Analysis
-
max time kernel
150s -
max time network
151s -
resource
win10v191014 -
submitted
30-01-2020 13:48
Static task
static1
General
-
Target
test54.exe
-
Size
232KB
-
MD5
8c6c4ad557c073242975fb2bc6eb158d
-
SHA1
60ba059bec646be322679e5654e9d80ae60f23aa
-
SHA256
7f98360644f13b5328364b3deed6b3283acfd3ef1f92b02e8c0135be6c31a35c
-
SHA512
cfbcd3db2af4a748e8b30d247f635e425ba3e1c7d16bb4be50e1330a19d146da8e5d0bb34e30c5abaf93e9190904de70b3e6fc603809f1aa456778fff84435c5
Malware Config
Signatures
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.
-
Suspicious use of AdjustPrivilegeToken 24 IoCs
Processes:
test54.exedescription pid process Token: SeIncreaseQuotaPrivilege 5028 test54.exe Token: SeSecurityPrivilege 5028 test54.exe Token: SeTakeOwnershipPrivilege 5028 test54.exe Token: SeLoadDriverPrivilege 5028 test54.exe Token: SeSystemProfilePrivilege 5028 test54.exe Token: SeSystemtimePrivilege 5028 test54.exe Token: SeProfSingleProcessPrivilege 5028 test54.exe Token: SeIncBasePriorityPrivilege 5028 test54.exe Token: SeCreatePagefilePrivilege 5028 test54.exe Token: SeBackupPrivilege 5028 test54.exe Token: SeRestorePrivilege 5028 test54.exe Token: SeShutdownPrivilege 5028 test54.exe Token: SeDebugPrivilege 5028 test54.exe Token: SeSystemEnvironmentPrivilege 5028 test54.exe Token: SeChangeNotifyPrivilege 5028 test54.exe Token: SeRemoteShutdownPrivilege 5028 test54.exe Token: SeUndockPrivilege 5028 test54.exe Token: SeManageVolumePrivilege 5028 test54.exe Token: SeImpersonatePrivilege 5028 test54.exe Token: SeCreateGlobalPrivilege 5028 test54.exe Token: 33 5028 test54.exe Token: 34 5028 test54.exe Token: 35 5028 test54.exe Token: 36 5028 test54.exe -
Suspicious use of SetWindowsHookEx 1 IoCs
Processes:
test54.exepid process 5028 test54.exe