Overview

overview

10

Static

static

diagnostic.exe

windows7_x64

10

diagnostic.exe

windows10_x64

7

Analysis

  • max time kernel
    11s
  • max time network
    99s
  • platform
    windows10_x64
  • resource
    win10v20201028
  • submitted
    03-02-2021 20:39

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    diagnostic.exe

  • Size

    2.0MB

  • MD5

    56116fa25cf66f595374b8ce3a1b4e2c

  • SHA1

    c50b220f1193a75198f7dadaafa2d0f045f9449a

  • SHA256

    3361515c7847b7f3aa44b45da30581ad9e5af35fdc2489ff95d312a3f4a5e4a7

  • SHA512

    7e87dbc5d91ac0f23156269931fa0639a292a764c43e7379df0aeee9b43c0a96395b77f33f96fe5c1e6c6dfd6299fb7c6ab46416c0eb55655f704d5605a36568

Score
7/10
ransomware

Malware Config

Signatures

  • Drops startup file 2 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

    ransomware
  • Program crash 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 42 IoCs
  • Suspicious use of WriteProcessMemory 12 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\diagnostic.exe
    "C:\Users\Admin\AppData\Local\Temp\diagnostic.exe"
    1⤵
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of WriteProcessMemory
    PID:1316
    • C:\Windows\SysWOW64\cmd.exe
      "C:\Users\Admin\AppData\Local\Temp\diagnostic.exe"
      2⤵
        PID:1520
        • C:\Windows\SysWOW64\WerFault.exe
          C:\Windows\SysWOW64\WerFault.exe -u -p 1520 -s 24
          3⤵
          • Program crash
          PID:796
    • C:\Windows\SysWOW64\DllHost.exe
      C:\Windows\SysWOW64\DllHost.exe /Processid:{3AD05575-8857-4850-9277-11B85BDB8E09}
      1⤵
      • Drops startup file
      PID:1424

    Network

    MITRE ATT&CK Enterprise v6

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • memory/796-7-0x0000000004820000-0x0000000004821000-memory.dmp

      Filesize

      4KB

      Download

    • memory/1316-2-0x0000000000780000-0x0000000000781000-memory.dmp

      Filesize

      4KB

      Download

    • memory/1316-5-0x0000000002960000-0x00000000029DB000-memory.dmp

      Filesize

      492KB

      Download

    • memory/1316-6-0x00000000029E0000-0x0000000002B6E000-memory.dmp

      Filesize

      1.6MB

      Download