Analysis
-
max time kernel
150s -
max time network
145s -
platform
windows10_x64 -
resource
win10v20210410 -
submitted
07-05-2021 04:50
General
-
Target
2014-06-12_djylh.exe
-
Size
1.0MB
-
MD5
18b6865da4d3970fa3c102731ca82d96
-
SHA1
39f2dc79978a6bf937aa588998b14ab05b70ff83
-
SHA256
485a5454645f5d90d1b3097336b08dcaa9d4b49db9738a2f953e81081002600d
-
SHA512
b99c73cb74f298e608a66353309fd5cde38cfeee552cb9c05d2a10e237fda421455c3acd7e435040d15162cf871cb425c9f7098ec6dcfbb2f90ee91a3b965486
Score
8/10
Malware Config
Signatures
-
UPX packed file 1 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Enumerates connected drives 3 TTPs 24 IoCs
Attempts to read the root path of hard drives other than the default C: drive.
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.
-
Modifies Internet Explorer settings 1 TTPs 2 IoCs
-
Suspicious use of AdjustPrivilegeToken 2 IoCs
-
Suspicious use of FindShellTrayWindow 1 IoCs
-
Suspicious use of SendNotifyMessage 1 IoCs
-
Suspicious use of SetWindowsHookEx 5 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\2014-06-12_djylh.exe"C:\Users\Admin\AppData\Local\Temp\2014-06-12_djylh.exe"1⤵
- Enumerates connected drives
- Modifies Internet Explorer settings
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of SetWindowsHookEx
Network
MITRE ATT&CK Matrix ATT&CK v6
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/1908-114-0x0000000010000000-0x000000001003F000-memory.dmpFilesize
252KB