Analysis
-
max time kernel
49s -
max time network
135s -
platform
windows10_x64 -
resource
win10v20210408 -
submitted
15-05-2021 03:59
Behavioral task
behavioral1
Sample
c43137fedd2ca00fd47d55ef0c08b75002333ba8b45f5d0f34c5d84b120dd573.exe
Resource
win7v20210410
windows7_x64
0 signatures
0 seconds
General
-
Target
c43137fedd2ca00fd47d55ef0c08b75002333ba8b45f5d0f34c5d84b120dd573.exe
-
Size
662KB
-
MD5
09a60db2024fa4a59a39ae34b0185d8a
-
SHA1
cd970075caad6ff3a83cd1a3ae4231dd241f3a75
-
SHA256
c43137fedd2ca00fd47d55ef0c08b75002333ba8b45f5d0f34c5d84b120dd573
-
SHA512
6d354751e29c26ef57c32f1ca1fd72137b70f8fd32fe45af75a12b21d26e7028140a49a3edbca404ab946fc4812cb943237aedc728f747dd5779b3cbfcd2a6c8
Malware Config
Signatures
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.
-
Suspicious use of AdjustPrivilegeToken 24 IoCs
Processes:
c43137fedd2ca00fd47d55ef0c08b75002333ba8b45f5d0f34c5d84b120dd573.exedescription pid process Token: SeIncreaseQuotaPrivilege 656 c43137fedd2ca00fd47d55ef0c08b75002333ba8b45f5d0f34c5d84b120dd573.exe Token: SeSecurityPrivilege 656 c43137fedd2ca00fd47d55ef0c08b75002333ba8b45f5d0f34c5d84b120dd573.exe Token: SeTakeOwnershipPrivilege 656 c43137fedd2ca00fd47d55ef0c08b75002333ba8b45f5d0f34c5d84b120dd573.exe Token: SeLoadDriverPrivilege 656 c43137fedd2ca00fd47d55ef0c08b75002333ba8b45f5d0f34c5d84b120dd573.exe Token: SeSystemProfilePrivilege 656 c43137fedd2ca00fd47d55ef0c08b75002333ba8b45f5d0f34c5d84b120dd573.exe Token: SeSystemtimePrivilege 656 c43137fedd2ca00fd47d55ef0c08b75002333ba8b45f5d0f34c5d84b120dd573.exe Token: SeProfSingleProcessPrivilege 656 c43137fedd2ca00fd47d55ef0c08b75002333ba8b45f5d0f34c5d84b120dd573.exe Token: SeIncBasePriorityPrivilege 656 c43137fedd2ca00fd47d55ef0c08b75002333ba8b45f5d0f34c5d84b120dd573.exe Token: SeCreatePagefilePrivilege 656 c43137fedd2ca00fd47d55ef0c08b75002333ba8b45f5d0f34c5d84b120dd573.exe Token: SeBackupPrivilege 656 c43137fedd2ca00fd47d55ef0c08b75002333ba8b45f5d0f34c5d84b120dd573.exe Token: SeRestorePrivilege 656 c43137fedd2ca00fd47d55ef0c08b75002333ba8b45f5d0f34c5d84b120dd573.exe Token: SeShutdownPrivilege 656 c43137fedd2ca00fd47d55ef0c08b75002333ba8b45f5d0f34c5d84b120dd573.exe Token: SeDebugPrivilege 656 c43137fedd2ca00fd47d55ef0c08b75002333ba8b45f5d0f34c5d84b120dd573.exe Token: SeSystemEnvironmentPrivilege 656 c43137fedd2ca00fd47d55ef0c08b75002333ba8b45f5d0f34c5d84b120dd573.exe Token: SeChangeNotifyPrivilege 656 c43137fedd2ca00fd47d55ef0c08b75002333ba8b45f5d0f34c5d84b120dd573.exe Token: SeRemoteShutdownPrivilege 656 c43137fedd2ca00fd47d55ef0c08b75002333ba8b45f5d0f34c5d84b120dd573.exe Token: SeUndockPrivilege 656 c43137fedd2ca00fd47d55ef0c08b75002333ba8b45f5d0f34c5d84b120dd573.exe Token: SeManageVolumePrivilege 656 c43137fedd2ca00fd47d55ef0c08b75002333ba8b45f5d0f34c5d84b120dd573.exe Token: SeImpersonatePrivilege 656 c43137fedd2ca00fd47d55ef0c08b75002333ba8b45f5d0f34c5d84b120dd573.exe Token: SeCreateGlobalPrivilege 656 c43137fedd2ca00fd47d55ef0c08b75002333ba8b45f5d0f34c5d84b120dd573.exe Token: 33 656 c43137fedd2ca00fd47d55ef0c08b75002333ba8b45f5d0f34c5d84b120dd573.exe Token: 34 656 c43137fedd2ca00fd47d55ef0c08b75002333ba8b45f5d0f34c5d84b120dd573.exe Token: 35 656 c43137fedd2ca00fd47d55ef0c08b75002333ba8b45f5d0f34c5d84b120dd573.exe Token: 36 656 c43137fedd2ca00fd47d55ef0c08b75002333ba8b45f5d0f34c5d84b120dd573.exe -
Suspicious use of SetWindowsHookEx 1 IoCs
Processes:
c43137fedd2ca00fd47d55ef0c08b75002333ba8b45f5d0f34c5d84b120dd573.exepid process 656 c43137fedd2ca00fd47d55ef0c08b75002333ba8b45f5d0f34c5d84b120dd573.exe
Processes
Network
MITRE ATT&CK Enterprise v6
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/656-114-0x0000000002440000-0x0000000002441000-memory.dmpFilesize
4KB