Overview

overview

8

Static

static

bc7e9effda...41.exe

windows7-x64

8

bc7e9effda...41.exe

windows10-2004-x64

8

Analysis

  • max time kernel
    146s
  • max time network
    149s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20220812-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
  • submitted
    20/12/2022, 20:39

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    bc7e9effda7bfdb442ca0aa61922df89ac239214821ec2e1df9013cc564b3141.exe

  • Size

    1.8MB

  • MD5

    644a4d47f0e4233b74a30f847f3adadf

  • SHA1

    c4b760e266e460008e8dcddc17356838d6f8f443

  • SHA256

    bc7e9effda7bfdb442ca0aa61922df89ac239214821ec2e1df9013cc564b3141

  • SHA512

    22ab6f9a5b993ac9bfbfa2539fd5bf02291404f0c5010ebdfab0d491fd5ef239e8d609fc824461ab67af4e22fb6b21ec0a04c630068e12905a882fe9d89ed604

  • SSDEEP

    24576:Nny/f9u0eOBab48vf2fII1//2+4ymcU1aoAIJIhXoOfJL6L1gX/KMWdb67ZDSH97:8FuOMXM/2+4ygA53b1KKNSITn4

Score
8/10

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Checks computer location settings 2 TTPs 1 IoCs

    Looks up country code configured in the registry, likely geofence.

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

  • Suspicious use of SetWindowsHookEx 2 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\bc7e9effda7bfdb442ca0aa61922df89ac239214821ec2e1df9013cc564b3141.exe
    "C:\Users\Admin\AppData\Local\Temp\bc7e9effda7bfdb442ca0aa61922df89ac239214821ec2e1df9013cc564b3141.exe"
    1⤵
    • Checks computer location settings
    • Suspicious use of WriteProcessMemory
    PID:1136
    • C:\Users\Admin\AppData\Local\Temp\GjpPlugin\fzinst.exe
      "C:\Users\Admin\AppData\Local\Temp\GjpPlugin\fzinst.exe"
      2⤵
      • Executes dropped EXE
      • Suspicious use of SetWindowsHookEx
      PID:2460

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\GjpPlugin\fzinst.exe
    Filesize

    7.7MB

    MD5

    dc25cc21484c1f436441a4273b74defe

    SHA1

    d4c17f4bb4f225cff27f103dfff927105e42ba05

    SHA256

    049ede9477ba658d5a318ff2024947fe363edd1a3b83500c79fe84c83bb85f17

    SHA512

    eee59409e5a1a3afeeda8d1637751f39d964976b728c55a002f7f92c0cfc51f3597a5389b02b94250b50408f56469a573c178f60fb9970613ec4c97ca3a3ff12

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\GjpPlugin\fzinst.exe
    Filesize

    7.7MB

    MD5

    dc25cc21484c1f436441a4273b74defe

    SHA1

    d4c17f4bb4f225cff27f103dfff927105e42ba05

    SHA256

    049ede9477ba658d5a318ff2024947fe363edd1a3b83500c79fe84c83bb85f17

    SHA512

    eee59409e5a1a3afeeda8d1637751f39d964976b728c55a002f7f92c0cfc51f3597a5389b02b94250b50408f56469a573c178f60fb9970613ec4c97ca3a3ff12

    Download Submit