Resubmissions
14-04-2021 18:40
210414-wwxl5k1rpe 1001-04-2021 07:51
210401-cy3ltwwlc2 1006-03-2021 08:02
210306-p7443jak2n 10Analysis
-
max time kernel
5s -
max time network
10s -
platform
windows7_x64 -
resource
win7v20201028 -
submitted
06-03-2021 08:02
Static task
static1
Behavioral task
behavioral1
Sample
hg_ransomware.exe.dll
Resource
win7v20201028
windows7_x64
0 signatures
0 seconds
Behavioral task
behavioral2
Sample
hg_ransomware.exe.dll
Resource
win10v20201028
windows10_x64
0 signatures
0 seconds
General
-
Target
hg_ransomware.exe.dll
-
Size
164KB
-
MD5
6a85fe97ccaa29d09e5df824d4eaad59
-
SHA1
1a21c93de1af252f9c293e4a39e63bc2775d2b02
-
SHA256
c678c05b05790006e56a25659eaa97520f426c6b2bbd7ccfb3ea30cc46d672f9
-
SHA512
a0c2749249ecdd4dd42389df8c89110ad1d0473a2b69f8aaf142a9b9faf5f6797231c49a060f534834fa69fe66a7aef85c7c02e5c4c121fbe118d0a93d8b9fff
Score
1/10
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 7 IoCs
Processes:
rundll32.exedescription pid process target process PID 548 wrote to memory of 1760 548 rundll32.exe rundll32.exe PID 548 wrote to memory of 1760 548 rundll32.exe rundll32.exe PID 548 wrote to memory of 1760 548 rundll32.exe rundll32.exe PID 548 wrote to memory of 1760 548 rundll32.exe rundll32.exe PID 548 wrote to memory of 1760 548 rundll32.exe rundll32.exe PID 548 wrote to memory of 1760 548 rundll32.exe rundll32.exe PID 548 wrote to memory of 1760 548 rundll32.exe rundll32.exe
Processes
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/1760-2-0x0000000000000000-mapping.dmp
-
memory/1760-3-0x0000000076451000-0x0000000076453000-memory.dmpFilesize
8KB
-
memory/1760-7-0x00000000001D0000-0x00000000001D1000-memory.dmpFilesize
4KB
-
memory/1760-6-0x00000000001C0000-0x00000000001C1000-memory.dmpFilesize
4KB
-
memory/1760-5-0x00000000001B0000-0x00000000001B1000-memory.dmpFilesize
4KB
-
memory/1760-8-0x00000000001E0000-0x00000000001E6000-memory.dmpFilesize
24KB
-
memory/1760-4-0x00000000001A0000-0x00000000001AA000-memory.dmpFilesize
40KB