Overview

overview

10

Static

static

8

samples (2) (4).zip

windows7-x64

1

samples (2) (4).zip

windows10-2004-x64

1

10d1a82f3c...61.exe

windows7-x64

1

10d1a82f3c...61.exe

windows10-2004-x64

1

133dd26c0a...f0.exe

windows7-x64

10

133dd26c0a...f0.exe

windows10-2004-x64

10

1ab3aad04e...7d.exe

windows7-x64

6

1ab3aad04e...7d.exe

windows10-2004-x64

1

1ad4c9e3d0...7d.exe

windows7-x64

1

1ad4c9e3d0...7d.exe

windows10-2004-x64

1

27cc1f6adc...35.wsf

windows7-x64

8

27cc1f6adc...35.wsf

windows10-2004-x64

8

35b7dbc8a3...31.exe

windows7-x64

9

35b7dbc8a3...31.exe

windows10-2004-x64

10

3716dc17e9...c6.dll

windows7-x64

1

3716dc17e9...c6.dll

windows10-2004-x64

3

5e94c0f064...2e.exe

windows7-x64

6

5e94c0f064...2e.exe

windows10-2004-x64

7

70f166f51e...ad.exe

windows7-x64

1

70f166f51e...ad.exe

windows10-2004-x64

1

93dc1dee6b...1a.chm

windows7-x64

10

93dc1dee6b...1a.chm

windows10-2004-x64

10

a37f77fafa...58.ps1

windows7-x64

1

a37f77fafa...58.ps1

windows10-2004-x64

1

b875cc39a6...395.js

windows7-x64

8

b875cc39a6...395.js

windows10-2004-x64

8

b906da71fe...be.exe

windows7-x64

1

b906da71fe...be.exe

windows10-2004-x64

1

bae7ee765f...c.docm

windows7-x64

1

bae7ee765f...c.docm

windows10-2004-x64

1

c3fdcec878...07.exe

windows7-x64

4

c3fdcec878...07.exe

windows10-2004-x64

4

Analysis

  • max time kernel
    78s
  • max time network
    18s
  • platform
    windows7_x64
  • resource
    win7-20231215-en
  • resource tags

    arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
  • submitted
    01-01-2024 15:12

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    35b7dbc8a3f456bdafd02383b8a849a6f5fea5f541b3f0c8502e31c2370e8f31.exe

  • Size

    27KB

  • MD5

    c07f470b64e08cbd00007511018aae5d

  • SHA1

    8cc03df9554f3f2b88f9a416908aa2e35c0ef386

  • SHA256

    35b7dbc8a3f456bdafd02383b8a849a6f5fea5f541b3f0c8502e31c2370e8f31

  • SHA512

    21472125818d699a7da51cb765f3364a1f8b696a4fdbb4f8c6d9572f49e3858fac84fe76d796d1488b64ecb590ad74b9db950071420815879408c6ca5e3a10f5

  • SSDEEP

    768:lYIyiTHKDpYIvJbEoc59Rdh7dQV6kzZt5txJc49WQ:UimJbEj59JpQV6kzZ3Jc49Z

Score
9/10
ransomware

Malware Config

Signatures

  • Deletes shadow copies 2 TTPs

    Ransomware often targets backup files to inhibit system recovery.

    ransomware
  • Interacts with shadow copies 2 TTPs 1 IoCs

    Shadow copies are often targeted by ransomware to inhibit system recovery.

    ransomware
  • Suspicious use of AdjustPrivilegeToken 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\35b7dbc8a3f456bdafd02383b8a849a6f5fea5f541b3f0c8502e31c2370e8f31.exe
    "C:\Users\Admin\AppData\Local\Temp\35b7dbc8a3f456bdafd02383b8a849a6f5fea5f541b3f0c8502e31c2370e8f31.exe"
    1⤵
    • Suspicious use of AdjustPrivilegeToken
    PID:2920
    • C:\Windows\System32\cmd.exe
      "C:\Windows\System32\cmd.exe" /C "C:\Users\Admin\AppData\Roaming\delback.bat"
      2⤵
        PID:2764
    • C:\Windows\system32\vssadmin.exe
      vssadmin delete shadows /all /quiet
      1⤵
      • Interacts with shadow copies
      PID:2756
    • C:\Windows\system32\vssvc.exe
      C:\Windows\system32\vssvc.exe
      1⤵
        PID:2696

      Network

      MITRE ATT&CK Enterprise v15

      Replay Monitor

      Loading Replay Monitor...

      Downloads

      • C:\Users\Admin\AppData\Local\Temp\delete.bat
        Filesize

        194B

        MD5

        ba8ea9344fdbfb21bea718add302b2ef

        SHA1

        4c18bcbb6bf3887215ade549a2e29fb1355d53d7

        SHA256

        0757f5543071c24cd01f67b8aa9c70286bce06be8950f02fb56abb54bd2bb00f

        SHA512

        04798d490b3b6b35537247115d84411164d8f2b960780a39b6931adfbc8ca5c431eb302e49f53231cdc618664cc8be14d305b71a6f0834fde22817c167a42a91

        Download Submit

      • memory/2920-0-0x0000000000220000-0x000000000022E000-memory.dmp

        Filesize

        56KB

        Download

      • memory/2920-1-0x000007FEF5900000-0x000007FEF62EC000-memory.dmp

        Filesize

        9.9MB

        Download

      • memory/2920-5-0x000000001B040000-0x000000001B0C0000-memory.dmp

        Filesize

        512KB

        Download

      • memory/2920-2026-0x000007FEF5900000-0x000007FEF62EC000-memory.dmp

        Filesize

        9.9MB

        Download