Overview

overview

8

Static

static

6

a0fa26c2f7...in.exe

windows7_x64

8

a0fa26c2f7...in.exe

windows10_x64

8

Analysis

  • max time kernel
    117s
  • max time network
    122s
  • platform
    windows7_x64
  • resource
    win7
  • submitted
    26/07/2020, 13:59

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    a0fa26c2f79fd4e0f3f25b3fcb7aa02bb0194b34f13aa8d721b114432a00b05a.bin.exe

  • Size

    1.6MB

  • MD5

    aa1101d3c7afdb51d8520ead1e690c9a

  • SHA1

    f385e25cbc51dd820a87f9c0f4618a9e92f4090b

  • SHA256

    a0fa26c2f79fd4e0f3f25b3fcb7aa02bb0194b34f13aa8d721b114432a00b05a

  • SHA512

    3671850bad614f34d6e6f818e4fdb15b7651b121c264758e083796aed957d008982b5605b9e5ac33512641c510ac568e073e0ea9214f92577ae8c53aaf4fbf98

Score
8/10
spywareransomware

Malware Config

Signatures

  • Reads user/profile data of web browsers 2 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

    spyware
  • Modifies extensions of user files 9 IoCs

    Ransomware generally changes the extension on encrypted files.

    ransomware
  • Drops file in Program Files directory 8 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\a0fa26c2f79fd4e0f3f25b3fcb7aa02bb0194b34f13aa8d721b114432a00b05a.bin.exe
    "C:\Users\Admin\AppData\Local\Temp\a0fa26c2f79fd4e0f3f25b3fcb7aa02bb0194b34f13aa8d721b114432a00b05a.bin.exe"
    1⤵
    • Modifies extensions of user files
    • Drops file in Program Files directory
    • Suspicious use of WriteProcessMemory
    PID:1464
    • C:\Windows\SysWOW64\cmd.exe
      C:\Windows\system32\cmd.exe /c pause
      2⤵
        PID:1508

    Network

    MITRE ATT&CK Enterprise v6

    Replay Monitor

    Loading Replay Monitor...

    Downloads