Overview

overview

9

Static

static

3

4480282286...30.exe

windows7-x64

7

4480282286...30.exe

windows10-2004-x64

9

Analysis

  • max time kernel
    2s
  • max time network
    118s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231215-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
  • submitted
    05/01/2024, 21:39

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    4480282286edf7ff58175f8dba777e30.exe

  • Size

    555KB

  • MD5

    4480282286edf7ff58175f8dba777e30

  • SHA1

    018a46d8121e9dabce3230543e977997e8a9c0ef

  • SHA256

    53f099e33b64c7c7953716bd4a5f7b980c745658c7ab6ebe96add4481ca4c5da

  • SHA512

    5ccc885f7de27dbcd2a7b56a6467206ba2ae177dd4b3ec94869e0fd7c1e628dc56980ba9f5881a3441349544d7f3fcf675c1a6999e542693344e68964a025b3e

  • SSDEEP

    3072:W0ljzq64LHzkQ/Rd6Qq2ZNKzCr2ql31EI2sLbD+RPgJBrI5iAaoTgeuPYV:W0ljjG3Pt2I3LigJBrPQ8g

Score
9/10
persistenceransomware

Malware Config

Signatures

  • Renames multiple (161) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

    ransomware
  • Executes dropped EXE 2 IoCs
  • Adds Run key to start application 2 TTPs 1 IoCs
    persistence
  • Enumerates connected drives 3 TTPs 2 IoCs

    Attempts to read the root path of hard drives other than the default C: drive.

  • Drops file in System32 directory 3 IoCs
  • Drops file in Program Files directory 64 IoCs
  • Suspicious use of WriteProcessMemory 6 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\4480282286edf7ff58175f8dba777e30.exe
    "C:\Users\Admin\AppData\Local\Temp\4480282286edf7ff58175f8dba777e30.exe"
    1⤵
    • Adds Run key to start application
    • Drops file in System32 directory
    • Suspicious use of WriteProcessMemory
    PID:2248
    • C:\Users\Admin\AppData\Local\Temp\_4480282286edf7ff58175f8dba777e30.exe
      C:\Users\Admin\AppData\Local\Temp\_4480282286edf7ff58175f8dba777e30.exe
      2⤵
      • Executes dropped EXE
      PID:1104
    • C:\Windows\SysWOW64\sysx32.exe
      C:\Windows\system32\sysx32.exe /scan
      2⤵
      • Executes dropped EXE
      • Enumerates connected drives
      • Drops file in System32 directory
      • Drops file in Program Files directory
      PID:3848

Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Users\Admin\AppData\Local\Temp\_4480282286edf7ff58175f8dba777e30.exe
          Filesize

          36KB

          MD5

          47dc0b40887a5bb374a57e16fe96e608

          SHA1

          48031c58f6472ec94b46c7691db7494d9ce2aa79

          SHA256

          daa5e32ac58f8ebcf4e4c0b7f93df75ce71b131961e95a2af638786a9a9110b2

          SHA512

          2834363575b6a48d5f653916935b146273ff9f2514c52ba3f87cc5bef8916fa2c40c68a755122d6d7f1d5c86fa6051252c2f1b172fbda58fa9e12f72b433bd08

          Download Submit

        • C:\Users\Admin\AppData\Local\Temp\_4480282286edf7ff58175f8dba777e30.exe
          Filesize

          82KB

          MD5

          ca158ee1f6ab968578d3597b3e9fa8a6

          SHA1

          1c6aafc829ff0f46137125e585d385bdf44716f9

          SHA256

          d12c5fff20af73724cc18647425b7c0cb8f6d8e9b1e91cf1fa395725c443f138

          SHA512

          470c27c5ee61b25415bf1567828936861a66110f4288ffebeeac1fc3b1a969c14b9cde0284097a3ac1a2acb3f752f1f017a16dd581f626c33dfdc1ac8b3bfdd3

          Download Submit

        • C:\Windows\SysWOW64\sysx32.exe
          Filesize

          40KB

          MD5

          11c8e7851d49d8adc423c3a5066d4803

          SHA1

          4bb2704a1b75be0c7789cb047a2d4ed6b0a0f9b7

          SHA256

          84cd6d8ec1a487514e87e12144d7c619a0e20681b03136a934cd329b2e8cd3f6

          SHA512

          fee1436c7a3d3bbc6d980c611b4b828d361c9c072efddc58f82a318cf435bd47e26f495e6ef577ffa3f28e574f1a8a2d8123c21416a999fbaebdc4bbe231d49b

          Download Submit

        • C:\Windows\SysWOW64\sysx32.exe
          Filesize

          44KB

          MD5

          8726440973328a5bbc175227ffffadab

          SHA1

          4d7e3389fe2da097bfb2836106d480db6d55f65d

          SHA256

          5ac2440bd6706cefde29509b27b72e3e5b610d982733b0e86897843d86f65fc6

          SHA512

          1e45151055581a1460aecc8f394f234c521a499913cedd735aa10e3274666e4ec42121af4326b7b5632e3aece755c7c64da85e7bc4cca7a0ba813c7578cb870d

          Download Submit

        • C:\odt\office2016setup.exe
          Filesize

          12KB

          MD5

          7b557777d9780add7370554e67e4c22b

          SHA1

          7b5c8808bd8a680f13e5618c950533e1b084b756

          SHA256

          a2959172fcef16c310ad12fb6aae4c685516780cd6a4f944d62b6a5f8bce03ba

          SHA512

          e051c34fa1b9c8d8ca0f2ff4e81538ff1fe6b167b1163c034ccf033deee7e94849136dbfb43896cde467d1144c633c397fee58a5872c40a5f98497a7884a1414

          Download Submit

        • memory/2248-0-0x0000000000400000-0x0000000000411000-memory.dmp

          Filesize

          68KB

          Download

        • memory/2248-11-0x0000000000400000-0x0000000000411000-memory.dmp

          Filesize

          68KB

          Download

        • memory/3848-7-0x0000000000400000-0x0000000000411000-memory.dmp

          Filesize

          68KB

          Download

        • memory/3848-2700-0x0000000000400000-0x0000000000411000-memory.dmp

          Filesize

          68KB

          Download

        • memory/3848-2701-0x0000000000400000-0x0000000000411000-memory.dmp

          Filesize

          68KB

          Download

        • memory/3848-2702-0x0000000000400000-0x0000000000411000-memory.dmp

          Filesize

          68KB

          Download