Analysis
-
max time kernel
151s -
max time network
120s -
platform
windows10_x64 -
resource
win10v20210408 -
submitted
03-06-2021 09:12
General
-
Target
PL.exportcagrifance.exe
-
Size
204KB
-
MD5
e7b0bbe1482189169186f932f66fdfd4
-
SHA1
7011360f134f5c68c5601885abfc7d894728b57d
-
SHA256
4934774c7509bb829881702ef12f2fe40b9537e1a266de55f4b61248553dc248
-
SHA512
af0a2d106e5c28234a8c8ab21bbe460cf2cbb1b1f645b6f38cf8f3548e5120b595536107dc8d5c988efac0581610a6aaef561047c704f82f76d9396ec4b789b4
Score
6/10
Malware Config
Signatures
-
Accesses cryptocurrency files/wallets, possible credential harvesting 2 TTPs
-
Suspicious use of SetThreadContext 3 IoCs
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.
-
Program crash 3 IoCs
-
Suspicious behavior: GetForegroundWindowSpam 1 IoCs
-
Suspicious use of FindShellTrayWindow 1 IoCs
-
Suspicious use of SetWindowsHookEx 2 IoCs
-
Suspicious use of WriteProcessMemory 12 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\PL.exportcagrifance.exe"C:\Users\Admin\AppData\Local\Temp\PL.exportcagrifance.exe"1⤵
- Suspicious use of SetThreadContext
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Windows\Microsoft.NET\Framework\v2.0.50727\InstallUtil.exe"C:\Windows\Microsoft.NET\Framework\v2.0.50727\InstallUtil.exe"2⤵
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 3196 -s 963⤵
- Program crash
-
-
-
C:\Windows\Microsoft.NET\Framework\v2.0.50727\InstallUtil.exe"C:\Windows\Microsoft.NET\Framework\v2.0.50727\InstallUtil.exe"2⤵
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 1000 -s 883⤵
- Program crash
-
-
-
C:\Windows\Microsoft.NET\Framework\v2.0.50727\InstallUtil.exe"C:\Windows\Microsoft.NET\Framework\v2.0.50727\InstallUtil.exe"2⤵
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 1056 -s 883⤵
- Program crash
-
-