Overview

overview

8

Static

static

ae7f51c7e7...fc.exe

windows7-x64

8

ae7f51c7e7...fc.exe

windows10-2004-x64

8

Analysis

  • max time kernel
    146s
  • max time network
    150s
  • platform
    windows7_x64
  • resource
    win7-20220812-en
  • resource tags

    arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
  • submitted
    05/12/2022, 18:34

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    ae7f51c7e77fbbe7ee8d9af66b5268ae630f0f9197cf68a47824ac313ed563fc.exe

  • Size

    140KB

  • MD5

    0d50038c32dea260d5a809dd7ebaf6e6

  • SHA1

    d6bd5abbf40fe42d2ee42372d1e4ed0437b5279a

  • SHA256

    ae7f51c7e77fbbe7ee8d9af66b5268ae630f0f9197cf68a47824ac313ed563fc

  • SHA512

    d6214dd251f198c86478e2c79d98d1cff7bfd14eea6bd616f408fa53a13e52c096dee780b738a81cc27aa184b9ad316e27d9b332deacfd688e075c5fab33527e

  • SSDEEP

    768:r/5inm+cd5rHemPXkqUEphjVuvios1rPr4adL0NqlJMU60+ppQ1TTGfL1:rRsvcdcQjosnvnZ6LQ1E1

Score
8/10

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 2 IoCs
  • Drops file in Program Files directory 3 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\ae7f51c7e77fbbe7ee8d9af66b5268ae630f0f9197cf68a47824ac313ed563fc.exe
    "C:\Users\Admin\AppData\Local\Temp\ae7f51c7e77fbbe7ee8d9af66b5268ae630f0f9197cf68a47824ac313ed563fc.exe"
    1⤵
    • Loads dropped DLL
    • Drops file in Program Files directory
    • Suspicious use of WriteProcessMemory
    PID:1992
    • C:\Program Files (x86)\Java\jre-09\bin\jusched.exe
      "C:\Program Files (x86)\Java\jre-09\bin\jusched.exe"
      2⤵
      • Executes dropped EXE
      • Suspicious behavior: EnumeratesProcesses
      PID:1936

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Program Files (x86)\Java\jre-09\bin\jusched.exe
    Filesize

    140KB

    MD5

    ed09fbc39271692371d086544e852616

    SHA1

    cc99b12231ab69692236d292b99876c82d990f17

    SHA256

    ad3b254d6c0d9b98e874a0b7016829bd1c69e1e3aa997fc69997c9a8d5c74dac

    SHA512

    5dd15ea25ce88ebdf11f3f27e412de04bb4824a589bb8909379c6809ff9aa5081b8d64f195bcc277dd916467ac33f33aace580e8605a74ee9836d62db89a82ba

    Download Submit

  • \Program Files (x86)\Java\jre-09\bin\jusched.exe
    Filesize

    140KB

    MD5

    ed09fbc39271692371d086544e852616

    SHA1

    cc99b12231ab69692236d292b99876c82d990f17

    SHA256

    ad3b254d6c0d9b98e874a0b7016829bd1c69e1e3aa997fc69997c9a8d5c74dac

    SHA512

    5dd15ea25ce88ebdf11f3f27e412de04bb4824a589bb8909379c6809ff9aa5081b8d64f195bcc277dd916467ac33f33aace580e8605a74ee9836d62db89a82ba

    Download Submit

  • \Program Files (x86)\Java\jre-09\bin\jusched.exe
    Filesize

    140KB

    MD5

    ed09fbc39271692371d086544e852616

    SHA1

    cc99b12231ab69692236d292b99876c82d990f17

    SHA256

    ad3b254d6c0d9b98e874a0b7016829bd1c69e1e3aa997fc69997c9a8d5c74dac

    SHA512

    5dd15ea25ce88ebdf11f3f27e412de04bb4824a589bb8909379c6809ff9aa5081b8d64f195bcc277dd916467ac33f33aace580e8605a74ee9836d62db89a82ba

    Download Submit

  • memory/1936-61-0x0000000000400000-0x0000000000427000-memory.dmp

    Filesize

    156KB

    Download

  • memory/1936-63-0x0000000000400000-0x0000000000427000-memory.dmp

    Filesize

    156KB

    Download

  • memory/1992-54-0x0000000000400000-0x0000000000427000-memory.dmp

    Filesize

    156KB

    Download

  • memory/1992-55-0x0000000076141000-0x0000000076143000-memory.dmp

    Filesize

    8KB

    Download

  • memory/1992-60-0x0000000000400000-0x0000000000427000-memory.dmp

    Filesize

    156KB

    Download