Analysis
-
max time kernel
91s -
max time network
156s -
platform
windows10-2004_x64 -
resource
win10v2004-20220901-en -
resource tags
-
submitted
05/12/2022, 13:23
General
-
Target
7d674bbda1fadf12e88efa4e23012287338a1c45216bd6df313f654703ed1364.exe
-
Size
84KB
-
MD5
6213e47c83519b7a09de0a3e33eb8580
-
SHA1
901ca7149afdcc2ca696f42a3dd852ca5ca9f307
-
SHA256
7d674bbda1fadf12e88efa4e23012287338a1c45216bd6df313f654703ed1364
-
SHA512
4410dcbbe48876d89d0ae2abe71c53db36b27f8131c7125bdf618d10f590e9eb8756e25b76718f830b1068c05cdf83ba41e092e45469724608517fad4d58465b
-
SSDEEP
1536:DSoboWaCfKu0cBRLb432FooiJPvmP+/CPr3uEujtAuC5:sWavgHbC2viJP68+3titL
Malware Config
Signatures
-
Executes dropped EXE 1 IoCs
-
Checks computer location settings 2 TTPs 1 IoCs
Looks up country code configured in the registry, likely geofence.
-
Adds Run key to start application 2 TTPs 2 IoCs
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.
-
Suspicious use of AdjustPrivilegeToken 2 IoCs
-
Suspicious use of WriteProcessMemory 2 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\7d674bbda1fadf12e88efa4e23012287338a1c45216bd6df313f654703ed1364.exe"C:\Users\Admin\AppData\Local\Temp\7d674bbda1fadf12e88efa4e23012287338a1c45216bd6df313f654703ed1364.exe"1⤵
- Checks computer location settings
- Adds Run key to start application
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Roaming\Google Systems\GoogleServices.exe"C:\Users\Admin\AppData\Roaming\Google Systems\GoogleServices.exe"2⤵
- Executes dropped EXE
- Adds Run key to start application
- Suspicious use of AdjustPrivilegeToken
-
Network
MITRE ATT&CK Enterprise v6
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
84KB
MD56213e47c83519b7a09de0a3e33eb8580
SHA1901ca7149afdcc2ca696f42a3dd852ca5ca9f307
SHA2567d674bbda1fadf12e88efa4e23012287338a1c45216bd6df313f654703ed1364
SHA5124410dcbbe48876d89d0ae2abe71c53db36b27f8131c7125bdf618d10f590e9eb8756e25b76718f830b1068c05cdf83ba41e092e45469724608517fad4d58465b
-
Filesize
84KB
MD56213e47c83519b7a09de0a3e33eb8580
SHA1901ca7149afdcc2ca696f42a3dd852ca5ca9f307
SHA2567d674bbda1fadf12e88efa4e23012287338a1c45216bd6df313f654703ed1364
SHA5124410dcbbe48876d89d0ae2abe71c53db36b27f8131c7125bdf618d10f590e9eb8756e25b76718f830b1068c05cdf83ba41e092e45469724608517fad4d58465b
-
Filesize
10.2MB
-
Filesize
10.2MB