3c2e1ac3c90feba6de3e0f5dad283ffa84d872c7aa6a9eaae039a710a28b1be8

Analysis

max time kernel
143s
max time network
148s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
06/12/2022, 16:39

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

3c2e1ac3c90feba6de3e0f5dad283ffa84d872c7aa6a9eaae039a710a28b1be8.exe
Size

2.9MB
MD5

83b0c4b7904c5116f29e8e31a55774fb
SHA1

06c0c91aa3f6ac83eb2edc85baabdd2893f13b4c
SHA256

3c2e1ac3c90feba6de3e0f5dad283ffa84d872c7aa6a9eaae039a710a28b1be8
SHA512

4dcee9af6b357a24eab0a0e2614bcb2f704c673aae5e83e49eff49f0dd1850dacbc5beff48b492a28581b102131719a4ed1864c13890e35bfb3629ca8b131f13
SSDEEP

49152:ebobCXOeiZjg3qRF8cduBWCTS6z+fky9NdPOpcijL05BhAJmkAJtfSv:ikwODZjs80/srlScijg5BhAJml9Sv

Score

8^/10

Malware Config

Signatures

Drops file in Drivers directory 1 IoCs

description	ioc	Process
File opened for modification	C:\Windows\System32\drivers\etc\hosts	3c2e1ac3c90feba6de3e0f5dad283ffa84d872c7aa6a9eaae039a710a28b1be8.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

System Information Discovery
T1082

C:\Users\Admin\AppData\Local\Temp\3c2e1ac3c90feba6de3e0f5dad283ffa84d872c7aa6a9eaae039a710a28b1be8.exe
"C:\Users\Admin\AppData\Local\Temp\3c2e1ac3c90feba6de3e0f5dad283ffa84d872c7aa6a9eaae039a710a28b1be8.exe"
1⤵
- Drops file in Drivers directory
PID:1672

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1672-54-0x0000000075BD1000-0x0000000075BD3000-memory.dmp

Filesize
8KB

Download
memory/1672-55-0x0000000000280000-0x0000000000283000-memory.dmp

Filesize
12KB

Download
memory/1672-56-0x0000000000400000-0x000000000069B000-memory.dmp

Filesize
2.6MB

Download
memory/1672-57-0x00000000006A0000-0x00000000007A0000-memory.dmp

Filesize
1024KB

Download
memory/1672-58-0x0000000000230000-0x000000000023A000-memory.dmp

Filesize
40KB

Download
memory/1672-59-0x000000000015E000-0x0000000000190000-memory.dmp

Filesize
200KB

Download
memory/1672-60-0x00000000002B6000-0x00000000002BA000-memory.dmp

Filesize
16KB

Download
memory/1672-64-0x00000000002B6000-0x00000000002BA000-memory.dmp

Filesize
16KB

Download
memory/1672-63-0x00000000002B6000-0x00000000002BA000-memory.dmp

Filesize
16KB

Download
memory/1672-62-0x00000000002B6000-0x00000000002BA000-memory.dmp

Filesize
16KB

Download
memory/1672-61-0x00000000002B6000-0x00000000002BA000-memory.dmp

Filesize
16KB

Download
memory/1672-69-0x00000000002B6000-0x00000000002BA000-memory.dmp

Filesize
16KB

Download
memory/1672-74-0x00000000002B6000-0x00000000002BA000-memory.dmp

Filesize
16KB

Download
memory/1672-73-0x00000000002B6000-0x00000000002BA000-memory.dmp

Filesize
16KB

Download
memory/1672-72-0x00000000002B6000-0x00000000002BA000-memory.dmp

Filesize
16KB

Download
memory/1672-71-0x00000000002B6000-0x00000000002BA000-memory.dmp

Filesize
16KB

Download
memory/1672-70-0x00000000002B6000-0x00000000002BA000-memory.dmp

Filesize
16KB

Download
memory/1672-68-0x00000000002B6000-0x00000000002BA000-memory.dmp

Filesize
16KB

Download
memory/1672-67-0x00000000002B6000-0x00000000002BA000-memory.dmp

Filesize
16KB

Download
memory/1672-66-0x00000000002B6000-0x00000000002BA000-memory.dmp

Filesize
16KB

Download
memory/1672-65-0x00000000002B6000-0x00000000002BA000-memory.dmp

Filesize
16KB

Download
memory/1672-75-0x00000000002B5000-0x00000000002B7000-memory.dmp

Filesize
8KB

Download
memory/1672-84-0x0000000000400000-0x000000000069B000-memory.dmp

Filesize
2.6MB

Download
memory/1672-85-0x000000000015E000-0x0000000000190000-memory.dmp

Filesize
200KB

Download
memory/1672-86-0x00000000002B5000-0x00000000002B7000-memory.dmp

Filesize
8KB

Download