Analysis
-
max time kernel
123s -
max time network
122s -
platform
windows7_x64 -
resource
win7v20201028 -
submitted
05-02-2021 12:35
Static task
static1
Behavioral task
behavioral1
Sample
sample.exe
Resource
win7v20201028
windows7_x64
0 signatures
0 seconds
Behavioral task
behavioral2
Sample
sample.exe
Resource
win10v20201028
windows10_x64
0 signatures
0 seconds
General
-
Target
sample.exe
-
Size
123KB
-
MD5
fb603212ae67789de5ce5f41a6d0705e
-
SHA1
1ff8e880a61c4b932b8f52e8353a5310152ba160
-
SHA256
3ccc016464e41de7be959c3b00bda1296eee1c50a2897e05c1abbc9034b23027
-
SHA512
45ebd60fe2801b60e061a2eaf58e016f1f966a688b2fc205e097cc67824e3c259d3271e78f644ab81671ff381ed8aec125499bc071ab3657b08ef36e55b849eb
Score
8/10
Malware Config
Signatures
-
Modifies extensions of user files 13 IoCs
Ransomware generally changes the extension on encrypted files.
Processes:
sample.exedescription ioc process File created C:\Users\Admin\Pictures\DismountDebug.raw.locked sample.exe File created C:\Users\Admin\Pictures\HideEdit.tif.locked sample.exe File created C:\Users\Admin\Pictures\RepairStep.crw.locked sample.exe File created C:\Users\Admin\Pictures\SendRedo.tiff.locked sample.exe File created C:\Users\Admin\Pictures\SetSearch.tif.locked sample.exe File created C:\Users\Admin\Pictures\UnblockWrite.crw.locked sample.exe File created C:\Users\Admin\Pictures\UnpublishUnregister.tiff.locked sample.exe File opened for modification C:\Users\Admin\Pictures\UnpublishUnregister.tiff sample.exe File created C:\Users\Admin\Pictures\PublishWrite.tif.locked sample.exe File created C:\Users\Admin\Pictures\SearchInitialize.crw.locked sample.exe File opened for modification C:\Users\Admin\Pictures\SendRedo.tiff sample.exe File created C:\Users\Admin\Pictures\StepPush.tiff.locked sample.exe File opened for modification C:\Users\Admin\Pictures\StepPush.tiff sample.exe -
Drops desktop.ini file(s) 3 IoCs
Processes:
sample.exedescription ioc process File opened for modification C:\Users\Admin\Desktop\desktop.ini sample.exe File opened for modification C:\Users\Admin\Pictures\desktop.ini sample.exe File opened for modification C:\Users\Admin\Documents\desktop.ini sample.exe
Processes
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/1152-2-0x0000000074360000-0x0000000074A4E000-memory.dmpFilesize
6.9MB
-
memory/1152-3-0x0000000000990000-0x0000000000991000-memory.dmpFilesize
4KB
-
memory/1152-5-0x0000000004CD0000-0x0000000004CD1000-memory.dmpFilesize
4KB
-
memory/1152-6-0x0000000004CD5000-0x0000000004CE6000-memory.dmpFilesize
68KB