3y49qmXmPEDOP7df9:m02mnqn9lmT8m2WOPp9

Score

8^/10

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
1272	test.exe

Loads dropped DLL 2 IoCs

pid	Process
2020	8f226fb77fa1a0e61066c2faf5da7f0714653db997d2bd9123e630fa5476c62b.exe
2020	8f226fb77fa1a0e61066c2faf5da7f0714653db997d2bd9123e630fa5476c62b.exe

Drops file in Program Files directory 5 IoCs

description	ioc	Process
File created	C:\Program Files\Internet Explorer\1.wmv	8f226fb77fa1a0e61066c2faf5da7f0714653db997d2bd9123e630fa5476c62b.exe
File opened for modification	C:\Program Files\Internet Explorer\1.wmv	8f226fb77fa1a0e61066c2faf5da7f0714653db997d2bd9123e630fa5476c62b.exe
File created	C:\Program Files\Internet Explorer\__tmp_rar_sfx_access_check_7103240	8f226fb77fa1a0e61066c2faf5da7f0714653db997d2bd9123e630fa5476c62b.exe
File created	C:\Program Files\Internet Explorer\test.exe	8f226fb77fa1a0e61066c2faf5da7f0714653db997d2bd9123e630fa5476c62b.exe
File opened for modification	C:\Program Files\Internet Explorer\test.exe	8f226fb77fa1a0e61066c2faf5da7f0714653db997d2bd9123e630fa5476c62b.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

System Information Discovery
T1082

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2020 wrote to memory of 1272	2020	8f226fb77fa1a0e61066c2faf5da7f0714653db997d2bd9123e630fa5476c62b.exe	28
PID 2020 wrote to memory of 1272	2020	8f226fb77fa1a0e61066c2faf5da7f0714653db997d2bd9123e630fa5476c62b.exe	28
PID 2020 wrote to memory of 1272	2020	8f226fb77fa1a0e61066c2faf5da7f0714653db997d2bd9123e630fa5476c62b.exe	28
PID 2020 wrote to memory of 1272	2020	8f226fb77fa1a0e61066c2faf5da7f0714653db997d2bd9123e630fa5476c62b.exe	28

C:\Users\Admin\AppData\Local\Temp\8f226fb77fa1a0e61066c2faf5da7f0714653db997d2bd9123e630fa5476c62b.exe
"C:\Users\Admin\AppData\Local\Temp\8f226fb77fa1a0e61066c2faf5da7f0714653db997d2bd9123e630fa5476c62b.exe"
1⤵
- Loads dropped DLL
- Drops file in Program Files directory
- Suspicious use of WriteProcessMemory
PID:2020
- C:\Program Files\Internet Explorer\test.exe
  "C:\Program Files\Internet Explorer\test.exe"
  2⤵
  - Executes dropped EXE
  PID:1272

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files\Internet Explorer\test.exe

Filesize
74KB

MD5
48fbf1b24314468bc09b71b20fbc51f0

SHA1
bad2efc431409d6933ac0b70f6ab743b7448319b

SHA256
946aef6c8954eaca9763b87c16ae39d51dcbc7931d7d6bbde808ace676da7492

SHA512
568afcbffa1c63d42d28a93f806fcc6ae9b01e61566562d257afb7b771c746c382eb9103618003706ee12d3b974ac76f87c6ed4baa1016863601ea20bcfe2c7a

Download Submit
\Program Files\Internet Explorer\test.exe

Filesize
74KB

MD5
48fbf1b24314468bc09b71b20fbc51f0

SHA1
bad2efc431409d6933ac0b70f6ab743b7448319b

SHA256
946aef6c8954eaca9763b87c16ae39d51dcbc7931d7d6bbde808ace676da7492

SHA512
568afcbffa1c63d42d28a93f806fcc6ae9b01e61566562d257afb7b771c746c382eb9103618003706ee12d3b974ac76f87c6ed4baa1016863601ea20bcfe2c7a

Download Submit
\Program Files\Internet Explorer\test.exe

Filesize
74KB

MD5
48fbf1b24314468bc09b71b20fbc51f0

SHA1
bad2efc431409d6933ac0b70f6ab743b7448319b

SHA256
946aef6c8954eaca9763b87c16ae39d51dcbc7931d7d6bbde808ace676da7492

SHA512
568afcbffa1c63d42d28a93f806fcc6ae9b01e61566562d257afb7b771c746c382eb9103618003706ee12d3b974ac76f87c6ed4baa1016863601ea20bcfe2c7a

Download Submit
memory/1272-57-0x0000000000000000-mapping.dmp

Download
memory/2020-54-0x0000000074FD1000-0x0000000074FD3000-memory.dmp

Filesize
8KB

Download