Analysis
-
max time kernel
11s -
max time network
148s -
platform
windows10_x64 -
resource
win10v200722 -
submitted
20-09-2020 13:18
Static task
static1
Behavioral task
behavioral1
Sample
2tRkVqK2.exe
Resource
win7
windows7_x64
0 signatures
0 seconds
General
-
Target
2tRkVqK2.exe
-
Size
232KB
-
MD5
75df054b2777ec7d02a1661637cc9397
-
SHA1
9b8206b1e2573f34f4447d9c42af0a686e66a4c0
-
SHA256
208145a22fa6e10399360af479848df54672ea2eb542444e2f88c4299961971d
-
SHA512
8262da68ad3c94fddbd25d689fcdd529a89f875a645784acbaeb17678753424937555fa49320500d3f9c1df34a2f932a49240ead24b536be3a57bb782582c8e3
Malware Config
Signatures
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.
-
Suspicious use of AdjustPrivilegeToken 24 IoCs
Processes:
2tRkVqK2.exedescription pid process Token: SeIncreaseQuotaPrivilege 3696 2tRkVqK2.exe Token: SeSecurityPrivilege 3696 2tRkVqK2.exe Token: SeTakeOwnershipPrivilege 3696 2tRkVqK2.exe Token: SeLoadDriverPrivilege 3696 2tRkVqK2.exe Token: SeSystemProfilePrivilege 3696 2tRkVqK2.exe Token: SeSystemtimePrivilege 3696 2tRkVqK2.exe Token: SeProfSingleProcessPrivilege 3696 2tRkVqK2.exe Token: SeIncBasePriorityPrivilege 3696 2tRkVqK2.exe Token: SeCreatePagefilePrivilege 3696 2tRkVqK2.exe Token: SeBackupPrivilege 3696 2tRkVqK2.exe Token: SeRestorePrivilege 3696 2tRkVqK2.exe Token: SeShutdownPrivilege 3696 2tRkVqK2.exe Token: SeDebugPrivilege 3696 2tRkVqK2.exe Token: SeSystemEnvironmentPrivilege 3696 2tRkVqK2.exe Token: SeChangeNotifyPrivilege 3696 2tRkVqK2.exe Token: SeRemoteShutdownPrivilege 3696 2tRkVqK2.exe Token: SeUndockPrivilege 3696 2tRkVqK2.exe Token: SeManageVolumePrivilege 3696 2tRkVqK2.exe Token: SeImpersonatePrivilege 3696 2tRkVqK2.exe Token: SeCreateGlobalPrivilege 3696 2tRkVqK2.exe Token: 33 3696 2tRkVqK2.exe Token: 34 3696 2tRkVqK2.exe Token: 35 3696 2tRkVqK2.exe Token: 36 3696 2tRkVqK2.exe -
Suspicious use of SetWindowsHookEx 1 IoCs
Processes:
2tRkVqK2.exepid process 3696 2tRkVqK2.exe