Overview

overview

8

Static

static

665d7e656b...93.exe

windows7_x64

8

665d7e656b...93.exe

windows10_x64

8

Resubmissions

24/01/2023, 17:54

230124-wg8x3see6s 8

12/08/2020, 09:19

200812-tbpxaame9e 8

Analysis

  • max time kernel
    114s
  • max time network
    133s
  • platform
    windows7_x64
  • resource
    win7
  • submitted
    12/08/2020, 09:19

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    665d7e656baecc8acccebf4b956719eb6c4099886f75008c8806efb945207e93.exe

  • Size

    28KB

  • MD5

    c3aa5efc9a1f5cba6f031b8a7be3584e

  • SHA1

    6af4f9b81a3e80c910b85bdc22d53dfbc3d706e6

  • SHA256

    665d7e656baecc8acccebf4b956719eb6c4099886f75008c8806efb945207e93

  • SHA512

    aeac12332a9d7de3eccd5b0b9753e243a595e89c147bbd5d931dba63a42aa700908aa5662ab167da5cef3da8ad46abc11a9623b25e68f8632de568c32fdb68b5

Score
8/10
ransomware

Malware Config

Signatures

  • Modifies extensions of user files 1 IoCs

    Ransomware generally changes the extension on encrypted files.

    ransomware
  • Suspicious behavior: EnumeratesProcesses 1 IoCs
  • Suspicious behavior: RenamesItself 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\665d7e656baecc8acccebf4b956719eb6c4099886f75008c8806efb945207e93.exe
    "C:\Users\Admin\AppData\Local\Temp\665d7e656baecc8acccebf4b956719eb6c4099886f75008c8806efb945207e93.exe"
    1⤵
    • Modifies extensions of user files
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious behavior: RenamesItself
    • Suspicious use of AdjustPrivilegeToken
    PID:1152

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/1152-0-0x0000000073B20000-0x000000007420E000-memory.dmp

    Filesize

    6.9MB

    Download

  • memory/1152-1-0x00000000009D0000-0x00000000009D1000-memory.dmp

    Filesize

    4KB

    Download