Overview

overview

7

Static

static

6bdc8f03ba...da.exe

windows7-x64

7

6bdc8f03ba...da.exe

windows10-2004-x64

3

Analysis

  • max time kernel
    93s
  • max time network
    177s
  • platform
    windows7_x64
  • resource
    win7-20221111-en
  • resource tags

    arch:x64arch:x86image:win7-20221111-enlocale:en-usos:windows7-x64system
  • submitted
    07/12/2022, 01:49

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    6bdc8f03ba48c73984b8d8a4c0d8916a4ea17d2baf2b0763faea46e44e99a5da.exe

  • Size

    52KB

  • MD5

    6b53539d0d312b75eb336814fae39c41

  • SHA1

    34758154d05db611d331978b1289f787cf0ef08f

  • SHA256

    6bdc8f03ba48c73984b8d8a4c0d8916a4ea17d2baf2b0763faea46e44e99a5da

  • SHA512

    04781d1878a2e11ae733f537c3798bfafdec9dec77ca35be4f9bfb045acb6711d1bb3a52cb37289154539b81f470d9e84e252e0a6008fdb79e1a06399024e903

  • SSDEEP

    1536:MzCipQhVqbA0jhg5ZE9lD72bZOdfLDAILis0:0p4wYgln29aA1s

Score
7/10

Malware Config

Signatures

  • Deletes itself 1 IoCs
  • Opens file in notepad (likely ransom note) 1 IoCs
    ransomware
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious behavior: MapViewOfSection 2 IoCs
  • Suspicious use of WriteProcessMemory 8 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\6bdc8f03ba48c73984b8d8a4c0d8916a4ea17d2baf2b0763faea46e44e99a5da.exe
    "C:\Users\Admin\AppData\Local\Temp\6bdc8f03ba48c73984b8d8a4c0d8916a4ea17d2baf2b0763faea46e44e99a5da.exe"
    1⤵
    • Suspicious behavior: MapViewOfSection
    • Suspicious use of WriteProcessMemory
    PID:636
    • C:\Windows\SysWOW64\svchost.exe
      svchost.exe
      2⤵
      • Deletes itself
      • Suspicious behavior: GetForegroundWindowSpam
      • Suspicious use of WriteProcessMemory
      PID:268
      • C:\Windows\SysWOW64\NOTEPAD.EXE
        "C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\AppData\Local\Temp\6bdc8f03ba48c73984b8d8a4c0d8916a4ea17d2baf2b0763faea46e44e99a5da.txt
        3⤵
        • Opens file in notepad (likely ransom note)
        PID:696

Network

        MITRE ATT&CK Matrix

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Users\Admin\AppData\Local\Temp\6bdc8f03ba48c73984b8d8a4c0d8916a4ea17d2baf2b0763faea46e44e99a5da.txt
          Filesize

          36B

          MD5

          1123526e0d34644d9ff8b94378b07ba1

          SHA1

          2997bdce99c9d7eeeb6ab2f55a6b246748ba9ae3

          SHA256

          01166f19ae656c254351e749ecab3b3956c3242c5653e299aaa4f3830cce505e

          SHA512

          2defbc915b4e0ab4320bbe23ab71c5a911fa538031c415de47f2d58190267a91215ac4469c8f115c7d6f21bb775e2232ddc3ae898a8d75ec2dae9a52e884b8e6

          Download Submit

        • memory/268-55-0x00000000760B1000-0x00000000760B3000-memory.dmp

          Filesize

          8KB

          Download

        • memory/268-57-0x00000000002F0000-0x00000000002F8000-memory.dmp

          Filesize

          32KB

          Download

        • memory/268-58-0x0000000000080000-0x0000000000088000-memory.dmp

          Filesize

          32KB

          Download

        • memory/268-59-0x0000000000180000-0x0000000000200000-memory.dmp

          Filesize

          512KB

          Download

        • memory/636-56-0x0000000000400000-0x0000000000414000-memory.dmp

          Filesize

          80KB

          Download