Analysis
-
max time kernel
150s -
max time network
152s -
platform
windows7_x64 -
resource
win7v20210408 -
submitted
18-06-2021 21:20
General
-
Target
cb8e536680732b474a5c26970ace2087667622caa3dd82c1c56731a7c5a1c8ce.bin.exe
-
Size
114KB
-
MD5
400c1c6312f99e4640077994bbfaedde
-
SHA1
657a875554b075eb7f2d314bbbe967c789624b30
-
SHA256
cb8e536680732b474a5c26970ace2087667622caa3dd82c1c56731a7c5a1c8ce
-
SHA512
00b05036757e558c3d210f838dce3c8b2b4808655263cc1d69bf21a78e93f6ad52b6a20a4d68ac033fdf06eecc334690190f38e8435dc64fab3d64b7fc1d5c96
Malware Config
Signatures
-
NetFilter
NetFilter is a rootkit first seen in June 2021.
-
Downloads MZ/PE file
-
Sets service image path in registry 2 TTPs
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.
-
Suspicious behavior: LoadsDriver 1 IoCs
-
Suspicious use of AdjustPrivilegeToken 1 IoCs
-
Suspicious use of WriteProcessMemory 4 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\cb8e536680732b474a5c26970ace2087667622caa3dd82c1c56731a7c5a1c8ce.bin.exe"C:\Users\Admin\AppData\Local\Temp\cb8e536680732b474a5c26970ace2087667622caa3dd82c1c56731a7c5a1c8ce.bin.exe"1⤵
- Suspicious behavior: LoadsDriver
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\regini.exe"C:\Windows\System32\regini.exe" configure.xalm2⤵
-
Network
MITRE ATT&CK Enterprise v6
Replay Monitor
Loading Replay Monitor...
Downloads
-
MD5
e4a1a575a3c19abc5ff8fd9f3fece159
SHA1d15d4c436faeb642871c33932da2f31e265d200c
SHA25660c77aa3a588cb9c807d934f0352fbedc9e64046a972f1ad9fdbf229c9158a26
SHA51223f01e80234f19ce071646b978646279bc1d8f883248c405e2e10ac75d8f67fc08d4109fc87a7021ccec3ae083c53e78c62045383d25622115cd05b0e6972fff
-
Filesize
8KB
-