d22dc7de67804b64eef3d87faa0fdd7ad394972c92f68300c18a67a5bc0c3124

Analysis

max time kernel
42s
max time network
45s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
06/01/2023, 19:27

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

RamBooster20_US.exe
Size

372KB
MD5

3468052f3cc1fb4188e50ecde64fe4a3
SHA1

c9283b90e663ffa6326c795c2fbc8ce55cc73ea1
SHA256

d22dc7de67804b64eef3d87faa0fdd7ad394972c92f68300c18a67a5bc0c3124
SHA512

619b98313948321ff8562a4f8356baa8802f3edc9b22e02bfd223ed9c8183fd947810d34b6fa4dda98385088f06aed2f45fce51ff70e6354606353c2d25615f7
SSDEEP

6144:QF6S1nK5J8PoyYER2nKGcZr+UZ11Kr71RdS3XcStRgVQbMmTDPpbIVODCqnFRcB:QF11K5J8QyY+dG8+UZ1Yr79SXTbMsDPY

Score

8^/10

upx

Malware Config

Signatures

UPX packed file 2 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/1208-55-0x0000000000400000-0x000000000042A000-memory.dmp	upx
behavioral1/memory/1208-59-0x0000000000400000-0x000000000042A000-memory.dmp	upx

Loads dropped DLL 1 IoCs

pid	Process
1208	RamBooster20_US.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

System Information Discovery
T1082

C:\Users\Admin\AppData\Local\Temp\RamBooster20_US.exe
"C:\Users\Admin\AppData\Local\Temp\RamBooster20_US.exe"
1⤵
- Loads dropped DLL
PID:1208

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

\Users\Admin\AppData\Local\Temp\{6BF610D1-1C9A-4CC6-A0C9-D504F394F0D4}\_isresce.dll

Filesize
31KB

MD5
3c8115df78f2aa5b9cb39da770a84437

SHA1
3352b358b41ad8169994f6a7b836405941af1b82

SHA256
011e92e868f1f09904bef59b46972c318c2867c279380182e23bc1fd7eaf1d11

SHA512
2a8a80317da72e8ca33cafbdffe0b5c44eedc9549cd7d2483197c36ad4f6c27be0ae3d61f537574aa404c8f23fe0009be9b30ea921550092ad5ad041a8fb4d20

Download Submit
memory/1208-54-0x0000000076261000-0x0000000076263000-memory.dmp

Filesize
8KB

Download
memory/1208-55-0x0000000000400000-0x000000000042A000-memory.dmp

Filesize
168KB

Download
memory/1208-56-0x0000000000240000-0x000000000026A000-memory.dmp

Filesize
168KB

Download
memory/1208-57-0x0000000000240000-0x000000000026A000-memory.dmp

Filesize
168KB

Download
memory/1208-59-0x0000000000400000-0x000000000042A000-memory.dmp

Filesize
168KB

Download