Resubmissions
28/08/2022, 23:26
220828-3e8ymagabq 510/06/2021, 11:42
210610-j9y37a6cma 510/06/2021, 11:31
210610-k9s461t52a 5Analysis
-
max time kernel
145s -
max time network
152s -
platform
windows7_x64 -
resource
win7v20210408 -
submitted
10/06/2021, 11:31
General
-
Target
sample.exe
-
Size
2.3MB
-
MD5
84ffb87cc91d697db2f5685df68de7af
-
SHA1
4f0360d60b685ed6059d32aef24c6b3cbbd46e9e
-
SHA256
10bba07a1965c61a2ec05b46331e3eeda3d7bdeb8074c86009dc11f2564048fa
-
SHA512
c6b178f37b2318b4eeaf1e151cac70a10b0be8eeb0e8153bd324a66314a33dca27e43254518a4b2db2ed5cab31ff836e0fa84e2a8112b67772409d77f39d5e9f
Score
5/10
Malware Config
Signatures
-
Sets desktop wallpaper using registry 2 TTPs 1 IoCs
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.
-
Modifies Control Panel 2 IoCs
-
Modifies registry class 12 IoCs
-
Opens file in notepad (likely ransom note) 1 IoCs
-
Suspicious use of AdjustPrivilegeToken 4 IoCs
-
Suspicious use of WriteProcessMemory 3 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\sample.exe"C:\Users\Admin\AppData\Local\Temp\sample.exe"1⤵
- Sets desktop wallpaper using registry
- Modifies Control Panel
-
C:\Windows\system32\rundll32.exe"C:\Windows\system32\rundll32.exe" C:\Windows\system32\shell32.dll,OpenAs_RunDLL C:\Users\Admin\Documents\AssertEnable.vsdx.bam!1⤵
- Modifies registry class
- Suspicious use of WriteProcessMemory
-
C:\Windows\system32\NOTEPAD.EXE"C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\Documents\AssertEnable.vsdx.bam!2⤵
- Opens file in notepad (likely ransom note)
-
-
C:\Windows\system32\AUDIODG.EXEC:\Windows\system32\AUDIODG.EXE 0x4f81⤵
- Suspicious use of AdjustPrivilegeToken
Network
MITRE ATT&CK Enterprise v6
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
8KB
-
Filesize
8KB