Overview

overview

7

Static

static

3

3911d8371f...70.exe

windows7-x64

7

3911d8371f...70.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    146s
  • max time network
    125s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231222-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231222-enlocale:en-usos:windows10-2004-x64system
  • submitted
    31-12-2023 14:03

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    3911d8371fd6fe478d4c2f7cbb85b170.exe

  • Size

    109KB

  • MD5

    3911d8371fd6fe478d4c2f7cbb85b170

  • SHA1

    1ad4518dc51a50f64121cd96e040889824b8e42f

  • SHA256

    1e9fbae11533c0c0a4b23bcc2cd310a5de0116c4515a44506b9c369a7d02a222

  • SHA512

    391f0162c017ac3bf6bdc86504ad020957d03a6aa9f186737bd4a1c43027a87d83cfa66d1b7eaa1706760a9262b4f29760b159d9a8c3689dba99e532fe2fb444

  • SSDEEP

    1536:+06F3hjSDjxe78yJZuP5+ILpBrv7Xv/+WS7lwS6arF5nfOHcGDW4l/rQqHs7:V6ie782ZIPLpBvXnV0lwormHcGK4+yW

Score
7/10

Malware Config

Signatures

  • Deletes itself 1 IoCs
  • Modifies registry class 1 IoCs
  • Opens file in notepad (likely ransom note) 1 IoCs
    ransomware
  • Suspicious behavior: MapViewOfSection 2 IoCs
  • Suspicious use of WriteProcessMemory 6 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\3911d8371fd6fe478d4c2f7cbb85b170.exe
    "C:\Users\Admin\AppData\Local\Temp\3911d8371fd6fe478d4c2f7cbb85b170.exe"
    1⤵
    • Suspicious behavior: MapViewOfSection
    • Suspicious use of WriteProcessMemory
    PID:5104
    • C:\Windows\SysWOW64\svchost.exe
      svchost.exe
      2⤵
      • Deletes itself
      • Modifies registry class
      • Suspicious use of WriteProcessMemory
      PID:4084
      • C:\Windows\SysWOW64\NOTEPAD.EXE
        "C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\AppData\Local\Temp\3911d8371fd6fe478d4c2f7cbb85b170.txt
        3⤵
        • Opens file in notepad (likely ransom note)
        PID:1788

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\3911d8371fd6fe478d4c2f7cbb85b170.txt
    Filesize

    5B

    MD5

    43fb2705d9766ea761f934981936503f

    SHA1

    c9589c81355baab345cd121a76dcd743d65e131c

    SHA256

    766a90366e6cac315d05afc9c97dcd6206a7f66da260dd41d209bb6ad13947e0

    SHA512

    ebf82587e4a8dad580b0c6c6959c73315c584cea82c41c073aab41854a44027fbc63d3f360651e726bfe71bc9e99a1b803574715e63d462f90182291ce3dfbf4

    Download Submit

  • memory/4084-5-0x0000000000B00000-0x0000000000B07000-memory.dmp

    Filesize

    28KB

    Download

  • memory/4084-6-0x0000000000F20000-0x0000000000FA0000-memory.dmp

    Filesize

    512KB

    Download

  • memory/4084-4-0x0000000000E50000-0x0000000000E5E000-memory.dmp

    Filesize

    56KB

    Download

  • memory/4084-2-0x0000000000E50000-0x0000000000E5E000-memory.dmp

    Filesize

    56KB

    Download

  • memory/4084-14-0x0000000000F20000-0x0000000000FA0000-memory.dmp

    Filesize

    512KB

    Download

  • memory/5104-1-0x0000000000400000-0x0000000000421000-memory.dmp

    Filesize

    132KB

    Download

  • memory/5104-0-0x0000000002390000-0x00000000023B0000-memory.dmp

    Filesize

    128KB

    Download