Overview

overview

8

Static

static

Sapphire R...re.exe

windows7_x64

8

Sapphire R...re.exe

windows10_x64

8

Resubmissions

13-02-2021 10:08

210213-k64cwnpaca 8

13-02-2021 09:57

210213-9jvt61cnp2 8

Analysis

  • max time kernel
    112s
  • max time network
    114s
  • platform
    windows10_x64
  • resource
    win10v20201028
  • submitted
    13-02-2021 10:08

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    Sapphire Ransomware.exe

  • Size

    213KB

  • MD5

    5d34cb57995a495652c7b3e547dfd77f

  • SHA1

    f7c08e536aafd24320b684fb1b1d36cd609f57aa

  • SHA256

    431a92656a59581ab6c0e413a4ee0bd4f27094f162c063e3bdc09a28f8090b28

  • SHA512

    a0bdfe559c19a86ca7360afc528b91c9b71fc9a283bc8b967bb1e273e7315ab81787855c216764c73ff8f468dde5490cfb693d9b4567349320c8f2209baa6bec

Score
8/10
evasion

Malware Config

Signatures

  • Disables Task Manager via registry modification
    evasion
  • Suspicious behavior: EnumeratesProcesses 2 IoCs
  • Suspicious use of WriteProcessMemory 2 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\Sapphire Ransomware.exe
    "C:\Users\Admin\AppData\Local\Temp\Sapphire Ransomware.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:3116
    • C:\Windows\Microsoft.NET\Framework64\v2.0.50727\dw20.exe
      dw20.exe -x -s 1260
      2⤵
      • Suspicious behavior: EnumeratesProcesses
      PID:3328

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/3116-2-0x00007FF820810000-0x00007FF8211B0000-memory.dmp
    Filesize

    9.6MB

    Download
  • memory/3116-3-0x0000000002FE0000-0x0000000002FE2000-memory.dmp
    Filesize

    8KB

    Download
  • memory/3116-4-0x0000000002FE4000-0x0000000002FE5000-memory.dmp
    Filesize

    4KB

    Download
  • memory/3116-5-0x0000000002FE5000-0x0000000002FE6000-memory.dmp
    Filesize

    4KB

    Download
  • memory/3328-6-0x0000000000000000-mapping.dmp
    Download
  • memory/3328-7-0x0000000002510000-0x0000000002511000-memory.dmp
    Filesize

    4KB

    Download
  • memory/3328-8-0x00000000029C0000-0x00000000029C1000-memory.dmp
    Filesize

    4KB

    Download
  • memory/3328-9-0x0000000002910000-0x0000000002911000-memory.dmp
    Filesize

    4KB

    Download
  • memory/3328-11-0x0000000002910000-0x0000000002911000-memory.dmp
    Filesize

    4KB

    Download
  • memory/3328-13-0x0000000002910000-0x0000000002911000-memory.dmp
    Filesize

    4KB

    Download
  • memory/3328-15-0x0000000002910000-0x0000000002911000-memory.dmp
    Filesize

    4KB

    Download