Overview

overview

6

Static

static

1

arc_digita...zq.exe

windows7-x64

6

arc_digita...zq.exe

windows10-2004-x64

6

Analysis

  • max time kernel
    46s
  • max time network
    46s
  • platform
    windows7_x64
  • resource
    win7-20230220-en
  • resource tags

    arch:x64arch:x86image:win7-20230220-enlocale:en-usos:windows7-x64system
  • submitted
    14-04-2023 18:06

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    arc_digital_adjuntosALDHDOQDALCCMIOfsrzq.exe

  • Size

    115.8MB

  • MD5

    b4acd42805fd85f25faf765253949353

  • SHA1

    0645e0951235232e76106b93efa338e650a27b95

  • SHA256

    4a92a9ec3bf5456ed626b3188f470e28acfcb070210ac0e0f972f5f40aae1405

  • SHA512

    b84a92f09a0614b757f75d2efbbf2c97782291dba56c8640c9e3d3a017779144d520b201e4f43a90672805875feb591e0ef011a3b53d1f405c6811234c369b4c

  • SSDEEP

    98304:gUtYLUTjaS0uDxljStdqxVNkcc4B7mxqY+vYrm1wEiJy2LiqUuH7MC:gU60/OUkMSDQMdiqUuH

Score
6/10

Malware Config

Signatures

  • Looks up external IP address via web service 1 IoCs

    Uses a legitimate IP lookup service to find the infected system's external IP.

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

  • Suspicious behavior: EnumeratesProcesses 11 IoCs
  • Suspicious use of SetWindowsHookEx 2 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\arc_digital_adjuntosALDHDOQDALCCMIOfsrzq.exe
    "C:\Users\Admin\AppData\Local\Temp\arc_digital_adjuntosALDHDOQDALCCMIOfsrzq.exe"
    1⤵
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of SetWindowsHookEx
    PID:1304

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/1304-54-0x0000000000230000-0x0000000000231000-memory.dmp

    Filesize

    4KB

    Download

  • memory/1304-55-0x0000000000400000-0x0000000001400000-memory.dmp

    Filesize

    16.0MB

    Download

  • memory/1304-58-0x0000000000400000-0x0000000001400000-memory.dmp

    Filesize

    16.0MB

    Download

  • memory/1304-59-0x0000000000400000-0x0000000001400000-memory.dmp

    Filesize

    16.0MB

    Download