Overview

overview

8

Static

static

1

c6c15dfee2...19.exe

windows7-x64

8

c6c15dfee2...19.exe

windows10-2004-x64

8

Analysis

  • max time kernel
    139s
  • max time network
    152s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20220812-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
  • submitted
    06/12/2022, 14:59

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    c6c15dfee2897ff5abdd6cdd0834170905f826827fb4c61a2f792fda98a64d19.exe

  • Size

    41KB

  • MD5

    44a233e2bfb19cf8c3b6838d89fb65dd

  • SHA1

    48a34027e65d1dfb0b9aaeb16195a11f0c290106

  • SHA256

    c6c15dfee2897ff5abdd6cdd0834170905f826827fb4c61a2f792fda98a64d19

  • SHA512

    ac7d1e01972de4858176b07d6be2763c26af0fd19ae9a2e6ce0fa66ccef6bfba71f51cc704a7a9feba02251367c27325f66fab448923cf89404897e65dc269e6

  • SSDEEP

    768:fe3PFaDVyOQgljLDKRJyM3BmsHzSB4us/wJJaxoy50+IQmGb:G3cpyORJLuB4P4AJJhxpY

Score
8/10

Malware Config

Signatures

  • Drops file in Drivers directory 2 IoCs
  • Loads dropped DLL 1 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\c6c15dfee2897ff5abdd6cdd0834170905f826827fb4c61a2f792fda98a64d19.exe
    "C:\Users\Admin\AppData\Local\Temp\c6c15dfee2897ff5abdd6cdd0834170905f826827fb4c61a2f792fda98a64d19.exe"
    1⤵
    • Drops file in Drivers directory
    • Loads dropped DLL
    • Suspicious use of WriteProcessMemory
    PID:2356
    • C:\Windows\SysWOW64\cmd.exe
      cmd.exe /c copy c:\windows\system32\drivers\hosts c:\windows\system32\drivers\etc\hosts
      2⤵
      • Drops file in Drivers directory
      PID:1016

Network

        MITRE ATT&CK Enterprise v6

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Users\Admin\AppData\Local\Temp\nsc8246.tmp\nsExec.dll
          Filesize

          6KB

          MD5

          40909a97db3a51fc83aaeff503128b3f

          SHA1

          9693d68a1fb11db70f61b8277e1195dd298abbab

          SHA256

          f2633b3604a80a7b1be67858fb43288fd7b686730bad158f347dfa38c6df59d9

          SHA512

          cd1425e28302dfeced644fa155a09549aae25b96f5f6a7688624135a69be7abee8e6eaac89194dc6ec89281c45e00451fae43db5953360ee9a47dc0d11d07c77

          Download Submit

        • \??\c:\windows\SysWOW64\drivers\hosts
          Filesize

          13KB

          MD5

          a0fd26902c165ef852de66110566ae4f

          SHA1

          ef719a4e150d1475df29cd7082d889f38d17c20c

          SHA256

          319639c17448c884e519b3f0b64f972013f94ed879bb6ae6795a0cd48158a09a

          SHA512

          1be69536f6fb0e9d91e73a9d4ee767fb50902e025ef61e1e772952f282c7a83b17d92c05a2137c905e2cfdbab13cb1ca1363e847db9ce86a73e8a5b69edd5227

          Download Submit