Overview

overview

10

Static

static

cc60c09fa4...54.exe

windows7-x64

10

cc60c09fa4...54.exe

windows10-2004-x64

8

Analysis

  • max time kernel
    290s
  • max time network
    358s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20221111-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20221111-enlocale:en-usos:windows10-2004-x64system
  • submitted
    05-12-2022 07:50

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    cc60c09fa463d4ad4a230dbd9f43652585e401b97fe017f21bf697f9b8305354.exe

  • Size

    1.1MB

  • MD5

    1ab84840a608d243cc351d8a3a40d2b6

  • SHA1

    607b229d480589c21ba617121bfb4beb11c87d57

  • SHA256

    cc60c09fa463d4ad4a230dbd9f43652585e401b97fe017f21bf697f9b8305354

  • SHA512

    362c52a4e4f9c53e7aecc3c2f94adf15e6abeb1305464cd7ba6720f163d02af4534f5773292162c7c294e6179ee672601f47cd86f458207a95cde0ce98869dbf

  • SSDEEP

    24576:b1dlZo5l+LyKX/8vL3t/2g576R54en9n0CDU/36hRcDRIJcw0lu/24Xow:b1dlZol+LlXOhU04aCY/3QaRIJcyuhw

Score
8/10

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Checks computer location settings 2 TTPs 1 IoCs

    Looks up country code configured in the registry, likely geofence.

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\cc60c09fa463d4ad4a230dbd9f43652585e401b97fe017f21bf697f9b8305354.exe
    "C:\Users\Admin\AppData\Local\Temp\cc60c09fa463d4ad4a230dbd9f43652585e401b97fe017f21bf697f9b8305354.exe"
    1⤵
    • Checks computer location settings
    • Suspicious use of WriteProcessMemory
    PID:4932
    • C:\Extracted\spy-net encryptado.exe
      "C:\Extracted\spy-net encryptado.exe"
      2⤵
      • Executes dropped EXE
      PID:5008

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Extracted\spy-net encryptado.exe
    Filesize

    394KB

    MD5

    6fa7ade462e02f8527aafe65530f7873

    SHA1

    b03a59b3613d37aba606411db8006053360ecbe1

    SHA256

    b160d1795a5eb053b5e9cfe22697fa0292484dc35d7039fa91c4a2fa7a06ad35

    SHA512

    c894c9a3f86a58e46a416214e11353f0dfbf978ebee308952ac3bc5c464021fe12c9f1d273e992e2531fd5a3959b5f9cc22f2f3bf337dbc3cf5e9936ec63bb34

    Download Submit

  • C:\Extracted\spy-net encryptado.exe
    Filesize

    394KB

    MD5

    6fa7ade462e02f8527aafe65530f7873

    SHA1

    b03a59b3613d37aba606411db8006053360ecbe1

    SHA256

    b160d1795a5eb053b5e9cfe22697fa0292484dc35d7039fa91c4a2fa7a06ad35

    SHA512

    c894c9a3f86a58e46a416214e11353f0dfbf978ebee308952ac3bc5c464021fe12c9f1d273e992e2531fd5a3959b5f9cc22f2f3bf337dbc3cf5e9936ec63bb34

    Download Submit

  • memory/5008-132-0x0000000000000000-mapping.dmp

    Download

  • memory/5008-136-0x0000000073B20000-0x00000000740D1000-memory.dmp

    Filesize

    5.7MB

    Download

  • memory/5008-137-0x0000000073B20000-0x00000000740D1000-memory.dmp

    Filesize

    5.7MB

    Download