Overview

overview

7

Static

static

7

102da27ddf...70.exe

windows7-x64

7

102da27ddf...70.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    149s
  • max time network
    152s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20230703-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20230703-enlocale:en-usos:windows10-2004-x64system
  • submitted
    23/08/2023, 05:58

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    102da27ddfd7be4857466a0fc8dfaf70.exe

  • Size

    3.2MB

  • MD5

    102da27ddfd7be4857466a0fc8dfaf70

  • SHA1

    31731d76ee1e4c5c9a9832aa867412b3424084ae

  • SHA256

    35b7a1d790ed7c6257041e1fd4ff8c8e57620a4615f706e539b437388f37683c

  • SHA512

    a9e17870bd2e87fd328cc028aace97f506a52840b961ca4c2d52c7ac2f3f4788be1c5ad5da728ca8e3177196338f4ea2d234e37b50d0261559ada0d26ee9767a

  • SSDEEP

    98304:b5d+Xz6lAyJCnTu4obf/XBOHlIG2zEW5Vs+h0:FdeWCNnTuRbfMF10U+G

Score
7/10
upx

Malware Config

Signatures

  • UPX packed file 4 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Drops file in Windows directory 3 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Modifies Control Panel 3 IoCs
    evasion
  • Modifies registry class 1 IoCs
  • Opens file in notepad (likely ransom note) 1 IoCs
    ransomware
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\102da27ddfd7be4857466a0fc8dfaf70.exe
    "C:\Users\Admin\AppData\Local\Temp\102da27ddfd7be4857466a0fc8dfaf70.exe"
    1⤵
    • Drops file in Windows directory
    • Modifies Control Panel
    • Modifies registry class
    • Suspicious use of WriteProcessMemory
    PID:644
    • C:\Windows\SysWOW64\NOTEPAD.EXE
      "C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\AppData\Local\Temp\readme.txt
      2⤵
      • Opens file in notepad (likely ransom note)
      PID:1104

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\readme.txt
    Filesize

    67B

    MD5

    f42d6791f54709f9060de215e08bd09a

    SHA1

    8560253b7610552be045a28d813115f200d4ac10

    SHA256

    7485e527a86371b4306cbab58ae07b8e554f4082569594983e1bea1f4cff7f8a

    SHA512

    37201005fffcb8c33f625af9b939d3fff09aa99b19d3337a050f0ebd0d01f90f97cb234de7b554a020790988f6b67ae4344be836304f510cad4ac5c093c5e910

    Download Submit

  • memory/644-133-0x0000000000400000-0x000000000047B000-memory.dmp

    Filesize

    492KB

    Download

  • memory/644-137-0x0000000000400000-0x000000000047B000-memory.dmp

    Filesize

    492KB

    Download

  • memory/644-141-0x0000000000400000-0x000000000047B000-memory.dmp

    Filesize

    492KB

    Download

  • memory/644-142-0x0000000000400000-0x000000000047B000-memory.dmp

    Filesize

    492KB

    Download