Overview

overview

8

Static

static

ba7dc559c1...4e.exe

windows7-x64

8

ba7dc559c1...4e.exe

windows10-2004-x64

8

Analysis

  • max time kernel
    29s
  • max time network
    47s
  • platform
    windows7_x64
  • resource
    win7-20220812-en
  • resource tags

    arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
  • submitted
    06/12/2022, 13:28

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    ba7dc559c12e71256bcd610b48b692a1c0897ff3e0ad598442304596f355ae4e.exe

  • Size

    197KB

  • MD5

    bd2143f5bb1df92637a0ad9e5232004a

  • SHA1

    3a315dfee8433b00d1b66900fe626ebf2f65ca7d

  • SHA256

    ba7dc559c12e71256bcd610b48b692a1c0897ff3e0ad598442304596f355ae4e

  • SHA512

    57906e99c179f26f01da9e451f0ee8b5a65cad513011b028508710b521fd9ba2dc93d829683d22d6f4670c2bcf9ef6989f0dc5252a3624879267d17f549c4209

  • SSDEEP

    3072:UIxFxxMvIAs/f61mHiRDCAcmA/6rcUTByWjrCKQnZmhDOr7nyldi5xJ3HFhtU3xW:TAs/fcE5j6rTQwEn0Qrxxlwjtu

Score
8/10

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

  • Program crash 1 IoCs
  • Suspicious use of WriteProcessMemory 8 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\ba7dc559c12e71256bcd610b48b692a1c0897ff3e0ad598442304596f355ae4e.exe
    "C:\Users\Admin\AppData\Local\Temp\ba7dc559c12e71256bcd610b48b692a1c0897ff3e0ad598442304596f355ae4e.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:548
    • C:\OATH.EXE
      "C:\OATH.EXE"
      2⤵
      • Executes dropped EXE
      • Suspicious use of WriteProcessMemory
      PID:612
      • C:\Windows\SysWOW64\WerFault.exe
        C:\Windows\SysWOW64\WerFault.exe -u -p 612 -s 92
        3⤵
        • Program crash
        PID:1356

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\OATH.EXE
    Filesize

    146KB

    MD5

    67cc44b83b8f6444275b4dce3037728c

    SHA1

    750e898e4897cc686fd2b1494d1ac8716f5d3270

    SHA256

    aab34581e8ff4ee29fd1cefff9fa09dfca79677e89c99081ed3ac14d06f83ccf

    SHA512

    ee1e29b7f56a1719838023e8826b3a074e680321bc3b252a87aa3e10aec14e4795a5543d3841b058ac9911ebc33fa28efa2c3e754166f8a164e6e5f568a30a21

    Download Submit

  • memory/548-54-0x0000000076171000-0x0000000076173000-memory.dmp

    Filesize

    8KB

    Download

  • memory/612-58-0x0000000010000000-0x000000001008A000-memory.dmp

    Filesize

    552KB

    Download