Analysis
-
max time kernel
139s -
max time network
142s -
platform
windows7_x64 -
resource
win7v20210408 -
submitted
07-05-2021 04:23
General
-
Target
4ce013623dd06d4efb61ce905165149ed13d5ecacfba860b49fa2d9f2afd7c74.bin.sample.exe
-
Size
21KB
-
MD5
a41528ac976373f58a96f3185c48ce61
-
SHA1
df0ef815e7749d2a8a88c9283eaac7616dd370e4
-
SHA256
4ce013623dd06d4efb61ce905165149ed13d5ecacfba860b49fa2d9f2afd7c74
-
SHA512
b8b09926d90876ac281fea19b4a2573c3c1bacdf5c96ae437843ee583fc0485916f1f6db2da727f5da00bcc3a91bf081cab40a89dec819c44ce999254e3ad6c2
Score
1/10
Malware Config
Signatures
-
Opens file in notepad (likely ransom note) 3 IoCs
-
Suspicious use of AdjustPrivilegeToken 4 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\4ce013623dd06d4efb61ce905165149ed13d5ecacfba860b49fa2d9f2afd7c74.bin.sample.exe"C:\Users\Admin\AppData\Local\Temp\4ce013623dd06d4efb61ce905165149ed13d5ecacfba860b49fa2d9f2afd7c74.bin.sample.exe"1⤵
-
C:\Windows\system32\NOTEPAD.EXE"C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\Desktop\RenameReceive.css1⤵
- Opens file in notepad (likely ransom note)
-
C:\Windows\System32\NOTEPAD.EXE"C:\Windows\System32\NOTEPAD.EXE" C:\Users\Admin\Desktop\ShowOpen.bat1⤵
- Opens file in notepad (likely ransom note)
-
C:\Windows\system32\NOTEPAD.EXE"C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\Documents\UnlockUnpublish.txt1⤵
- Opens file in notepad (likely ransom note)
-
C:\Windows\system32\AUDIODG.EXEC:\Windows\system32\AUDIODG.EXE 0x1dc1⤵
- Suspicious use of AdjustPrivilegeToken
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/1292-65-0x000007FEFBED1000-0x000007FEFBED3000-memory.dmpFilesize
8KB
-
memory/1820-60-0x0000000000EF0000-0x0000000000EF1000-memory.dmpFilesize
4KB
-
memory/1820-62-0x0000000004BC0000-0x0000000004BC1000-memory.dmpFilesize
4KB
-
memory/1820-64-0x0000000004BC6000-0x0000000004BD7000-memory.dmpFilesize
68KB
-
memory/1820-63-0x0000000004BC1000-0x0000000004BC2000-memory.dmpFilesize
4KB