Overview

overview

1

Static

static

4ce013623d...le.exe

windows7_x64

1

4ce013623d...le.exe

windows10_x64

1

Analysis

  • max time kernel
    139s
  • max time network
    142s
  • platform
    windows7_x64
  • resource
    win7v20210408
  • submitted
    07/05/2021, 04:23

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    4ce013623dd06d4efb61ce905165149ed13d5ecacfba860b49fa2d9f2afd7c74.bin.sample.exe

  • Size

    21KB

  • MD5

    a41528ac976373f58a96f3185c48ce61

  • SHA1

    df0ef815e7749d2a8a88c9283eaac7616dd370e4

  • SHA256

    4ce013623dd06d4efb61ce905165149ed13d5ecacfba860b49fa2d9f2afd7c74

  • SHA512

    b8b09926d90876ac281fea19b4a2573c3c1bacdf5c96ae437843ee583fc0485916f1f6db2da727f5da00bcc3a91bf081cab40a89dec819c44ce999254e3ad6c2

Score
1/10

Malware Config

Signatures

  • Opens file in notepad (likely ransom note) 3 IoCs
    ransomware
  • Suspicious use of AdjustPrivilegeToken 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\4ce013623dd06d4efb61ce905165149ed13d5ecacfba860b49fa2d9f2afd7c74.bin.sample.exe
    "C:\Users\Admin\AppData\Local\Temp\4ce013623dd06d4efb61ce905165149ed13d5ecacfba860b49fa2d9f2afd7c74.bin.sample.exe"
    1⤵
      PID:1820
    • C:\Windows\system32\NOTEPAD.EXE
      "C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\Desktop\RenameReceive.css
      1⤵
      • Opens file in notepad (likely ransom note)
      PID:1292
    • C:\Windows\System32\NOTEPAD.EXE
      "C:\Windows\System32\NOTEPAD.EXE" C:\Users\Admin\Desktop\ShowOpen.bat
      1⤵
      • Opens file in notepad (likely ransom note)
      PID:1144
    • C:\Windows\system32\NOTEPAD.EXE
      "C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\Documents\UnlockUnpublish.txt
      1⤵
      • Opens file in notepad (likely ransom note)
      PID:1824
    • C:\Windows\system32\AUDIODG.EXE
      C:\Windows\system32\AUDIODG.EXE 0x1dc
      1⤵
      • Suspicious use of AdjustPrivilegeToken
      PID:240

    Network

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • memory/1292-65-0x000007FEFBED1000-0x000007FEFBED3000-memory.dmp

      Filesize

      8KB

      Download

    • memory/1820-60-0x0000000000EF0000-0x0000000000EF1000-memory.dmp

      Filesize

      4KB

      Download

    • memory/1820-62-0x0000000004BC0000-0x0000000004BC1000-memory.dmp

      Filesize

      4KB

      Download

    • memory/1820-64-0x0000000004BC6000-0x0000000004BD7000-memory.dmp

      Filesize

      68KB

      Download

    • memory/1820-63-0x0000000004BC1000-0x0000000004BC2000-memory.dmp

      Filesize

      4KB

      Download