Overview

overview

8

Static

static

6e32503be9...ba.exe

windows7-x64

8

6e32503be9...ba.exe

windows10-2004-x64

1

Analysis

  • max time kernel
    43s
  • max time network
    30s
  • platform
    windows7_x64
  • resource
    win7-20221111-en
  • resource tags

    arch:x64arch:x86image:win7-20221111-enlocale:en-usos:windows7-x64system
  • submitted
    02/02/2023, 13:34

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    6e32503be9156b7ca8367937d828fc25c8e842ba.exe

  • Size

    11KB

  • MD5

    ad4027743e38ce3c5d53f2bd382e02b9

  • SHA1

    6e32503be9156b7ca8367937d828fc25c8e842ba

  • SHA256

    cb140c285f5cfba6bd9d39e5410edfac0d7fd6cf38f42905a6a069389beb3f9e

  • SHA512

    0e44eee10c3ea4b608ead3a8f176b95c443a10642d06a68ef166c1bbe6649049e0e6aa01959606d14440775d15787520b0ca0e33489bf2fad736159968fe9d6c

  • SSDEEP

    192:XSrbLCpz9SXRvaSFMclMS6tQUNn3DcUnVwm68Z0nSK6dLSC0lSq:irypz2RvkS4N1nOm6Rnae0q

Score
8/10
persistence

Malware Config

Signatures

  • Adds policy Run key to start application 2 TTPs 2 IoCs
    persistence
  • Drops file in System32 directory 3 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

  • Suspicious behavior: EnumeratesProcesses 1 IoCs
  • Suspicious behavior: LoadsDriver 1 IoCs
  • Suspicious use of WriteProcessMemory 5 IoCs

Processes

  • C:\Windows\Explorer.EXE
    C:\Windows\Explorer.EXE
    1⤵
      PID:1288
      • C:\Users\Admin\AppData\Local\Temp\6e32503be9156b7ca8367937d828fc25c8e842ba.exe
        "C:\Users\Admin\AppData\Local\Temp\6e32503be9156b7ca8367937d828fc25c8e842ba.exe"
        2⤵
        • Adds policy Run key to start application
        • Drops file in System32 directory
        • Suspicious behavior: EnumeratesProcesses
        • Suspicious use of WriteProcessMemory
        PID:1960
        • C:\Windows\SysWOW64\cmd.exe
          cmd /c ""C:\Users\Admin\AppData\Local\Temp\w1.bat" "
          3⤵
            PID:568

      Network

      MITRE ATT&CK Enterprise v6

      Replay Monitor

      Loading Replay Monitor...

      Downloads

      • C:\Users\Admin\AppData\Local\Temp\w1.bat
        Filesize

        334B

        MD5

        c64f41de8477308fe67aacea133ca379

        SHA1

        eb45d2510d8db13aafc860fb9536d882b540da21

        SHA256

        7e62c3a27bed2dbd8f97b4abecb7cb90ed03c67a8dbcf458f4650a0280be4d59

        SHA512

        b9cf05d6b548cca39e09c15e14f8dc6d20a5453f525ea0544c39ac851bc76222aeb709816a92c6247d50f8e4789a119eb86922d642c3d0fab0c27ac48d36e295

        Download Submit

      • memory/1960-54-0x00000000753D1000-0x00000000753D3000-memory.dmp

        Filesize

        8KB

        Download