Analysis
-
max time kernel
2s -
max time network
16s -
platform
windows7_x64 -
resource
win7 -
submitted
11-10-2020 22:16
Static task
static1
Behavioral task
behavioral1
Sample
sm.bin.dll
Resource
win7
windows7_x64
0 signatures
0 seconds
Behavioral task
behavioral2
Sample
sm.bin.dll
Resource
win10v200722
windows10_x64
0 signatures
0 seconds
General
-
Target
sm.bin.dll
-
Size
790KB
-
MD5
d6fa64f36eab990669f0b81f84b9a78a
-
SHA1
ed5b60a640a19afe8d1281bf691f40bac34eba8a
-
SHA256
9c900078cc6061fb7ba038ee5c065a45112665f214361d433fc3906bf288e0eb
-
SHA512
de1a28c2110af3fec74ca62fbf0f641b0d731b470a1ebff5b2ec0d8dac336f92414e3c577512e716275a11a8ddd3897db620925122774b1849b954efc0f975e1
Score
10/10
Malware Config
Signatures
-
Egregor Ransomware
Variant of the Sekhmet ransomware first seen in September 2020.
-
Suspicious use of WriteProcessMemory 7 IoCs
Processes:
rundll32.exedescription pid process target process PID 1424 wrote to memory of 1100 1424 rundll32.exe rundll32.exe PID 1424 wrote to memory of 1100 1424 rundll32.exe rundll32.exe PID 1424 wrote to memory of 1100 1424 rundll32.exe rundll32.exe PID 1424 wrote to memory of 1100 1424 rundll32.exe rundll32.exe PID 1424 wrote to memory of 1100 1424 rundll32.exe rundll32.exe PID 1424 wrote to memory of 1100 1424 rundll32.exe rundll32.exe PID 1424 wrote to memory of 1100 1424 rundll32.exe rundll32.exe
Processes
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/1100-0-0x0000000000000000-mapping.dmp