Analysis
-
max time kernel
77s -
max time network
113s -
platform
windows10_x64 -
resource
win10v20201028 -
submitted
12-01-2021 23:39
General
-
Target
256964d4ea3f0d0fbc7a4b7f477bbef5711db05ddc9e3066b313ec0bcf2b569b.exe
-
Size
8.7MB
-
MD5
36eb682818f83373a1cf0b45f5b6ecb7
-
SHA1
4bca1bb8326aa2473845a2d9074ee4c7619f278d
-
SHA256
0c803e9046ac715ed9e67641e4aa40f56235f4c3f70b3e65c4ad8a4380322271
-
SHA512
ca864c131dbd099169d3dc93a7aa06710c9f8b8f6716ea351bfe364949087b8d97cd1151c3c1e2c7152b2a223f68dff260f4b4787fcc7ebf37ccd3c399ceef97
Score
3/10
Malware Config
Signatures
-
Program crash 1 IoCs
-
Modifies registry class 2 IoCs
-
Opens file in notepad (likely ransom note) 1 IoCs
-
Suspicious behavior: EnumeratesProcesses 14 IoCs
-
Suspicious behavior: GetForegroundWindowSpam 1 IoCs
-
Suspicious use of AdjustPrivilegeToken 3 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\256964d4ea3f0d0fbc7a4b7f477bbef5711db05ddc9e3066b313ec0bcf2b569b.exe"C:\Users\Admin\AppData\Local\Temp\256964d4ea3f0d0fbc7a4b7f477bbef5711db05ddc9e3066b313ec0bcf2b569b.exe"1⤵
- Modifies registry class
- Suspicious behavior: GetForegroundWindowSpam
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 812 -s 12962⤵
- Program crash
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
-
-
C:\Windows\System32\rundll32.exeC:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding1⤵
-
C:\Windows\system32\NOTEPAD.EXE"C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\Documents\M1573\98_me\README.TXT1⤵
- Opens file in notepad (likely ransom note)
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
MD5
cfe8cf3101a0790f66fa33b92508a5e2
SHA1c9ffc071e37bd1c24db65e591bb983be5e70dd0c
SHA2562810545fae2a1e2fb43f94d67fcc2f4afa781e0c2daafe604438c4d587f34860
SHA5126b29100811a6d6dbd4063be7e4cf5818453509efa2e5fc61e21fa67ef43bf46bb3e20687c02658083d9b532a1f20c26dff537b2155b533641d94529570439363
-
Filesize
4KB