Analysis
-
max time kernel
131s -
max time network
132s -
platform
windows10_x64 -
resource
win10v20210410 -
submitted
27-05-2021 15:34
General
-
Target
ExcelViewerss.exe
-
Size
571KB
-
MD5
40d56ef0857cd5fe0ba21d20c73686e2
-
SHA1
90a8bdadbdebfcaf3a1e146472d56db7d531f921
-
SHA256
d1623332c586135747a2575bec4ee783f299c5fca0f527f0328ea47691e9506d
-
SHA512
74953fa8056f17e96831cf932a482907af00ef22008a4c829da339d3c55fb9696ba812c605155486971cdc4427cb85bf4d63f0e29ffdb46c602be083bdcdc038
Score
8/10
Malware Config
Signatures
-
UPX packed file 1 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Suspicious use of SetThreadContext 1 IoCs
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.
-
Suspicious behavior: MapViewOfSection 1 IoCs
-
Suspicious behavior: RenamesItself 1 IoCs
-
Suspicious use of AdjustPrivilegeToken 2 IoCs
-
Suspicious use of SetWindowsHookEx 1 IoCs
-
Suspicious use of WriteProcessMemory 7 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\ExcelViewerss.exe"C:\Users\Admin\AppData\Local\Temp\ExcelViewerss.exe"1⤵
- Suspicious use of SetThreadContext
- Suspicious behavior: MapViewOfSection
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\ExcelViewerss.exe"C:\Users\Admin\AppData\Local\Temp\ExcelViewerss.exe"2⤵
- Suspicious behavior: RenamesItself
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\nJ3x4QfDj5RhAt3p.bat" "3⤵
-
-
Network
MITRE ATT&CK Enterprise v6
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
984KB
-
Filesize
1.3MB
-
Filesize
4KB
-
Filesize
32KB