Overview

overview

10

Static

static

10

samples (2) (2).zip

windows7-x64

1

samples (2) (2).zip

windows10-2004-x64

1

083e147374...08.exe

windows7-x64

8

083e147374...08.exe

windows10-2004-x64

8

12437a49d2...3d.exe

windows7-x64

7

12437a49d2...3d.exe

windows10-2004-x64

7

1945c44901...7e.exe

windows7-x64

9

1945c44901...7e.exe

windows10-2004-x64

10

2040fa2a3c...d4.exe

windows7-x64

1

2040fa2a3c...d4.exe

windows10-2004-x64

1

2b5109e9a2...d9.exe

windows7-x64

10

2b5109e9a2...d9.exe

windows10-2004-x64

10

3538750cfe...5f.exe

windows7-x64

10

3538750cfe...5f.exe

windows10-2004-x64

10

5d96952d47...5f.exe

windows7-x64

10

5d96952d47...5f.exe

windows10-2004-x64

10

63fb410fc5...22.exe

windows7-x64

7

63fb410fc5...22.exe

windows10-2004-x64

7

67beeb7a19...08.exe

windows7-x64

3

67beeb7a19...08.exe

windows10-2004-x64

1

6e5678ebd4...71.exe

windows7-x64

3

6e5678ebd4...71.exe

windows10-2004-x64

3

71506a3322...fb.exe

windows7-x64

10

71506a3322...fb.exe

windows10-2004-x64

10

734b9974ec...6d.exe

windows7-x64

10

734b9974ec...6d.exe

windows10-2004-x64

10

81a27b3dcf...40.exe

windows7-x64

9

81a27b3dcf...40.exe

windows10-2004-x64

10

a1bd0fa8ad...46.exe

windows7-x64

10

a1bd0fa8ad...46.exe

windows10-2004-x64

10

a465bc0871...e3.exe

windows7-x64

6

a465bc0871...e3.exe

windows10-2004-x64

6

Analysis

  • max time kernel
    0s
  • max time network
    119s
  • platform
    windows7_x64
  • resource
    win7-20231129-en
  • resource tags

    arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
  • submitted
    01-01-2024 15:12

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    1945c44901e7aa9dd5b6e7e6e07a777d57f7e76120a3ca5a46a0f983d30ce37e.exe

  • Size

    640KB

  • MD5

    fb702537f0c25b34cc2b3dfb69025a85

  • SHA1

    eb8cae72ffd5361a977e186cb78fc64055748f00

  • SHA256

    1945c44901e7aa9dd5b6e7e6e07a777d57f7e76120a3ca5a46a0f983d30ce37e

  • SHA512

    94d2a4d9a5c689c13934bd9d2f236a421a63e90fcf6d3dd7362cbe7c64e1faacb68412b92ce743ee49e4e8adf4f91a495ccd8d0d3605e464bfccb26f31d1b843

  • SSDEEP

    12288:Z2X8+SnYa6TF42coyaLlGSDVmcUjErioq8iHiB6k:cM+SnAF4Uyycj24Hs6k

Score
9/10
ransomware

Malware Config

Signatures

Processes

  • C:\Users\Admin\AppData\Local\Temp\1945c44901e7aa9dd5b6e7e6e07a777d57f7e76120a3ca5a46a0f983d30ce37e.exe
    "C:\Users\Admin\AppData\Local\Temp\1945c44901e7aa9dd5b6e7e6e07a777d57f7e76120a3ca5a46a0f983d30ce37e.exe"
    1⤵
      PID:2220
      • C:\Windows\system32\cmd.exe
        "C:\Windows\system32\cmd.exe"
        2⤵
          PID:1552
        • C:\Windows\System32\mshta.exe
          "C:\Windows\System32\mshta.exe" "C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Info.hta"
          2⤵
            PID:1872
          • C:\Windows\System32\mshta.exe
            "C:\Windows\System32\mshta.exe" "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Info.hta"
            2⤵
              PID:1388
            • C:\Windows\system32\cmd.exe
              "C:\Windows\system32\cmd.exe"
              2⤵
                PID:2460
            • C:\Windows\system32\mode.com
              mode con cp select=1251
              1⤵
                PID:2588
              • C:\Windows\system32\vssadmin.exe
                vssadmin delete shadows /all /quiet
                1⤵
                • Interacts with shadow copies
                PID:2936
              • C:\Windows\system32\vssvc.exe
                C:\Windows\system32\vssvc.exe
                1⤵
                  PID:1772
                • C:\Windows\system32\vssadmin.exe
                  vssadmin delete shadows /all /quiet
                  1⤵
                  • Interacts with shadow copies
                  PID:2508
                • C:\Windows\system32\mode.com
                  mode con cp select=1251
                  1⤵
                    PID:1676

                  Network

                  MITRE ATT&CK Matrix ATT&CK v13

                  Initial Access

                  Execution

                  Persistence

                  Privilege Escalation

                  Defense Evasion

                  Indicator Removal

                  2
                  T1070

                  File Deletion

                  2
                  T1070.004

                  Credential Access

                  Discovery

                  Lateral Movement

                  Collection

                  Exfiltration

                  Command and Control

                  Impact

                  Inhibit System Recovery

                  2
                  T1490

                  Resource Development

                  Reconnaissance

                  Replay Monitor

                  Loading Replay Monitor...

                  Downloads

                  • memory/1872-20123-0x000007FFFFF80000-0x000007FFFFF90000-memory.dmp
                    Filesize

                    64KB

                    Download
                  • memory/2220-1-0x00000000008F0000-0x00000000008F1000-memory.dmp
                    Filesize

                    4KB

                    Download
                  • memory/2220-0-0x0000000000250000-0x000000000028A000-memory.dmp
                    Filesize

                    232KB

                    Download
                  • memory/2220-2-0x00000000008F0000-0x00000000008F1000-memory.dmp
                    Filesize

                    4KB

                    Download
                  • memory/2220-3-0x0000000000250000-0x000000000028A000-memory.dmp
                    Filesize

                    232KB

                    Download
                  • memory/2220-5-0x0000000000400000-0x00000000004A2000-memory.dmp
                    Filesize

                    648KB

                    Download
                  • memory/2220-7-0x00000000008F0000-0x00000000008F1000-memory.dmp
                    Filesize

                    4KB

                    Download
                  • memory/2220-4-0x00000000008F0000-0x00000000008F1000-memory.dmp
                    Filesize

                    4KB

                    Download
                  • memory/2220-12769-0x0000000000400000-0x00000000004A2000-memory.dmp
                    Filesize

                    648KB

                    Download
                  • memory/2220-20126-0x00000000008F0000-0x00000000008F1000-memory.dmp
                    Filesize

                    4KB

                    Download