Overview

overview

9

Static

static

3

7dac9b619b...38.exe

windows7-x64

7dac9b619b...38.exe

windows10-2004-x64

Analysis

  • max time kernel
    3s
  • max time network
    12s
  • platform
    windows7_x64
  • resource
    win7-20231215-en
  • resource tags

    arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
  • submitted
    28/01/2024, 18:18

Sharing

Copy URL
Twitter E-mail

Errors

Reason
Machine shutdown
Report Analysis Logs

General

  • Target

    7dac9b619b44fd4b9f8ca10e99ecbd38.exe

  • Size

    332KB

  • MD5

    7dac9b619b44fd4b9f8ca10e99ecbd38

  • SHA1

    663c5c3a39ce55e9b0eae14d04eda70ddbc0963d

  • SHA256

    47b666c5ecf61c227a0ba890fa0f7e99ff0143af8413e234ecb219cd976de038

  • SHA512

    d9dc7b0251ee2dacd7406d7bab68996035137575becb62d7e938c7fc086f65ca15bab884595e3d6e9168823d307ce513ddad4866e31d3eb7549629eeed0b802b

  • SSDEEP

    6144:q7ahMlDgyD23KZKnuZCNzdEJjhAKptUx88HFYvFj06r3Zkwlm9aMSkI/:Yxl8i246uMz2hlwyBfDO6m9aeI

Score
9/10
evasionransomware

Malware Config

Signatures

  • Modifies boot configuration data using bcdedit 1 TTPs 10 IoCs
    ransomwareevasion

Processes

  • C:\Users\Admin\AppData\Local\Temp\7dac9b619b44fd4b9f8ca10e99ecbd38.exe
    "C:\Users\Admin\AppData\Local\Temp\7dac9b619b44fd4b9f8ca10e99ecbd38.exe"
    1⤵
      PID:3056
      • C:\Windows\SysWOW64\cmd.exe
        cmd.exe /C del /Q /F "C:\Users\Admin\AppData\Local\Temp\b4d323cc.tmp"
        2⤵
          PID:2708
      • C:\Windows\Installer\{3DFA20C7-B0A0-C707-3B08-B36E19D9F016}\syshost.exe
        "C:\Windows\Installer\{3DFA20C7-B0A0-C707-3B08-B36E19D9F016}\syshost.exe" /service
        1⤵
          PID:2980
          • C:\Windows\system32\bcdedit.exe
            bcdedit.exe -set TESTSIGNING ON
            2⤵
            • Modifies boot configuration data using bcdedit
            PID:2796
          • C:\Windows\system32\bcdedit.exe
            bcdedit.exe -set TESTSIGNING ON
            2⤵
            • Modifies boot configuration data using bcdedit
            PID:2772
          • C:\Windows\system32\bcdedit.exe
            bcdedit.exe -set TESTSIGNING ON
            2⤵
            • Modifies boot configuration data using bcdedit
            PID:2848
          • C:\Windows\system32\bcdedit.exe
            bcdedit.exe -set TESTSIGNING ON
            2⤵
            • Modifies boot configuration data using bcdedit
            PID:2720
          • C:\Windows\system32\bcdedit.exe
            bcdedit.exe -set TESTSIGNING ON
            2⤵
            • Modifies boot configuration data using bcdedit
            PID:2872
          • C:\Windows\system32\bcdedit.exe
            bcdedit.exe -set TESTSIGNING ON
            2⤵
            • Modifies boot configuration data using bcdedit
            PID:2804
          • C:\Windows\system32\bcdedit.exe
            bcdedit.exe -set TESTSIGNING ON
            2⤵
            • Modifies boot configuration data using bcdedit
            PID:2724
          • C:\Windows\system32\bcdedit.exe
            bcdedit.exe -set TESTSIGNING ON
            2⤵
            • Modifies boot configuration data using bcdedit
            PID:2988
          • C:\Windows\system32\bcdedit.exe
            bcdedit.exe -set TESTSIGNING ON
            2⤵
            • Modifies boot configuration data using bcdedit
            PID:2320
          • C:\Windows\system32\bcdedit.exe
            bcdedit.exe -set TESTSIGNING ON
            2⤵
            • Modifies boot configuration data using bcdedit
            PID:2688
        • C:\Windows\system32\LogonUI.exe
          "LogonUI.exe" /flags:0x0
          1⤵
            PID:2548
          • C:\Windows\system32\LogonUI.exe
            "LogonUI.exe" /flags:0x1
            1⤵
              PID:3064

            Network

            MITRE ATT&CK Enterprise v15

            Replay Monitor

            Loading Replay Monitor...

            Downloads

            • C:\Windows\Installer\{3DFA20C7-B0A0-C707-3B08-B36E19D9F016}\syshost.exe
              Filesize

              332KB

              MD5

              7dac9b619b44fd4b9f8ca10e99ecbd38

              SHA1

              663c5c3a39ce55e9b0eae14d04eda70ddbc0963d

              SHA256

              47b666c5ecf61c227a0ba890fa0f7e99ff0143af8413e234ecb219cd976de038

              SHA512

              d9dc7b0251ee2dacd7406d7bab68996035137575becb62d7e938c7fc086f65ca15bab884595e3d6e9168823d307ce513ddad4866e31d3eb7549629eeed0b802b

              Download Submit

            • memory/2548-12-0x00000000029C0000-0x00000000029C1000-memory.dmp

              Filesize

              4KB

              Download

            • memory/2980-5-0x0000000000B40000-0x0000000000BA0000-memory.dmp

              Filesize

              384KB

              Download

            • memory/2980-7-0x00000000002A0000-0x00000000002A6000-memory.dmp

              Filesize

              24KB

              Download

            • memory/2980-8-0x0000000000400000-0x0000000000456000-memory.dmp

              Filesize

              344KB

              Download

            • memory/2980-10-0x0000000000400000-0x0000000000456000-memory.dmp

              Filesize

              344KB

              Download

            • memory/2980-11-0x00000000002A0000-0x00000000002A6000-memory.dmp

              Filesize

              24KB

              Download

            • memory/3056-0-0x0000000002000000-0x0000000002060000-memory.dmp

              Filesize

              384KB

              Download

            • memory/3056-2-0x0000000000220000-0x0000000000226000-memory.dmp

              Filesize

              24KB

              Download

            • memory/3056-3-0x0000000000400000-0x0000000000456000-memory.dmp

              Filesize

              344KB

              Download

            • memory/3056-9-0x0000000000400000-0x0000000000456000-memory.dmp

              Filesize

              344KB

              Download

            • memory/3064-13-0x00000000027A0000-0x00000000027A1000-memory.dmp

              Filesize

              4KB

              Download