Malware Analysis Report

2024-09-11 02:31

Sample ID 240126-raf69sgfdj
Target 1bc0575b3fc6486cb2510dac1ac6ae4889b94a955d3eade53d3ba3a92d133281.exe
SHA256 4bcbae2cffcba5ffd1403eb378527320e266314a734447bfb10d94af9f18ebc5
Tags
medusalocker
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK Matrix

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

4bcbae2cffcba5ffd1403eb378527320e266314a734447bfb10d94af9f18ebc5

Threat Level: Known bad

The file 1bc0575b3fc6486cb2510dac1ac6ae4889b94a955d3eade53d3ba3a92d133281.exe was found to be: Known bad.

Malicious Activity Summary

medusalocker

Medusalocker family

Detects Windows exceutables bypassing UAC using CMSTP COM interfaces. MITRE (T1218.003)

Detects command variations typically used by ransomware

MedusaLocker payload

Unsigned PE

MITRE ATT&CK Matrix

N/A

Analysis: static1

Detonation Overview

Reported

2024-01-26 13:59

Signatures

Detects Windows exceutables bypassing UAC using CMSTP COM interfaces. MITRE (T1218.003)

Description Indicator Process Target
N/A N/A N/A N/A

Detects command variations typically used by ransomware

Description Indicator Process Target
N/A N/A N/A N/A

MedusaLocker payload

Description Indicator Process Target
N/A N/A N/A N/A

Medusalocker family

medusalocker

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-01-26 13:59

Reported

2024-01-26 14:01

Platform

win7-20231215-en

Max time kernel

122s

Max time network

125s

Command Line

"C:\Users\Admin\AppData\Local\Temp\1bc0575b3fc6486cb2510dac1ac6ae4889b94a955d3eade53d3ba3a92d133281.exe"

Signatures

N/A

Processes

C:\Users\Admin\AppData\Local\Temp\1bc0575b3fc6486cb2510dac1ac6ae4889b94a955d3eade53d3ba3a92d133281.exe

"C:\Users\Admin\AppData\Local\Temp\1bc0575b3fc6486cb2510dac1ac6ae4889b94a955d3eade53d3ba3a92d133281.exe"

Network

N/A

Files

N/A

Analysis: behavioral2

Detonation Overview

Submitted

2024-01-26 13:59

Reported

2024-01-26 14:01

Platform

win10v2004-20231222-en

Max time kernel

96s

Max time network

112s

Command Line

"C:\Users\Admin\AppData\Local\Temp\1bc0575b3fc6486cb2510dac1ac6ae4889b94a955d3eade53d3ba3a92d133281.exe"

Signatures

N/A

Processes

C:\Users\Admin\AppData\Local\Temp\1bc0575b3fc6486cb2510dac1ac6ae4889b94a955d3eade53d3ba3a92d133281.exe

"C:\Users\Admin\AppData\Local\Temp\1bc0575b3fc6486cb2510dac1ac6ae4889b94a955d3eade53d3ba3a92d133281.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 tse1.mm.bing.net udp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 8.8.8.8:53 154.239.44.20.in-addr.arpa udp
US 8.8.8.8:53 200.197.79.204.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 240.221.184.93.in-addr.arpa udp
US 8.8.8.8:53 6.181.190.20.in-addr.arpa udp
US 8.8.8.8:53 183.142.211.20.in-addr.arpa udp
US 8.8.8.8:53 217.106.137.52.in-addr.arpa udp
US 8.8.8.8:53 50.23.12.20.in-addr.arpa udp
US 8.8.8.8:53 171.39.242.20.in-addr.arpa udp
US 8.8.8.8:53 18.134.221.88.in-addr.arpa udp
US 8.8.8.8:53 30.243.111.52.in-addr.arpa udp

Files

N/A