Analysis
-
max time kernel
26s -
max time network
28s -
platform
windows7_x64 -
resource
win7v20201028 -
submitted
26-11-2020 08:29
Static task
static1
Behavioral task
behavioral1
Sample
BH.exe
Resource
win7v20201028
windows7_x64
0 signatures
0 seconds
Behavioral task
behavioral2
Sample
BH.exe
Resource
win10v20201028
windows10_x64
0 signatures
0 seconds
General
-
Target
BH.exe
-
Size
560KB
-
MD5
5e1532ecfc1d63bc6f02645b49854db1
-
SHA1
fa3b3888345c2c653ccc8fc2cf3662f789e78ab4
-
SHA256
10b5b127d0c994ce5b7977b3f268f43e84dcff56512a0d6947891235d9adb966
-
SHA512
d660e750b7a6bb0642f215422e9893cd13bc83d549d16cbe8d4fea11a64d517d008a020c59607b569fcfa3782e1b18ddc3da77461a64b9deed1a23727ec97833
Score
8/10
Malware Config
Signatures
-
Disables RegEdit via registry modification
-
Disables cmd.exe use via registry modification
-
Adds Run key to start application 2 TTPs 2 IoCs
Processes:
BH.exedescription ioc process Key created \REGISTRY\USER\S-1-5-21-293278959-2699126792-324916226-1000\Software\Microsoft\Windows\CurrentVersion\Run BH.exe Key created \REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run BH.exe -
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.
-
Suspicious behavior: EnumeratesProcesses 1 IoCs
Processes:
BH.exepid process 684 BH.exe -
Suspicious use of SetWindowsHookEx 1 IoCs
Processes:
BH.exepid process 684 BH.exe
Processes
Network
MITRE ATT&CK Matrix ATT&CK v6
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/684-0-0x0000000003840000-0x0000000003851000-memory.dmpFilesize
68KB