Analysis
-
max time kernel
139s -
max time network
142s -
platform
windows7_x64 -
resource
win7v20210408 -
submitted
07-05-2021 04:23
Static task
static1
Behavioral task
behavioral1
Sample
4ce013623dd06d4efb61ce905165149ed13d5ecacfba860b49fa2d9f2afd7c74.bin.sample.exe
Resource
win7v20210408
windows7_x64
0 signatures
0 seconds
Behavioral task
behavioral2
Sample
4ce013623dd06d4efb61ce905165149ed13d5ecacfba860b49fa2d9f2afd7c74.bin.sample.exe
Resource
win10v20210410
windows10_x64
0 signatures
0 seconds
General
-
Target
4ce013623dd06d4efb61ce905165149ed13d5ecacfba860b49fa2d9f2afd7c74.bin.sample.exe
-
Size
21KB
-
MD5
a41528ac976373f58a96f3185c48ce61
-
SHA1
df0ef815e7749d2a8a88c9283eaac7616dd370e4
-
SHA256
4ce013623dd06d4efb61ce905165149ed13d5ecacfba860b49fa2d9f2afd7c74
-
SHA512
b8b09926d90876ac281fea19b4a2573c3c1bacdf5c96ae437843ee583fc0485916f1f6db2da727f5da00bcc3a91bf081cab40a89dec819c44ce999254e3ad6c2
Score
1/10
Malware Config
Signatures
-
Opens file in notepad (likely ransom note) 3 IoCs
Processes:
NOTEPAD.EXENOTEPAD.EXENOTEPAD.EXEpid process 1292 NOTEPAD.EXE 1144 NOTEPAD.EXE 1824 NOTEPAD.EXE -
Suspicious use of AdjustPrivilegeToken 4 IoCs
Processes:
AUDIODG.EXEdescription pid process Token: 33 240 AUDIODG.EXE Token: SeIncBasePriorityPrivilege 240 AUDIODG.EXE Token: 33 240 AUDIODG.EXE Token: SeIncBasePriorityPrivilege 240 AUDIODG.EXE
Processes
-
C:\Users\Admin\AppData\Local\Temp\4ce013623dd06d4efb61ce905165149ed13d5ecacfba860b49fa2d9f2afd7c74.bin.sample.exe"C:\Users\Admin\AppData\Local\Temp\4ce013623dd06d4efb61ce905165149ed13d5ecacfba860b49fa2d9f2afd7c74.bin.sample.exe"1⤵
-
C:\Windows\system32\NOTEPAD.EXE"C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\Desktop\RenameReceive.css1⤵
- Opens file in notepad (likely ransom note)
-
C:\Windows\System32\NOTEPAD.EXE"C:\Windows\System32\NOTEPAD.EXE" C:\Users\Admin\Desktop\ShowOpen.bat1⤵
- Opens file in notepad (likely ransom note)
-
C:\Windows\system32\NOTEPAD.EXE"C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\Documents\UnlockUnpublish.txt1⤵
- Opens file in notepad (likely ransom note)
-
C:\Windows\system32\AUDIODG.EXEC:\Windows\system32\AUDIODG.EXE 0x1dc1⤵
- Suspicious use of AdjustPrivilegeToken
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/1292-65-0x000007FEFBED1000-0x000007FEFBED3000-memory.dmpFilesize
8KB
-
memory/1820-60-0x0000000000EF0000-0x0000000000EF1000-memory.dmpFilesize
4KB
-
memory/1820-62-0x0000000004BC0000-0x0000000004BC1000-memory.dmpFilesize
4KB
-
memory/1820-64-0x0000000004BC6000-0x0000000004BD7000-memory.dmpFilesize
68KB
-
memory/1820-63-0x0000000004BC1000-0x0000000004BC2000-memory.dmpFilesize
4KB