Overview

overview

10

Static

static

1

advbattoex...er.exe

windows7-x64

10

advbattoex...er.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    121s
  • max time network
    127s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20221111-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20221111-enlocale:en-usos:windows10-2004-x64system
  • submitted
    13/02/2023, 08:52

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    advbattoexeconverter.exe

  • Size

    830KB

  • MD5

    22826a7ab6b064e343cb2f1a4d49ac13

  • SHA1

    74e60eab80047681492eeaea7a132e9e9990440b

  • SHA256

    d541b6bb2281a69d4ff43b65a9a17a7c3884a2b2cabfd9af5d296be02a294be6

  • SHA512

    3899557fcff90004a63bda2f3affb8743495d85c97c17327713fbaecedc9f62d8f488b821c82d39f654e488ebb65cde90deb87b53bd9cf65b6ba317d6e7954d6

  • SSDEEP

    12288:JSGxFfeYqmg855iMxdE/pK/zo5pmxy16+5Eb6b/XKSnjzUqbcl6YJRlF3jzR7g9p:BxFvlgsrMaipUqV5LjFb2D/zN7au9o4k

Score
7/10

Malware Config

Signatures

  • Loads dropped DLL 3 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

Processes

  • C:\Users\Admin\AppData\Local\Temp\advbattoexeconverter.exe
    "C:\Users\Admin\AppData\Local\Temp\advbattoexeconverter.exe"
    1⤵
    • Loads dropped DLL
    PID:3936

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\gentee00\gentee.dll
    Filesize

    100KB

    MD5

    30439e079a3d603c461d2c2f4f8cb064

    SHA1

    aaf470f6bd8deadedbc31adf17035041176c6134

    SHA256

    d6d0535175fb2302e5b5a498119823c37f6bddff4ab24f551aa7e038c343077a

    SHA512

    607a81be02bde679aff45770e2fd5c2471d64439fdb23c3e494aed98970131e5d677e1eba3b7b36fca5b8d5b99580856bb8cf1806139c9f73693afb512126b9e

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\gentee00\guig.dll
    Filesize

    20KB

    MD5

    f78ee6369ada1fb02b776498146cc903

    SHA1

    d5ba66acdab6a48327c76796d28be1e02643a129

    SHA256

    f1073319d4868d38e0ae983ad42a00cdc53be93b31275b4b55af676976c1aa3f

    SHA512

    88cff3e58cf66c3f2b5b3a65b8b9f9e8ac011e1bd6025cadadb0f765f062cb3d608c23c2d3832f89ada0b7681170dce1ee4a0b8b873e84135756d14ba8c69fa9

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\gentee00\guig.dll
    Filesize

    20KB

    MD5

    f78ee6369ada1fb02b776498146cc903

    SHA1

    d5ba66acdab6a48327c76796d28be1e02643a129

    SHA256

    f1073319d4868d38e0ae983ad42a00cdc53be93b31275b4b55af676976c1aa3f

    SHA512

    88cff3e58cf66c3f2b5b3a65b8b9f9e8ac011e1bd6025cadadb0f765f062cb3d608c23c2d3832f89ada0b7681170dce1ee4a0b8b873e84135756d14ba8c69fa9

    Download Submit