Analysis

  • max time kernel
    12s
  • max time network
    117s
  • platform
    windows10_x64
  • resource
    win10v20210410
  • submitted
    16-06-2021 18:12

General

  • Target

    unpacked.exe

  • Size

    981KB

  • MD5

    3be5f51314d027e399eaa49cf271ece4

  • SHA1

    5567d87efd6b29a793b54237737f370aa2e7707d

  • SHA256

    9404ccfb00081ecfd0633d152b3597b9a6fda274e728864f322dfbcf11cc9156

  • SHA512

    0f4689975b4d07b802bc5f62000ea94e78e8b662788ef860d1cae7c918b9b24707899b12d888840bbc8872350f943a4f594fe1a863a409f525dc465682f0e613

Score
3/10

Malware Config

Signatures

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

  • Suspicious behavior: RenamesItself 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 2 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\unpacked.exe
    "C:\Users\Admin\AppData\Local\Temp\unpacked.exe"
    1⤵
    • Suspicious behavior: RenamesItself
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:3188
    • C:\Windows\SysWOW64\cmd.exe
      C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\n5FoUwA6xhfQtMJS.bat" "
      2⤵
        PID:2748

    Network

    MITRE ATT&CK Enterprise v6

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    We care about your privacy.

    This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.