Analysis
-
max time kernel
131s -
max time network
139s -
platform
windows7_x64 -
resource
win7v20201028 -
submitted
14-12-2020 14:15
Behavioral task
behavioral1
Sample
345897ca6fb51912b4e904e02592142b.exe
Resource
win7v20201028
windows7_x64
0 signatures
0 seconds
General
-
Target
345897ca6fb51912b4e904e02592142b.exe
-
Size
658KB
-
MD5
345897ca6fb51912b4e904e02592142b
-
SHA1
b017042a6cbc079f627d6619b0318d2fcc15e923
-
SHA256
6d3377e9fe7662f985188bcb510b078aea81721ed4f801f096032ae2e397b877
-
SHA512
1ccfe851fbb547a7cff8061467785949cdf6ea8d95d43628bb43424ce9c94bf5c29c3b3e1635ba409734bf4ccaa54653964a432267db703cd86b041b4bd49cb4
Malware Config
Signatures
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.
-
Suspicious use of AdjustPrivilegeToken 23 IoCs
Processes:
345897ca6fb51912b4e904e02592142b.exedescription pid process Token: SeIncreaseQuotaPrivilege 1640 345897ca6fb51912b4e904e02592142b.exe Token: SeSecurityPrivilege 1640 345897ca6fb51912b4e904e02592142b.exe Token: SeTakeOwnershipPrivilege 1640 345897ca6fb51912b4e904e02592142b.exe Token: SeLoadDriverPrivilege 1640 345897ca6fb51912b4e904e02592142b.exe Token: SeSystemProfilePrivilege 1640 345897ca6fb51912b4e904e02592142b.exe Token: SeSystemtimePrivilege 1640 345897ca6fb51912b4e904e02592142b.exe Token: SeProfSingleProcessPrivilege 1640 345897ca6fb51912b4e904e02592142b.exe Token: SeIncBasePriorityPrivilege 1640 345897ca6fb51912b4e904e02592142b.exe Token: SeCreatePagefilePrivilege 1640 345897ca6fb51912b4e904e02592142b.exe Token: SeBackupPrivilege 1640 345897ca6fb51912b4e904e02592142b.exe Token: SeRestorePrivilege 1640 345897ca6fb51912b4e904e02592142b.exe Token: SeShutdownPrivilege 1640 345897ca6fb51912b4e904e02592142b.exe Token: SeDebugPrivilege 1640 345897ca6fb51912b4e904e02592142b.exe Token: SeSystemEnvironmentPrivilege 1640 345897ca6fb51912b4e904e02592142b.exe Token: SeChangeNotifyPrivilege 1640 345897ca6fb51912b4e904e02592142b.exe Token: SeRemoteShutdownPrivilege 1640 345897ca6fb51912b4e904e02592142b.exe Token: SeUndockPrivilege 1640 345897ca6fb51912b4e904e02592142b.exe Token: SeManageVolumePrivilege 1640 345897ca6fb51912b4e904e02592142b.exe Token: SeImpersonatePrivilege 1640 345897ca6fb51912b4e904e02592142b.exe Token: SeCreateGlobalPrivilege 1640 345897ca6fb51912b4e904e02592142b.exe Token: 33 1640 345897ca6fb51912b4e904e02592142b.exe Token: 34 1640 345897ca6fb51912b4e904e02592142b.exe Token: 35 1640 345897ca6fb51912b4e904e02592142b.exe -
Suspicious use of SetWindowsHookEx 1 IoCs
Processes:
345897ca6fb51912b4e904e02592142b.exepid process 1640 345897ca6fb51912b4e904e02592142b.exe