Overview

overview

8

Static

static

8

0968a8cffc...dc.exe

windows7-x64

8

0968a8cffc...dc.exe

windows10-2004-x64

8

Analysis

  • max time kernel
    178s
  • max time network
    55s
  • platform
    windows7_x64
  • resource
    win7-20220812-en
  • resource tags

    arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
  • submitted
    05-12-2022 23:16

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    0968a8cffcf23af7644ad9cdefaccb5d929071e7e91d7a5a2c4206815a74f3dc.exe

  • Size

    167KB

  • MD5

    3bfcb7193e84be0bb7fc96270a3ab481

  • SHA1

    95949e21b01ea1452b47aa914ef5c397fc531ce7

  • SHA256

    0968a8cffcf23af7644ad9cdefaccb5d929071e7e91d7a5a2c4206815a74f3dc

  • SHA512

    9f785ad394a15a3ecaac7f7bdefd50e73489e8a67efdb2c4ba2b1463eb106568f42d1533d1342a4fb369d66b601737b0e223260adff0dcdec0cc7954f34f9271

  • SSDEEP

    3072:JwR0w4iOa8G0ksGLqB5R6du5OyySSUwdELTaSjwhZimWu7j7ZEYdCoyI:CR0OOdG0k9qBS4xBSpdcOswhZNB73Z1V

Score
8/10
persistenceupx

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • UPX packed file 2 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Loads dropped DLL 1 IoCs
  • Adds Run key to start application 2 TTPs 1 IoCs
    persistence
  • Drops file in Program Files directory 2 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

Processes

  • C:\Users\Admin\AppData\Local\Temp\0968a8cffcf23af7644ad9cdefaccb5d929071e7e91d7a5a2c4206815a74f3dc.exe
    "C:\Users\Admin\AppData\Local\Temp\0968a8cffcf23af7644ad9cdefaccb5d929071e7e91d7a5a2c4206815a74f3dc.exe"
    1⤵
    • Loads dropped DLL
    • Drops file in Program Files directory
    PID:1368
  • C:\Program Files\Common Files\Pc.exe
    "C:\Program Files\Common Files\Pc.exe"
    1⤵
    • Executes dropped EXE
    • Adds Run key to start application
    PID:2040

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Program Files\Common Files\Pc.exe
    Filesize

    18KB

    MD5

    5681e04b4e88a52e742f55c41c20ff9f

    SHA1

    0cdaf12aeffe99b6cb83c3083e78a5a2f797b2a4

    SHA256

    99d4af9a2894c21023d5c9a63c6ad9889c2d5e22624cc253322d4faa61e5ba29

    SHA512

    f7e8c5e7b366e72eaf75723dfd734e706d7f6117b7d391dda276e6e2411a772887843b6d89fcf80356531026ce39561912df8c53944fa5cf9af1238746674fb1

    Download Submit

  • C:\Program Files\Common Files\Pc.exe
    Filesize

    18KB

    MD5

    5681e04b4e88a52e742f55c41c20ff9f

    SHA1

    0cdaf12aeffe99b6cb83c3083e78a5a2f797b2a4

    SHA256

    99d4af9a2894c21023d5c9a63c6ad9889c2d5e22624cc253322d4faa61e5ba29

    SHA512

    f7e8c5e7b366e72eaf75723dfd734e706d7f6117b7d391dda276e6e2411a772887843b6d89fcf80356531026ce39561912df8c53944fa5cf9af1238746674fb1

    Download Submit

  • \Program Files\Common Files\Pc.exe
    Filesize

    18KB

    MD5

    5681e04b4e88a52e742f55c41c20ff9f

    SHA1

    0cdaf12aeffe99b6cb83c3083e78a5a2f797b2a4

    SHA256

    99d4af9a2894c21023d5c9a63c6ad9889c2d5e22624cc253322d4faa61e5ba29

    SHA512

    f7e8c5e7b366e72eaf75723dfd734e706d7f6117b7d391dda276e6e2411a772887843b6d89fcf80356531026ce39561912df8c53944fa5cf9af1238746674fb1

    Download Submit

  • memory/1368-54-0x0000000075501000-0x0000000075503000-memory.dmp

    Filesize

    8KB

    Download

  • memory/1368-55-0x0000000074761000-0x0000000074763000-memory.dmp

    Filesize

    8KB

    Download

  • memory/1368-56-0x0000000000400000-0x0000000000463000-memory.dmp

    Filesize

    396KB

    Download

  • memory/1368-61-0x0000000000400000-0x0000000000463000-memory.dmp

    Filesize

    396KB

    Download