Analysis
-
max time kernel
1790s -
max time network
1791s -
platform
windows10_x64 -
resource
win10v20201028 -
submitted
01-03-2021 04:59
Static task
static1
Behavioral task
behavioral1
Sample
[CRACKHEAP.NET]PW12345Hidrocad.1.3.2.key.code.generator.exe
Resource
win10v20201028
Behavioral task
behavioral2
Sample
[CRACKHEAP.NET]PW12345Hidrocad.1.3.2.key.code.generator.exe
Resource
win10v20201028
Behavioral task
behavioral3
Sample
[CRACKHEAP.NET]PW12345Hidrocad.1.3.2.key.code.generator.exe
Resource
win10v20201028
Behavioral task
behavioral4
Sample
[CRACKHEAP.NET]PW12345Hidrocad.1.3.2.key.code.generator.exe
Resource
win7v20201028
General
-
Target
[CRACKHEAP.NET]PW12345Hidrocad.1.3.2.key.code.generator.exe
-
Size
9.2MB
-
MD5
829a185063c3fae0bd93e261b295f077
-
SHA1
81b9649b054ed380a2ae4c9563bf8ab276a75af0
-
SHA256
b235c3e3954ef1df5b1d8a5a2215757d603148e9d443038fa6f70c33e81a0ab6
-
SHA512
1e2a0d15961f0048b7d4dec5e9b00320ae18b63d16561696a97459eeaa59c92ade555020059553061b3bb48f38b5a9613ff0acedac5e7d6e673e5bde2967fdc3
Malware Config
Signatures
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.
-
Modifies registry class 2 IoCs
Processes:
[CRACKHEAP.NET]PW12345Hidrocad.1.3.2.key.code.generator.exedescription ioc process Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{4336a54d-038b-4685-ab02-99bb52d3fb8b}\Instance [CRACKHEAP.NET]PW12345Hidrocad.1.3.2.key.code.generator.exe Key created \REGISTRY\USER\S-1-5-21-1985363256-3005190890-1182679451-1000_Classes\WOW6432Node\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6}\Instance [CRACKHEAP.NET]PW12345Hidrocad.1.3.2.key.code.generator.exe -
Suspicious behavior: GetForegroundWindowSpam 1 IoCs
Processes:
[CRACKHEAP.NET]PW12345Hidrocad.1.3.2.key.code.generator.exepid process 896 [CRACKHEAP.NET]PW12345Hidrocad.1.3.2.key.code.generator.exe