Analysis
-
max time kernel
5s -
max time network
113s -
platform
windows10_x64 -
resource
win10 -
submitted
16-09-2020 13:40
General
-
Target
_-__----_-.exe
-
Size
14KB
-
MD5
65e18bae9b8c42b63bf3b969d3cdb6ca
-
SHA1
de1e804c81536890bccc963920095ade140b5173
-
SHA256
66ec6a7bb5cec8d1205685833524b4f577af75570896e0b368f16e5ee0d2a955
-
SHA512
32e45907c8ec7edeafbb699a3975ec52ae8255d692ebcfaf81ac87cbf118e069355e9c802574b707ce28a8e91aacfcda9ce185fd55910df9bcae9465c27aea15
Score
8/10
Malware Config
Signatures
-
Modifies extensions of user files 1 IoCs
Ransomware generally changes the extension on encrypted files.
-
Sets desktop wallpaper using registry 2 TTPs 1 IoCs
-
Suspicious behavior: EnumeratesProcesses 1 IoCs
-
Suspicious behavior: RenamesItself 1 IoCs
-
Suspicious use of AdjustPrivilegeToken 1 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\_-__----_-.exe"C:\Users\Admin\AppData\Local\Temp\_-__----_-.exe"1⤵
- Modifies extensions of user files
- Sets desktop wallpaper using registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: RenamesItself
- Suspicious use of AdjustPrivilegeToken
Network
MITRE ATT&CK Matrix ATT&CK v6
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/2728-0-0x0000000073B10000-0x00000000741FE000-memory.dmpFilesize
6.9MB
-
memory/2728-1-0x0000000000630000-0x0000000000631000-memory.dmpFilesize
4KB
-
memory/2728-3-0x0000000005440000-0x0000000005441000-memory.dmpFilesize
4KB
-
memory/2728-4-0x0000000004F40000-0x0000000004F41000-memory.dmpFilesize
4KB
-
memory/2728-5-0x0000000002920000-0x0000000002921000-memory.dmpFilesize
4KB