Analysis
-
max time kernel
84s -
max time network
134s -
platform
windows10_x64 -
resource
win10v20210408 -
submitted
27-05-2021 15:32
General
-
Target
PDFViewer.exe
-
Size
564KB
-
MD5
0b9f0463a2d36d53505c4911b74c8f08
-
SHA1
d5c929cbd199dadaa879fb9368103b11fb68e7fd
-
SHA256
f1e52af7310c199ec5d44f16b37b6e4a7eebb3a55de5db292111440fa7d0da47
-
SHA512
796e923ae65df8e652387628dccff85d2bfb793c99386aec34c2c6db3482d0bf97fd5586a72b4732b4bef2fe6aabd8e912b5b390068dd590d5d1a57d93f6d924
Score
8/10
Malware Config
Signatures
-
UPX packed file 1 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Suspicious use of SetThreadContext 1 IoCs
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.
-
Suspicious behavior: MapViewOfSection 1 IoCs
-
Suspicious behavior: RenamesItself 1 IoCs
-
Suspicious use of AdjustPrivilegeToken 2 IoCs
-
Suspicious use of SetWindowsHookEx 1 IoCs
-
Suspicious use of WriteProcessMemory 7 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\PDFViewer.exe"C:\Users\Admin\AppData\Local\Temp\PDFViewer.exe"1⤵
- Suspicious use of SetThreadContext
- Suspicious behavior: MapViewOfSection
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\PDFViewer.exe"C:\Users\Admin\AppData\Local\Temp\PDFViewer.exe"2⤵
- Suspicious behavior: RenamesItself
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\CRBhLBbxpcaKFFVj.bat" "3⤵
-
-
Network
MITRE ATT&CK Enterprise v6
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
4KB
-
Filesize
28KB
-
Filesize
984KB
-
Filesize
1.3MB